From d8e40173bfce556d7bc12d1f7685ff6b46c3df10 Mon Sep 17 00:00:00 2001
From: Oneric <oneric@oneric.stub>
Date: Sun, 19 Jan 2025 05:06:06 +0100
Subject: [PATCH] http_signatures: tweak order of route aliases

We expect most requests to be made for the actual canonical ID,
so check this one first (starting without query headers matching the
predominant albeit spec-breaking version).

Also avoid unnecessary rerewrites of the digest header on each route
alias by just setting it once before iterating through aliases.
---
 lib/pleroma/web/plugs/http_signature_plug.ex | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/lib/pleroma/web/plugs/http_signature_plug.ex b/lib/pleroma/web/plugs/http_signature_plug.ex
index c8df805fe..195a9dc1c 100644
--- a/lib/pleroma/web/plugs/http_signature_plug.ex
+++ b/lib/pleroma/web/plugs/http_signature_plug.ex
@@ -77,10 +77,6 @@ defp assign_valid_signature_on_route_aliases(conn, [path | rest]) do
       |> put_req_header("(request-target)", request_target)
       |> maybe_put_created_psudoheader()
       |> maybe_put_expires_psudoheader()
-      |> case do
-        %{assigns: %{digest: digest}} = conn -> put_req_header(conn, "digest", digest)
-        conn -> conn
-      end
 
     conn
     |> assign(:valid_signature, HTTPSignatures.validate_conn(conn))
@@ -93,7 +89,13 @@ defp maybe_assign_valid_signature(conn) do
       # set (request-target) header to the appropriate value
       # we also replace the digest header with the one we computed
       possible_paths =
-        route_aliases(conn) ++ [conn.request_path, conn.request_path <> "?#{conn.query_string}"]
+        [conn.request_path, conn.request_path <> "?#{conn.query_string}" | route_aliases(conn)]
+
+      conn =
+        case conn do
+          %{assigns: %{digest: digest}} = conn -> put_req_header(conn, "digest", digest)
+          conn -> conn
+        end
 
       assign_valid_signature_on_route_aliases(conn, possible_paths)
     else