Check signature before domains

merge-requests/6/head
Bob Mottram 2019-11-16 12:07:57 +00:00
parent 98b8a5a161
commit fb2eb659e2
2 changed files with 13 additions and 13 deletions

View File

@ -4758,6 +4758,18 @@ class PubServer(BaseHTTPRequestHandler):
self._benchmarkPOSTtimings(POSTstartTime,POSTtimings,21) self._benchmarkPOSTtimings(POSTstartTime,POSTtimings,21)
if not self.headers.get('signature'):
if 'keyId=' not in self.headers['signature']:
if self.server.debug:
print('DEBUG: POST to inbox has no keyId in header signature parameter')
self.send_response(403)
self.end_headers()
self.server.POSTbusy=False
self._benchmarkPOST(POSTstartTime,66)
return
self._benchmarkPOSTtimings(POSTstartTime,POSTtimings,22)
if not inboxPermittedMessage(self.server.domain, \ if not inboxPermittedMessage(self.server.domain, \
messageJson, \ messageJson, \
self.server.federationList): self.server.federationList):
@ -4773,18 +4785,6 @@ class PubServer(BaseHTTPRequestHandler):
if self.server.debug: if self.server.debug:
pprint(messageJson) pprint(messageJson)
self._benchmarkPOSTtimings(POSTstartTime,POSTtimings,22)
if not self.headers.get('signature'):
if 'keyId=' not in self.headers['signature']:
if self.server.debug:
print('DEBUG: POST to inbox has no keyId in header signature parameter')
self.send_response(403)
self.end_headers()
self.server.POSTbusy=False
self._benchmarkPOST(POSTstartTime,66)
return
self._benchmarkPOSTtimings(POSTstartTime,POSTtimings,23) self._benchmarkPOSTtimings(POSTstartTime,POSTtimings,23)
if self.server.debug: if self.server.debug: