Auth fetch verification (cavage) works now
All checks were successful
/ docker (push) Successful in 4m14s
All checks were successful
/ docker (push) Successful in 4m14s
- Verifying inbound requests signed with Cavage are now checked as expected - Fixed a bug where the signature header is not generated correctly - Extended config to include settings for what requests to verify - Fixed new server in main not using internal port from config
This commit is contained in:
parent
271acc8d29
commit
627926460c
SSH key fingerprint:
SHA256:9VAo09aaVNTWKzPW7Hq2LW+ox9OdwmTSHRoD4mlz1yI
8 changed files with 90 additions and 36 deletions
|
|
@ -3,11 +3,8 @@ package webshared
|
|||
import (
|
||||
"io"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"git.mstar.dev/mstar/goutils/maputils"
|
||||
|
||||
"git.mstar.dev/mstar/linstrom/config"
|
||||
)
|
||||
|
||||
|
|
@ -28,18 +25,7 @@ func SignRequest(r *http.Request, keyId string, privateKeyBytes, postBody []byte
|
|||
headers.Set("Date", time.Now().UTC().Format(http.TimeFormat))
|
||||
}
|
||||
applyBodyHash(headers, postBody)
|
||||
mappedHeaders := maputils.MapNewKeys(headers, func(k string, v []string) (string, string) {
|
||||
if len(v) > 0 {
|
||||
return strings.ToLower(k), v[0]
|
||||
} else {
|
||||
return strings.ToLower(k), ""
|
||||
}
|
||||
})
|
||||
// Filter for only the date, host, digest and request-target headers
|
||||
mappedHeaders = maputils.FilterMap(mappedHeaders, func(k, v string) bool {
|
||||
k = strings.ToLower(k)
|
||||
return k == "date" || k == "host" || k == "digest" || k == "(request-target)"
|
||||
})
|
||||
var signedString string
|
||||
var usedHeaders []string
|
||||
if config.GlobalConfig.Experimental.UseEd25519Keys {
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ import (
|
|||
"net/url"
|
||||
"strings"
|
||||
|
||||
"git.mstar.dev/mstar/goutils/maputils"
|
||||
"github.com/rs/zerolog/log"
|
||||
|
||||
"git.mstar.dev/mstar/linstrom/config"
|
||||
|
|
@ -61,7 +60,10 @@ func genPreSignatureString(
|
|||
headers http.Header,
|
||||
) (string, []string) {
|
||||
usedHeaders := []string{"(request-target)", "host"}
|
||||
usedHeaders = append(usedHeaders, maputils.KeysFromMap(headers)...)
|
||||
usedHeaders = append(usedHeaders, "date", "accept", "content-type")
|
||||
if headers.Get("Digest") != "" {
|
||||
usedHeaders = append(usedHeaders, "digest")
|
||||
}
|
||||
return GenerateStringToSign(method, target.Host, target.Path, headers, usedHeaders), usedHeaders
|
||||
}
|
||||
|
||||
|
|
@ -81,7 +83,7 @@ func GenerateStringToSign(
|
|||
case "host":
|
||||
dataBuilder.WriteString(v + ": " + host + "\n")
|
||||
default:
|
||||
dataBuilder.WriteString(v + ": " + headers.Get(v) + "\n")
|
||||
dataBuilder.WriteString(strings.ToLower(v) + ": " + headers.Get(v) + "\n")
|
||||
}
|
||||
// dataBuilder.WriteString(k + ": " + v + "\n")
|
||||
// usedHeaders = append(usedHeaders, k)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue