1movmedia/pyworker
2
0
Fork 0
Code Pull Requests Activity

enforce alphabetical json dumping of message for signature verification

Browse Source
This commit is contained in:
Edgar Lin
2025-10-28 15:21:14 -07:00
parent a6921de6a2
commit 50f13d6288
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/backend.py
+1 -1
View File
@@ -296,7 +296,7 @@ class Backend:
elif message in self.msg_history:
log.debug(f"message: {message} already in message history")
return False
elif verify_signature(json.dumps(message, indent=4), auth_data.signature):
elif verify_signature(json.dumps(message, indent=4, sort_keys=True), auth_data.signature):
self.reqnum = max(auth_data.reqnum, self.reqnum)
self.msg_history.append(message)
self.msg_history = self.msg_history[-MSG_HISTORY_LEN:]
lib/data_types.py
+2 -2
View File
@@ -65,12 +65,12 @@ class ApiPayload(ABC):
class AuthData:
"""data used to authenticate requester"""
signature: str
cost: str
endpoint: str
reqnum: int
url: str
request_idx: int
signature: str
url: str
@classmethod
def from_json_msg(cls, json_msg: Dict[str, Any]):