Slop/activitypub-federation-rust
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use OriginalUri for axum ActivityData

Browse source 
When the inbox path is under a nested `Router`, the received request has a URI
with the common prefix stripped. This causes incoming signatures to be considered
invalid since the path is different (see https://github.com/LemmyNet/activitypub-federation-rust/issues/107#issuecomment-2767428107)

This commit uses `OriginalUri` for URI extraction instead, which will retrieve
the full URI regardless of router nesting
This commit is contained in:
Technohacker 2025-04-02 00:38:41 +05:30
parent 4c1c0f7928
commit 8c787f50de
No known key found for this signature in database
GPG key ID: 2AA912BBD7784F5C
2 changed files with 11 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Cargo.toml
View file

@ -88,7 +88,7 @@ actix-web = { version = "4.8.0", default-features = false, optional = true }
http02 = { package = "http", version = "0.2.12", optional = true }
# Axum
axum = { version = "0.7.5", features = ["json"], default-features = false, optional = true }
axum = { version = "0.7.5", features = ["json", "original-uri"], default-features = false, optional = true }
tower = { version = "0.4.13", optional = true }
[dev-dependencies]

16
src/axum/inbox.rs
View file

@ -12,11 +12,11 @@ use crate::{
use axum::{
async_trait,
body::Body,
extract::FromRequest,
extract::{FromRequest, FromRequestParts, OriginalUri},
http::{Request, StatusCode},
response::{IntoResponse, Response},
};
use http::{HeaderMap, Method, Uri};
use http::{HeaderMap, Method};
use serde::de::DeserializeOwned;
use tracing::debug;
@ -54,7 +54,7 @@ where
pub struct ActivityData {
headers: HeaderMap,
method: Method,
uri: Uri,
uri: OriginalUri,
body: Vec<u8>,
}
@ -65,8 +65,12 @@ where
{
type Rejection = Response;
async fn from_request(req: Request<Body>, _state: &S) -> Result<Self, Self::Rejection> {
let (parts, body) = req.into_parts();
async fn from_request(req: Request<Body>, state: &S) -> Result<Self, Self::Rejection> {
let (mut parts, body) = req.into_parts();
// take the full URI to handle nested routers
// OriginalUri::from_request_parts has an Infallible error type
let Ok(uri) = OriginalUri::from_request_parts(&mut parts, state).await;
// this wont work if the body is an long running stream
let bytes = axum::body::to_bytes(body, usize::MAX)
@ -76,7 +80,7 @@ where
Ok(Self {
headers: parts.headers,
method: parts.method,
uri: parts.uri,
uri,
body: bytes.to_vec(),
})
}