From 111e5d569c94bc8f182a7b944da1272943b1da33 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Mon, 2 Apr 2018 00:36:36 +0900 Subject: [PATCH] Make inbox signature verification compatible with Mastodon --- src/server/activitypub/inbox.ts | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/src/server/activitypub/inbox.ts b/src/server/activitypub/inbox.ts index 9151297487..6d092e66bf 100644 --- a/src/server/activitypub/inbox.ts +++ b/src/server/activitypub/inbox.ts @@ -11,16 +11,32 @@ app.use(bodyParser.json()); app.post('/@:user/inbox', async (req, res) => { let parsed; + req.headers.authorization = 'Signature ' + req.headers.signature; + try { parsed = parseRequest(req); } catch (exception) { return res.sendStatus(401); } - const user = await User.findOne({ - host: { $ne: null }, - 'account.publicKey.id': parsed.keyId - }); + const keyIdLower = parsed.keyId.toLowerCase(); + let query; + + if (keyIdLower.startsWith('acct:')) { + const { username, host } = parseAcct(keyIdLower.slice('acct:'.length)); + if (host === null) { + return res.sendStatus(401); + } + + query = { usernameLower: username, hostLower: host }; + } else { + query = { + host: { $ne: null }, + 'account.publicKey.id': parsed.keyId + }; + } + + const user = await User.findOne(query); if (user === null) { return res.sendStatus(401);