diff options
author | Chocobozzz <me@florianbigard.com> | 2019-10-25 14:53:39 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2019-10-25 14:54:32 +0200 |
commit | f67d757452c63fff27df596b575ae1ca9225a1a0 (patch) | |
tree | a62ece9dabd7f861a9735abfeed7241104645cdb | |
parent | 4ce7eb71ba28a563336c07d10c182ff89461c72b (diff) | |
download | PeerTube-f67d757452c63fff27df596b575ae1ca9225a1a0.tar.gz PeerTube-f67d757452c63fff27df596b575ae1ca9225a1a0.tar.zst PeerTube-f67d757452c63fff27df596b575ae1ca9225a1a0.zip |
Increase clock skew for HTTP signatures
-rw-r--r-- | server/initializers/constants.ts | 3 | ||||
-rw-r--r-- | server/middlewares/activitypub.ts | 2 |
2 files changed, 3 insertions, 2 deletions
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts index 190fd427a..fd4c0fdaa 100644 --- a/server/initializers/constants.ts +++ b/server/initializers/constants.ts | |||
@@ -467,7 +467,8 @@ const ACTIVITY_PUB_ACTOR_TYPES: { [ id: string ]: ActivityPubActorType } = { | |||
467 | const HTTP_SIGNATURE = { | 467 | const HTTP_SIGNATURE = { |
468 | HEADER_NAME: 'signature', | 468 | HEADER_NAME: 'signature', |
469 | ALGORITHM: 'rsa-sha256', | 469 | ALGORITHM: 'rsa-sha256', |
470 | HEADERS_TO_SIGN: [ '(request-target)', 'host', 'date', 'digest' ] | 470 | HEADERS_TO_SIGN: [ '(request-target)', 'host', 'date', 'digest' ], |
471 | CLOCK_SKEW_SECONDS: 1800 | ||
471 | } | 472 | } |
472 | 473 | ||
473 | // --------------------------------------------------------------------------- | 474 | // --------------------------------------------------------------------------- |
diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts index bea213d27..fedac0e05 100644 --- a/server/middlewares/activitypub.ts +++ b/server/middlewares/activitypub.ts | |||
@@ -55,7 +55,7 @@ async function checkHttpSignature (req: Request, res: Response) { | |||
55 | const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string | 55 | const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string |
56 | if (sig && sig.startsWith('Signature ') === false) req.headers[HTTP_SIGNATURE.HEADER_NAME] = 'Signature ' + sig | 56 | if (sig && sig.startsWith('Signature ') === false) req.headers[HTTP_SIGNATURE.HEADER_NAME] = 'Signature ' + sig |
57 | 57 | ||
58 | const parsed = parseHTTPSignature(req) | 58 | const parsed = parseHTTPSignature(req, HTTP_SIGNATURE.CLOCK_SKEW_SECONDS) |
59 | 59 | ||
60 | const keyId = parsed.keyId | 60 | const keyId = parsed.keyId |
61 | if (!keyId) { | 61 | if (!keyId) { |