+ if (!signatureObject || !signatureObject.creator) {
+ res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: 'Object and creator signature do not match'
+ })
+ return false
+ }
+
+ const [ creator ] = signatureObject.creator.split('#')
+
+ logger.debug('Checking JsonLD signature of actor %s...', creator)
+
+ const actor = await getOrCreateAPActor(creator)
+ const verified = await isJsonLDSignatureVerified(actor, req.body)
+
+ if (verified !== true) {
+ logger.warn('Signature not verified.', req.body)
+
+ res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: 'Signature could not be verified'
+ })
+ return false
+ }
+
+ res.locals.signature = { actor }
+ return true
+ })