Mirrors/continuwuity
1
0
Fork 0
mirror of https://forgejo.ellis.link/continuwuation/continuwuity.git synced 2026-05-26 20:49:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Properly check forbidden_remote_server_names for incoming requests

Browse Source
This commit is contained in:
Ginger
2026-05-20 12:39:39 -04:00
committed by Ellis Git
parent d5fc81d39e
commit 185f8c42dc
2 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/api/router/auth.rs
+15 -4
View File
@@ -86,10 +86,21 @@ impl CheckAuth for ServerSignatures {
let keys: PubKeyMap = [(output.origin.as_str().into(), keys)].into();
match output.verify_request(request, destination, &keys) {
| Ok(()) => Ok(Auth {
origin: Some(output.origin.clone()),
..Default::default()
}),
| Ok(()) => {
if services
.moderation
.is_remote_server_forbidden(&output.origin)
{
return Err!(Request(Unauthorized(
"You are blocked from federating with this server."
)));
}
Ok(Auth {
origin: Some(output.origin.clone()),
..Default::default()
})
},
| Err(err) =>
Err!(Request(Unauthorized(warn!("Failed to verify X-Matrix header: {err}")))),
}