aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2020-11-12 10:42:25 +0100
committerChocobozzz <me@florianbigard.com>2020-11-12 16:29:32 +0100
commit797d05bdd99b63104522051d0f61f1e0f003e780 (patch)
treea0e356958e03aa62c4539afacbf7715eba305954 /server/middlewares
parent2a9562fc5894509e63016b1fe09f6dce0c4b6e5e (diff)
downloadPeerTube-797d05bdd99b63104522051d0f61f1e0f003e780.tar.gz
PeerTube-797d05bdd99b63104522051d0f61f1e0f003e780.tar.zst
PeerTube-797d05bdd99b63104522051d0f61f1e0f003e780.zip
Force signed headers in http signatures
Thanks Roger
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/activitypub.ts11
1 files changed, 10 insertions, 1 deletions
diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts
index 580606a68..d00594059 100644
--- a/server/middlewares/activitypub.ts
+++ b/server/middlewares/activitypub.ts
@@ -63,7 +63,16 @@ async function checkHttpSignature (req: Request, res: Response) {
63 const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string 63 const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string
64 if (sig && sig.startsWith('Signature ') === true) req.headers[HTTP_SIGNATURE.HEADER_NAME] = sig.replace(/^Signature /, '') 64 if (sig && sig.startsWith('Signature ') === true) req.headers[HTTP_SIGNATURE.HEADER_NAME] = sig.replace(/^Signature /, '')
65 65
66 const parsed = parseHTTPSignature(req, HTTP_SIGNATURE.CLOCK_SKEW_SECONDS) 66 let parsed: any
67
68 try {
69 parsed = parseHTTPSignature(req, HTTP_SIGNATURE.CLOCK_SKEW_SECONDS)
70 } catch (err) {
71 logger.warn('Invalid signature because of exception in signature parser', { reqBody: req.body, err })
72
73 res.status(403).json({ error: err.message })
74 return false
75 }
67 76
68 const keyId = parsed.keyId 77 const keyId = parsed.keyId
69 if (!keyId) { 78 if (!keyId) {