pch_xyz/relay
1
0
Fork 0
mirror of https://git.pleroma.social/pleroma/relay.git synced 2024-11-10 02:17:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

harden AP side a bit

Browse source
This commit is contained in:
William Pitcock 2018-08-10 20:53:01 -05:00
parent 6d234563e5
commit e5597399b6
2 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
viera/actor.py
View file

@ -118,7 +118,10 @@ processors = {
async def inbox(request): async def inbox(request):
data = await request.json() data = await request.json(content_type=None)
if 'actor' not in data or not request['validated']:
raise aiohttp.web.HTTPUnauthorized(body='access denied', content_type='text/plain')
actor = await fetch_actor(data["actor"]) actor = await fetch_actor(data["actor"])
actor_uri = 'https://{}/actor'.format(request.host) actor_uri = 'https://{}/actor'.format(request.host)

6
viera/http_signatures.py
View file

@ -91,14 +91,18 @@ async def validate(actor, request):
h.update(sigstring.encode('ascii')) h.update(sigstring.encode('ascii'))
result = pkcs.verify(h, sigdata) result = pkcs.verify(h, sigdata)
request['validated'] = result
logging.debug('validates? %r', result) logging.debug('validates? %r', result)
return result return result
async def http_signatures_middleware(app, handler): async def http_signatures_middleware(app, handler):
async def http_signatures_handler(request): async def http_signatures_handler(request):
request['validated'] = False
if 'signature' in request.headers: if 'signature' in request.headers:
data = await request.json() data = await request.json(content_type=None)
if 'actor' not in data: if 'actor' not in data:
raise aiohttp.web.HTTPUnauthorized(body='signature check failed, no actor in message') raise aiohttp.web.HTTPUnauthorized(body='signature check failed, no actor in message')