From f862f07add9632c4bad1429c0e24655bd9323dd7 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sat, 27 Sep 2025 13:02:31 +0100 Subject: [PATCH] Header signature check does not need to be inside loop --- daemon_post.py | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/daemon_post.py b/daemon_post.py index 43a9ad6ab..82f8a339f 100644 --- a/daemon_post.py +++ b/daemon_post.py @@ -1225,6 +1225,23 @@ def daemon_http_post(self) -> None: self.server.postreq_busy = False return + # check that the header has a signature + header_signature = getheader_signature_input(self.headers) + + if header_signature: + if 'keyId=' not in header_signature: + if self.server.debug: + print('DEBUG: POST to inbox has no keyId in ' + + 'header signature parameter') + self.send_response(403) + self.end_headers() + self.server.postreq_busy = False + return + + fitness_performance(postreq_start_time, self.server.fitness, + '_POST', 'keyId check', + self.server.debug) + # handle POST containing multiple messages message_list: list[dict] = [message_json] if isinstance(message_json, list): @@ -1248,21 +1265,6 @@ def daemon_http_post(self) -> None: '_POST', 'inbox_message_has_params', self.server.debug) - header_signature = getheader_signature_input(self.headers) - - if header_signature: - if 'keyId=' not in header_signature: - if self.server.debug: - print('DEBUG: POST to inbox has no keyId in ' + - 'header signature parameter') - self.send_response(403) - self.end_headers() - continue - - fitness_performance(postreq_start_time, self.server.fitness, - '_POST', 'keyId check', - self.server.debug) - if not self.server.unit_test: if not inbox_permitted_message(self.server.domain, message_list_json,