forked from mirrors/relay
Add allow/block check to verifier middleware before key validation
This commit is contained in:
parent
e2da563a1c
commit
9923d4d107
3 changed files with 33 additions and 6 deletions
|
@ -1,4 +1,9 @@
|
|||
use crate::{data::ActorCache, error::MyError, middleware::MyVerify, requests::Requests};
|
||||
use crate::{
|
||||
data::{ActorCache, State},
|
||||
error::MyError,
|
||||
middleware::MyVerify,
|
||||
requests::Requests,
|
||||
};
|
||||
use activitystreams::{uri, url::Url};
|
||||
use config::Environment;
|
||||
use http_signature_normalization_actix::prelude::{VerifyDigest, VerifySignature};
|
||||
|
@ -109,11 +114,12 @@ impl Config {
|
|||
&self,
|
||||
requests: Requests,
|
||||
actors: ActorCache,
|
||||
state: State,
|
||||
) -> VerifySignature<MyVerify> {
|
||||
if self.validate_signatures {
|
||||
VerifySignature::new(MyVerify(requests, actors), Default::default())
|
||||
VerifySignature::new(MyVerify(requests, actors, state), Default::default())
|
||||
} else {
|
||||
VerifySignature::new(MyVerify(requests, actors), Default::default()).optional()
|
||||
VerifySignature::new(MyVerify(requests, actors, state), Default::default()).optional()
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -133,7 +133,11 @@ async fn main() -> Result<(), anyhow::Error> {
|
|||
.service(
|
||||
web::resource("/inbox")
|
||||
.wrap(config.digest_middleware())
|
||||
.wrap(config.signature_middleware(state.requests(), actors.clone()))
|
||||
.wrap(config.signature_middleware(
|
||||
state.requests(),
|
||||
actors.clone(),
|
||||
state.clone(),
|
||||
))
|
||||
.wrap(DebugPayload(config.debug()))
|
||||
.route(web::post().to(inbox)),
|
||||
)
|
||||
|
|
|
@ -1,6 +1,11 @@
|
|||
use crate::{data::ActorCache, error::MyError, requests::Requests};
|
||||
use crate::{
|
||||
data::{ActorCache, State},
|
||||
error::MyError,
|
||||
requests::Requests,
|
||||
};
|
||||
use activitystreams::uri;
|
||||
use actix_web::web;
|
||||
use futures::join;
|
||||
use http_signature_normalization_actix::{prelude::*, verify::DeprecatedAlgorithm};
|
||||
use log::error;
|
||||
use rsa::{hash::Hash, padding::PaddingScheme, PublicKey, RSAPublicKey};
|
||||
|
@ -9,7 +14,7 @@ use sha2::{Digest, Sha256};
|
|||
use std::{future::Future, pin::Pin};
|
||||
|
||||
#[derive(Clone)]
|
||||
pub struct MyVerify(pub Requests, pub ActorCache);
|
||||
pub struct MyVerify(pub Requests, pub ActorCache, pub State);
|
||||
|
||||
impl MyVerify {
|
||||
async fn verify(
|
||||
|
@ -20,6 +25,18 @@ impl MyVerify {
|
|||
signing_string: String,
|
||||
) -> Result<bool, MyError> {
|
||||
let mut uri = uri!(key_id);
|
||||
|
||||
let (is_blocked, is_whitelisted) =
|
||||
join!(self.2.is_blocked(&uri), self.2.is_whitelisted(&uri));
|
||||
|
||||
if is_blocked {
|
||||
return Err(MyError::Blocked(key_id));
|
||||
}
|
||||
|
||||
if !is_whitelisted {
|
||||
return Err(MyError::Whitelist(key_id));
|
||||
}
|
||||
|
||||
uri.set_fragment(None);
|
||||
let actor = self.1.get(&uri, &self.0).await?;
|
||||
let was_cached = actor.is_cached();
|
||||
|
|
Loading…
Reference in a new issue