From 41f2ebae4f970932fb62d2d8923b1f776f0b1494 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Fri, 19 Oct 2018 11:41:19 +0200 Subject: Add HTTP signature check before linked signature It's faster, and will allow us to use RSA signature 2018 (with upstream jsonld-signature module) without too much incompatibilities in the peertube federation --- server/middlewares/validators/activitypub/signature.ts | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'server/middlewares/validators/activitypub/signature.ts') diff --git a/server/middlewares/validators/activitypub/signature.ts b/server/middlewares/validators/activitypub/signature.ts index 4efe9aafa..be14e92ea 100644 --- a/server/middlewares/validators/activitypub/signature.ts +++ b/server/middlewares/validators/activitypub/signature.ts @@ -9,10 +9,18 @@ import { logger } from '../../../helpers/logger' import { areValidationErrors } from '../utils' const signatureValidator = [ - body('signature.type').custom(isSignatureTypeValid).withMessage('Should have a valid signature type'), - body('signature.created').custom(isDateValid).withMessage('Should have a valid signature created date'), - body('signature.creator').custom(isSignatureCreatorValid).withMessage('Should have a valid signature creator'), - body('signature.signatureValue').custom(isSignatureValueValid).withMessage('Should have a valid signature value'), + body('signature.type') + .optional() + .custom(isSignatureTypeValid).withMessage('Should have a valid signature type'), + body('signature.created') + .optional() + .custom(isDateValid).withMessage('Should have a valid signature created date'), + body('signature.creator') + .optional() + .custom(isSignatureCreatorValid).withMessage('Should have a valid signature creator'), + body('signature.signatureValue') + .optional() + .custom(isSignatureValueValid).withMessage('Should have a valid signature value'), (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking activitypub signature parameter', { parameters: { signature: req.body.signature } }) -- cgit v1.2.3