Merge pull request #30 from threefoldtech/master_verify_reply

verify reply
threefoldtecharchive · Jan 26, 2022 · baa7646 · baa7646
2 parents 8d5ea5b + a27a18f
commit baa7646
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/server.go b/server.go
@@ -175,6 +175,11 @@ func (a *App) handleFromReplyForward(ctx context.Context, msg Message) error {
 		return errors.Wrap(err, "couldn't resolve twin ip")
 	}
 
+	err = msg.Sign(a.identity)
+	if err != nil {
+		return errors.Wrap(err, "couldn't sign reply message")
+	}
+
 	// forward to reply agent
 	err = r.SendReply(msg)
 
@@ -347,6 +352,19 @@ func (a *App) reply(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	pk, err := a.resolver.PublicKey(msg.TwinSrc)
+	if errors.Is(err, substrate.ErrNotFound) {
+		errorReply(w, http.StatusBadRequest, "source twin %d not found", msg.TwinSrc)
+		return
+	} else if err != nil {
+		errorReply(w, http.StatusBadGateway, "couldn't get twin %d public key: %s", msg.TwinSrc, err.Error())
+		return
+	}
+	if err := msg.Verify(pk); err != nil {
+		errorReply(w, http.StatusBadRequest, err.Error())
+		return
+	}
+
 	if err := a.backend.QueueReply(r.Context(), msg); err != nil {
 		err = errors.Wrap(err, "couldn't push entry to reply queue")
 		errorReply(w, http.StatusInternalServerError, err.Error())