Michelle/redlight
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 11 Wiki Activity

Update README and configuration to replace RSA with Ed25519 for federation security
All checks were successful
Build & Push Docker Image / build (push) Successful in 6m30s
Details

Browse Source
This commit is contained in:
Michelle
2026-02-28 20:19:59 +01:00
parent 2831f80ab4
commit c281628fdc
8 changed files with 74 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
server/routes/federation.js
View File

@@ -147,6 +147,12 @@ router.post('/receive', federationReceiveLimiter, async (req, res) => {
return res.status(400).json({ error: 'Incomplete invitation payload' });
}
// S4: validate field lengths from remote to prevent oversized DB entries
if (invite_id.length > 100 || from_user.length > 200 || to_user.length > 200 ||
room_name.length > 200 || join_url.length > 2000 || (message && message.length > 5000)) {
return res.status(400).json({ error: 'Payload fields exceed maximum allowed length' });
}
// Fetch the sender's public key dynamically
const { domain: senderDomain } = parseAddress(from_user);
if (!senderDomain) {
@@ -159,7 +165,7 @@ router.post('/receive', federationReceiveLimiter, async (req, res) => {
}
if (!verifyPayload(payload, signature, publicKey)) {
return res.status(403).json({ error: 'Invalid federation RSA signature' });
return res.status(403).json({ error: 'Invalid federation signature' });
}
// Parse the target address and find local user