Verify activitypub payload digests (#885)

This commit is contained in:
Riley 2020-07-03 12:22:39 -05:00 committed by GitHub
parent 0350f4bbeb
commit 916592944a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 6 deletions

4
server/Cargo.lock generated vendored
View file

@ -1413,9 +1413,9 @@ dependencies = [
[[package]] [[package]]
name = "http-signature-normalization-actix" name = "http-signature-normalization-actix"
version = "0.4.0-alpha.0" version = "0.4.0-alpha.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "09afff6987c7edbed101d1cddd2185786fb0af0dd9c06b654aca73a0a763680f" checksum = "1c6efbc3e600cdd617585f4f15be3726c6942fb2eba3c8c79474c5d3159ad7c0"
dependencies = [ dependencies = [
"actix-http", "actix-http",
"actix-web", "actix-web",

2
server/Cargo.toml vendored
View file

@ -43,7 +43,7 @@ percent-encoding = "2.1.0"
comrak = "0.7" comrak = "0.7"
openssl = "0.10" openssl = "0.10"
http = "0.2.1" http = "0.2.1"
http-signature-normalization-actix = { version = "0.4.0-alpha.0", default-features = false, features = ["sha-2"] } http-signature-normalization-actix = { version = "0.4.0-alpha.1", default-features = false, features = ["sha-2"] }
base64 = "0.12.1" base64 = "0.12.1"
tokio = "0.2.21" tokio = "0.2.21"
futures = "0.3.5" futures = "0.3.5"

View file

@ -12,6 +12,8 @@ use crate::{
settings::Settings, settings::Settings,
}; };
use actix_web::*; use actix_web::*;
use http_signature_normalization_actix::digest::middleware::VerifyDigest;
use sha2::{Digest, Sha256};
pub fn config(cfg: &mut web::ServiceConfig) { pub fn config(cfg: &mut web::ServiceConfig) {
if Settings::get().federation.enabled { if Settings::get().federation.enabled {
@ -38,8 +40,12 @@ pub fn config(cfg: &mut web::ServiceConfig) {
.route("/comment/{comment_id}", web::get().to(get_apub_comment)), .route("/comment/{comment_id}", web::get().to(get_apub_comment)),
) )
// Inboxes dont work with the header guard for some reason. // Inboxes dont work with the header guard for some reason.
.service(
web::scope("/")
.wrap(VerifyDigest::new(Sha256::new()))
.route("/c/{community_name}/inbox", web::post().to(community_inbox)) .route("/c/{community_name}/inbox", web::post().to(community_inbox))
.route("/u/{user_name}/inbox", web::post().to(user_inbox)) .route("/u/{user_name}/inbox", web::post().to(user_inbox))
.route("/inbox", web::post().to(shared_inbox)); .route("/inbox", web::post().to(shared_inbox)),
);
} }
} }