mj-saunders
/
epicyon
forked from indymedia/epicyon
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Check inbox items for expected params

master
Bob Mottram 2019-07-02 16:07:27 +01:00
parent 33077ab8df
commit 20dc823398
2 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
daemon.py
View File

@ -20,6 +20,7 @@ from person import personKeyLookup
from person import personOutboxJson
from posts import getPersonPubKey
from inbox import inboxPermittedMessage
from inbox import inboxMessageHasParams
from follow import getFollowingFeed
import os
import sys
@ -206,6 +207,14 @@ class PubServer(BaseHTTPRequestHandler):
messageBytes=self.rfile.read(length)
messageJson = json.loads(messageBytes)
# check the necessary properties are available
print('**************** Check message has params')
if not inboxMessageHasParams(messageJson)::
self.send_response(403)
self.end_headers()
self.server.POSTbusy=False
return
if not inboxPermittedMessage(self.server.domain,messageJson,self.server.federationList):
print('**************** Ah Ah Ah')
self.send_response(403)

9
inbox.py
View File

@ -11,6 +11,15 @@ import os
import datetime
from utils import urlPermitted
def inboxMessageHasParams(messageJson: {}) -> bool:
"""Checks whether an incoming message contains expected parameters
"""
expectedParams=['type','to','actor','object']
for param in expectedParams:
if not messageJson.get(param):
return False
return True
def inboxPermittedMessage(domain: str,messageJson: {},federationList: []) -> bool:
""" check that we are receiving from a permitted domain
"""