versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2025-12-06 08:28:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(api): 🐛 Automatically rewrite http to https in federation

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-05-17 11:42:42 -10:00
parent c28628ebb3
commit 673b7d0bae
No known key found for this signature in database
3 changed files with 16 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
index.ts
View file

@ -118,7 +118,8 @@ app.use(agentBans);
app.use(bait); app.use(bait);
app.use(logger); app.use(logger);
app.use(boundaryCheck); app.use(boundaryCheck);
app.use(urlCheck); // Disabled as federation now checks for this
// app.use(urlCheck);
// Inject own filesystem router // Inject own filesystem router
for (const [route, path] of Object.entries(routes)) { for (const [route, path] of Object.entries(routes)) {

3
packages/config-manager/config.type.ts
View file

@ -435,11 +435,13 @@ export const configValidator = z.object({
enabled: z.boolean().default(false), enabled: z.boolean().default(false),
software: z.enum(["lysand-ap"]).or(z.string()), software: z.enum(["lysand-ap"]).or(z.string()),
allowed_ips: z.array(z.string().trim()).default([]), allowed_ips: z.array(z.string().trim()).default([]),
token: z.string().default(""),
}) })
.default({ .default({
enabled: false, enabled: false,
software: "lysand-ap", software: "lysand-ap",
allowed_ips: [], allowed_ips: [],
token: "",
}), }),
}) })
.default({ .default({
@ -460,6 +462,7 @@ export const configValidator = z.object({
enabled: false, enabled: false,
software: "lysand-ap", software: "lysand-ap",
allowed_ips: [], allowed_ips: [],
token: "",
}, },
}), }),
instance: z instance: z

12
server/api/users/:uuid/inbox/index.ts
View file

@ -110,12 +110,22 @@ export default (app: Hono) =>
sender.getUser().publicKey, sender.getUser().publicKey,
); );
// If base_url uses https and request uses http, rewrite request to use https
// This fixes reverse proxy errors
const reqUrl = new URL(context.req.url);
if (
new URL(config.http.base_url).protocol === "https:" &&
reqUrl.protocol === "http:"
) {
reqUrl.protocol = "https:";
}
const isValid = await validator const isValid = await validator
.validate( .validate(
signature, signature,
new Date(Date.parse(date)), new Date(Date.parse(date)),
context.req.method as HttpVerb, context.req.method as HttpVerb,
new URL(context.req.url), reqUrl,
await context.req.text(), await context.req.text(),
) )
.catch((e) => { .catch((e) => {