]> Untitled Git - lemmy.git/commitdiff
Verify activitypub payload digests (#885)
authorRiley <asonix@asonix.dog>
Fri, 3 Jul 2020 17:22:39 +0000 (12:22 -0500)
committerGitHub <noreply@github.com>
Fri, 3 Jul 2020 17:22:39 +0000 (13:22 -0400)
server/Cargo.lock
server/Cargo.toml
server/src/routes/federation.rs

index c54419e1025968dd2d5585d986e0c7ea07dae36c..7b0d9a88c46362572cad175206e28515964c11de 100644 (file)
@@ -1413,9 +1413,9 @@ dependencies = [
 
 [[package]]
 name = "http-signature-normalization-actix"
-version = "0.4.0-alpha.0"
+version = "0.4.0-alpha.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "09afff6987c7edbed101d1cddd2185786fb0af0dd9c06b654aca73a0a763680f"
+checksum = "1c6efbc3e600cdd617585f4f15be3726c6942fb2eba3c8c79474c5d3159ad7c0"
 dependencies = [
  "actix-http",
  "actix-web",
index 8daf72c4a0aaf7063dc6da17c1aec48286218dab..2250799406685965ab87da449033536e30a62a66 100644 (file)
@@ -43,7 +43,7 @@ percent-encoding = "2.1.0"
 comrak = "0.7"
 openssl = "0.10"
 http = "0.2.1"
-http-signature-normalization-actix = { version = "0.4.0-alpha.0", default-features = false, features = ["sha-2"] }
+http-signature-normalization-actix = { version = "0.4.0-alpha.1", default-features = false, features = ["sha-2"] }
 base64 = "0.12.1"
 tokio = "0.2.21"
 futures = "0.3.5"
index fe6e3365789b2bd30a19596adb950ad821f43c0b..20b5dc834787bdd04ff9a66b47edb94284eed32f 100644 (file)
@@ -12,6 +12,8 @@ use crate::{
   settings::Settings,
 };
 use actix_web::*;
+use http_signature_normalization_actix::digest::middleware::VerifyDigest;
+use sha2::{Digest, Sha256};
 
 pub fn config(cfg: &mut web::ServiceConfig) {
   if Settings::get().federation.enabled {
@@ -38,8 +40,12 @@ pub fn config(cfg: &mut web::ServiceConfig) {
           .route("/comment/{comment_id}", web::get().to(get_apub_comment)),
       )
       // Inboxes dont work with the header guard for some reason.
-      .route("/c/{community_name}/inbox", web::post().to(community_inbox))
-      .route("/u/{user_name}/inbox", web::post().to(user_inbox))
-      .route("/inbox", web::post().to(shared_inbox));
+      .service(
+        web::scope("/")
+          .wrap(VerifyDigest::new(Sha256::new()))
+          .route("/c/{community_name}/inbox", web::post().to(community_inbox))
+          .route("/u/{user_name}/inbox", web::post().to(user_inbox))
+          .route("/inbox", web::post().to(shared_inbox)),
+      );
   }
 }