Move room-ID header validation into authorize

signalapp · Oct 1, 2024 · f701aec · f701aec
1 parent 3bdd3d1
commit f701aec
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 5 deletions.
diff --git a/frontend/src/api.rs b/frontend/src/api.rs
@@ -21,6 +21,7 @@ use axum::{
     routing::get,
     Extension, Router,
 };
+use axum_extra::TypedHeader;
 use base64::engine::general_purpose::STANDARD;
 use base64::Engine;
 use http::{header, Method, StatusCode};
@@ -30,6 +31,7 @@ use tower::ServiceBuilder;
 use zkgroup::call_links::CreateCallLinkCredentialPresentation;
 
 use crate::{
+    api::call_links::RoomId,
     authenticator::{Authenticator, AuthenticatorError, GroupAuthToken, ParsedHeader::*},
     frontend::{Frontend, FrontendError},
     metrics::histogram::Histogram,
@@ -164,13 +166,20 @@ async fn metrics(
 /// Middleware to handle the authorization header.
 async fn authorize(
     State(frontend): State<Arc<Frontend>>,
+    room_id: Option<TypedHeader<RoomId>>,
     mut req: Request,
     next: Next,
 ) -> Result<axum::response::Response, StatusCode> {
     trace!("authorize");
 
     let user_agent = get_user_agent(&req)?;
 
+    if let Some(room_id) = room_id {
+        if room_id.0.as_ref().contains(":") {
+            return Err(StatusCode::BAD_REQUEST);
+        }
+    }
+
     let authorization_header = req
         .headers()
         .get(header::AUTHORIZATION)

diff --git a/frontend/src/api/call_links.rs b/frontend/src/api/call_links.rs
@@ -79,11 +79,7 @@ impl Header for RoomId {
             return Err(headers::Error::invalid());
         }
         if let Ok(value) = value.to_str() {
-            if value.contains(":") {
-                Err(headers::Error::invalid())
-            } else {
-                Ok(Self(value.into()))
-            }
+            Ok(Self(value.into()))
         } else {
             Err(headers::Error::invalid())
         }