MirrorHub/conduit
1
0
Fork 0
mirror of https://gitlab.com/famedly/conduit.git synced 2024-11-05 23:29:46 +01:00
Code Issues Releases Activity

fix(client/keys): ignore non-signature keys in signature upload route

Browse source
This commit is contained in:
Jakub Kubík 2022-08-14 19:29:46 +02:00 committed by Nyaaori
parent cb837d5a1c
commit c15205fb46
No known key found for this signature in database
GPG key ID: E7819C3ED4D1F82E
1 changed files with 17 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
src/api/client_server/keys.rs
View file

@ -148,11 +148,24 @@ pub async fn upload_signatures_route(
) -> Result<upload_signatures::v3::Response> { ) -> Result<upload_signatures::v3::Response> {
let sender_user = body.sender_user.as_ref().expect("user is authenticated"); let sender_user = body.sender_user.as_ref().expect("user is authenticated");
for (user_id, signed_keys) in &body.signed_keys { for (user_id, keys) in &body.signed_keys {
for (key_id, signed_key) in signed_keys { for (key_id, key) in keys {
let signed_key = serde_json::to_value(signed_key).unwrap(); let key = serde_json::to_value(key)
.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Invalid key JSON"))?;
for signature in signed_key let is_signature_key = match key.get("usage") {
Some(usage) => usage
.as_array()
.map(|usage| !usage.contains(&json!("master")))
.unwrap_or(false),
None => true,
};
if !is_signature_key {
continue;
}
for signature in key
.get("signatures") .get("signatures")
.ok_or(Error::BadRequest( .ok_or(Error::BadRequest(
ErrorKind::InvalidParam, ErrorKind::InvalidParam,