diff --git a/daemon.py b/daemon.py
index 4c93a9ac4..4eb105fbd 100644
--- a/daemon.py
+++ b/daemon.py
@@ -4274,11 +4274,25 @@ class PubServer(BaseHTTPRequestHandler):
actorJson['summary'] = ''
actorChanged = True
- # change moderators list
- if fields.get('moderators'):
- adminNickname = \
- getConfigParam(baseDir, 'admin')
- if adminNickname:
+ adminNickname = \
+ getConfigParam(baseDir, 'admin')
+
+ if adminNickname:
+ # whether to require jsonld signatures
+ # on all incoming posts
+ if path.startswith('/users/' +
+ adminNickname + '/'):
+ verifyAllSignatures = False
+ if fields.get('verifyallsignatures'):
+ if fields['verifyallsignatures'] == 'on':
+ verifyAllSignatures = True
+ self.server.verifyAllSignatures = \
+ verifyAllSignatures
+ setConfigParam(baseDir, "verifyAllSignatures",
+ verifyAllSignatures)
+
+ # change moderators list
+ if fields.get('moderators'):
if path.startswith('/users/' +
adminNickname + '/'):
moderatorsFile = \
@@ -4334,11 +4348,8 @@ class PubServer(BaseHTTPRequestHandler):
'instance',
'moderator')
- # change site editors list
- if fields.get('editors'):
- adminNickname = \
- getConfigParam(baseDir, 'admin')
- if adminNickname:
+ # change site editors list
+ if fields.get('editors'):
if path.startswith('/users/' +
adminNickname + '/'):
editorsFile = \
@@ -13400,7 +13411,8 @@ def loadTokens(baseDir: str, tokensDict: {}, tokensLookup: {}) -> None:
break
-def runDaemon(sendThreadsTimeoutMins: int,
+def runDaemon(verifyAllSignatures: bool,
+ sendThreadsTimeoutMins: int,
dormantMonths: int,
maxNewswirePosts: int,
allowLocalNetworkAccess: bool,
@@ -13480,6 +13492,9 @@ def runDaemon(sendThreadsTimeoutMins: int,
# maximum number of posts to appear in the newswire on the right column
httpd.maxNewswirePosts = maxNewswirePosts
+ # whether to require that all incoming posts have valid jsonld signatures
+ httpd.verifyAllSignatures = verifyAllSignatures
+
# This counter is used to update the list of blocked domains in memory.
# It helps to avoid touching the disk and so improves flooding resistance
httpd.blocklistUpdateCtr = 0
@@ -13749,7 +13764,8 @@ def runDaemon(sendThreadsTimeoutMins: int,
httpd.showPublishedDateOnly,
httpd.maxFollowers,
httpd.allowLocalNetworkAccess,
- httpd.peertubeInstances), daemon=True)
+ httpd.peertubeInstances,
+ verifyAllSignatures), daemon=True)
print('Creating scheduled post thread')
httpd.thrPostSchedule = \
diff --git a/epicyon.py b/epicyon.py
index ec0d9c843..da5d1cda5 100644
--- a/epicyon.py
+++ b/epicyon.py
@@ -267,6 +267,12 @@ parser.add_argument("--allowLocalNetworkAccess",
help="Whether to allow access to local network " +
"addresses. This might be useful when deploying in " +
"a mesh network")
+parser.add_argument("--verifyAllSignatures",
+ dest='verifyAllSignatures',
+ type=str2bool, nargs='?',
+ const=True, default=False,
+ help="Whether to require that all incoming " +
+ "posts have valid jsonld signatures")
parser.add_argument("--noapproval", type=str2bool, nargs='?',
const=True, default=False,
help="Allow followers without approval")
@@ -2119,6 +2125,11 @@ allowLocalNetworkAccess = \
if allowLocalNetworkAccess is not None:
args.allowLocalNetworkAccess = bool(allowLocalNetworkAccess)
+verifyAllSignatures = \
+ getConfigParam(baseDir, 'verifyAllSignatures')
+if verifyAllSignatures is not None:
+ args.verifyAllSignatures = bool(verifyAllSignatures)
+
YTDomain = getConfigParam(baseDir, 'youtubedomain')
