Merge pull request #1358 from akihikodaki/inbox

Make inbox signature verification compatible with Mastodon
This commit is contained in:
syuilo 2018-04-02 00:37:41 +09:00 committed by GitHub
commit d166dbd01e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -11,16 +11,32 @@ app.use(bodyParser.json());
app.post('/@:user/inbox', async (req, res) => {
let parsed;
req.headers.authorization = 'Signature ' + req.headers.signature;
try {
parsed = parseRequest(req);
} catch (exception) {
return res.sendStatus(401);
}
const user = await User.findOne({
const keyIdLower = parsed.keyId.toLowerCase();
let query;
if (keyIdLower.startsWith('acct:')) {
const { username, host } = parseAcct(keyIdLower.slice('acct:'.length));
if (host === null) {
return res.sendStatus(401);
}
query = { usernameLower: username, hostLower: host };
} else {
query = {
host: { $ne: null },
'account.publicKey.id': parsed.keyId
});
};
}
const user = await User.findOne(query);
if (user === null) {
return res.sendStatus(401);