From 9ff5707e92ce8c04888f43990026cd83826596e3 Mon Sep 17 00:00:00 2001
From: Nicolas Constant <github@nicolas-constant.com>
Date: Thu, 3 Dec 2020 02:37:03 -0500
Subject: [PATCH] added AP call date check

---
 src/BirdsiteLive.Domain/UserService.cs | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/BirdsiteLive.Domain/UserService.cs b/src/BirdsiteLive.Domain/UserService.cs
index 1e6e8dc..f1ccc13 100644
--- a/src/BirdsiteLive.Domain/UserService.cs
+++ b/src/BirdsiteLive.Domain/UserService.cs
@@ -164,6 +164,14 @@ namespace BirdsiteLive.Domain
 
         private async Task<SignatureValidationResult> ValidateSignature(string actor, string rawSig, string method, string path, string queryString, Dictionary<string, string> requestHeaders)
         {
+            //Check Date Validity
+            var date = requestHeaders["date"];
+            var d = DateTime.Parse(date).ToUniversalTime();
+            var now = DateTime.UtcNow;
+            var delta = Math.Abs((d - now).TotalSeconds);
+            if (delta > 30) return new SignatureValidationResult { SignatureIsValidated = false };
+            
+            //Check Signature
             var signatures = rawSig.Split(',');
             var signature_header = new Dictionary<string, string>();
             foreach (var signature in signatures)