if YTDomain:
if '://' in YTDomain:
@@ -2132,7 +2143,8 @@ if setTheme(baseDir, themeName, domain, args.allowLocalNetworkAccess):
print('Theme set to ' + themeName)
if __name__ == "__main__":
- runDaemon(args.sendThreadsTimeoutMins,
+ runDaemon(args.verifyAllSignatures,
+ args.sendThreadsTimeoutMins,
args.dormantMonths,
args.maxNewswirePosts,
args.allowLocalNetworkAccess,
diff --git a/inbox.py b/inbox.py
index 08fefc91c..23d43231a 100644
--- a/inbox.py
+++ b/inbox.py
@@ -2447,7 +2447,8 @@ def runInboxQueue(recentPostsCache: {}, maxRecentPosts: int,
YTReplacementDomain: str,
showPublishedDateOnly: bool,
maxFollowers: int, allowLocalNetworkAccess: bool,
- peertubeInstances: []) -> None:
+ peertubeInstances: [],
+ verifyAllSignatures: bool) -> None:
"""Processes received items and moves them to the appropriate
directories
"""
@@ -2716,6 +2717,16 @@ def runInboxQueue(recentPostsCache: {}, maxRecentPosts: int,
if jwebsig.get('type') and jwebsig.get('signatureValue'):
if jwebsig['type'] == 'RsaSignature2017':
checkJsonSignature = True
+
+ if verifyAllSignatures and \
+ not checkJsonSignature:
+ print('inbox post does not have a jsonld signature ' + keyId)
+ if os.path.isfile(queueFilename):
+ os.remove(queueFilename)
+ if len(queue) > 0:
+ queue.pop(0)
+ continue
+
if checkJsonSignature:
# use the original json message received, not one which may have
# been modified along the way
diff --git a/tests.py b/tests.py
index cd957bf83..d29671e2a 100644
--- a/tests.py
+++ b/tests.py
@@ -323,8 +323,10 @@ def createServerAlice(path: str, domain: str, port: int,
dormantMonths = 3
sendThreadsTimeoutMins = 30
maxFollowers = 10
+ verifyAllSignatures = True
print('Server running: Alice')
- runDaemon(sendThreadsTimeoutMins,
+ runDaemon(verifyAllSignatures,
+ sendThreadsTimeoutMins,
dormantMonths, maxNewswirePosts,
allowLocalNetworkAccess,
2048, False, True, False, False, True, maxFollowers,
@@ -420,8 +422,10 @@ def createServerBob(path: str, domain: str, port: int,
dormantMonths = 3
sendThreadsTimeoutMins = 30
maxFollowers = 10
+ verifyAllSignatures = True
print('Server running: Bob')
- runDaemon(sendThreadsTimeoutMins,
+ runDaemon(verifyAllSignatures,
+ sendThreadsTimeoutMins,
dormantMonths, maxNewswirePosts,
allowLocalNetworkAccess,
2048, False, True, False, False, True, maxFollowers,
@@ -467,8 +471,10 @@ def createServerEve(path: str, domain: str, port: int, federationList: [],
dormantMonths = 3
sendThreadsTimeoutMins = 30
maxFollowers = 10
+ verifyAllSignatures = True
print('Server running: Eve')
- runDaemon(sendThreadsTimeoutMins,
+ runDaemon(verifyAllSignatures,
+ sendThreadsTimeoutMins,
dormantMonths, maxNewswirePosts,
allowLocalNetworkAccess,
2048, False, True, False, False, True, maxFollowers,
diff --git a/translations/ar.json b/translations/ar.json
index 7cda02d25..658be63fe 100644
--- a/translations/ar.json
+++ b/translations/ar.json
@@ -350,5 +350,6 @@
"Show Accounts": "إظهار الحسابات",
"Peertube Instances": "مثيلات Peertube",
"Show video previews for the following Peertube sites.": "إظهار معاينات الفيديو لمواقع Peertube التالية.",
- "Follows you": "يتبعك"
+ "Follows you": "يتبعك",
+ "Verify all signatures": "تحقق من جميع التوقيعات"
}
diff --git a/translations/ca.json b/translations/ca.json
index d17bbc050..06ea47e6d 100644
--- a/translations/ca.json
+++ b/translations/ca.json
@@ -350,5 +350,6 @@
"Show Accounts": "Mostra comptes",
