aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/activitypub.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares/activitypub.ts')
-rw-r--r--server/middlewares/activitypub.ts57
1 files changed, 57 insertions, 0 deletions
diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts
new file mode 100644
index 000000000..6cf8eea6f
--- /dev/null
+++ b/server/middlewares/activitypub.ts
@@ -0,0 +1,57 @@
1import { Request, Response, NextFunction } from 'express'
2
3import { database as db } from '../initializers'
4import {
5 logger,
6 getAccountFromWebfinger,
7 isSignatureVerified
8} from '../helpers'
9import { ActivityPubSignature } from '../../shared'
10
11async function checkSignature (req: Request, res: Response, next: NextFunction) {
12 const signatureObject: ActivityPubSignature = req.body.signature
13
14 logger.debug('Checking signature of account %s...', signatureObject.creator)
15
16 let account = await db.Account.loadByUrl(signatureObject.creator)
17
18 // We don't have this account in our database, fetch it on remote
19 if (!account) {
20 account = await getAccountFromWebfinger(signatureObject.creator)
21
22 if (!account) {
23 return res.sendStatus(403)
24 }
25
26 // Save our new account in database
27 await account.save()
28 }
29
30 const verified = await isSignatureVerified(account, req.body)
31 if (verified === false) return res.sendStatus(403)
32
33 res.locals.signature.account = account
34
35 return next()
36}
37
38function executeIfActivityPub (fun: any | any[]) {
39 return (req: Request, res: Response, next: NextFunction) => {
40 if (req.header('Accept') !== 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"') {
41 return next()
42 }
43
44 if (Array.isArray(fun) === true) {
45 fun[0](req, res, next) // FIXME: doesn't work
46 }
47
48 return fun(req, res, next)
49 }
50}
51
52// ---------------------------------------------------------------------------
53
54export {
55 checkSignature,
56 executeIfActivityPub
57}