1movmedia/pyworker
2
0
Fork 0
Code Pull Requests Activity

Fix signature (#50)

Browse Source 
* change order of fields in auth_data to match autoscaler for signature verification

* also ignore __request_id

* Revert "change order of fields in auth_data to match autoscaler for signature verification" so that it's alphabetical again

This reverts commit b8223879c9.

* enforce alphabetical json dumping of message for signature verification

---------

Co-authored-by: Edgar Lin <edgarlin2000@gmail.com>
This commit is contained in:
edgaratvast
2025-10-28 16:01:32 -07:00
committed by GitHub
parent 298590fb88
commit ba6f1c2e4b
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/backend.py
+2 -2
View File
@@ -286,7 +286,7 @@ class Backend:
message = {
key: value
for (key, value) in (dataclasses.asdict(auth_data).items())
if key != "signature"
if key != "signature" and key != "__request_id"
}
if auth_data.reqnum < (self.reqnum - MSG_HISTORY_LEN):
log.debug(
@@ -296,7 +296,7 @@ class Backend:
elif message in self.msg_history:
log.debug(f"message: {message} already in message history")
return False
elif verify_signature(json.dumps(message, indent=4), auth_data.signature):
elif verify_signature(json.dumps(message, indent=4, sort_keys=True), auth_data.signature):
self.reqnum = max(auth_data.reqnum, self.reqnum)
self.msg_history.append(message)
self.msg_history = self.msg_history[-MSG_HISTORY_LEN:]