Check inbox items for expected params

daemon.py

@@ -20,6 +20,7 @@ from person import personKeyLookup
 from person import personOutboxJson
 from posts import getPersonPubKey
 from inbox import inboxPermittedMessage
+from inbox import inboxMessageHasParams
 from follow import getFollowingFeed
 import os
 import sys
@@ -206,6 +207,14 @@ class PubServer(BaseHTTPRequestHandler):
         messageBytes=self.rfile.read(length)
         messageJson = json.loads(messageBytes)
 
+        # check the necessary properties are available
+        print('**************** Check message has params')
+        if not inboxMessageHasParams(messageJson)::
+            self.send_response(403)
+            self.end_headers()
+            self.server.POSTbusy=False
+            return
+
         if not inboxPermittedMessage(self.server.domain,messageJson,self.server.federationList):
             print('**************** Ah Ah Ah')
             self.send_response(403)

inbox.py

@@ -11,6 +11,15 @@ import os
 import datetime
 from utils import urlPermitted
 
+def inboxMessageHasParams(messageJson: {}) -> bool:
+    """Checks whether an incoming message contains expected parameters
+    """
+    expectedParams=['type','to','actor','object']
+    for param in expectedParams:
+        if not messageJson.get(param):
+            return False
+    return True
+
 def inboxPermittedMessage(domain: str,messageJson: {},federationList: []) -> bool:
     """ check that we are receiving from a permitted domain
     """