implement v1 signature verification
This commit is contained in:
parent
9612f24fce
commit
236b5e4d0a
|
@ -13,15 +13,33 @@ handleRequest = ({ request }) ->
|
|||
|
||||
handlePUT = (request) ->
|
||||
url = new URL request.url
|
||||
# Start from the highest version number
|
||||
valid = false
|
||||
if url.searchParams.has "v2"
|
||||
valid = await verifySignatureV2 url.searchParams.get("v2"), url, request
|
||||
return verifyFailure() unless valid
|
||||
else if url.searchParams.has "v"
|
||||
valid = await verifySignatureV1 url.searchParams.get("v"), url, request
|
||||
|
||||
unless valid
|
||||
return verifyFailure()
|
||||
|
||||
return new Response "Valid"
|
||||
|
||||
verifyFailure = ->
|
||||
return new Response "Invalid signature",
|
||||
status: 403
|
||||
|
||||
verifySignatureV1 = (sig, url, request) ->
|
||||
content_length = request.headers.get "Content-Length"
|
||||
if not content_length?
|
||||
return false
|
||||
|
||||
sign_str = url.pathname[1..] + " " + content_length
|
||||
local_sig = await crypto.HMAC_SHA256 crypto.utf8Bytes(config.xmpp_secret), sign_str
|
||||
local_sig = crypto.hex local_sig
|
||||
|
||||
return local_sig is sig
|
||||
|
||||
verifySignatureV2 = (sig, url, request) ->
|
||||
content_length = request.headers.get "Content-Length"
|
||||
content_type = request.headers.get "Content-Type"
|
||||
|
|
Loading…
Reference in New Issue