Skip to content

Commit 4cd3913

Browse files
Validate mailbox claim before session start
Add a read-only active-claim check before opening a mailbox transport session to avoid stale revoked or reauthorized credentials.
1 parent 16b3b8a commit 4cd3913

1 file changed

Lines changed: 12 additions & 0 deletions

File tree

server/src/mailbox_worker.rs

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -425,6 +425,18 @@ where
425425
T: MailboxTransport + 'static,
426426
{
427427
let repo = MailboxAuthorizationRepository::new(&app_state.db_pool);
428+
if !repo
429+
.claim_is_active(
430+
&mailbox.pubkey,
431+
mailbox.auth_version,
432+
&worker_id,
433+
Utc::now(),
434+
)
435+
.await?
436+
{
437+
return Ok(());
438+
}
439+
428440
let session = MailboxSessionContext {
429441
worker_id: worker_id.clone(),
430442
stream_idle_reconnect: config.stream_idle_reconnect,

0 commit comments

Comments
 (0)