Verify signature date
Fix #286 Remove indexed from post_id search field as it was added by mistake
This commit is contained in:
parent
5ff3b65cc5
commit
39deede935
@ -1,6 +1,7 @@
|
|||||||
use super::request;
|
use super::request;
|
||||||
use base64;
|
use base64;
|
||||||
use chrono::Utc;
|
use chrono::{DateTime, Duration,
|
||||||
|
naive::NaiveDateTime, Utc};
|
||||||
use hex;
|
use hex;
|
||||||
use openssl::{pkey::PKey, rsa::Rsa, sha::sha256};
|
use openssl::{pkey::PKey, rsa::Rsa, sha::sha256};
|
||||||
use rocket::http::HeaderMap;
|
use rocket::http::HeaderMap;
|
||||||
@ -86,10 +87,24 @@ impl Signable for serde_json::Value {
|
|||||||
let creation_date = &signature_obj["created"];
|
let creation_date = &signature_obj["created"];
|
||||||
let options_hash = Self::hash(
|
let options_hash = Self::hash(
|
||||||
&json!({
|
&json!({
|
||||||
"@context": "https://w3id.org/identity/v1",
|
"@context": "https://w3id.org/identity/v1",
|
||||||
"created": creation_date
|
"created": creation_date
|
||||||
}).to_string(),
|
}).to_string(),
|
||||||
);
|
);
|
||||||
|
let creation_date = creation_date.as_str();
|
||||||
|
if creation_date.is_none() {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
let creation_date = DateTime::parse_from_rfc3339(creation_date.unwrap());
|
||||||
|
if creation_date.is_err() {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
let diff = creation_date.unwrap().signed_duration_since(Utc::now());
|
||||||
|
let future = Duration::hours(12);
|
||||||
|
let past = Duration::hours(-12);
|
||||||
|
if !(diff < future && diff > past) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
let document_hash = Self::hash(&self.to_string());
|
let document_hash = Self::hash(&self.to_string());
|
||||||
let to_be_signed = options_hash + &document_hash;
|
let to_be_signed = options_hash + &document_hash;
|
||||||
creator.verify(&to_be_signed, &signature)
|
creator.verify(&to_be_signed, &signature)
|
||||||
@ -102,6 +117,7 @@ pub enum SignatureValidity {
|
|||||||
ValidNoDigest,
|
ValidNoDigest,
|
||||||
Valid,
|
Valid,
|
||||||
Absent,
|
Absent,
|
||||||
|
Outdated,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl SignatureValidity {
|
impl SignatureValidity {
|
||||||
@ -162,8 +178,26 @@ pub fn verify_http_headers<S: Signer + ::std::fmt::Debug>(
|
|||||||
let digest = request::Digest::from_header(digest);
|
let digest = request::Digest::from_header(digest);
|
||||||
if !digest.map(|d| d.verify(&data)).unwrap_or(false) {
|
if !digest.map(|d| d.verify(&data)).unwrap_or(false) {
|
||||||
// signature was valid, but body content does not match its digest
|
// signature was valid, but body content does not match its digest
|
||||||
SignatureValidity::Invalid
|
return SignatureValidity::Invalid;
|
||||||
|
}
|
||||||
|
if !headers.contains(&"date") {
|
||||||
|
return SignatureValidity::Valid; //maybe we shouldn't trust a request without date?
|
||||||
|
}
|
||||||
|
|
||||||
|
let date = all_headers.get_one("date");
|
||||||
|
if date.is_none() {
|
||||||
|
return SignatureValidity::Outdated;
|
||||||
|
}
|
||||||
|
let date = NaiveDateTime::parse_from_str(date.unwrap(), "%a, %d %h %Y %T GMT");
|
||||||
|
if date.is_err() {
|
||||||
|
return SignatureValidity::Outdated;
|
||||||
|
}
|
||||||
|
let diff = Utc::now().naive_utc() - date.unwrap();
|
||||||
|
let future = Duration::hours(12);
|
||||||
|
let past = Duration::hours(-12);
|
||||||
|
if diff < future && diff > past {
|
||||||
|
SignatureValidity::Valid
|
||||||
} else {
|
} else {
|
||||||
SignatureValidity::Valid // all check passed
|
SignatureValidity::Outdated
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -47,11 +47,11 @@ impl Searcher {
|
|||||||
|
|
||||||
let mut schema_builder = SchemaBuilder::default();
|
let mut schema_builder = SchemaBuilder::default();
|
||||||
|
|
||||||
schema_builder.add_i64_field("post_id", INT_STORED | INT_INDEXED);
|
schema_builder.add_i64_field("post_id", INT_STORED );
|
||||||
schema_builder.add_i64_field("creation_date", INT_INDEXED);
|
schema_builder.add_i64_field("creation_date", INT_INDEXED);
|
||||||
|
|
||||||
schema_builder.add_text_field("instance", tag_indexing.clone());
|
schema_builder.add_text_field("instance", tag_indexing.clone());
|
||||||
schema_builder.add_text_field("author", tag_indexing.clone());//todo move to a user_indexing with user_tokenizer function
|
schema_builder.add_text_field("author", tag_indexing.clone());
|
||||||
schema_builder.add_text_field("tag", tag_indexing);
|
schema_builder.add_text_field("tag", tag_indexing);
|
||||||
|
|
||||||
schema_builder.add_text_field("blog", content_indexing.clone());
|
schema_builder.add_text_field("blog", content_indexing.clone());
|
||||||
|
Loading…
Reference in New Issue
Block a user