From fb2eb659e2d0550f74123d04ceeeab006340c50b Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sat, 16 Nov 2019 12:07:57 +0000 Subject: [PATCH] Check signature before domains --- daemon.py | 24 ++++++++++++------------ utils.py | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/daemon.py b/daemon.py index fdeab64a5..062326c3c 100644 --- a/daemon.py +++ b/daemon.py @@ -4758,6 +4758,18 @@ class PubServer(BaseHTTPRequestHandler): self._benchmarkPOSTtimings(POSTstartTime,POSTtimings,21) + if not self.headers.get('signature'): + if 'keyId=' not in self.headers['signature']: + if self.server.debug: + print('DEBUG: POST to inbox has no keyId in header signature parameter') + self.send_response(403) + self.end_headers() + self.server.POSTbusy=False + self._benchmarkPOST(POSTstartTime,66) + return + + self._benchmarkPOSTtimings(POSTstartTime,POSTtimings,22) + if not inboxPermittedMessage(self.server.domain, \ messageJson, \ self.server.federationList): @@ -4772,18 +4784,6 @@ class PubServer(BaseHTTPRequestHandler): if self.server.debug: pprint(messageJson) - - self._benchmarkPOSTtimings(POSTstartTime,POSTtimings,22) - - if not self.headers.get('signature'): - if 'keyId=' not in self.headers['signature']: - if self.server.debug: - print('DEBUG: POST to inbox has no keyId in header signature parameter') - self.send_response(403) - self.end_headers() - self.server.POSTbusy=False - self._benchmarkPOST(POSTstartTime,66) - return self._benchmarkPOSTtimings(POSTstartTime,POSTtimings,23) diff --git a/utils.py b/utils.py index bbc6ae9ba..9cc248e24 100644 --- a/utils.py +++ b/utils.py @@ -96,7 +96,7 @@ def domainPermitted(domain: str, federationList: []): return True return False -def urlPermitted(url: str, federationList: [],capability: str): +def urlPermitted(url: str,federationList: [],capability: str): if isEvil(url): return False if len(federationList)==0: