X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Factivitypub.ts;h=fedac0e05ed419b2de6c0b37ee3ddb02840715ec;hb=566c125d6eee3bd907404523d94e1e0b5e403a46;hp=c528ee250f06a321319adad4061900f627cbf5bf;hpb=dae86118ed5d4026d04acb9d0e36829b9ad8eb4e;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts index c528ee250..fedac0e05 100644 --- a/server/middlewares/activitypub.ts +++ b/server/middlewares/activitypub.ts @@ -2,7 +2,7 @@ import { NextFunction, Request, Response } from 'express' import { ActivityPubSignature } from '../../shared' import { logger } from '../helpers/logger' import { isHTTPSignatureVerified, isJsonLDSignatureVerified, parseHTTPSignature } from '../helpers/peertube-crypto' -import { ACCEPT_HEADERS, ACTIVITY_PUB, HTTP_SIGNATURE } from '../initializers' +import { ACCEPT_HEADERS, ACTIVITY_PUB, HTTP_SIGNATURE } from '../initializers/constants' import { getOrCreateActorAndServerAndModel } from '../lib/activitypub' import { loadActorUrlOrGetFromWebfinger } from '../helpers/webfinger' @@ -55,7 +55,7 @@ async function checkHttpSignature (req: Request, res: Response) { const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string if (sig && sig.startsWith('Signature ') === false) req.headers[HTTP_SIGNATURE.HEADER_NAME] = 'Signature ' + sig - const parsed = parseHTTPSignature(req) + const parsed = parseHTTPSignature(req, HTTP_SIGNATURE.CLOCK_SKEW_SECONDS) const keyId = parsed.keyId if (!keyId) { @@ -74,6 +74,8 @@ async function checkHttpSignature (req: Request, res: Response) { const verified = isHTTPSignatureVerified(parsed, actor) if (verified !== true) { + logger.warn('Signature from %s is invalid', actorUrl, { parsed }) + res.sendStatus(403) return false } @@ -99,6 +101,8 @@ async function checkJsonLDSignature (req: Request, res: Response) { const verified = await isJsonLDSignatureVerified(actor, req.body) if (verified !== true) { + logger.warn('Signature not verified.', req.body) + res.sendStatus(403) return false }