Verify signature date

Fix #286
Remove indexed from post_id search field as it was added by mistake
This commit is contained in:
Trinity Pointard 2018-12-04 00:07:39 +01:00
parent 5ff3b65cc5
commit 39deede935
2 changed files with 42 additions and 8 deletions

View file

@ -1,6 +1,7 @@
use super::request; use super::request;
use base64; use base64;
use chrono::Utc; use chrono::{DateTime, Duration,
naive::NaiveDateTime, Utc};
use hex; use hex;
use openssl::{pkey::PKey, rsa::Rsa, sha::sha256}; use openssl::{pkey::PKey, rsa::Rsa, sha::sha256};
use rocket::http::HeaderMap; use rocket::http::HeaderMap;
@ -86,10 +87,24 @@ impl Signable for serde_json::Value {
let creation_date = &signature_obj["created"]; let creation_date = &signature_obj["created"];
let options_hash = Self::hash( let options_hash = Self::hash(
&json!({ &json!({
"@context": "https://w3id.org/identity/v1", "@context": "https://w3id.org/identity/v1",
"created": creation_date "created": creation_date
}).to_string(), }).to_string(),
); );
let creation_date = creation_date.as_str();
if creation_date.is_none() {
return false;
}
let creation_date = DateTime::parse_from_rfc3339(creation_date.unwrap());
if creation_date.is_err() {
return false;
}
let diff = creation_date.unwrap().signed_duration_since(Utc::now());
let future = Duration::hours(12);
let past = Duration::hours(-12);
if !(diff < future && diff > past) {
return false;
}
let document_hash = Self::hash(&self.to_string()); let document_hash = Self::hash(&self.to_string());
let to_be_signed = options_hash + &document_hash; let to_be_signed = options_hash + &document_hash;
creator.verify(&to_be_signed, &signature) creator.verify(&to_be_signed, &signature)
@ -102,6 +117,7 @@ pub enum SignatureValidity {
ValidNoDigest, ValidNoDigest,
Valid, Valid,
Absent, Absent,
Outdated,
} }
impl SignatureValidity { impl SignatureValidity {
@ -162,8 +178,26 @@ pub fn verify_http_headers<S: Signer + ::std::fmt::Debug>(
let digest = request::Digest::from_header(digest); let digest = request::Digest::from_header(digest);
if !digest.map(|d| d.verify(&data)).unwrap_or(false) { if !digest.map(|d| d.verify(&data)).unwrap_or(false) {
// signature was valid, but body content does not match its digest // signature was valid, but body content does not match its digest
SignatureValidity::Invalid return SignatureValidity::Invalid;
}
if !headers.contains(&"date") {
return SignatureValidity::Valid; //maybe we shouldn't trust a request without date?
}
let date = all_headers.get_one("date");
if date.is_none() {
return SignatureValidity::Outdated;
}
let date = NaiveDateTime::parse_from_str(date.unwrap(), "%a, %d %h %Y %T GMT");
if date.is_err() {
return SignatureValidity::Outdated;
}
let diff = Utc::now().naive_utc() - date.unwrap();
let future = Duration::hours(12);
let past = Duration::hours(-12);
if diff < future && diff > past {
SignatureValidity::Valid
} else { } else {
SignatureValidity::Valid // all check passed SignatureValidity::Outdated
} }
} }

View file

@ -47,11 +47,11 @@ impl Searcher {
let mut schema_builder = SchemaBuilder::default(); let mut schema_builder = SchemaBuilder::default();
schema_builder.add_i64_field("post_id", INT_STORED | INT_INDEXED); schema_builder.add_i64_field("post_id", INT_STORED );
schema_builder.add_i64_field("creation_date", INT_INDEXED); schema_builder.add_i64_field("creation_date", INT_INDEXED);
schema_builder.add_text_field("instance", tag_indexing.clone()); schema_builder.add_text_field("instance", tag_indexing.clone());
schema_builder.add_text_field("author", tag_indexing.clone());//todo move to a user_indexing with user_tokenizer function schema_builder.add_text_field("author", tag_indexing.clone());
schema_builder.add_text_field("tag", tag_indexing); schema_builder.add_text_field("tag", tag_indexing);
schema_builder.add_text_field("blog", content_indexing.clone()); schema_builder.add_text_field("blog", content_indexing.clone());