"Peertube Instances": "Instàncies de Peertube",
"Show video previews for the following Peertube sites.": "Mostra les previsualitzacions de vídeo dels següents llocs de Peertube.",
- "Follows you": "Et segueix"
+ "Follows you": "Et segueix",
+ "Verify all signatures": "Verifiqueu totes les signatures"
}
diff --git a/translations/cy.json b/translations/cy.json
index 8db9b525b..a610b167a 100644
--- a/translations/cy.json
+++ b/translations/cy.json
@@ -350,5 +350,6 @@
"Show Accounts": "Dangos Cyfrifon",
"Peertube Instances": "Camau Peertube",
"Show video previews for the following Peertube sites.": "Dangos rhagolygon fideo ar gyfer y safleoedd Peertube canlynol.",
- "Follows you": "Yn eich dilyn chi"
+ "Follows you": "Yn eich dilyn chi",
+ "Verify all signatures": "Gwirio pob llofnod"
}
diff --git a/translations/de.json b/translations/de.json
index a82a4aaa7..cdf9aaefa 100644
--- a/translations/de.json
+++ b/translations/de.json
@@ -350,5 +350,6 @@
"Show Accounts": "Konten anzeigen",
"Peertube Instances": "Peertube-Instanzen",
"Show video previews for the following Peertube sites.": "Zeigen Sie eine Videovorschau für die folgenden Peertube-Websites an.",
- "Follows you": "Folgt dir"
+ "Follows you": "Folgt dir",
+ "Verify all signatures": "Überprüfen Sie alle Signaturen"
}
diff --git a/translations/en.json b/translations/en.json
index 9e93dcb82..40537ba17 100644
--- a/translations/en.json
+++ b/translations/en.json
@@ -350,5 +350,6 @@
"Show Accounts": "Show Accounts",
"Peertube Instances": "Peertube Instances",
"Show video previews for the following Peertube sites.": "Show video previews for the following Peertube sites.",
- "Follows you": "Follows you"
+ "Follows you": "Follows you",
+ "Verify all signatures": "Verify all signatures"
}
diff --git a/translations/es.json b/translations/es.json
index edc36088f..f63b2d4ea 100644
--- a/translations/es.json
+++ b/translations/es.json
@@ -350,5 +350,6 @@
"Show Accounts": "Mostrar cuentas",
"Peertube Instances": "Instancias de Peertube",
"Show video previews for the following Peertube sites.": "Muestre vistas previas de video para los siguientes sitios de Peertube.",
- "Follows you": "Te sigue"
+ "Follows you": "Te sigue",
+ "Verify all signatures": "Verificar todas las firmas"
}
diff --git a/translations/fr.json b/translations/fr.json
index 838d18388..1ae6dc989 100644
--- a/translations/fr.json
+++ b/translations/fr.json
@@ -350,5 +350,6 @@
"Show Accounts": "Afficher les comptes",
"Peertube Instances": "Instances Peertube",
"Show video previews for the following Peertube sites.": "Afficher des aperçus vidéo pour les sites Peertube suivants.",
- "Follows you": "Vous suit"
+ "Follows you": "Vous suit",
+ "Verify all signatures": "Vérifier toutes les signatures"
}
diff --git a/translations/ga.json b/translations/ga.json
index 396d3ae8d..ef2f77fef 100644
--- a/translations/ga.json
+++ b/translations/ga.json
@@ -350,5 +350,6 @@
"Show Accounts": "Taispeáin Cuntais",
"Peertube Instances": "Imeachtaí Peertube",
"Show video previews for the following Peertube sites.": "Taispeáin réamhamharcanna físe do na suíomhanna Peertube seo a leanas.",
- "Follows you": "Leanann tú"
+ "Follows you": "Leanann tú",
+ "Verify all signatures": "Fíoraigh gach síniú"
}
diff --git a/translations/hi.json b/translations/hi.json
index 05878a580..232cb54c2 100644
--- a/translations/hi.json
+++ b/translations/hi.json
@@ -350,5 +350,6 @@
"Show Accounts": "खाते दिखाएं",
