Mirrors/activitypub-federation-rust
2
0
Fork 0
mirror of https://github.com/LemmyNet/activitypub-federation-rust synced 2024-11-10 06:04:19 +00:00
Code Issues Projects Releases Packages Wiki Activity

Increase HTTP signature expiration time to one day (fixes #46) (#47)

Browse source
This commit is contained in:
Nutomic 2023-06-22 09:20:57 +02:00 committed by GitHub
parent 8f997ec340
commit 3d9d54cf09
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/http_signatures.rs
View file

@ -67,9 +67,12 @@ pub fn generate_actor_keypair() -> Result<Keypair, std::io::Error> {
})
}
/// Sets the amount of time that a signed request is valid. Currenlty 5 minutes
/// Mastodon & friends have ~1 hour expiry from creation if it's not set in the header
pub(crate) const EXPIRES_AFTER: Duration = Duration::from_secs(300);
/// Time for which HTTP signatures are valid.
///
/// This field is optional in the standard, but required by the Rust library. It is not clear
/// what security concerns this expiration solves (if any), so we set a very high value of one day
/// to avoid any potential problems due to wrong clocks, overloaded servers or delayed delivery.
pub(crate) const EXPIRES_AFTER: Duration = Duration::from_secs(24 * 60 * 60);
/// Creates an HTTP post request to `inbox_url`, with the given `client` and `headers`, and
/// `activity` as request body. The request is signed with `private_key` and then sent.