fix: why is it throwing 500???

This commit is contained in:
əlemi 2024-04-13 03:47:04 +02:00
parent b4e82b551b
commit 861cd2297b
Signed by: alemi
GPG key ID: A4895B84D311642C

View file

@ -94,22 +94,23 @@ where
let user_id = unverified.key_id().replace("#main-key", ""); let user_id = unverified.key_id().replace("#main-key", "");
if let Ok(user) = ctx.fetch().user(&user_id).await { if let Ok(user) = ctx.fetch().user(&user_id).await {
let pubkey = PKey::public_key_from_pem(user.public_key.as_bytes())?;
let valid = unverified.verify(|sig, to_sign| { let valid = unverified.verify(|sig, to_sign| {
let pubkey = PKey::public_key_from_pem(user.public_key.as_bytes())?;
let mut verifier = Verifier::new(MessageDigest::sha256(), &pubkey).unwrap(); let mut verifier = Verifier::new(MessageDigest::sha256(), &pubkey).unwrap();
verifier.update(to_sign.as_bytes())?; verifier.update(to_sign.as_bytes())?;
Ok(verifier.verify(&base64::prelude::BASE64_URL_SAFE.decode(sig).unwrap_or_default())?) as crate::Result<bool> Ok(verifier.verify(&base64::prelude::BASE64_URL_SAFE.decode(sig).unwrap_or_default())?) as crate::Result<bool>
})?; });
if !valid {
return Err(UpubError::unauthorized());
}
// TODO assert payload's digest is equal to signature's // TODO assert payload's digest is equal to signature's
// TODO introduce hardened mode which identifies remotes by user and not server match valid {
identity = Identity::Remote(Context::server(&user_id)); // TODO introduce hardened mode which identifies remotes by user and not server
Ok(true) => identity = Identity::Remote(Context::server(&user_id)),
Ok(false) => return Err(UpubError::unauthorized()),
Err(e) => {
tracing::error!("failed verifying signature: {e}");
},
}
} }
} }