forked from mirrors/relay
Enforce sig is from correct actor
This commit is contained in:
parent
86a760a8e4
commit
9642e357e5
4 changed files with 17 additions and 3 deletions
4
Cargo.lock
generated
4
Cargo.lock
generated
|
@ -1079,9 +1079,9 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "http-signature-normalization-actix"
|
name = "http-signature-normalization-actix"
|
||||||
version = "0.3.0-alpha.2"
|
version = "0.3.0-alpha.3"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "e3f035288c367f436250512a6e7efba4636d3354c0200baa2fdc0f5f1bb72b1a"
|
checksum = "36b2d8e485a1403413d543ccaa5bb02be59d1ef93e0ecb97314bfdf2573b2ba7"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"actix-http",
|
"actix-http",
|
||||||
"actix-web",
|
"actix-web",
|
||||||
|
|
|
@ -17,7 +17,7 @@ base64 = "0.12"
|
||||||
bb8-postgres = "0.4.0"
|
bb8-postgres = "0.4.0"
|
||||||
dotenv = "0.15.0"
|
dotenv = "0.15.0"
|
||||||
futures = "0.3.4"
|
futures = "0.3.4"
|
||||||
http-signature-normalization-actix = { version = "0.3.0-alpha.2", default-features = false, features = ["sha-2"] }
|
http-signature-normalization-actix = { version = "0.3.0-alpha.3", default-features = false, features = ["sha-2"] }
|
||||||
log = "0.4"
|
log = "0.4"
|
||||||
lru = "0.4.3"
|
lru = "0.4.3"
|
||||||
pretty_env_logger = "0.4.0"
|
pretty_env_logger = "0.4.0"
|
||||||
|
|
|
@ -30,6 +30,9 @@ pub enum MyError {
|
||||||
#[error("Couldn't decode base64")]
|
#[error("Couldn't decode base64")]
|
||||||
Base64(#[from] base64::DecodeError),
|
Base64(#[from] base64::DecodeError),
|
||||||
|
|
||||||
|
#[error("Actor tried to submit another actor's payload")]
|
||||||
|
BadActor,
|
||||||
|
|
||||||
#[error("Invalid algorithm provided to verifier")]
|
#[error("Invalid algorithm provided to verifier")]
|
||||||
Algorithm,
|
Algorithm,
|
||||||
|
|
||||||
|
|
11
src/inbox.rs
11
src/inbox.rs
|
@ -15,6 +15,7 @@ use activitystreams::{
|
||||||
use actix::Addr;
|
use actix::Addr;
|
||||||
use actix_web::{client::Client, web, HttpResponse};
|
use actix_web::{client::Client, web, HttpResponse};
|
||||||
use futures::join;
|
use futures::join;
|
||||||
|
use http_signature_normalization_actix::middleware::SignatureVerified;
|
||||||
use log::error;
|
use log::error;
|
||||||
|
|
||||||
pub async fn inbox(
|
pub async fn inbox(
|
||||||
|
@ -22,9 +23,19 @@ pub async fn inbox(
|
||||||
state: web::Data<State>,
|
state: web::Data<State>,
|
||||||
client: web::Data<Client>,
|
client: web::Data<Client>,
|
||||||
input: web::Json<AcceptedObjects>,
|
input: web::Json<AcceptedObjects>,
|
||||||
|
verified: SignatureVerified,
|
||||||
) -> Result<HttpResponse, MyError> {
|
) -> Result<HttpResponse, MyError> {
|
||||||
let input = input.into_inner();
|
let input = input.into_inner();
|
||||||
|
|
||||||
|
if input.actor.as_str() != verified.key_id() {
|
||||||
|
error!(
|
||||||
|
"Request payload and requestor disagree on actor, {} != {}",
|
||||||
|
input.actor,
|
||||||
|
verified.key_id()
|
||||||
|
);
|
||||||
|
return Err(MyError::BadActor);
|
||||||
|
}
|
||||||
|
|
||||||
let actor = fetch_actor(
|
let actor = fetch_actor(
|
||||||
state.clone().into_inner(),
|
state.clone().into_inner(),
|
||||||
client.clone().into_inner(),
|
client.clone().into_inner(),
|
||||||
|
|
Loading…
Reference in a new issue