feat: Create signature data if there is no request body

The signature data is `Method+uri path` if there is no request body

Signed-off-by: Awiteb <a@4rs.nl>
This commit is contained in:
Awiteb 2024-07-04 16:11:23 +03:00
parent 77858ac8f4
commit 062e441d8a
Signed by: awiteb
GPG key ID: 3F6B55640AA6682F

View file

@ -42,20 +42,18 @@ pub async fn signature_check(
let mut write_err = let mut write_err =
|message: &str, status_code| super::write_error(res, ctrl, message.to_owned(), status_code); |message: &str, status_code| super::write_error(res, ctrl, message.to_owned(), status_code);
if req.body().is_end_stream() { let data = if req.body().is_end_stream() {
write_err( format!("{}{}", req.method(), req.uri().path())
"Request body is empty, the signature need a signed body", } else {
UNAUTHORIZED, match req.parse_json::<serde_json::Value>().await {
); Ok(j) => j.to_string(),
return; Err(err) => {
} write_err(&err.to_string(), UNAUTHORIZED);
let json_body = match req.parse_json::<serde_json::Value>().await { return;
Ok(j) => j.to_string(), }
Err(err) => {
write_err(&err.to_string(), UNAUTHORIZED);
return;
} }
}; };
let signature = match utils::extract_signature(req) { let signature = match utils::extract_signature(req) {
Ok(s) => s, Ok(s) => s,
Err(err) => { Err(err) => {
@ -77,7 +75,7 @@ pub async fn signature_check(
&sender_public_key, &sender_public_key,
&depot.config().server.private_key, &depot.config().server.private_key,
&signature, &signature,
json_body.as_bytes(), data.as_bytes(),
) )
{ {
write_err("Invalid signature", UNAUTHORIZED); write_err("Invalid signature", UNAUTHORIZED);