From c15205fb4679b7058790c9691c3f767d4b2c3c3b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kub=C3=ADk?= <jakub.kubik.it@protonmail.com>
Date: Sun, 14 Aug 2022 19:29:46 +0200
Subject: [PATCH 1/2] fix(client/keys): ignore non-signature keys in signature
 upload route

---
 src/api/client_server/keys.rs | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/api/client_server/keys.rs b/src/api/client_server/keys.rs
index 9a21dd60..837e1662 100644
--- a/src/api/client_server/keys.rs
+++ b/src/api/client_server/keys.rs
@@ -148,11 +148,24 @@ pub async fn upload_signatures_route(
 ) -> Result<upload_signatures::v3::Response> {
     let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 
-    for (user_id, signed_keys) in &body.signed_keys {
-        for (key_id, signed_key) in signed_keys {
-            let signed_key = serde_json::to_value(signed_key).unwrap();
+    for (user_id, keys) in &body.signed_keys {
+        for (key_id, key) in keys {
+            let key = serde_json::to_value(key)
+                .map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Invalid key JSON"))?;
+
+            let is_signature_key = match key.get("usage") {
+                Some(usage) => usage
+                    .as_array()
+                    .map(|usage| !usage.contains(&json!("master")))
+                    .unwrap_or(false),
+                None => true,
+            };
+
+            if !is_signature_key {
+                continue;
+            }
 
-            for signature in signed_key
+            for signature in key
                 .get("signatures")
                 .ok_or(Error::BadRequest(
                     ErrorKind::InvalidParam,

From 0ddc3c01ef4b1c62e2a9f58b53a137f15ca72b14 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kub=C3=ADk?= <jakub.kubik.it@protonmail.com>
Date: Sun, 14 Aug 2022 19:33:13 +0200
Subject: [PATCH 2/2] style(client/keys): rename signature key to signed key

---
 src/api/client_server/keys.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/api/client_server/keys.rs b/src/api/client_server/keys.rs
index 837e1662..2de785fd 100644
--- a/src/api/client_server/keys.rs
+++ b/src/api/client_server/keys.rs
@@ -153,7 +153,7 @@ pub async fn upload_signatures_route(
             let key = serde_json::to_value(key)
                 .map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Invalid key JSON"))?;
 
-            let is_signature_key = match key.get("usage") {
+            let is_signed_key = match key.get("usage") {
                 Some(usage) => usage
                     .as_array()
                     .map(|usage| !usage.contains(&json!("master")))
@@ -161,7 +161,7 @@ pub async fn upload_signatures_route(
                 None => true,
             };
 
-            if !is_signature_key {
+            if !is_signed_key {
                 continue;
             }