diff options
| author |  Tobi Smethurst <31960611+tsmethurst@users.noreply.github.com> | 2021-07-05 13:23:03 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2021-07-05 13:23:03 +0200 |
| commit | d389e7b150df6ecd215c7b661b294ea153ad0103 (patch) | |
| tree | 8739e3103cb5130875d903cc7fc72fd9db3b8434 /internal/api/security/signaturecheck.go | |
| parent | Fix 404 contact (#74) (diff) | |
| download | gotosocial-d389e7b150df6ecd215c7b661b294ea153ad0103.tar.xz | |
Domain block (#76)
* start work on admin domain blocking
* move stuff around + further work on domain blocks
* move + restructure processor
* prep work for deleting account
* tidy
* go fmt
* formatting
* domain blocking more work
* check domain blocks way earlier on
* progress on delete account
* delete more stuff when an account is gone
* and more...
* domain blocky block block
* get individual domain block, delete a block
Diffstat (limited to 'internal/api/security/signaturecheck.go')
| -rw-r--r-- | internal/api/security/signaturecheck.go | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/internal/api/security/signaturecheck.go b/internal/api/security/signaturecheck.go new file mode 100644 index 000000000..b852c92ab --- /dev/null +++ b/internal/api/security/signaturecheck.go @@ -0,0 +1,69 @@ +package security + +import ( + "net/http" + "net/url" + + "github.com/gin-gonic/gin" + "github.com/go-fed/httpsig" + "github.com/superseriousbusiness/gotosocial/internal/db" + "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" + "github.com/superseriousbusiness/gotosocial/internal/util" +) + +// SignatureCheck checks whether an incoming http request has been signed. If so, it will check if the domain +// that signed the request is permitted to access the server. If it is permitted, the handler will set the key +// verifier in the gin context for use down the line. +func (m *Module) SignatureCheck(c *gin.Context) { + l := m.log.WithField("func", "DomainBlockChecker") + + // set this extra field for signature validation + c.Request.Header.Set("host", m.config.Host) + + // create the verifier from the request + // if the request is signed, it will have a signature header + verifier, err := httpsig.NewVerifier(c.Request) + if err == nil { + // the request was signed! + + // The key ID should be given in the signature so that we know where to fetch it from the remote server. + // This will be something like https://example.org/users/whatever_requesting_user#main-key + requestingPublicKeyID, err := url.Parse(verifier.KeyId()) + if err == nil && requestingPublicKeyID != nil { + // we managed to parse the url! + + // if the domain is blocked we want to bail as early as possible + blockedDomain, err := m.blockedDomain(requestingPublicKeyID.Host) + if err != nil { + l.Errorf("could not tell if domain %s was blocked or not: %s", requestingPublicKeyID.Host, err) + c.AbortWithStatus(http.StatusInternalServerError) + return + } + if blockedDomain { + l.Infof("domain %s is blocked", requestingPublicKeyID.Host) + c.AbortWithStatus(http.StatusForbidden) + return + } + + // set the verifier on the context here to save some work further down the line + c.Set(string(util.APRequestingPublicKeyVerifier), verifier) + } + } +} + +func (m *Module) blockedDomain(host string) (bool, error) { + b := >smodel.DomainBlock{} + err := m.db.GetWhere([]db.Where{{Key: "domain", Value: host, CaseInsensitive: true}}, b) + if err == nil { + // block exists + return true, nil + } + + if _, ok := err.(db.ErrNoEntries); ok { + // there are no entries so there's no block + return false, nil + } + + // there's an actual error + return false, err +} |