oss/conduit
oss/conduit
1
0
Fork 0
mirror of https://gitlab.com/famedly/conduit.git synced 2025-06-27 16:35:59 +00:00
Code Wiki Activity

Merge branch 'enforce-valid-keys-uploaded' into 'next'

Browse source 
fix: check that keys uploaded by clients are valid

See merge request famedly/conduit!737
This commit is contained in:
Matthias Ahouansou 2025-02-27 22:08:48 +00:00
commit 3bbf2cda3e
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/api/client_server/keys.rs
View file

@ -36,6 +36,10 @@ pub async fn upload_keys_route(
let sender_device = body.sender_device.as_ref().expect("user is authenticated"); let sender_device = body.sender_device.as_ref().expect("user is authenticated");
for (key_key, key_value) in &body.one_time_keys { for (key_key, key_value) in &body.one_time_keys {
key_value.deserialize().map_err(|_| {
Error::BadRequest(ErrorKind::BadJson, "Body contained invalid one-time key")
})?;
services() services()
.users .users
.add_one_time_key(sender_user, sender_device, key_key, key_value)?; .add_one_time_key(sender_user, sender_device, key_key, key_value)?;
@ -49,6 +53,10 @@ pub async fn upload_keys_route(
.get_device_keys(sender_user, sender_device)? .get_device_keys(sender_user, sender_device)?
.is_none() .is_none()
{ {
device_keys.deserialize().map_err(|_| {
Error::BadRequest(ErrorKind::BadJson, "Body contained invalid device keys")
})?;
services() services()
.users .users
.add_device_keys(sender_user, sender_device, device_keys)?; .add_device_keys(sender_user, sender_device, device_keys)?;