Add support for signature verification on pseudo header
Add support for pseudo-header '(request-target)' Add some logging for denied request
This commit is contained in:
@@ -200,8 +200,9 @@ fn shared_inbox(conn: DbConn, data: String, headers: Headers) -> String {
|
||||
.unwrap_or_else(|| activity["actor"]["id"].as_str().expect("No actor ID for incoming activity, blocks by panicking"));
|
||||
|
||||
let actor = User::from_url(&conn, actor_id.to_owned()).unwrap();
|
||||
if !verify_http_headers(&actor, headers.0, data).is_secure() &&
|
||||
if !verify_http_headers(&actor, headers.0.clone(), data).is_secure() &&
|
||||
!act.clone().verify(&actor) {
|
||||
println!("Rejected invalid activity supposedly from {}, with headers {:?}", actor.username, headers.0);
|
||||
return "invalid signature".to_owned();
|
||||
}
|
||||
|
||||
|
||||
+2
-1
@@ -306,8 +306,9 @@ fn inbox(name: String, conn: DbConn, data: String, headers: Headers) -> String {
|
||||
.unwrap_or_else(|| activity["actor"]["id"].as_str().expect("User: No actor ID for incoming activity, blocks by panicking"));
|
||||
|
||||
let actor = User::from_url(&conn, actor_id.to_owned()).unwrap();
|
||||
if !verify_http_headers(&actor, headers.0, data).is_secure() &&
|
||||
if !verify_http_headers(&actor, headers.0.clone(), data).is_secure() &&
|
||||
!act.clone().verify(&actor) {
|
||||
println!("Rejected invalid activity supposedly from {}, with headers {:?}", actor.username, headers.0);
|
||||
return "invalid signature".to_owned();
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user