handle errors during signature validation. use lowercase in ids

migrations/lowerCaseIds.js

@@ -0,0 +1,4 @@
+db.objects.find({type: "Group"}).forEach(function(d){
+  d.id = d.id.toLowerCase();
+  db.objects.save(d);
+});

net/security.js

@@ -16,6 +16,7 @@ function auth (req, res, next) {
 }
 
 async function verifySignature (req, res, next) {
+  try {
     if (!req.get('authorization') && !req.get('signature')) {
       // support for apps not using signature extension to ActivityPub
       const actor = await pub.object.resolveObject(pub.utils.actorFromActivity(req.body))
@@ -33,4 +34,8 @@ async function verifySignature (req, res, next) {
       return res.status(400).send('Invalid http signature')
     }
     next()
+  } catch (err) {
+    console.log('error during signature verification', err)
+    return res.status(500).send()
+  }
 }

pub/utils.js

@@ -38,21 +38,21 @@ function toJSONLD (obj) {
 }
 
 function usernameToIRI (user) {
-  return `https://${config.DOMAIN}/u/${user}`
+  return `https://${config.DOMAIN}/u/${user}`.toLowerCase()
 }
 
 function objectIdToIRI (oid) {
   if (oid.toHexString) {
     oid = oid.toHexString()
   }
-  return `https://${config.DOMAIN}/o/${oid}`
+  return `https://${config.DOMAIN}/o/${oid}`.toLowerCase()
 }
 
 function actvityIdToIRI (oid) {
   if (oid.toHexString) {
     oid = oid.toHexString()
   }
-  return `https://${config.DOMAIN}/s/${oid}`
+  return `https://${config.DOMAIN}/s/${oid}`.toLowerCase()
 }
 
 function validateObject (object) {