activitypub inbox: only accept unsigned/invalid-signature relayed creates, nothing else

although the previous handling assumed any unsigned/invalid signature message was a Create,
lets make it more explicit
This commit is contained in:
William Pitcock 2018-09-28 00:01:54 +00:00
parent 6258ddaa60
commit 5c312ad677
1 changed files with 17 additions and 7 deletions

View File

@ -93,19 +93,29 @@ def inbox(%{assigns: %{valid_signature: true}} = conn, params) do
json(conn, "ok") json(conn, "ok")
end end
# only accept relayed Creates
def inbox(conn, %{"type" => "Create"} = params) do
Logger.info(
"Signature missing or not from author, relayed Create message, fetching object from source"
)
ActivityPub.fetch_object_from_id(params["object"]["id"])
json(conn, "ok")
end
def inbox(conn, params) do def inbox(conn, params) do
headers = Enum.into(conn.req_headers, %{}) headers = Enum.into(conn.req_headers, %{})
if !String.contains?(headers["signature"] || "", params["actor"]) do if String.contains?(headers["signature"], params["actor"]) do
Logger.info("Signature not from author, relayed message, fetching from source") Logger.info(
ActivityPub.fetch_object_from_id(params["object"]["id"]) "Signature validation error for: #{params["actor"]}, make sure you are forwarding the HTTP Host header!"
else )
Logger.info("Signature error - make sure you are forwarding the HTTP Host header!")
Logger.info("Could not validate #{params["actor"]}")
Logger.info(inspect(conn.req_headers)) Logger.info(inspect(conn.req_headers))
end end
json(conn, "ok") json(conn, "error")
end end
def relay(conn, params) do def relay(conn, params) do