diff options
author | Chocobozzz <me@florianbigard.com> | 2020-11-12 10:42:25 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2020-11-12 16:29:32 +0100 |
commit | 797d05bdd99b63104522051d0f61f1e0f003e780 (patch) | |
tree | a0e356958e03aa62c4539afacbf7715eba305954 /server/middlewares | |
parent | 2a9562fc5894509e63016b1fe09f6dce0c4b6e5e (diff) | |
download | PeerTube-797d05bdd99b63104522051d0f61f1e0f003e780.tar.gz PeerTube-797d05bdd99b63104522051d0f61f1e0f003e780.tar.zst PeerTube-797d05bdd99b63104522051d0f61f1e0f003e780.zip |
Force signed headers in http signatures
Thanks Roger
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/activitypub.ts | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts index 580606a68..d00594059 100644 --- a/server/middlewares/activitypub.ts +++ b/server/middlewares/activitypub.ts | |||
@@ -63,7 +63,16 @@ async function checkHttpSignature (req: Request, res: Response) { | |||
63 | const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string | 63 | const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string |
64 | if (sig && sig.startsWith('Signature ') === true) req.headers[HTTP_SIGNATURE.HEADER_NAME] = sig.replace(/^Signature /, '') | 64 | if (sig && sig.startsWith('Signature ') === true) req.headers[HTTP_SIGNATURE.HEADER_NAME] = sig.replace(/^Signature /, '') |
65 | 65 | ||
66 | const parsed = parseHTTPSignature(req, HTTP_SIGNATURE.CLOCK_SKEW_SECONDS) | 66 | let parsed: any |
67 | |||
68 | try { | ||
69 | parsed = parseHTTPSignature(req, HTTP_SIGNATURE.CLOCK_SKEW_SECONDS) | ||
70 | } catch (err) { | ||
71 | logger.warn('Invalid signature because of exception in signature parser', { reqBody: req.body, err }) | ||
72 | |||
73 | res.status(403).json({ error: err.message }) | ||
74 | return false | ||
75 | } | ||
67 | 76 | ||
68 | const keyId = parsed.keyId | 77 | const keyId = parsed.keyId |
69 | if (!keyId) { | 78 | if (!keyId) { |