Verify activitypub payload digests (#885)

author: Riley <asonix@asonix.dog> 2020-07-03 12:22:39 -0500
committer: GitHub <noreply@github.com> 2020-07-03 13:22:39 -0400
commit: 916592944af8e32f2044c9acf0d57eb7991427a5 (patch)
tree: ec08f51a4d9e132db754c61726fb75de318408fd /server/src/routes/federation.rs
parent: 0350f4bbebd0e9afd952611b377941bca269fb3c (diff)
1 files changed, 9 insertions, 3 deletions
diff --git a/server/src/routes/federation.rs b/server/src/routes/federation.rs
index fe6e3365..20b5dc83 100644
--- a/server/src/routes/federation.rs
+++ b/server/src/routes/federation.rs
@@ -12,6 +12,8 @@ use crate::{
   settings::Settings,
 };
 use actix_web::*;
+use http_signature_normalization_actix::digest::middleware::VerifyDigest;
+use sha2::{Digest, Sha256};
 
 pub fn config(cfg: &mut web::ServiceConfig) {
   if Settings::get().federation.enabled {
@@ -38,8 +40,12 @@ pub fn config(cfg: &mut web::ServiceConfig) {
           .route("/comment/{comment_id}", web::get().to(get_apub_comment)),
       )
       // Inboxes dont work with the header guard for some reason.
-      .route("/c/{community_name}/inbox", web::post().to(community_inbox))
-      .route("/u/{user_name}/inbox", web::post().to(user_inbox))
-      .route("/inbox", web::post().to(shared_inbox));
+      .service(
+        web::scope("/")
+          .wrap(VerifyDigest::new(Sha256::new()))
+          .route("/c/{community_name}/inbox", web::post().to(community_inbox))
+          .route("/u/{user_name}/inbox", web::post().to(user_inbox))
+          .route("/inbox", web::post().to(shared_inbox)),
+      );
   }
 }
author	Riley <asonix@asonix.dog>	2020-07-03 12:22:39 -0500
committer	GitHub <noreply@github.com>	2020-07-03 13:22:39 -0400
commit	916592944af8e32f2044c9acf0d57eb7991427a5 (patch)
tree	ec08f51a4d9e132db754c61726fb75de318408fd /server/src/routes/federation.rs
parent	0350f4bbebd0e9afd952611b377941bca269fb3c (diff)