diff --git a/activitypub.c b/activitypub.c index cef5c02..bb68a7d 100644 --- a/activitypub.c +++ b/activitypub.c @@ -930,8 +930,13 @@ int process_input_message(snac *snac, char *msg, char *req) } /* check the signature */ - if (!check_signature(snac, req)) { - snac_log(snac, xs_fmt("bad signature %s", actor)); + xs *sig_err = NULL; + + if (!check_signature(snac, req, &sig_err)) { + snac_log(snac, xs_fmt("bad signature %s (%s)", actor, sig_err)); + + srv_archive_error("check_signature", sig_err, req, msg); + return 1; } diff --git a/data.c b/data.c index 439c15e..8934f31 100644 --- a/data.c +++ b/data.c @@ -1844,3 +1844,33 @@ void srv_archive(const char *direction, xs_dict *req, } } } + + +void srv_archive_error(const char *prefix, const xs_str *err, + const xs_dict *req, const xs_dict *data) +/* archives an error */ +{ + xs *ntid = tid(0); + xs *fn = xs_fmt("%s/error/%s_%s", srv_basedir, prefix, ntid); + FILE *f; + + if ((f = fopen(fn, "w")) != NULL) { + fprintf(f, "Error: %s\n", err); + + if (req) { + fprintf(f, "Request headers:\n"); + + xs *j = xs_json_dumps_pp(req, 4); + fwrite(j, strlen(j), 1, f); + } + + if (data) { + fprintf(f, "Data:\n"); + + xs *j = xs_json_dumps_pp(data, 4); + fwrite(j, strlen(j), 1, f); + } + + fclose(f); + } +} diff --git a/http.c b/http.c index fa68948..a8b38ad 100644 --- a/http.c +++ b/http.c @@ -119,7 +119,7 @@ xs_dict *http_signed_request(snac *snac, const char *method, const char *url, } -static int _check_signature(snac *snac, char *req, char **err) +int check_signature(snac *snac, xs_dict *req, xs_str **err) /* check the signature */ { char *sig_hdr = xs_dict_get(req, "signature"); @@ -134,7 +134,8 @@ static int _check_signature(snac *snac, char *req, char **err) { /* extract the values */ xs *l = xs_split(sig_hdr, ","); - char *v; + xs_list *p; + xs_val *v; p = l; while (xs_list_iter(&p, &v)) { @@ -182,7 +183,8 @@ static int _check_signature(snac *snac, char *req, char **err) { xs *l = xs_split(headers, " "); - char *v; + xs_list *p; + xs_val *v; p = l; while (xs_list_iter(&p, &v)) { @@ -224,30 +226,3 @@ static int _check_signature(snac *snac, char *req, char **err) return 1; } - - -int check_signature(snac *snac, char *req) -/* checks the signature and archives the error */ -{ - int ret; - xs *err = NULL; - - if ((ret = _check_signature(snac, req, &err)) == 0) { - snac_debug(snac, 1, xs_fmt("check_signature %s", err)); - - xs *ntid = tid(0); - xs *fn = xs_fmt("%s/error/check_signature_%s", srv_basedir, ntid); - FILE *f; - - if ((f = fopen(fn, "w")) != NULL) { - fprintf(f, "Error: %s\nRequest headers:\n", err); - - xs *j = xs_json_dumps_pp(req, 4); - - fwrite(j, strlen(j), 1, f); - fclose(f); - } - } - - return ret; -} diff --git a/snac.h b/snac.h index 4ef446c..bc929df 100644 --- a/snac.h +++ b/snac.h @@ -55,6 +55,8 @@ void srv_archive(const char *direction, xs_dict *req, const char *payload, int p_size, int status, xs_dict *headers, const char *body, int b_size); +void srv_archive_error(const char *prefix, const xs_str *err, + const xs_dict *req, const xs_dict *data); double mtime_nl(const char *fn, int *n_link); #define mtime(fn) mtime_nl(fn, NULL) @@ -157,7 +159,7 @@ xs_dict *http_signed_request(snac *snac, const char *method, const char *url, const char *body, int b_size, int *status, xs_str **payload, int *p_size, int timeout); -int check_signature(snac *snac, char *req); +int check_signature(snac *snac, xs_dict *req, xs_str **err); void httpd(void);