2 files changed, 17 insertions, 6 deletions

diff --git a/lib/pleroma/http_signatures_api.ex b/lib/pleroma/http_signatures_api.ex
new file mode 100644
index 000000000..8e73dc98e
--- /dev/null
+++ b/lib/pleroma/http_signatures_api.ex
@@ -0,0 +1,4 @@
+defmodule Pleroma.HTTPSignaturesAPI do
+  @callback validate_conn(conn :: Plug.Conn.t()) :: boolean
+  @callback signature_for_conn(conn :: Plug.Conn.t()) :: map
+end
diff --git a/lib/pleroma/web/plugs/http_signature_plug.ex b/lib/pleroma/web/plugs/http_signature_plug.ex
index 71b2a5f51..6bf2dd432 100644
--- a/lib/pleroma/web/plugs/http_signature_plug.ex
+++ b/lib/pleroma/web/plugs/http_signature_plug.ex
@@ -8,11 +8,17 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
   import Plug.Conn
   import Phoenix.Controller, only: [get_format: 1, text: 2]
 
-  alias Pleroma.Config
   alias Pleroma.Web.ActivityPub.MRF
 
   require Logger
 
+  @config_impl Application.compile_env(:pleroma, [__MODULE__, :config_impl], Pleroma.Config)
+  @http_signatures_impl Application.compile_env(
+                          :pleroma,
+                          [__MODULE__, :http_signatures_impl],
+                          HTTPSignatures
+                        )
+
   def init(options) do
     options
   end
@@ -41,7 +47,7 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
       |> put_req_header("(request-target)", request_target)
       |> put_req_header("@request-target", request_target)
 
-    HTTPSignatures.validate_conn(conn)
+    @http_signatures_impl.validate_conn(conn)
   end
 
   defp validate_signature(conn) do
@@ -108,9 +114,9 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
   defp maybe_require_signature(%{assigns: %{valid_signature: true}} = conn), do: conn
 
   defp maybe_require_signature(%{remote_ip: remote_ip} = conn) do
-    if Pleroma.Config.get([:activitypub, :authorized_fetch_mode], false) do
+    if @config_impl.get([:activitypub, :authorized_fetch_mode], false) do
       exceptions =
-        Pleroma.Config.get([:activitypub, :authorized_fetch_mode_exceptions], [])
+        @config_impl.get([:activitypub, :authorized_fetch_mode_exceptions], [])
         |> Enum.map(&InetHelper.parse_cidr/1)
 
       if Enum.any?(exceptions, fn x -> InetCidr.contains?(x, remote_ip) end) do
@@ -129,7 +135,8 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
   defp maybe_filter_requests(%{halted: true} = conn), do: conn
 
   defp maybe_filter_requests(conn) do
-    if Pleroma.Config.get([:activitypub, :authorized_fetch_mode], false) do
+    if @config_impl.get([:activitypub, :authorized_fetch_mode], false) and
+         conn.assigns[:actor_id] do
       %{host: host} = URI.parse(conn.assigns.actor_id)
 
       if MRF.subdomain_match?(rejected_domains(), host) do
@@ -145,7 +152,7 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
   end
 
   defp rejected_domains do
-    Config.get([:instance, :rejected_instances])
+    @config_impl.get([:instance, :rejected_instances])
     |> Pleroma.Web.ActivityPub.MRF.instance_list_from_tuples()
     |> Pleroma.Web.ActivityPub.MRF.subdomains_regex()
   end