Make inbox signature verification compatible with Mastodon
This commit is contained in:
parent
a3cef6e9b5
commit
111e5d569c
@ -11,16 +11,32 @@ app.use(bodyParser.json());
|
|||||||
app.post('/@:user/inbox', async (req, res) => {
|
app.post('/@:user/inbox', async (req, res) => {
|
||||||
let parsed;
|
let parsed;
|
||||||
|
|
||||||
|
req.headers.authorization = 'Signature ' + req.headers.signature;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
parsed = parseRequest(req);
|
parsed = parseRequest(req);
|
||||||
} catch (exception) {
|
} catch (exception) {
|
||||||
return res.sendStatus(401);
|
return res.sendStatus(401);
|
||||||
}
|
}
|
||||||
|
|
||||||
const user = await User.findOne({
|
const keyIdLower = parsed.keyId.toLowerCase();
|
||||||
host: { $ne: null },
|
let query;
|
||||||
'account.publicKey.id': parsed.keyId
|
|
||||||
});
|
if (keyIdLower.startsWith('acct:')) {
|
||||||
|
const { username, host } = parseAcct(keyIdLower.slice('acct:'.length));
|
||||||
|
if (host === null) {
|
||||||
|
return res.sendStatus(401);
|
||||||
|
}
|
||||||
|
|
||||||
|
query = { usernameLower: username, hostLower: host };
|
||||||
|
} else {
|
||||||
|
query = {
|
||||||
|
host: { $ne: null },
|
||||||
|
'account.publicKey.id': parsed.keyId
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
const user = await User.findOne(query);
|
||||||
|
|
||||||
if (user === null) {
|
if (user === null) {
|
||||||
return res.sendStatus(401);
|
return res.sendStatus(401);
|
||||||
|
Loading…
Reference in New Issue
Block a user