mirror of
https://git.asonix.dog/asonix/relay.git
synced 2025-01-10 19:45:26 +00:00
Enforce sig is from correct actor
This commit is contained in:
parent
86a760a8e4
commit
9642e357e5
4 changed files with 17 additions and 3 deletions
4
Cargo.lock
generated
4
Cargo.lock
generated
|
@ -1079,9 +1079,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "http-signature-normalization-actix"
|
||||
version = "0.3.0-alpha.2"
|
||||
version = "0.3.0-alpha.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "e3f035288c367f436250512a6e7efba4636d3354c0200baa2fdc0f5f1bb72b1a"
|
||||
checksum = "36b2d8e485a1403413d543ccaa5bb02be59d1ef93e0ecb97314bfdf2573b2ba7"
|
||||
dependencies = [
|
||||
"actix-http",
|
||||
"actix-web",
|
||||
|
|
|
@ -17,7 +17,7 @@ base64 = "0.12"
|
|||
bb8-postgres = "0.4.0"
|
||||
dotenv = "0.15.0"
|
||||
futures = "0.3.4"
|
||||
http-signature-normalization-actix = { version = "0.3.0-alpha.2", default-features = false, features = ["sha-2"] }
|
||||
http-signature-normalization-actix = { version = "0.3.0-alpha.3", default-features = false, features = ["sha-2"] }
|
||||
log = "0.4"
|
||||
lru = "0.4.3"
|
||||
pretty_env_logger = "0.4.0"
|
||||
|
|
|
@ -30,6 +30,9 @@ pub enum MyError {
|
|||
#[error("Couldn't decode base64")]
|
||||
Base64(#[from] base64::DecodeError),
|
||||
|
||||
#[error("Actor tried to submit another actor's payload")]
|
||||
BadActor,
|
||||
|
||||
#[error("Invalid algorithm provided to verifier")]
|
||||
Algorithm,
|
||||
|
||||
|
|
11
src/inbox.rs
11
src/inbox.rs
|
@ -15,6 +15,7 @@ use activitystreams::{
|
|||
use actix::Addr;
|
||||
use actix_web::{client::Client, web, HttpResponse};
|
||||
use futures::join;
|
||||
use http_signature_normalization_actix::middleware::SignatureVerified;
|
||||
use log::error;
|
||||
|
||||
pub async fn inbox(
|
||||
|
@ -22,9 +23,19 @@ pub async fn inbox(
|
|||
state: web::Data<State>,
|
||||
client: web::Data<Client>,
|
||||
input: web::Json<AcceptedObjects>,
|
||||
verified: SignatureVerified,
|
||||
) -> Result<HttpResponse, MyError> {
|
||||
let input = input.into_inner();
|
||||
|
||||
if input.actor.as_str() != verified.key_id() {
|
||||
error!(
|
||||
"Request payload and requestor disagree on actor, {} != {}",
|
||||
input.actor,
|
||||
verified.key_id()
|
||||
);
|
||||
return Err(MyError::BadActor);
|
||||
}
|
||||
|
||||
let actor = fetch_actor(
|
||||
state.clone().into_inner(),
|
||||
client.clone().into_inner(),
|
||||
|
|
Loading…
Reference in a new issue