+ logger.debug('Checking HTTP signature of actor %s...', keyId)
+
+ let [ actorUrl ] = keyId.split('#')
+ if (actorUrl.startsWith('acct:')) {
+ actorUrl = await loadActorUrlOrGetFromWebfinger(actorUrl.replace(/^acct:/, ''))
+ }
+
+ const actor = await getOrCreateActorAndServerAndModel(actorUrl)
+
+ const verified = isHTTPSignatureVerified(parsed, actor)
+ if (verified !== true) {
+ logger.warn('Signature from %s is invalid', actorUrl, { parsed })
+
+ res.sendStatus(403)
+ return false