Check signature is correct with the activity pub actor

This commit is contained in:
Chocobozzz 2017-11-24 14:36:28 +01:00
parent 63c93323ec
commit f10336cad0
No known key found for this signature in database
GPG Key ID: 583A612D890159BE
2 changed files with 8 additions and 2 deletions

View File

@ -48,7 +48,7 @@ async function inboxController (req: express.Request, res: express.Response, nex
activities = activities.filter(a => isActivityValid(a)) activities = activities.filter(a => isActivityValid(a))
logger.debug('We keep %d activities.', activities.length, { activities }) logger.debug('We keep %d activities.', activities.length, { activities })
await processActivities(activities, res.locals.account) await processActivities(activities, res.locals.signature.account, res.locals.account)
res.status(204).end() res.status(204).end()
} }

View File

@ -23,8 +23,14 @@ const processActivity: { [ P in ActivityType ]: (activity: Activity, inboxAccoun
Like: processLikeActivity Like: processLikeActivity
} }
async function processActivities (activities: Activity[], inboxAccount?: AccountInstance) { async function processActivities (activities: Activity[], signatureAccount?: AccountInstance, inboxAccount?: AccountInstance) {
for (const activity of activities) { for (const activity of activities) {
// When we fetch remote data, we don't have signature
if (signatureAccount && activity.actor !== signatureAccount.url) {
logger.warn('Signature mismatch between %s and %s.', activity.actor, signatureAccount.url)
continue
}
const activityProcessor = processActivity[activity.type] const activityProcessor = processActivity[activity.type]
if (activityProcessor === undefined) { if (activityProcessor === undefined) {
logger.warn('Unknown activity type %s.', activity.type, { activityId: activity.id }) logger.warn('Unknown activity type %s.', activity.type, { activityId: activity.id })