Make Plume compile on release (#365)

* Remove use of String for body parameters

Create SignedJson and implement FromData for it

* Make Travis test on release

* Remove warning when installing and fix coverage
This commit is contained in:
fdb-hiroshima
2018-12-22 18:27:21 +01:00
committed by GitHub
parent 718e23ac85
commit ab2998e214
9 changed files with 96 additions and 17 deletions
+4 -4
View File
@@ -16,7 +16,7 @@ use plume_models::{
safe_string::SafeString,
instance::*
};
use inbox::Inbox;
use inbox::{Inbox, SignedJson};
use routes::Page;
use template_utils::Ructe;
use Searcher;
@@ -186,15 +186,15 @@ pub fn ban(_admin: Admin, conn: DbConn, id: i32, searcher: Searcher) -> Redirect
}
#[post("/inbox", data = "<data>")]
pub fn shared_inbox(conn: DbConn, data: String, headers: Headers, searcher: Searcher) -> Result<String, status::BadRequest<&'static str>> {
let act: serde_json::Value = serde_json::from_str(&data[..]).expect("instance::shared_inbox: deserialization error");
pub fn shared_inbox(conn: DbConn, data: SignedJson<serde_json::Value>, headers: Headers, searcher: Searcher) -> Result<String, status::BadRequest<&'static str>> {
let act = data.1.into_inner();
let activity = act.clone();
let actor_id = activity["actor"].as_str()
.or_else(|| activity["actor"]["id"].as_str()).ok_or(status::BadRequest(Some("Missing actor id for activity")))?;
let actor = User::from_url(&conn, actor_id).expect("instance::shared_inbox: user error");
if !verify_http_headers(&actor, &headers.0, &data).is_secure() &&
if !verify_http_headers(&actor, &headers.0, &data.0).is_secure() &&
!act.clone().verify(&actor) {
println!("Rejected invalid activity supposedly from {}, with headers {:?}", actor.username, headers.0);
return Err(status::BadRequest(Some("Invalid signature")));
+4 -5
View File
@@ -9,7 +9,7 @@ use rocket_i18n::I18n;
use serde_json;
use validator::{Validate, ValidationError, ValidationErrors};
use inbox::Inbox;
use inbox::{Inbox, SignedJson};
use plume_common::activity_pub::{
broadcast,
inbox::{Deletable, FromActivity, Notify},
@@ -349,13 +349,12 @@ pub fn outbox(name: String, conn: DbConn) -> Option<ActivityStream<OrderedCollec
pub fn inbox(
name: String,
conn: DbConn,
data: String,
data: SignedJson<serde_json::Value>,
headers: Headers,
searcher: Searcher,
) -> Result<String, Option<status::BadRequest<&'static str>>> {
let user = User::find_local(&*conn, &name).ok_or(None)?;
let act: serde_json::Value =
serde_json::from_str(&data).expect("user::inbox: deserialization error");
let act = data.1.into_inner();
let activity = act.clone();
let actor_id = activity["actor"]
@@ -366,7 +365,7 @@ pub fn inbox(
))))?;
let actor = User::from_url(&conn, actor_id).expect("user::inbox: user error");
if !verify_http_headers(&actor, &headers.0, &data).is_secure()
if !verify_http_headers(&actor, &headers.0, &data.0).is_secure()
&& !act.clone().verify(&actor)
{
println!(