mirrors/activitypub-federation-rust
1
0
Fork 0
mirror of https://github.com/LemmyNet/activitypub-federation-rust.git synced 2024-05-12 22:22:40 +00:00
Code Issues Projects Releases Wiki Activity

Increase HTTP signature expiration time to one day (fixes #46)

Browse source
This commit is contained in:
Felix Ableitner 2023-06-21 22:00:22 +02:00
parent 8f997ec340
commit fb67912238
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/http_signatures.rs
View file

@ -67,9 +67,12 @@ pub fn generate_actor_keypair() -> Result<Keypair, std::io::Error> {
})
}
/// Sets the amount of time that a signed request is valid. Currenlty 5 minutes
/// Mastodon & friends have ~1 hour expiry from creation if it's not set in the header
pub(crate) const EXPIRES_AFTER: Duration = Duration::from_secs(300);
/// Time for which HTTP signatures are valid.
///
/// This field is optional in the standard, but required by the Rust library. It is not clear
/// what security concerns this expiration solves (if any), so we set a very high value of one day
/// to avoid any potential problems due to wrong clocks, overloaded servers or delayed delivery.
pub(crate) const EXPIRES_AFTER: Duration = Duration::from_secs(24 * 60 * 60);
/// Creates an HTTP post request to `inbox_url`, with the given `client` and `headers`, and
/// `activity` as request body. The request is signed with `private_key` and then sent.