Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-01 19:46:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: #13014, possible fix for peertube incompatibility: strip hash value from key IDs during check

Browse Source
This commit is contained in:
Julian Lam
2024-12-30 17:06:08 -05:00
parent 1d36ab6ddb
commit 0ad8ed9d4e
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/middleware/activitypub.js
View File

@@ -107,13 +107,13 @@ middleware.assertPayload = async function (req, res, next) {
// Cross-check key ownership against received actor // Cross-check key ownership against received actor
await activitypub.actors.assert(actor); await activitypub.actors.assert(actor);
const compare = await db.getObjectField(`userRemote:${actor}:keys`, 'id'); const compare = (await db.getObjectField(`userRemote:${actor}:keys`, 'id')).replace(/#[\w-]+$/, '');
const { signature } = req.headers; const { signature } = req.headers;
const keyId = new Map(signature.split(',').filter(Boolean).map((v) => { const keyId = new Map(signature.split(',').filter(Boolean).map((v) => {
const index = v.indexOf('='); const index = v.indexOf('=');
return [v.substring(0, index), v.slice(index + 1)]; return [v.substring(0, index), v.slice(index + 1)];
})).get('keyId'); })).get('keyId').slice(1, -1).replace(/#[\w-]+$/, '');
if (`"${compare}"` !== keyId) { if (compare !== keyId) {
activitypub.helpers.log('[middleware/activitypub] Key ownership cross-check failed.'); activitypub.helpers.log('[middleware/activitypub] Key ownership cross-check failed.');
return res.sendStatus(403); return res.sendStatus(403);
} }