]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blobdiff - server/helpers/peertube-crypto.ts
projects / github / Chocobozzz / PeerTube.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix release script
[github/Chocobozzz/PeerTube.git] / server / helpers / peertube-crypto.ts
diff --git a/server/helpers/peertube-crypto.ts b/server/helpers/peertube-crypto.ts
index b8f7c782ae7b88ba88463d14f156d43d65a9dec1..1a7ee24a757843feecf1a7fb4cb9b0b155eb2c9d 100644 (file)
--- a/server/helpers/peertube-crypto.ts
+++ b/server/helpers/peertube-crypto.ts
@@ -51,11 +51,18 @@ function isHTTPSignatureVerified (httpSignatureParsed: any, actor: MActor): bool
 }
 
 function parseHTTPSignature (req: Request, clockSkew?: number) {
-  const headers = req.method === 'POST'
-    ? HTTP_SIGNATURE.REQUIRED_HEADERS.POST
-    : HTTP_SIGNATURE.REQUIRED_HEADERS.ALL
+  const requiredHeaders = req.method === 'POST'
+    ? [ '(request-target)', 'host', 'digest' ]
+    : [ '(request-target)', 'host' ]
 
-  return httpSignature.parse(req, { clockSkew, headers })
+  const parsed = httpSignature.parse(req, { clockSkew, headers: requiredHeaders })
+
+  const parsedHeaders = parsed.params.headers
+  if (!parsedHeaders.includes('date') && !parsedHeaders.includes('(created)')) {
+    throw new Error(`date or (created) must be included in signature`)
+  }
+
+  return parsed
 }
 
 // JSONLD
ActivityPub-federated video streaming platform using P2P directly in your web browser