Merge branch 'release/1.4.0' into develop

[github/Chocobozzz/PeerTube.git] / server / middlewares / activitypub.ts

diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts
index c528ee250f06a321319adad4061900f627cbf5bf..bea213d270af840ba0edfd1beddfb4ea5ac75905 100644 (file)
--- a/server/middlewares/activitypub.ts
+++ b/server/middlewares/activitypub.ts
@@ -2,7 +2,7 @@ import { NextFunction, Request, Response } from 'express'
 import { ActivityPubSignature } from '../../shared'
 import { logger } from '../helpers/logger'
 import { isHTTPSignatureVerified, isJsonLDSignatureVerified, parseHTTPSignature } from '../helpers/peertube-crypto'
-import { ACCEPT_HEADERS, ACTIVITY_PUB, HTTP_SIGNATURE } from '../initializers'
+import { ACCEPT_HEADERS, ACTIVITY_PUB, HTTP_SIGNATURE } from '../initializers/constants'
 import { getOrCreateActorAndServerAndModel } from '../lib/activitypub'
 import { loadActorUrlOrGetFromWebfinger } from '../helpers/webfinger'
 
@@ -74,6 +74,8 @@ async function checkHttpSignature (req: Request, res: Response) {
 
   const verified = isHTTPSignatureVerified(parsed, actor)
   if (verified !== true) {
+    logger.warn('Signature from %s is invalid', actorUrl, { parsed })
+
     res.sendStatus(403)
     return false
   }
@@ -99,6 +101,8 @@ async function checkJsonLDSignature (req: Request, res: Response) {
   const verified = await isJsonLDSignatureVerified(actor, req.body)
 
   if (verified !== true) {
+    logger.warn('Signature not verified.', req.body)
+
     res.sendStatus(403)
     return false
   }