From 0e07bcac00acdafd2f029fb54bfd2487ef2994ce Mon Sep 17 00:00:00 2001 From: FChannel <=> Date: Thu, 28 Jan 2021 16:24:39 -0800 Subject: auth for all activity req --- OutboxPost.go | 5 ++++- main.go | 6 ++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/OutboxPost.go b/OutboxPost.go index 16d9f5f..550345d 100644 --- a/OutboxPost.go +++ b/OutboxPost.go @@ -507,7 +507,10 @@ func ParseInboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) { header := r.Header.Get("Authorization") auth := strings.Split(header, " ") + if len(auth) < 2 { + response := RejectActivity(activity) + MakeActivityRequest(db, response) return } @@ -516,7 +519,7 @@ func ParseInboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) { MakeActivityRequest(db, response) return } - + switch(activity.Type) { case "Create": for _, e := range activity.To { diff --git a/main.go b/main.go index a430387..fc8e8b1 100644 --- a/main.go +++ b/main.go @@ -1608,7 +1608,7 @@ func MakeActivityRequest(db *sql.DB, activity Activity) { auth := CreateTripCode(verify.Code) auth = CreateTripCode(auth) - + for _, e := range activity.To { actor := GetActor(e) @@ -1618,9 +1618,7 @@ func MakeActivityRequest(db *sql.DB, activity Activity) { req.Header.Set("Content-Type", activitystreams) - if activity.Type == "Create" { - req.Header.Set("Authorization", "Basic " + auth) - } + req.Header.Set("Authorization", "Basic " + auth) CheckError(err, "error with sending activity req to") -- cgit v1.2.3