mirror of
https://git.sr.ht/~tsileo/microblog.pub
synced 2024-12-22 13:14:28 +00:00
Improve the request verification checking
This commit is contained in:
parent
dc9df98084
commit
67643482c8
2 changed files with 12 additions and 9 deletions
15
app.py
15
app.py
|
@ -178,6 +178,7 @@ def login_required(f):
|
||||||
return f(*args, **kwargs)
|
return f(*args, **kwargs)
|
||||||
return decorated_function
|
return decorated_function
|
||||||
|
|
||||||
|
|
||||||
def _api_required():
|
def _api_required():
|
||||||
if session.get('logged_in'):
|
if session.get('logged_in'):
|
||||||
return
|
return
|
||||||
|
@ -189,7 +190,9 @@ def _api_required():
|
||||||
|
|
||||||
# Will raise a BadSignature on bad auth
|
# Will raise a BadSignature on bad auth
|
||||||
payload = JWT.loads(token)
|
payload = JWT.loads(token)
|
||||||
def api_required(f):
|
|
||||||
|
|
||||||
|
def api_required(f):
|
||||||
@wraps(f)
|
@wraps(f)
|
||||||
def decorated_function(*args, **kwargs):
|
def decorated_function(*args, **kwargs):
|
||||||
try:
|
try:
|
||||||
|
@ -197,7 +200,7 @@ def _api_required():
|
||||||
except BadSignature:
|
except BadSignature:
|
||||||
abort(401)
|
abort(401)
|
||||||
|
|
||||||
return f(*args, **kwargs)
|
return f(*args, **kwargs)
|
||||||
return decorated_function
|
return decorated_function
|
||||||
|
|
||||||
|
|
||||||
|
@ -672,12 +675,16 @@ def inbox():
|
||||||
))
|
))
|
||||||
|
|
||||||
data = request.get_json(force=True)
|
data = request.get_json(force=True)
|
||||||
# FIXME(tsileo): ensure verify_request() == True
|
|
||||||
print(data)
|
print(data)
|
||||||
try:
|
try:
|
||||||
print(verify_request(ACTOR_SERVICE))
|
print(verify_request(ACTOR_SERVICE))
|
||||||
except Exception:
|
except Exception:
|
||||||
print('failed to verify request')
|
print('failed to verify request, trying to verify the payload by fetching the remote')
|
||||||
|
try:
|
||||||
|
data = OBJECT_SERVICE.get(data['id'])
|
||||||
|
except Exception:
|
||||||
|
print(f'failed to fetch remote id at {data["id"]}')
|
||||||
|
abort(422)
|
||||||
|
|
||||||
activity = activitypub.parse_activity(data)
|
activity = activitypub.parse_activity(data)
|
||||||
print(activity)
|
print(activity)
|
||||||
|
|
|
@ -77,11 +77,7 @@ class HTTPSigAuth(AuthBase):
|
||||||
sig = base64.b64encode(signer.sign(digest))
|
sig = base64.b64encode(signer.sign(digest))
|
||||||
sig = sig.decode('utf-8')
|
sig = sig.decode('utf-8')
|
||||||
headers = {
|
headers = {
|
||||||
'Signature': 'keyId="{keyid}",algorithm="rsa-sha256",headers="{headers}",signature="{signature}"'.format(
|
'Signature': f'keyId="{self.keyid}",algorithm="rsa-sha256",headers="{sigheaders}",signature="{sig}"'
|
||||||
keyid=self.keyid,
|
|
||||||
signature=sig,
|
|
||||||
headers=sigheaders,
|
|
||||||
),
|
|
||||||
}
|
}
|
||||||
r.headers.update(headers)
|
r.headers.update(headers)
|
||||||
return r
|
return r
|
||||||
|
|
Loading…
Reference in a new issue