From ca6bc74074b10880cdafa6ab049ce2c9d2b83f8f Mon Sep 17 00:00:00 2001
From: Lambda <csgl@xiretza.xyz>
Date: Wed, 18 Sep 2024 21:47:19 +0000
Subject: [PATCH] Fix X-Matrix signature validation for incoming requests

For HTTP/1 requests, an inbound Request's URI contains only the path and
query parameters, since there's no way to synthesize the authority part.
This is exactly what we need for the X-Matrix "uri" field.

HTTP/2 requests however can contain the :authority pseudo-header, which
is used to populate the Request's URI. Using a URL that includes an
authority breaks the signature check.

Largely inspired by conduit MR !631
(https://gitlab.com/famedly/conduit/-/merge_requests/631).

Co-authored-by: strawberry <strawberry@puppygock.gay>
---
 book/changelog.md            |  2 ++
 src/api/ruma_wrapper/axum.rs | 12 +++++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/book/changelog.md b/book/changelog.md
index 684b1cf6..031a34ae 100644
--- a/book/changelog.md
+++ b/book/changelog.md
@@ -179,6 +179,8 @@ This will be the first release of Grapevine since it was forked from Conduit
     that caused us to attempt to fetch our own signing keys from ourselves over
     federation, and fail ("Won't send federation request to ourselves").
     ([!96](https://gitlab.computer.surgery/matrix/grapevine-fork/-/merge_requests/96))
+18. Fixed incoming HTTP/2 requests failing federation signature check.
+    ([!104](https://gitlab.computer.surgery/matrix/grapevine-fork/-/merge_requests/104))
 
 ### Added
 
diff --git a/src/api/ruma_wrapper/axum.rs b/src/api/ruma_wrapper/axum.rs
index 6315e5e1..712386d9 100644
--- a/src/api/ruma_wrapper/axum.rs
+++ b/src/api/ruma_wrapper/axum.rs
@@ -220,6 +220,16 @@ async fn ar_from_request_inner(
                     CanonicalJsonValue::Object(origin_signatures),
                 )]);
 
+                let x_matrix_uri = parts
+                    .uri
+                    .path_and_query()
+                    .ok_or_else(|| {
+                        Error::BadRequest(
+                            ErrorKind::InvalidParam,
+                            "No HTTP path/query",
+                        )
+                    })?
+                    .to_string();
                 let mut request_map = BTreeMap::from_iter([
                     (
                         "method".to_owned(),
@@ -227,7 +237,7 @@ async fn ar_from_request_inner(
                     ),
                     (
                         "uri".to_owned(),
-                        CanonicalJsonValue::String(parts.uri.to_string()),
+                        CanonicalJsonValue::String(x_matrix_uri),
                     ),
                     (
                         "origin".to_owned(),