Fix X-Matrix signature validation for incoming requests

For HTTP/1 requests, an inbound Request's URI contains only the path and query parameters, since there's no way to synthesize the authority part. This is exactly what we need for the X-Matrix "uri" field. HTTP/2 requests however can contain the :authority pseudo-header, which is used to populate the Request's URI. Using a URL that includes an authority breaks the signature check. Largely inspired by conduit MR !631 (https://gitlab.com/famedly/conduit/-/merge_requests/631). Co-authored-by: strawberry <strawberry@puppygock.gay>
2025-12-16 15:21:24 +01:00 · 2024-09-18 21:47:19 +00:00 · 2024-09-18 21:47:19 +00:00 · ca6bc74074
commit ca6bc74074
parent 0d6a7eb968
2 changed files with 13 additions and 1 deletions
--- a/book/changelog.md
+++ b/book/changelog.md
@ -179,6 +179,8 @@ This will be the first release of Grapevine since it was forked from Conduit
    that caused us to attempt to fetch our own signing keys from ourselves over
    federation, and fail ("Won't send federation request to ourselves").
    ([!96](https://gitlab.computer.surgery/matrix/grapevine-fork/-/merge_requests/96))
+18. Fixed incoming HTTP/2 requests failing federation signature check.
+    ([!104](https://gitlab.computer.surgery/matrix/grapevine-fork/-/merge_requests/104))

 ### Added

--- a/src/api/ruma_wrapper/axum.rs
+++ b/src/api/ruma_wrapper/axum.rs
@ -220,6 +220,16 @@ async fn ar_from_request_inner(
                    CanonicalJsonValue::Object(origin_signatures),
                )]);

+                let x_matrix_uri = parts
+                    .uri
+                    .path_and_query()
+                    .ok_or_else(|| {
+                        Error::BadRequest(
+                            ErrorKind::InvalidParam,
+                            "No HTTP path/query",
+                        )
+                    })?
+                    .to_string();
                let mut request_map = BTreeMap::from_iter([
                    (
                        "method".to_owned(),
@ -227,7 +237,7 @@ async fn ar_from_request_inner(
                    ),
                    (
                        "uri".to_owned(),
-                        CanonicalJsonValue::String(parts.uri.to_string()),
+                        CanonicalJsonValue::String(x_matrix_uri),
                    ),
                    (
                        "origin".to_owned(),