xtr.dev/rondevu-server
1
0
Fork 0
mirror of https://github.com/xtr-dev/rondevu-server.git synced 2025-12-10 02:43:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: add validateServicePublish for correct signature verification

Browse Source 
The service publishing endpoint was using validateUsernameClaim which
expects the message format "claim:{username}:{timestamp}", but clients
send "publish:{username}:{serviceFqn}:{timestamp}".

Added validateServicePublish function to properly validate service
publishing signatures with the correct message format.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Bas van den Aakster
2025-12-05 19:31:42 +01:00
parent 595eac8692
commit e9d0f26726
3 changed files with 46 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/app.ts
View File

@@ -3,7 +3,7 @@ import { cors } from 'hono/cors';
import { Storage } from './storage/types.ts';
import { Config } from './config.ts';
import { createAuthMiddleware, getAuthenticatedPeerId } from './middleware/auth.ts';
import { generatePeerId, encryptPeerId, validateUsernameClaim, validateServiceFqn } from './crypto.ts';
import { generatePeerId, encryptPeerId, validateUsernameClaim, validateServicePublish, validateServiceFqn } from './crypto.ts';
import type { Context } from 'hono';
/**
@@ -207,7 +207,7 @@ export function createApp(storage: Storage, config: Config) {
}
// Verify signature matches username's public key
const signatureValidation = await validateUsernameClaim(username, usernameRecord.publicKey, signature, message);
const signatureValidation = await validateServicePublish(username, serviceFqn, usernameRecord.publicKey, signature, message);
if (!signatureValidation.valid) {
return c.json({ error: 'Invalid signature for username' }, 403);
}