2018-05-17 11:32:23 +02:00
|
|
|
defmodule EventosWeb.HTTPSignaturePlug do
|
2018-06-14 18:15:27 +02:00
|
|
|
@moduledoc """
|
|
|
|
# HTTPSignaturePlug
|
|
|
|
|
|
|
|
Plug to check HTTP Signatures on every incoming request
|
|
|
|
"""
|
|
|
|
|
2018-05-17 11:32:23 +02:00
|
|
|
alias Eventos.Service.HTTPSignatures
|
|
|
|
import Plug.Conn
|
|
|
|
require Logger
|
|
|
|
|
|
|
|
def init(options) do
|
|
|
|
options
|
|
|
|
end
|
|
|
|
|
|
|
|
def call(%{assigns: %{valid_signature: true}} = conn, _opts) do
|
|
|
|
conn
|
|
|
|
end
|
|
|
|
|
|
|
|
def call(conn, _opts) do
|
|
|
|
user = conn.params["actor"]
|
2018-07-27 10:45:35 +02:00
|
|
|
|
|
|
|
Logger.debug(fn ->
|
2018-06-14 18:15:27 +02:00
|
|
|
"Checking sig for #{user}"
|
2018-07-27 10:45:35 +02:00
|
|
|
end)
|
|
|
|
|
2018-05-17 11:32:23 +02:00
|
|
|
with [signature | _] <- get_req_header(conn, "signature") do
|
|
|
|
cond do
|
|
|
|
signature && String.contains?(signature, user) ->
|
|
|
|
conn =
|
|
|
|
conn
|
|
|
|
|> put_req_header(
|
|
|
|
"(request-target)",
|
|
|
|
String.downcase("#{conn.method}") <> " #{conn.request_path}"
|
|
|
|
)
|
|
|
|
|
|
|
|
assign(conn, :valid_signature, HTTPSignatures.validate_conn(conn))
|
|
|
|
|
|
|
|
signature ->
|
|
|
|
Logger.debug("Signature not from actor")
|
|
|
|
assign(conn, :valid_signature, false)
|
|
|
|
|
|
|
|
true ->
|
|
|
|
Logger.debug("No signature header!")
|
|
|
|
conn
|
|
|
|
end
|
2018-07-27 10:45:35 +02:00
|
|
|
else
|
|
|
|
_ ->
|
|
|
|
Logger.debug("No signature header!")
|
|
|
|
conn
|
2018-05-17 11:32:23 +02:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|