From: Chocobozzz Date: Fri, 25 Oct 2019 12:53:39 +0000 (+0200) Subject: Increase clock skew for HTTP signatures X-Git-Tag: v2.0.0-rc.1~9 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=f67d757452c63fff27df596b575ae1ca9225a1a0;p=oweals%2Fpeertube.git Increase clock skew for HTTP signatures --- diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts index 190fd427a..fd4c0fdaa 100644 --- a/server/initializers/constants.ts +++ b/server/initializers/constants.ts @@ -467,7 +467,8 @@ const ACTIVITY_PUB_ACTOR_TYPES: { [ id: string ]: ActivityPubActorType } = { const HTTP_SIGNATURE = { HEADER_NAME: 'signature', ALGORITHM: 'rsa-sha256', - HEADERS_TO_SIGN: [ '(request-target)', 'host', 'date', 'digest' ] + HEADERS_TO_SIGN: [ '(request-target)', 'host', 'date', 'digest' ], + CLOCK_SKEW_SECONDS: 1800 } // --------------------------------------------------------------------------- diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts index bea213d27..fedac0e05 100644 --- a/server/middlewares/activitypub.ts +++ b/server/middlewares/activitypub.ts @@ -55,7 +55,7 @@ async function checkHttpSignature (req: Request, res: Response) { const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string if (sig && sig.startsWith('Signature ') === false) req.headers[HTTP_SIGNATURE.HEADER_NAME] = 'Signature ' + sig - const parsed = parseHTTPSignature(req) + const parsed = parseHTTPSignature(req, HTTP_SIGNATURE.CLOCK_SKEW_SECONDS) const keyId = parsed.keyId if (!keyId) {