X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Factivitypub.ts;h=fedac0e05ed419b2de6c0b37ee3ddb02840715ec;hb=ba7b7e572f0634e534320a057f4cc0a95f2a541d;hp=01e5dd24e6423644bf52cbf53850d7ca69232609;hpb=df66d81583e07ce049daeeef1edc6a87b57b3684;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts index 01e5dd24e..fedac0e05 100644 --- a/server/middlewares/activitypub.ts +++ b/server/middlewares/activitypub.ts @@ -1,11 +1,9 @@ -import { eachSeries } from 'async' -import { NextFunction, Request, RequestHandler, Response } from 'express' +import { NextFunction, Request, Response } from 'express' import { ActivityPubSignature } from '../../shared' import { logger } from '../helpers/logger' import { isHTTPSignatureVerified, isJsonLDSignatureVerified, parseHTTPSignature } from '../helpers/peertube-crypto' -import { ACCEPT_HEADERS, ACTIVITY_PUB, HTTP_SIGNATURE } from '../initializers' +import { ACCEPT_HEADERS, ACTIVITY_PUB, HTTP_SIGNATURE } from '../initializers/constants' import { getOrCreateActorAndServerAndModel } from '../lib/activitypub' -import { ActorModel } from '../models/activitypub/actor' import { loadActorUrlOrGetFromWebfinger } from '../helpers/webfinger' async function checkSignature (req: Request, res: Response, next: NextFunction) { @@ -13,7 +11,7 @@ async function checkSignature (req: Request, res: Response, next: NextFunction) const httpSignatureChecked = await checkHttpSignature(req, res) if (httpSignatureChecked !== true) return - const actor: ActorModel = res.locals.signature.actor + const actor = res.locals.signature.actor // Forwarded activity const bodyActor = req.body.actor @@ -30,23 +28,16 @@ async function checkSignature (req: Request, res: Response, next: NextFunction) } } -function executeIfActivityPub (fun: RequestHandler | RequestHandler[]) { - return (req: Request, res: Response, next: NextFunction) => { - const accepted = req.accepts(ACCEPT_HEADERS) - if (accepted === false || ACTIVITY_PUB.POTENTIAL_ACCEPT_HEADERS.indexOf(accepted) === -1) { - return next() - } - - logger.debug('ActivityPub request for %s.', req.url) +function executeIfActivityPub (req: Request, res: Response, next: NextFunction) { + const accepted = req.accepts(ACCEPT_HEADERS) + if (accepted === false || ACTIVITY_PUB.POTENTIAL_ACCEPT_HEADERS.indexOf(accepted) === -1) { + // Bypass this route + return next('route') + } - if (Array.isArray(fun) === true) { - return eachSeries(fun as RequestHandler[], (f, cb) => { - f(req, res, cb) - }, next) - } + logger.debug('ActivityPub request for %s.', req.url) - return (fun as RequestHandler)(req, res, next) - } + return next() } // --------------------------------------------------------------------------- @@ -64,7 +55,7 @@ async function checkHttpSignature (req: Request, res: Response) { const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string if (sig && sig.startsWith('Signature ') === false) req.headers[HTTP_SIGNATURE.HEADER_NAME] = 'Signature ' + sig - const parsed = parseHTTPSignature(req) + const parsed = parseHTTPSignature(req, HTTP_SIGNATURE.CLOCK_SKEW_SECONDS) const keyId = parsed.keyId if (!keyId) { @@ -83,6 +74,8 @@ async function checkHttpSignature (req: Request, res: Response) { const verified = isHTTPSignatureVerified(parsed, actor) if (verified !== true) { + logger.warn('Signature from %s is invalid', actorUrl, { parsed }) + res.sendStatus(403) return false } @@ -108,6 +101,8 @@ async function checkJsonLDSignature (req: Request, res: Response) { const verified = await isJsonLDSignatureVerified(actor, req.body) if (verified !== true) { + logger.warn('Signature not verified.', req.body) + res.sendStatus(403) return false }