aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/activitypub.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares/activitypub.ts')
-rw-r--r--server/middlewares/activitypub.ts28
1 files changed, 11 insertions, 17 deletions
diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts
index 489396447..37b7c42ec 100644
--- a/server/middlewares/activitypub.ts
+++ b/server/middlewares/activitypub.ts
@@ -3,33 +3,27 @@ import { NextFunction, Request, RequestHandler, Response } from 'express'
3import { ActivityPubSignature } from '../../shared' 3import { ActivityPubSignature } from '../../shared'
4import { isSignatureVerified, logger } from '../helpers' 4import { isSignatureVerified, logger } from '../helpers'
5import { ACCEPT_HEADERS, ACTIVITY_PUB } from '../initializers' 5import { ACCEPT_HEADERS, ACTIVITY_PUB } from '../initializers'
6import { fetchRemoteAccount, saveAccountAndServerIfNotExist } from '../lib/activitypub' 6import { getOrCreateActorAndServerAndModel } from '../lib/activitypub'
7import { AccountModel } from '../models/account/account' 7import { ActorModel } from '../models/activitypub/actor'
8 8
9async function checkSignature (req: Request, res: Response, next: NextFunction) { 9async function checkSignature (req: Request, res: Response, next: NextFunction) {
10 const signatureObject: ActivityPubSignature = req.body.signature 10 const signatureObject: ActivityPubSignature = req.body.signature
11 11
12 logger.debug('Checking signature of account %s...', signatureObject.creator) 12 logger.debug('Checking signature of actor %s...', signatureObject.creator)
13 13
14 let account = await AccountModel.loadByUrl(signatureObject.creator) 14 let actor: ActorModel
15 15 try {
16 // We don't have this account in our database, fetch it on remote 16 actor = await getOrCreateActorAndServerAndModel(signatureObject.creator)
17 if (!account) { 17 } catch (err) {
18 account = await fetchRemoteAccount(signatureObject.creator) 18 logger.error('Cannot create remote actor and check signature.', err)
19 19 return res.sendStatus(403)
20 if (!account) {
21 return res.sendStatus(403)
22 }
23
24 // Save our new account and its server in database
25 await saveAccountAndServerIfNotExist(account)
26 } 20 }
27 21
28 const verified = await isSignatureVerified(account, req.body) 22 const verified = await isSignatureVerified(actor, req.body)
29 if (verified === false) return res.sendStatus(403) 23 if (verified === false) return res.sendStatus(403)
30 24
31 res.locals.signature = { 25 res.locals.signature = {
32 account 26 actor
33 } 27 }
34 28
35 return next() 29 return next()