1 files changed, 17 insertions, 15 deletions

diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts
index 6cf8eea6f..bed2bfeab 100644
--- a/server/middlewares/activitypub.ts
+++ b/server/middlewares/activitypub.ts
@@ -1,12 +1,9 @@
-import { Request, Response, NextFunction } from 'express'
-
-import { database as db } from '../initializers'
-import {
-  logger,
-  getAccountFromWebfinger,
-  isSignatureVerified
-} from '../helpers'
+import { NextFunction, Request, Response, RequestHandler } from 'express'
 import { ActivityPubSignature } from '../../shared'
+import { isSignatureVerified, logger } from '../helpers'
+import { fetchRemoteAccountAndCreatePod } from '../helpers/activitypub'
+import { database as db, ACTIVITY_PUB_ACCEPT_HEADER } from '../initializers'
+import { each, eachSeries, waterfall } from 'async'
 
 async function checkSignature (req: Request, res: Response, next: NextFunction) {
   const signatureObject: ActivityPubSignature = req.body.signature
@@ -17,35 +14,40 @@ async function checkSignature (req: Request, res: Response, next: NextFunction)
 
   // We don't have this account in our database, fetch it on remote
   if (!account) {
-    account = await getAccountFromWebfinger(signatureObject.creator)
+    const accountResult = await fetchRemoteAccountAndCreatePod(signatureObject.creator)
 
-    if (!account) {
+    if (!accountResult) {
       return res.sendStatus(403)
     }
 
     // Save our new account in database
+    account = accountResult.account
     await account.save()
   }
 
   const verified = await isSignatureVerified(account, req.body)
   if (verified === false) return res.sendStatus(403)
 
-  res.locals.signature.account = account
+  res.locals.signature = {
+    account
+  }
 
   return next()
 }
 
-function executeIfActivityPub (fun: any | any[]) {
+function executeIfActivityPub (fun: RequestHandler | RequestHandler[]) {
   return (req: Request, res: Response, next: NextFunction) => {
-    if (req.header('Accept') !== 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"') {
+    if (req.header('Accept') !== ACTIVITY_PUB_ACCEPT_HEADER) {
       return next()
     }
 
     if (Array.isArray(fun) === true) {
-      fun[0](req, res, next) // FIXME: doesn't work
+      return eachSeries(fun as RequestHandler[], (f, cb) => {
+        f(req, res, cb)
+      }, next)
     }
 
-    return fun(req, res, next)
+    return (fun as RequestHandler)(req, res, next)
   }
 }