forked from Plume/Plume
Add support for signature verification on pseudo header
Add support for pseudo-header '(request-target)' Add some logging for denied request
This commit is contained in:
parent
0d6a2af851
commit
ba4695f490
3 changed files with 15 additions and 3 deletions
|
@ -1,5 +1,5 @@
|
|||
use rocket::request::{self, FromRequest, Request};
|
||||
use rocket::{http::HeaderMap, Outcome};
|
||||
use rocket::{http::{Header, HeaderMap}, Outcome};
|
||||
|
||||
|
||||
pub struct Headers<'r>(pub HeaderMap<'r>);
|
||||
|
@ -12,6 +12,16 @@ impl<'a, 'r> FromRequest<'a, 'r> for Headers<'r> {
|
|||
for header in request.headers().clone().into_iter() {
|
||||
headers.add(header);
|
||||
}
|
||||
let ori = request.uri();
|
||||
let uri = if let Some(query) = ori.query() {
|
||||
format!("{}?{}", ori.path(), query)
|
||||
} else {
|
||||
ori.path().to_owned()
|
||||
};
|
||||
headers.add(Header::new("(request-target)",
|
||||
format!("{} {}",
|
||||
request.method().as_str().to_lowercase(),
|
||||
uri.to_lowercase())));
|
||||
Outcome::Success(Headers(headers))
|
||||
}
|
||||
}
|
||||
|
|
|
@ -200,8 +200,9 @@ fn shared_inbox(conn: DbConn, data: String, headers: Headers) -> String {
|
|||
.unwrap_or_else(|| activity["actor"]["id"].as_str().expect("No actor ID for incoming activity, blocks by panicking"));
|
||||
|
||||
let actor = User::from_url(&conn, actor_id.to_owned()).unwrap();
|
||||
if !verify_http_headers(&actor, headers.0, data).is_secure() &&
|
||||
if !verify_http_headers(&actor, headers.0.clone(), data).is_secure() &&
|
||||
!act.clone().verify(&actor) {
|
||||
println!("Rejected invalid activity supposedly from {}, with headers {:?}", actor.username, headers.0);
|
||||
return "invalid signature".to_owned();
|
||||
}
|
||||
|
||||
|
|
|
@ -306,8 +306,9 @@ fn inbox(name: String, conn: DbConn, data: String, headers: Headers) -> String {
|
|||
.unwrap_or_else(|| activity["actor"]["id"].as_str().expect("User: No actor ID for incoming activity, blocks by panicking"));
|
||||
|
||||
let actor = User::from_url(&conn, actor_id.to_owned()).unwrap();
|
||||
if !verify_http_headers(&actor, headers.0, data).is_secure() &&
|
||||
if !verify_http_headers(&actor, headers.0.clone(), data).is_secure() &&
|
||||
!act.clone().verify(&actor) {
|
||||
println!("Rejected invalid activity supposedly from {}, with headers {:?}", actor.username, headers.0);
|
||||
return "invalid signature".to_owned();
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue