Relax logger on signature checker

[github/Chocobozzz/PeerTube.git] / server / middlewares / activitypub.ts

diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts
index bea213d270af840ba0edfd1beddfb4ea5ac75905..c906e785c57f7dde1463683684afe0abf33c04de 100644 (file)
--- a/server/middlewares/activitypub.ts
+++ b/server/middlewares/activitypub.ts
@@ -23,7 +23,7 @@ async function checkSignature (req: Request, res: Response, next: NextFunction)
 
     return next()
   } catch (err) {
-    logger.error('Error in ActivityPub signature checker.', err)
+    logger.warn('Error in ActivityPub signature checker.', err)
     return res.sendStatus(403)
   }
 }
@@ -51,11 +51,11 @@ export {
 // ---------------------------------------------------------------------------
 
 async function checkHttpSignature (req: Request, res: Response) {
-  // FIXME: mastodon does not include the Signature scheme
+  // FIXME: compatibility with http-signature < v1.3
   const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string
-  if (sig && sig.startsWith('Signature ') === false) req.headers[HTTP_SIGNATURE.HEADER_NAME] = 'Signature ' + sig
+  if (sig && sig.startsWith('Signature ') === true) req.headers[HTTP_SIGNATURE.HEADER_NAME] = sig.replace(/^Signature /, '')
 
-  const parsed = parseHTTPSignature(req)
+  const parsed = parseHTTPSignature(req, HTTP_SIGNATURE.CLOCK_SKEW_SECONDS)
 
   const keyId = parsed.keyId
   if (!keyId) {