kopia lustrzana https://github.com/cloudflare/wildebeest
Merge pull request #201 from cloudflare/sven/401-invalid-sign
inbox return 401 when signature fails to verifypull/205/head
commit
2e588f563d
|
@ -12,6 +12,7 @@ import { fetchKey, verifySignature } from 'wildebeest/backend/src/utils/httpsigj
|
|||
import { generateDigestHeader } from 'wildebeest/backend/src/utils/http-signing-cavage'
|
||||
|
||||
export const onRequest: PagesFunction<Env, any> = async ({ params, request, env }) => {
|
||||
try {
|
||||
const parsedSignature = parseRequest(request)
|
||||
const pubKey = await fetchKey(parsedSignature)
|
||||
if (pubKey === null) {
|
||||
|
@ -21,6 +22,10 @@ export const onRequest: PagesFunction<Env, any> = async ({ params, request, env
|
|||
if (!valid) {
|
||||
return new Response('invalid signature', { status: 401 })
|
||||
}
|
||||
} catch (err: unknown) {
|
||||
console.warn((err as any).stack)
|
||||
return new Response('signature verification failed', { status: 401 })
|
||||
}
|
||||
|
||||
const body = await request.text()
|
||||
if (request.method == 'POST') {
|
||||
|
|
Ładowanie…
Reference in New Issue