aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2019-10-25 14:53:39 +0200
committerChocobozzz <me@florianbigard.com>2019-10-25 14:54:32 +0200
commitf67d757452c63fff27df596b575ae1ca9225a1a0 (patch)
treea62ece9dabd7f861a9735abfeed7241104645cdb
parent4ce7eb71ba28a563336c07d10c182ff89461c72b (diff)
downloadPeerTube-f67d757452c63fff27df596b575ae1ca9225a1a0.tar.gz
PeerTube-f67d757452c63fff27df596b575ae1ca9225a1a0.tar.zst
PeerTube-f67d757452c63fff27df596b575ae1ca9225a1a0.zip
Increase clock skew for HTTP signatures
-rw-r--r--server/initializers/constants.ts3
-rw-r--r--server/middlewares/activitypub.ts2
2 files changed, 3 insertions, 2 deletions
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts
index 190fd427a..fd4c0fdaa 100644
--- a/server/initializers/constants.ts
+++ b/server/initializers/constants.ts
@@ -467,7 +467,8 @@ const ACTIVITY_PUB_ACTOR_TYPES: { [ id: string ]: ActivityPubActorType } = {
467const HTTP_SIGNATURE = { 467const HTTP_SIGNATURE = {
468 HEADER_NAME: 'signature', 468 HEADER_NAME: 'signature',
469 ALGORITHM: 'rsa-sha256', 469 ALGORITHM: 'rsa-sha256',
470 HEADERS_TO_SIGN: [ '(request-target)', 'host', 'date', 'digest' ] 470 HEADERS_TO_SIGN: [ '(request-target)', 'host', 'date', 'digest' ],
471 CLOCK_SKEW_SECONDS: 1800
471} 472}
472 473
473// --------------------------------------------------------------------------- 474// ---------------------------------------------------------------------------
diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts
index bea213d27..fedac0e05 100644
--- a/server/middlewares/activitypub.ts
+++ b/server/middlewares/activitypub.ts
@@ -55,7 +55,7 @@ async function checkHttpSignature (req: Request, res: Response) {
55 const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string 55 const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string
56 if (sig && sig.startsWith('Signature ') === false) req.headers[HTTP_SIGNATURE.HEADER_NAME] = 'Signature ' + sig 56 if (sig && sig.startsWith('Signature ') === false) req.headers[HTTP_SIGNATURE.HEADER_NAME] = 'Signature ' + sig
57 57
58 const parsed = parseHTTPSignature(req) 58 const parsed = parseHTTPSignature(req, HTTP_SIGNATURE.CLOCK_SKEW_SECONDS)
59 59
60 const keyId = parsed.keyId 60 const keyId = parsed.keyId
61 if (!keyId) { 61 if (!keyId) {