Check signature before domains

main
Bob Mottram 2019-11-16 12:07:57 +00:00
parent 98b8a5a161
commit fb2eb659e2
2 changed files with 13 additions and 13 deletions

View File

@ -4758,6 +4758,18 @@ class PubServer(BaseHTTPRequestHandler):
self._benchmarkPOSTtimings(POSTstartTime,POSTtimings,21)
if not self.headers.get('signature'):
if 'keyId=' not in self.headers['signature']:
if self.server.debug:
print('DEBUG: POST to inbox has no keyId in header signature parameter')
self.send_response(403)
self.end_headers()
self.server.POSTbusy=False
self._benchmarkPOST(POSTstartTime,66)
return
self._benchmarkPOSTtimings(POSTstartTime,POSTtimings,22)
if not inboxPermittedMessage(self.server.domain, \
messageJson, \
self.server.federationList):
@ -4772,18 +4784,6 @@ class PubServer(BaseHTTPRequestHandler):
if self.server.debug:
pprint(messageJson)
self._benchmarkPOSTtimings(POSTstartTime,POSTtimings,22)
if not self.headers.get('signature'):
if 'keyId=' not in self.headers['signature']:
if self.server.debug:
print('DEBUG: POST to inbox has no keyId in header signature parameter')
self.send_response(403)
self.end_headers()
self.server.POSTbusy=False
self._benchmarkPOST(POSTstartTime,66)
return
self._benchmarkPOSTtimings(POSTstartTime,POSTtimings,23)

View File

@ -96,7 +96,7 @@ def domainPermitted(domain: str, federationList: []):
return True
return False
def urlPermitted(url: str, federationList: [],capability: str):
def urlPermitted(url: str,federationList: [],capability: str):
if isEvil(url):
return False
if len(federationList)==0: