]>
Commit | Line | Data |
---|---|---|
e4f97bab C |
1 | import { Request, Response, NextFunction } from 'express' |
2 | ||
3 | import { database as db } from '../initializers' | |
4 | import { | |
5 | logger, | |
6 | getAccountFromWebfinger, | |
7 | isSignatureVerified | |
8 | } from '../helpers' | |
9 | import { ActivityPubSignature } from '../../shared' | |
10 | ||
11 | async function checkSignature (req: Request, res: Response, next: NextFunction) { | |
12 | const signatureObject: ActivityPubSignature = req.body.signature | |
13 | ||
14 | logger.debug('Checking signature of account %s...', signatureObject.creator) | |
15 | ||
16 | let account = await db.Account.loadByUrl(signatureObject.creator) | |
17 | ||
18 | // We don't have this account in our database, fetch it on remote | |
19 | if (!account) { | |
20 | account = await getAccountFromWebfinger(signatureObject.creator) | |
21 | ||
22 | if (!account) { | |
23 | return res.sendStatus(403) | |
24 | } | |
25 | ||
26 | // Save our new account in database | |
27 | await account.save() | |
28 | } | |
29 | ||
30 | const verified = await isSignatureVerified(account, req.body) | |
31 | if (verified === false) return res.sendStatus(403) | |
32 | ||
33 | res.locals.signature.account = account | |
34 | ||
35 | return next() | |
36 | } | |
37 | ||
38 | function executeIfActivityPub (fun: any | any[]) { | |
39 | return (req: Request, res: Response, next: NextFunction) => { | |
40 | if (req.header('Accept') !== 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"') { | |
41 | return next() | |
42 | } | |
43 | ||
44 | if (Array.isArray(fun) === true) { | |
45 | fun[0](req, res, next) // FIXME: doesn't work | |
46 | } | |
47 | ||
48 | return fun(req, res, next) | |
49 | } | |
50 | } | |
51 | ||
52 | // --------------------------------------------------------------------------- | |
53 | ||
54 | export { | |
55 | checkSignature, | |
56 | executeIfActivityPub | |
57 | } |