88d064d80e
the redundant checks assumed a POST request, which will not work for signed GETs. this check was originally needed because the HTTPSignatures adapter assumed that the requests were also POST requests. but now, the adapter has been corrected.
45 lines
1.1 KiB
Elixir
45 lines
1.1 KiB
Elixir
# Pleroma: A lightweight social networking server
|
|
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
|
|
import Plug.Conn
|
|
require Logger
|
|
|
|
def init(options) do
|
|
options
|
|
end
|
|
|
|
def call(%{assigns: %{valid_signature: true}} = conn, _opts) do
|
|
conn
|
|
end
|
|
|
|
def call(conn, _opts) do
|
|
[signature | _] = get_req_header(conn, "signature")
|
|
|
|
if signature do
|
|
# set (request-target) header to the appropriate value
|
|
# we also replace the digest header with the one we computed
|
|
conn =
|
|
conn
|
|
|> put_req_header(
|
|
"(request-target)",
|
|
String.downcase("#{conn.method}") <> " #{conn.request_path}"
|
|
)
|
|
|
|
conn =
|
|
if conn.assigns[:digest] do
|
|
conn
|
|
|> put_req_header("digest", conn.assigns[:digest])
|
|
else
|
|
conn
|
|
end
|
|
|
|
assign(conn, :valid_signature, HTTPSignatures.validate_conn(conn))
|
|
else
|
|
Logger.debug("No signature header!")
|
|
conn
|
|
end
|
|
end
|
|
end
|