insert/rubberguppe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

handle errors during signature validation. use lowercase in ids

Browse source
This commit is contained in:
Will Murphy 2019-09-25 21:45:52 -05:00
parent e47dd9286f
commit bf58e27748
3 changed files with 27 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
migrations/lowerCaseIds.js Normal file
View file

@ -0,0 +1,4 @@
db.objects.find({type: "Group"}).forEach(function(d){
d.id = d.id.toLowerCase();
db.objects.save(d);
});

35
net/security.js
View file

@ -16,21 +16,26 @@ function auth (req, res, next) {
} }
async function verifySignature (req, res, next) { async function verifySignature (req, res, next) {
if (!req.get('authorization') && !req.get('signature')) { try {
// support for apps not using signature extension to ActivityPub if (!req.get('authorization') && !req.get('signature')) {
const actor = await pub.object.resolveObject(pub.utils.actorFromActivity(req.body)) // support for apps not using signature extension to ActivityPub
if (actor.publicKey && req.app.get('env') !== 'development') { const actor = await pub.object.resolveObject(pub.utils.actorFromActivity(req.body))
console.log('Missing http signature', req) if (actor.publicKey && req.app.get('env') !== 'development') {
return res.status(400).send('Missing http signature') console.log('Missing http signature', req)
return res.status(400).send('Missing http signature')
}
return next()
} }
return next() const sigHead = httpSignature.parse(req)
const signer = await pub.object.resolveObject(sigHead.keyId, req.app.get('db'))
const valid = httpSignature.verifySignature(sigHead, signer.publicKey.publicKeyPem)
console.log('signature validation', valid)
if (!valid) {
return res.status(400).send('Invalid http signature')
}
next()
} catch (err) {
console.log('error during signature verification', err)
return res.status(500).send()
} }
const sigHead = httpSignature.parse(req)
const signer = await pub.object.resolveObject(sigHead.keyId, req.app.get('db'))
const valid = httpSignature.verifySignature(sigHead, signer.publicKey.publicKeyPem)
console.log('signature validation', valid)
if (!valid) {
return res.status(400).send('Invalid http signature')
}
next()
} }

6
pub/utils.js
View file

@ -38,21 +38,21 @@ function toJSONLD (obj) {
} }
function usernameToIRI (user) { function usernameToIRI (user) {
return `https://${config.DOMAIN}/u/${user}` return `https://${config.DOMAIN}/u/${user}`.toLowerCase()
} }
function objectIdToIRI (oid) { function objectIdToIRI (oid) {
if (oid.toHexString) { if (oid.toHexString) {
oid = oid.toHexString() oid = oid.toHexString()
} }
return `https://${config.DOMAIN}/o/${oid}` return `https://${config.DOMAIN}/o/${oid}`.toLowerCase()
} }
function actvityIdToIRI (oid) { function actvityIdToIRI (oid) {
if (oid.toHexString) { if (oid.toHexString) {
oid = oid.toHexString() oid = oid.toHexString()
} }
return `https://${config.DOMAIN}/s/${oid}` return `https://${config.DOMAIN}/s/${oid}`.toLowerCase()
} }
function validateObject (object) { function validateObject (object) {