backups/grapevine
1
0
Fork 0
mirror of https://gitlab.computer.surgery/matrix/grapevine.git synced 2025-12-17 07:41:23 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Use destination field in X-Matrix Authorization header

Browse source 
Both validating and sending it is a MUST since Matrix v1.3.
This commit is contained in:
Lambda 2024-06-03 16:35:00 +00:00
parent 62dd097f49
commit 5c39c7c5ff
2 changed files with 14 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/api/ruma_wrapper/axum.rs
View file

@ -196,6 +196,19 @@ async fn ar_from_request_inner(
Error::BadRequest(ErrorKind::forbidden(), msg) Error::BadRequest(ErrorKind::forbidden(), msg)
})?; })?;
if let Some(destination) = x_matrix.destination {
if destination != services().globals.server_name() {
warn!(
%destination,
"Incorrect destination in X-Matrix header"
);
return Err(Error::BadRequest(
ErrorKind::Unauthorized,
"Incorrect destination in X-Matrix header",
));
}
}
let origin_signatures = BTreeMap::from_iter([( let origin_signatures = BTreeMap::from_iter([(
x_matrix.key.to_string(), x_matrix.key.to_string(),
CanonicalJsonValue::String(x_matrix.sig), CanonicalJsonValue::String(x_matrix.sig),

2
src/api/server_server.rs
View file

@ -242,7 +242,7 @@ where
http_request.headers_mut().typed_insert(Authorization(XMatrix::new( http_request.headers_mut().typed_insert(Authorization(XMatrix::new(
services().globals.server_name().to_owned(), services().globals.server_name().to_owned(),
None, Some(destination.to_owned()),
key_id, key_id,
signature, signature,
))); )));