notfire/Iceshrimp.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[backend/federation] Don't require date header in http signatures if (created) is present and signed

Browse source
This commit is contained in:
Laura Hausmann 2024-04-29 20:44:30 +02:00
parent d0356fc6ea
commit 3ca926cfbd
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
2 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
Iceshrimp.Backend/Core/Middleware/AuthorizedFetchMiddleware.cs
View file

@ -92,7 +92,12 @@ public class AuthorizedFetchMiddleware(
throw new GracefulException(HttpStatusCode.Forbidden, "Forbidden", "Instance is blocked",
suppressLog: true);
List<string> headers = ["(request-target)", "host", "date"];
List<string> headers = ["(request-target)", "host"];
if (sig.Created != null && !sig.Headers.Contains("date"))
headers.Add("(created)");
else
headers.Add("date");
verified = await HttpSignature.VerifyAsync(request, sig, headers, key.KeyPem);
logger.LogDebug("HttpSignature.Verify returned {result} for key {keyId}", verified, sig.KeyId);

7
Iceshrimp.Backend/Core/Middleware/InboxValidationMiddleware.cs
View file

@ -113,7 +113,12 @@ public class InboxValidationMiddleware(
throw new GracefulException(HttpStatusCode.Forbidden, "Forbidden", "Instance is blocked",
suppressLog: true);
List<string> headers = ["(request-target)", "digest", "host", "date"];
List<string> headers = ["(request-target)", "digest", "host"];
if (sig.Created != null && !sig.Headers.Contains("date"))
headers.Add("(created)");
else
headers.Add("date");
verified = await HttpSignature.VerifyAsync(request, sig, headers, key.KeyPem);
logger.LogDebug("HttpSignature.Verify returned {result} for key {keyId}", verified, sig.KeyId);