mirror of
https://github.com/spacebarchat/server.git
synced 2024-11-26 04:03:03 +01:00
Http signatures: fix missing quotes in sent header, add date check
This commit is contained in:
parent
95cabac3f0
commit
97b9184afd
@ -28,6 +28,14 @@ export class HttpSig {
|
|||||||
activity: APActivity,
|
activity: APActivity,
|
||||||
requestHeaders: IncomingHttpHeaders,
|
requestHeaders: IncomingHttpHeaders,
|
||||||
) {
|
) {
|
||||||
|
const date = requestHeaders["date"];
|
||||||
|
if (
|
||||||
|
!date ||
|
||||||
|
// Older than 1 day
|
||||||
|
Date.parse(date).valueOf() > Date.now() + 24 * 60 * 60 * 1000
|
||||||
|
)
|
||||||
|
throw new APError("Signature too old");
|
||||||
|
|
||||||
const sigheader = requestHeaders["signature"]?.toString();
|
const sigheader = requestHeaders["signature"]?.toString();
|
||||||
if (!sigheader) throw new APError("Missing signature");
|
if (!sigheader) throw new APError("Missing signature");
|
||||||
const sigopts: { [key: string]: string | undefined } = Object.assign(
|
const sigopts: { [key: string]: string | undefined } = Object.assign(
|
||||||
@ -115,7 +123,7 @@ export class HttpSig {
|
|||||||
const header =
|
const header =
|
||||||
`keyId="https://${host}/federation/${sender.type}/${sender.actorId}",` +
|
`keyId="https://${host}/federation/${sender.type}/${sender.actorId}",` +
|
||||||
`headers="(request-target) host date digest",` +
|
`headers="(request-target) host date digest",` +
|
||||||
`signature=${sig_b64}`;
|
`signature="${sig_b64}"`;
|
||||||
|
|
||||||
return OrmUtils.mergeDeep({}, fetchOpts, {
|
return OrmUtils.mergeDeep({}, fetchOpts, {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
|
Loading…
Reference in New Issue
Block a user