rzerres/conduit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: check that keys uploaded by clients are valid

Browse Source 
clients uploading invalid keys can cause errors later when trying to add signatures
This commit is contained in:
Matthias Ahouansou
2025-02-27 00:38:21 +00:00
parent a3386f405e
commit be3187fda7
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/api/client_server/keys.rs
View File

@@ -36,6 +36,10 @@ pub async fn upload_keys_route(
let sender_device = body.sender_device.as_ref().expect("user is authenticated"); let sender_device = body.sender_device.as_ref().expect("user is authenticated");
for (key_key, key_value) in &body.one_time_keys { for (key_key, key_value) in &body.one_time_keys {
key_value.deserialize().map_err(|_| {
Error::BadRequest(ErrorKind::BadJson, "Body contained invalid one-time key")
})?;
services() services()
.users .users
.add_one_time_key(sender_user, sender_device, key_key, key_value)?; .add_one_time_key(sender_user, sender_device, key_key, key_value)?;
@@ -49,6 +53,10 @@ pub async fn upload_keys_route(
.get_device_keys(sender_user, sender_device)? .get_device_keys(sender_user, sender_device)?
.is_none() .is_none()
{ {
device_keys.deserialize().map_err(|_| {
Error::BadRequest(ErrorKind::BadJson, "Body contained invalid device keys")
})?;
services() services()
.users .users
.add_device_keys(sender_user, sender_device, device_keys)?; .add_device_keys(sender_user, sender_device, device_keys)?;