forked from Plume/Plume
Verify signature date
Fix #286 Remove indexed from post_id search field as it was added by mistake
This commit is contained in:
parent
5ff3b65cc5
commit
39deede935
2 changed files with 42 additions and 8 deletions
|
@ -1,6 +1,7 @@
|
|||
use super::request;
|
||||
use base64;
|
||||
use chrono::Utc;
|
||||
use chrono::{DateTime, Duration,
|
||||
naive::NaiveDateTime, Utc};
|
||||
use hex;
|
||||
use openssl::{pkey::PKey, rsa::Rsa, sha::sha256};
|
||||
use rocket::http::HeaderMap;
|
||||
|
@ -86,10 +87,24 @@ impl Signable for serde_json::Value {
|
|||
let creation_date = &signature_obj["created"];
|
||||
let options_hash = Self::hash(
|
||||
&json!({
|
||||
"@context": "https://w3id.org/identity/v1",
|
||||
"created": creation_date
|
||||
}).to_string(),
|
||||
"@context": "https://w3id.org/identity/v1",
|
||||
"created": creation_date
|
||||
}).to_string(),
|
||||
);
|
||||
let creation_date = creation_date.as_str();
|
||||
if creation_date.is_none() {
|
||||
return false;
|
||||
}
|
||||
let creation_date = DateTime::parse_from_rfc3339(creation_date.unwrap());
|
||||
if creation_date.is_err() {
|
||||
return false;
|
||||
}
|
||||
let diff = creation_date.unwrap().signed_duration_since(Utc::now());
|
||||
let future = Duration::hours(12);
|
||||
let past = Duration::hours(-12);
|
||||
if !(diff < future && diff > past) {
|
||||
return false;
|
||||
}
|
||||
let document_hash = Self::hash(&self.to_string());
|
||||
let to_be_signed = options_hash + &document_hash;
|
||||
creator.verify(&to_be_signed, &signature)
|
||||
|
@ -102,6 +117,7 @@ pub enum SignatureValidity {
|
|||
ValidNoDigest,
|
||||
Valid,
|
||||
Absent,
|
||||
Outdated,
|
||||
}
|
||||
|
||||
impl SignatureValidity {
|
||||
|
@ -162,8 +178,26 @@ pub fn verify_http_headers<S: Signer + ::std::fmt::Debug>(
|
|||
let digest = request::Digest::from_header(digest);
|
||||
if !digest.map(|d| d.verify(&data)).unwrap_or(false) {
|
||||
// signature was valid, but body content does not match its digest
|
||||
SignatureValidity::Invalid
|
||||
return SignatureValidity::Invalid;
|
||||
}
|
||||
if !headers.contains(&"date") {
|
||||
return SignatureValidity::Valid; //maybe we shouldn't trust a request without date?
|
||||
}
|
||||
|
||||
let date = all_headers.get_one("date");
|
||||
if date.is_none() {
|
||||
return SignatureValidity::Outdated;
|
||||
}
|
||||
let date = NaiveDateTime::parse_from_str(date.unwrap(), "%a, %d %h %Y %T GMT");
|
||||
if date.is_err() {
|
||||
return SignatureValidity::Outdated;
|
||||
}
|
||||
let diff = Utc::now().naive_utc() - date.unwrap();
|
||||
let future = Duration::hours(12);
|
||||
let past = Duration::hours(-12);
|
||||
if diff < future && diff > past {
|
||||
SignatureValidity::Valid
|
||||
} else {
|
||||
SignatureValidity::Valid // all check passed
|
||||
SignatureValidity::Outdated
|
||||
}
|
||||
}
|
||||
|
|
|
@ -47,11 +47,11 @@ impl Searcher {
|
|||
|
||||
let mut schema_builder = SchemaBuilder::default();
|
||||
|
||||
schema_builder.add_i64_field("post_id", INT_STORED | INT_INDEXED);
|
||||
schema_builder.add_i64_field("post_id", INT_STORED );
|
||||
schema_builder.add_i64_field("creation_date", INT_INDEXED);
|
||||
|
||||
schema_builder.add_text_field("instance", tag_indexing.clone());
|
||||
schema_builder.add_text_field("author", tag_indexing.clone());//todo move to a user_indexing with user_tokenizer function
|
||||
schema_builder.add_text_field("author", tag_indexing.clone());
|
||||
schema_builder.add_text_field("tag", tag_indexing);
|
||||
|
||||
schema_builder.add_text_field("blog", content_indexing.clone());
|
||||
|
|
Loading…
Reference in a new issue