hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Verify HTTP signatures only when request accepts "activity+json" type

Browse source
This commit is contained in:
Egor Kislitsyn 2019-12-19 20:17:18 +07:00
commit 775212121c
No known key found for this signature in database
GPG key ID: 1B49CB15B71E7805
2 changed files with 12 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

13
lib/pleroma/plugs/http_signature.ex
View file

@ -4,6 +4,7 @@
defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
import Plug.Conn
import Phoenix.Controller, only: [get_format: 1, text: 2]
require Logger
def init(options) do
@ -15,9 +16,13 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
end
def call(conn, _opts) do
conn
|> maybe_assign_valid_signature()
|> maybe_require_signature()
if get_format(conn) == "activity+json" do
conn
|> maybe_assign_valid_signature()
|> maybe_require_signature()
else
conn
end
end
defp maybe_assign_valid_signature(conn) do
@ -51,7 +56,7 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
if Pleroma.Config.get([:activitypub, :authorized_fetch_mode], false) do
conn
|> put_status(:unauthorized)
|> Phoenix.Controller.text("Request not signed")
|> text("Request not signed")
|> halt()
else
conn