mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2026-07-12 20:48:40 +00:00
Adds an extra check to ensure the `keyId` and `actorId` included in signed requests and actor records point back to the originating host. This check prevents server-side request forgery (SSRF) attacks where a carefully crafted request could be used to trick a federation server into making requests to arbitrary hosts and ports. Further refactors can make these checks more robust, but would better fit after other existing refactor PRs are merged. Related: https://codeberg.org/forgejo/forgejo/issues/11779 ### Tests for Go changes - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I ran... - [x] `make pr-go` before pushing ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change. - [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11795 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
55 lines
1.7 KiB
Go
55 lines
1.7 KiB
Go
// Copyright 2021 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package setting
|
|
|
|
import (
|
|
"forgejo.org/modules/log"
|
|
|
|
"github.com/42wim/httpsig"
|
|
)
|
|
|
|
// Federation settings
|
|
var (
|
|
Federation = struct {
|
|
Enabled bool
|
|
ShareUserStatistics bool
|
|
MaxSize int64
|
|
SignatureAlgorithms []string
|
|
DigestAlgorithm string
|
|
GetHeaders []string
|
|
PostHeaders []string
|
|
SignatureEnforced bool
|
|
InsecureAllowInvalidHosts bool
|
|
}{
|
|
Enabled: false,
|
|
ShareUserStatistics: true,
|
|
MaxSize: 4,
|
|
SignatureAlgorithms: []string{"rsa-sha256", "rsa-sha512", "ed25519"},
|
|
DigestAlgorithm: "SHA-256",
|
|
GetHeaders: []string{"(request-target)", "Date", "Host"},
|
|
PostHeaders: []string{"(request-target)", "Date", "Host", "Digest"},
|
|
SignatureEnforced: true,
|
|
InsecureAllowInvalidHosts: false,
|
|
}
|
|
)
|
|
|
|
// HttpsigAlgs is a constant slice of httpsig algorithm objects
|
|
var HttpsigAlgs []httpsig.Algorithm
|
|
|
|
func loadFederationFrom(rootCfg ConfigProvider) {
|
|
if err := rootCfg.Section("federation").MapTo(&Federation); err != nil {
|
|
log.Fatal("Failed to map Federation settings: %v", err)
|
|
} else if !httpsig.IsSupportedDigestAlgorithm(Federation.DigestAlgorithm) {
|
|
log.Fatal("unsupported digest algorithm: %s", Federation.DigestAlgorithm)
|
|
return
|
|
}
|
|
|
|
// Get MaxSize in bytes instead of MiB
|
|
Federation.MaxSize = 1 << 20 * Federation.MaxSize
|
|
|
|
HttpsigAlgs = make([]httpsig.Algorithm, len(Federation.SignatureAlgorithms))
|
|
for i, alg := range Federation.SignatureAlgorithms {
|
|
HttpsigAlgs[i] = httpsig.Algorithm(alg)
|
|
}
|
|
}
|