aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/activitypub.ts
diff options
context:
space:
mode:
authorRigel Kent <sendmemail@rigelk.eu>2021-06-01 01:36:53 +0200
committerChocobozzz <chocobozzz@cpy.re>2021-06-02 16:57:07 +0200
commit76148b27f7501bac061992136852be4303370c8d (patch)
treefc0559253e833c9252fa14ebaec5321d88bfb4e8 /server/middlewares/activitypub.ts
parent5ed25fb76e920dac364cb9ef46f14ec4bd372949 (diff)
downloadPeerTube-76148b27f7501bac061992136852be4303370c8d.tar.gz
PeerTube-76148b27f7501bac061992136852be4303370c8d.tar.zst
PeerTube-76148b27f7501bac061992136852be4303370c8d.zip
refactor API errors to standard error format
Diffstat (limited to 'server/middlewares/activitypub.ts')
-rw-r--r--server/middlewares/activitypub.ts40
1 files changed, 31 insertions, 9 deletions
diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts
index ce94a2129..6cd23f230 100644
--- a/server/middlewares/activitypub.ts
+++ b/server/middlewares/activitypub.ts
@@ -29,11 +29,14 @@ async function checkSignature (req: Request, res: Response, next: NextFunction)
29 const activity: ActivityDelete = req.body 29 const activity: ActivityDelete = req.body
30 if (isActorDeleteActivityValid(activity) && activity.object === activity.actor) { 30 if (isActorDeleteActivityValid(activity) && activity.object === activity.actor) {
31 logger.debug('Handling signature error on actor delete activity', { err }) 31 logger.debug('Handling signature error on actor delete activity', { err })
32 return res.sendStatus(HttpStatusCode.NO_CONTENT_204) 32 return res.status(HttpStatusCode.NO_CONTENT_204).end()
33 } 33 }
34 34
35 logger.warn('Error in ActivityPub signature checker.', { err }) 35 logger.warn('Error in ActivityPub signature checker.', { err })
36 return res.sendStatus(HttpStatusCode.FORBIDDEN_403) 36 return res.fail({
37 status: HttpStatusCode.FORBIDDEN_403,
38 message: 'ActivityPub signature could not be checked'
39 })
37 } 40 }
38} 41}
39 42
@@ -71,13 +74,22 @@ async function checkHttpSignature (req: Request, res: Response) {
71 } catch (err) { 74 } catch (err) {
72 logger.warn('Invalid signature because of exception in signature parser', { reqBody: req.body, err }) 75 logger.warn('Invalid signature because of exception in signature parser', { reqBody: req.body, err })
73 76
74 res.status(HttpStatusCode.FORBIDDEN_403).json({ error: err.message }) 77 res.fail({
78 status: HttpStatusCode.FORBIDDEN_403,
79 message: err.message
80 })
75 return false 81 return false
76 } 82 }
77 83
78 const keyId = parsed.keyId 84 const keyId = parsed.keyId
79 if (!keyId) { 85 if (!keyId) {
80 res.sendStatus(HttpStatusCode.FORBIDDEN_403) 86 res.fail({
87 status: HttpStatusCode.FORBIDDEN_403,
88 message: 'Invalid key ID',
89 data: {
90 keyId
91 }
92 })
81 return false 93 return false
82 } 94 }
83 95
@@ -94,12 +106,17 @@ async function checkHttpSignature (req: Request, res: Response) {
94 if (verified !== true) { 106 if (verified !== true) {
95 logger.warn('Signature from %s is invalid', actorUrl, { parsed }) 107 logger.warn('Signature from %s is invalid', actorUrl, { parsed })
96 108
97 res.sendStatus(HttpStatusCode.FORBIDDEN_403) 109 res.fail({
110 status: HttpStatusCode.FORBIDDEN_403,
111 message: 'Invalid signature',
112 data: {
113 actorUrl
114 }
115 })
98 return false 116 return false
99 } 117 }
100 118
101 res.locals.signature = { actor } 119 res.locals.signature = { actor }
102
103 return true 120 return true
104} 121}
105 122
@@ -107,7 +124,10 @@ async function checkJsonLDSignature (req: Request, res: Response) {
107 const signatureObject: ActivityPubSignature = req.body.signature 124 const signatureObject: ActivityPubSignature = req.body.signature
108 125
109 if (!signatureObject || !signatureObject.creator) { 126 if (!signatureObject || !signatureObject.creator) {
110 res.sendStatus(HttpStatusCode.FORBIDDEN_403) 127 res.fail({
128 status: HttpStatusCode.FORBIDDEN_403,
129 message: 'Object and creator signature do not match'
130 })
111 return false 131 return false
112 } 132 }
113 133
@@ -121,11 +141,13 @@ async function checkJsonLDSignature (req: Request, res: Response) {
121 if (verified !== true) { 141 if (verified !== true) {
122 logger.warn('Signature not verified.', req.body) 142 logger.warn('Signature not verified.', req.body)
123 143
124 res.sendStatus(HttpStatusCode.FORBIDDEN_403) 144 res.fail({
145 status: HttpStatusCode.FORBIDDEN_403,
146 message: 'Signature could not be verified'
147 })
125 return false 148 return false
126 } 149 }
127 150
128 res.locals.signature = { actor } 151 res.locals.signature = { actor }
129
130 return true 152 return true
131} 153}