mirror of
https://git.sr.ht/~tsileo/microblog.pub
synced 2024-12-22 13:14:28 +00:00
Prevent replay attacks with TLS1.3 0-RTT
This commit is contained in:
parent
40c4a4413d
commit
4e445a7207
1 changed files with 10 additions and 1 deletions
11
app/main.py
11
app/main.py
|
@ -8,6 +8,7 @@ from typing import Any
|
||||||
from typing import MutableMapping
|
from typing import MutableMapping
|
||||||
from typing import Type
|
from typing import Type
|
||||||
|
|
||||||
|
import fastapi
|
||||||
import httpx
|
import httpx
|
||||||
import starlette
|
import starlette
|
||||||
from asgiref.typing import ASGI3Application
|
from asgiref.typing import ASGI3Application
|
||||||
|
@ -165,7 +166,15 @@ class CustomMiddleware:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
|
||||||
app = FastAPI(docs_url=None, redoc_url=None)
|
def _check_0rtt_early_data(request: Request) -> None:
|
||||||
|
"""Disable TLS1.3 0-RTT requests for non-GET."""
|
||||||
|
if request.headers.get("Early-Data", None) == "1" and request.method != "GET":
|
||||||
|
raise fastapi.HTTPException(status_code=425, detail="Too early")
|
||||||
|
|
||||||
|
|
||||||
|
app = FastAPI(
|
||||||
|
docs_url=None, redoc_url=None, dependencies=[Depends(_check_0rtt_early_data)]
|
||||||
|
)
|
||||||
app.mount(
|
app.mount(
|
||||||
"/custom_emoji",
|
"/custom_emoji",
|
||||||
StaticFiles(directory="data/custom_emoji"),
|
StaticFiles(directory="data/custom_emoji"),
|
||||||
|
|
Loading…
Reference in a new issue