43 lines
922 B
TypeScript
43 lines
922 B
TypeScript
|
import * as bodyParser from 'body-parser';
|
||
|
|
import * as express from 'express';
|
||
|
|
import { parseRequest, verifySignature } from 'http-signature';
|
||
|
|
import User, { IRemoteAccount } from '../../models/user';
|
||
|
|
import queue from '../../queue';
|
||
|
|
|
||
|
|
const app = express();
|
||
|
|
app.disable('x-powered-by');
|
||
|
|
app.use(bodyParser.json());
|
||
|
|
|
||
|
|
app.get('/@:user/inbox', async (req, res) => {
|
||
|
|
let parsed;
|
||
|
|
|
||
|
|
try {
|
||
|
|
parsed = parseRequest(req);
|
||
|
|
} catch (exception) {
|
||
|
|
return res.sendStatus(401);
|
||
|
|
}
|
||
|
|
|
||
|
|
const user = await User.findOne({
|
||
|
|
host: { $ne: null },
|
||
|
|
account: { publicKey: { id: parsed.keyId } }
|
||
|
|
});
|
||
|
|
|
||
|
|
if (user === null) {
|
||
|
|
return res.sendStatus(401);
|
||
|
|
}
|
||
|
|
|
||
|
|
if (!verifySignature(parsed, (user.account as IRemoteAccount).publicKey.publicKeyPem)) {
|
||
|
|
return res.sendStatus(401);
|
||
|
|
}
|
||
|
|
|
||
|
|
queue.create('http', {
|
||
|
|
type: 'performActivityPub',
|
||
|
|
actor: user._id,
|
||
|
|
outbox: req.body,
|
||
|
|
}).save();
|
||
|
|
|
||
|
|
return res.sendStatus(200);
|
||
|
|
});
|
||
|
|
|
||
|
|
export default app;
|