Test for permitted posts

daemon.py

@@ -77,6 +77,20 @@ class PubServer(BaseHTTPRequestHandler):
             return False
         return True
 
+    def _permittedMessage(self,message):
+        """ check that we are posting to a permitted domain
+        """
+        testParam='actor'
+        if not message.get(testParam):
+            return False
+        actor=message[testParam]
+        permittedDomain=False
+        for domain in allowedDomains:
+            if domain in actor:
+                permittedDomain=True
+                break
+        return permittedDomain
+    
     def do_GET(self):
         if not self.permittedDir(self.path):
             self._404()
@@ -127,6 +141,9 @@ class PubServer(BaseHTTPRequestHandler):
         length = int(self.headers.getheader('content-length'))
         message = json.loads(self.rfile.read(length))
 
+        if not self._permittedMessage(message):
+            self._404()
+        else:                
             # add a property to the object, just to mess with data
             message['received'] = 'ok'