From bca53ae40e34c15dea851325da318fdb9c237e9d Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Fri, 1 Mar 2019 16:19:03 -0700 Subject: [PATCH] Update FederationController --- app/Http/Controllers/FederationController.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/app/Http/Controllers/FederationController.php b/app/Http/Controllers/FederationController.php index 77665e40c..91d62bab1 100644 --- a/app/Http/Controllers/FederationController.php +++ b/app/Http/Controllers/FederationController.php @@ -242,9 +242,16 @@ XML; protected function blindKeyRotation(Request $request, Profile $profile) { $signature = $request->header('signature'); + $date = $request->header('date'); if(!$signature) { abort(400, 'Missing signature header'); } + if(!$date) { + abort(400, 'Missing date header'); + } + if(!now()->parse($date)->gt(now()->subDays(1)) || !now()->parse($date)->lt(now()->addDays(1))) { + abort(400, 'Invalid date'); + } $signatureData = HttpSignature::parseSignatureHeader($signature); $keyId = Helpers::validateUrl($signatureData['keyId']); $actor = Profile::whereKeyId($keyId)->whereNotNull('remote_url')->firstOrFail();