Increase clock skew for HTTP signatures

diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts
index 190fd427aa00020d63c4fcfa329e4ea65e5bc0bf..fd4c0fdaaa1df2fc93f897a8f5a712d6a6606723 100644 (file)
--- a/server/initializers/constants.ts
+++ b/server/initializers/constants.ts
@@ -467,7 +467,8 @@ const ACTIVITY_PUB_ACTOR_TYPES: { [ id: string ]: ActivityPubActorType } = {
 const HTTP_SIGNATURE = {
   HEADER_NAME: 'signature',
   ALGORITHM: 'rsa-sha256',
-  HEADERS_TO_SIGN: [ '(request-target)', 'host', 'date', 'digest' ]
+  HEADERS_TO_SIGN: [ '(request-target)', 'host', 'date', 'digest' ],
+  CLOCK_SKEW_SECONDS: 1800
 }
 
 // ---------------------------------------------------------------------------

diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts
index bea213d270af840ba0edfd1beddfb4ea5ac75905..fedac0e05ed419b2de6c0b37ee3ddb02840715ec 100644 (file)
--- a/server/middlewares/activitypub.ts
+++ b/server/middlewares/activitypub.ts
@@ -55,7 +55,7 @@ async function checkHttpSignature (req: Request, res: Response) {
   const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string
   if (sig && sig.startsWith('Signature ') === false) req.headers[HTTP_SIGNATURE.HEADER_NAME] = 'Signature ' + sig
 
-  const parsed = parseHTTPSignature(req)
+  const parsed = parseHTTPSignature(req, HTTP_SIGNATURE.CLOCK_SKEW_SECONDS)
 
   const keyId = parsed.keyId
   if (!keyId) {