mirror of
https://git.pleroma.social/pleroma/relay.git
synced 2024-11-21 22:17:59 +00:00
harden AP side a bit
This commit is contained in:
parent
6d234563e5
commit
e5597399b6
|
@ -118,7 +118,10 @@ processors = {
|
||||||
|
|
||||||
|
|
||||||
async def inbox(request):
|
async def inbox(request):
|
||||||
data = await request.json()
|
data = await request.json(content_type=None)
|
||||||
|
|
||||||
|
if 'actor' not in data or not request['validated']:
|
||||||
|
raise aiohttp.web.HTTPUnauthorized(body='access denied', content_type='text/plain')
|
||||||
|
|
||||||
actor = await fetch_actor(data["actor"])
|
actor = await fetch_actor(data["actor"])
|
||||||
actor_uri = 'https://{}/actor'.format(request.host)
|
actor_uri = 'https://{}/actor'.format(request.host)
|
||||||
|
|
|
@ -91,14 +91,18 @@ async def validate(actor, request):
|
||||||
h.update(sigstring.encode('ascii'))
|
h.update(sigstring.encode('ascii'))
|
||||||
result = pkcs.verify(h, sigdata)
|
result = pkcs.verify(h, sigdata)
|
||||||
|
|
||||||
|
request['validated'] = result
|
||||||
|
|
||||||
logging.debug('validates? %r', result)
|
logging.debug('validates? %r', result)
|
||||||
return result
|
return result
|
||||||
|
|
||||||
|
|
||||||
async def http_signatures_middleware(app, handler):
|
async def http_signatures_middleware(app, handler):
|
||||||
async def http_signatures_handler(request):
|
async def http_signatures_handler(request):
|
||||||
|
request['validated'] = False
|
||||||
|
|
||||||
if 'signature' in request.headers:
|
if 'signature' in request.headers:
|
||||||
data = await request.json()
|
data = await request.json(content_type=None)
|
||||||
if 'actor' not in data:
|
if 'actor' not in data:
|
||||||
raise aiohttp.web.HTTPUnauthorized(body='signature check failed, no actor in message')
|
raise aiohttp.web.HTTPUnauthorized(body='signature check failed, no actor in message')
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue