From ad513607a3886cfabe083531c42911bc3c67bdfb Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 29 Aug 2019 16:15:41 +0200 Subject: Remove old JSON LD signature implementation Only PeerTube was compatible with it, and the library has moved on RsaSignature2018 and removed RsaSignature2017 support. We had to create a dirty fork of the RsaSignature2017 branch, which is not ideal. Now we use the Mastodon implementation, that most other AP implementations that support JSONLD signatures use. --- server/middlewares/activitypub.ts | 2 ++ 1 file changed, 2 insertions(+) (limited to 'server/middlewares') diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts index b1e5b5236..bea213d27 100644 --- a/server/middlewares/activitypub.ts +++ b/server/middlewares/activitypub.ts @@ -101,6 +101,8 @@ async function checkJsonLDSignature (req: Request, res: Response) { const verified = await isJsonLDSignatureVerified(actor, req.body) if (verified !== true) { + logger.warn('Signature not verified.', req.body) + res.sendStatus(403) return false } -- cgit v1.2.3