aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/activitypub.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares/activitypub.ts')
-rw-r--r--server/middlewares/activitypub.ts97
1 files changed, 78 insertions, 19 deletions
diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts
index d7f59be8c..01e5dd24e 100644
--- a/server/middlewares/activitypub.ts
+++ b/server/middlewares/activitypub.ts
@@ -2,34 +2,32 @@ import { eachSeries } from 'async'
2import { NextFunction, Request, RequestHandler, Response } from 'express' 2import { NextFunction, Request, RequestHandler, Response } from 'express'
3import { ActivityPubSignature } from '../../shared' 3import { ActivityPubSignature } from '../../shared'
4import { logger } from '../helpers/logger' 4import { logger } from '../helpers/logger'
5import { isSignatureVerified } from '../helpers/peertube-crypto' 5import { isHTTPSignatureVerified, isJsonLDSignatureVerified, parseHTTPSignature } from '../helpers/peertube-crypto'
6import { ACCEPT_HEADERS, ACTIVITY_PUB } from '../initializers' 6import { ACCEPT_HEADERS, ACTIVITY_PUB, HTTP_SIGNATURE } from '../initializers'
7import { getOrCreateActorAndServerAndModel } from '../lib/activitypub' 7import { getOrCreateActorAndServerAndModel } from '../lib/activitypub'
8import { ActorModel } from '../models/activitypub/actor' 8import { ActorModel } from '../models/activitypub/actor'
9import { loadActorUrlOrGetFromWebfinger } from '../helpers/webfinger'
9 10
10async function checkSignature (req: Request, res: Response, next: NextFunction) { 11async function checkSignature (req: Request, res: Response, next: NextFunction) {
11 const signatureObject: ActivityPubSignature = req.body.signature 12 try {
13 const httpSignatureChecked = await checkHttpSignature(req, res)
14 if (httpSignatureChecked !== true) return
12 15
13 const [ creator ] = signatureObject.creator.split('#') 16 const actor: ActorModel = res.locals.signature.actor
14 17
15 logger.debug('Checking signature of actor %s...', creator) 18 // Forwarded activity
19 const bodyActor = req.body.actor
20 const bodyActorId = bodyActor && bodyActor.id ? bodyActor.id : bodyActor
21 if (bodyActorId && bodyActorId !== actor.url) {
22 const jsonLDSignatureChecked = await checkJsonLDSignature(req, res)
23 if (jsonLDSignatureChecked !== true) return
24 }
16 25
17 let actor: ActorModel 26 return next()
18 try {
19 actor = await getOrCreateActorAndServerAndModel(creator)
20 } catch (err) { 27 } catch (err) {
21 logger.warn('Cannot create remote actor %s and check signature.', creator, { err }) 28 logger.error('Error in ActivityPub signature checker.', err)
22 return res.sendStatus(403) 29 return res.sendStatus(403)
23 } 30 }
24
25 const verified = await isSignatureVerified(actor, req.body)
26 if (verified === false) return res.sendStatus(403)
27
28 res.locals.signature = {
29 actor
30 }
31
32 return next()
33} 31}
34 32
35function executeIfActivityPub (fun: RequestHandler | RequestHandler[]) { 33function executeIfActivityPub (fun: RequestHandler | RequestHandler[]) {
@@ -55,5 +53,66 @@ function executeIfActivityPub (fun: RequestHandler | RequestHandler[]) {
55 53
56export { 54export {
57 checkSignature, 55 checkSignature,
58 executeIfActivityPub 56 executeIfActivityPub,
57 checkHttpSignature
58}
59
60// ---------------------------------------------------------------------------
61
62async function checkHttpSignature (req: Request, res: Response) {
63 // FIXME: mastodon does not include the Signature scheme
64 const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string
65 if (sig && sig.startsWith('Signature ') === false) req.headers[HTTP_SIGNATURE.HEADER_NAME] = 'Signature ' + sig
66
67 const parsed = parseHTTPSignature(req)
68
69 const keyId = parsed.keyId
70 if (!keyId) {
71 res.sendStatus(403)
72 return false
73 }
74
75 logger.debug('Checking HTTP signature of actor %s...', keyId)
76
77 let [ actorUrl ] = keyId.split('#')
78 if (actorUrl.startsWith('acct:')) {
79 actorUrl = await loadActorUrlOrGetFromWebfinger(actorUrl.replace(/^acct:/, ''))
80 }
81
82 const actor = await getOrCreateActorAndServerAndModel(actorUrl)
83
84 const verified = isHTTPSignatureVerified(parsed, actor)
85 if (verified !== true) {
86 res.sendStatus(403)
87 return false
88 }
89
90 res.locals.signature = { actor }
91
92 return true
93}
94
95async function checkJsonLDSignature (req: Request, res: Response) {
96 const signatureObject: ActivityPubSignature = req.body.signature
97
98 if (!signatureObject || !signatureObject.creator) {
99 res.sendStatus(403)
100 return false
101 }
102
103 const [ creator ] = signatureObject.creator.split('#')
104
105 logger.debug('Checking JsonLD signature of actor %s...', creator)
106
107 const actor = await getOrCreateActorAndServerAndModel(creator)
108 const verified = await isJsonLDSignatureVerified(actor, req.body)
109
110 if (verified !== true) {
111 res.sendStatus(403)
112 return false
113 }
114
115 res.locals.signature = { actor }
116
117 return true
59} 118}