"Peertube Instances": "Peertube उदाहरण",
"Show video previews for the following Peertube sites.": "निम्नलिखित Peertube साइटों के लिए वीडियो पूर्वावलोकन दिखाएं।",
- "Follows you": "आपका पीछा करता है"
+ "Follows you": "आपका पीछा करता है",
+ "Verify all signatures": "सभी हस्ताक्षर सत्यापित करें"
}
diff --git a/translations/it.json b/translations/it.json
index 72d777ee1..1ad7efef6 100644
--- a/translations/it.json
+++ b/translations/it.json
@@ -350,5 +350,6 @@
"Show Accounts": "Mostra account",
"Peertube Instances": "Istanze di Peertube",
"Show video previews for the following Peertube sites.": "Mostra le anteprime dei video per i seguenti siti Peertube.",
- "Follows you": "Ti segue"
+ "Follows you": "Ti segue",
+ "Verify all signatures": "Verifica tutte le firme"
}
diff --git a/translations/ja.json b/translations/ja.json
index 6287b1ab7..7606a7aff 100644
--- a/translations/ja.json
+++ b/translations/ja.json
@@ -350,5 +350,6 @@
"Show Accounts": "アカウントを表示する",
"Peertube Instances": "Peertubeインスタンス",
"Show video previews for the following Peertube sites.": "次のPeertubeサイトのビデオプレビューを表示します。",
- "Follows you": "あなたについていきます"
+ "Follows you": "あなたについていきます",
+ "Verify all signatures": "すべての署名を確認する"
}
diff --git a/translations/oc.json b/translations/oc.json
index eb198fb68..07b9569c6 100644
--- a/translations/oc.json
+++ b/translations/oc.json
@@ -346,5 +346,6 @@
"Show Accounts": "Show Accounts",
"Peertube Instances": "Peertube Instances",
"Show video previews for the following Peertube sites.": "Show video previews for the following Peertube sites.",
- "Follows you": "Follows you"
+ "Follows you": "Follows you",
+ "Verify all signatures": "Verify all signatures"
}
diff --git a/translations/pt.json b/translations/pt.json
index dfa17dc02..183b73d09 100644
--- a/translations/pt.json
+++ b/translations/pt.json
@@ -350,5 +350,6 @@
"Show Accounts": "Mostrar contas",
"Peertube Instances": "Instâncias Peertube",
"Show video previews for the following Peertube sites.": "Mostrar visualizações de vídeo para os seguintes sites Peertube.",
- "Follows you": "Segue você"
+ "Follows you": "Segue você",
+ "Verify all signatures": "Verifique todas as assinaturas"
}
diff --git a/translations/ru.json b/translations/ru.json
index 855c07f52..147a699a8 100644
--- a/translations/ru.json
+++ b/translations/ru.json
@@ -350,5 +350,6 @@
"Show Accounts": "Показать счета",
"Peertube Instances": "Экземпляры Peertube",
"Show video previews for the following Peertube sites.": "Показать превью видео для следующих сайтов Peertube.",
- "Follows you": "Следует за вами"
+ "Follows you": "Следует за вами",
+ "Verify all signatures": "Проверить все подписи"
}
diff --git a/translations/zh.json b/translations/zh.json
index a2be25403..23a46718d 100644
--- a/translations/zh.json
+++ b/translations/zh.json
@@ -350,5 +350,6 @@
"Show Accounts": "显示帐户",
"Peertube Instances": "Peertube实例",
"Show video previews for the following Peertube sites.": "显示以下Peertube网站的视频预览。",
- "Follows you": "跟着你"
+ "Follows you": "跟着你",
+ "Verify all signatures": "验证所有签名"
}
diff --git a/webapp_profile.py b/webapp_profile.py
index 65d29a592..a2b3e3deb 100644
--- a/webapp_profile.py
+++ b/webapp_profile.py
@@ -1106,6 +1106,10 @@ def htmlEditProfile(cssCache: {}, translate: {}, baseDir: str, path: str,
instanceStr += \
' '
+ instanceStr += \
+ ' ' + \
+ translate['Verify all signatures'] + '
\n'
instanceStr += ''
moderators = ''