kio/Sharkey
kio/Sharkey
0
0
Fork 0
Código Issues Pull requests Projetos Versões Pacotes Wiki Atividade Ações
Sharkey/packages/backend/src
Histórico
Exato
dakkar c128db7666 sign the request's query in addition to the path - maybe fix #1036 
this feels wrong, though!

first of all, the ticket shows that we refuse requests signed by other
software (akkoma, browser.pub), and that strongly implies that they
are also not signing the query

then,
https://github.com/Chocobozzz/node-http-signature/blob/master/lib/signer.js#L186
only signs the path, but
https://github.com/Chocobozzz/node-http-signature/blob/master/lib/parser.js#L292-L293
puts path+query in the string when verifying

do we instead need to mangle `request.raw` to exclude the query when
verifying?
2025-04-21 14:01:52 +01:00
..
@types revert 5f88d56d96 2024-07-20 21:33:20 +09:00
boot rename activity_log and activity_context to ap_inbox_log and ap_context 2025-02-16 19:25:04 -05:00
core sign the request's query in addition to the path - maybe fix #1036 2025-04-21 14:01:52 +01:00
daemons add missing await in ApLogCleanupService 2025-02-16 19:25:24 -05:00
misc requested changes. 2025-04-20 23:20:59 -03:00
models convert Authorized Fetch to a setting and add support for hybrid mode (essential metadata only) 2025-03-16 10:07:57 -04:00
queue fix startup crash caused by circular reference (SWC is not compatible with forwardRef) 2025-03-21 12:37:06 -04:00
server remove redundant sql query. 2025-04-20 23:21:50 -03:00
config.ts feat: Allow injection of raw HTML strings inside <head> 2025-04-11 22:56:26 +02:00
const.ts convert Authorized Fetch to a setting and add support for hybrid mode (essential metadata only) 2025-03-16 10:07:57 -04:00
decorators.ts refactor(backend): use Reflet for autobind deco (#14482) 2024-09-15 17:43:24 +09:00
di-symbols.ts merge: Add separate redis for rate limit (!908) 2025-02-18 23:27:56 +00:00
env.ts (re) update SPDX-FileCopyrightText 2024-02-13 15:59:27 +00:00
global.d.ts (re) update SPDX-FileCopyrightText 2024-02-13 15:59:27 +00:00
GlobalModule.ts implement redisForRateLimit 2025-02-18 10:36:29 -05:00
logger.ts fix logger Data type 2025-03-27 19:51:42 -04:00
MainModule.ts (re) update SPDX-FileCopyrightText 2024-02-13 15:59:27 +00:00
NestLogger.ts lint fixes 2024-06-06 11:40:11 +09:00
postgres.ts implement AP fetch logs 2025-02-16 19:25:22 -05:00
types.ts remove fileId from importCustomEmojis log 2025-03-02 13:47:02 -05:00