notfire/Iceshrimp.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Actually use authorized fetch middleware

Browse source
This commit is contained in:
Laura Hausmann 2024-01-24 03:16:09 +01:00
parent 7524c5acc7
commit 28066784f2
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
3 changed files with 8 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
Iceshrimp.Backend/Controllers/InboxController.cs
View file

@ -1,10 +1,7 @@
using System.Data;
using System.Net.Mime; using System.Net.Mime;
using Iceshrimp.Backend.Core.Database; using Iceshrimp.Backend.Controllers.Attributes;
using Iceshrimp.Backend.Core.Federation.Cryptography;
using Iceshrimp.Backend.Core.Middleware; using Iceshrimp.Backend.Core.Middleware;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Newtonsoft.Json.Linq; using Newtonsoft.Json.Linq;
namespace Iceshrimp.Backend.Controllers; namespace Iceshrimp.Backend.Controllers;
@ -14,21 +11,13 @@ namespace Iceshrimp.Backend.Controllers;
[Route("/users/{id}/inbox")] [Route("/users/{id}/inbox")]
[AuthorizedFetch(true)] [AuthorizedFetch(true)]
[Produces("application/json")] [Produces("application/json")]
[UseNewtonsoftJson]
[EnableRequestBuffering(1024 * 1024)] [EnableRequestBuffering(1024 * 1024)]
public class InboxController(ILogger<InboxController> logger, DatabaseContext db) : Controller { public class InboxController(ILogger<InboxController> logger) : Controller {
[HttpPost] [HttpPost]
[Consumes(MediaTypeNames.Application.Json)] [Consumes(MediaTypeNames.Application.Json)]
public async Task<IActionResult> Inbox([FromBody] JToken content) { public IActionResult Inbox([FromBody] JToken content) {
if (!Request.Headers.TryGetValue("signature", out var sigHeader)) logger.LogDebug("{count}", content.Count());
throw new ConstraintException("Request is missing the signature header"); return Ok();
var sig = HttpSignature.Parse(sigHeader.ToString());
var key = await db.UserPublickeys.SingleOrDefaultAsync(p => p.KeyId == sig.KeyId);
var verified = key != null &&
await HttpSignature.Verify(Request, sig, ["(request-target)", "digest", "host", "date"],
key.KeyPem);
logger.LogDebug("HttpSignature.Verify returned {result} for key {keyId}", verified, sig.KeyId);
return verified ? Ok() : StatusCode(StatusCodes.Status403Forbidden);
} }
} }

2
Iceshrimp.Backend/Core/Configuration/Config.cs
View file

@ -34,7 +34,7 @@ public sealed class Config {
} }
public sealed class SecuritySection { public sealed class SecuritySection {
public required bool AuthorizedFetch { get; set; } public required bool AuthorizedFetch { get; init; }
} }
public sealed class DatabaseSection { public sealed class DatabaseSection {

1
Iceshrimp.Backend/Core/Extensions/ServiceExtensions.cs
View file

@ -29,6 +29,7 @@ public static class ServiceExtensions {
//TODO: fail if config doesn't parse correctly / required things are missing //TODO: fail if config doesn't parse correctly / required things are missing
services.Configure<Config>(configuration); services.Configure<Config>(configuration);
services.Configure<Config.InstanceSection>(configuration.GetSection("Instance")); services.Configure<Config.InstanceSection>(configuration.GetSection("Instance"));
services.Configure<Config.SecuritySection>(configuration.GetSection("Security"));
services.Configure<Config.DatabaseSection>(configuration.GetSection("Database")); services.Configure<Config.DatabaseSection>(configuration.GetSection("Database"));
} }
} }