+ executeIfActivityPub,
+ checkHttpSignature
+}
+
+// ---------------------------------------------------------------------------
+
+async function checkHttpSignature (req: Request, res: Response) {
+ // FIXME: mastodon does not include the Signature scheme
+ const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string
+ if (sig && sig.startsWith('Signature ') === false) req.headers[HTTP_SIGNATURE.HEADER_NAME] = 'Signature ' + sig
+
+ const parsed = parseHTTPSignature(req)
+
+ const keyId = parsed.keyId
+ if (!keyId) {
+ res.sendStatus(403)
+ return false
+ }
+
+ logger.debug('Checking HTTP signature of actor %s...', keyId)
+
+ let [ actorUrl ] = keyId.split('#')
+ if (actorUrl.startsWith('acct:')) {
+ actorUrl = await loadActorUrlOrGetFromWebfinger(actorUrl.replace(/^acct:/, ''))
+ }
+
+ const actor = await getOrCreateActorAndServerAndModel(actorUrl)
+
+ const verified = isHTTPSignatureVerified(parsed, actor)
+ if (verified !== true) {
+ res.sendStatus(403)
+ return false
+ }
+
+ res.locals.signature = { actor }
+
+ return true
+}
+
+async function checkJsonLDSignature (req: Request, res: Response) {
+ const signatureObject: ActivityPubSignature = req.body.signature
+
+ if (!signatureObject || !signatureObject.creator) {
+ res.sendStatus(403)
+ return false
+ }
+
+ const [ creator ] = signatureObject.creator.split('#')
+
+ logger.debug('Checking JsonLD signature of actor %s...', creator)
+
+ const actor = await getOrCreateActorAndServerAndModel(creator)
+ const verified = await isJsonLDSignatureVerified(actor, req.body)
+
+ if (verified !== true) {
+ res.sendStatus(403)
+ return false
+ }
+
+ res.locals.signature = { actor }
+
+ return true