Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-30 10:35:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: additional verbose logging for signature verification

Browse Source
This commit is contained in:
Julian Lam
2024-04-09 11:29:57 -04:00
parent 6b169e048e
commit 464dd8067d
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/activitypub/index.js
View File

@@ -152,7 +152,9 @@ ActivityPub.sign = async ({ key, keyId }, url, payload) => {
};
ActivityPub.verify = async (req) => {
winston.verbose('[activitypub/verify] Starting signature verification...');
if (!req.headers.hasOwnProperty('signature')) {
winston.verbose('[activitypub/verify] Failed, no signature header.');
return false;
}
@@ -179,14 +181,17 @@ ActivityPub.verify = async (req) => {
// Verify the signature string via public key
try {
// Retrieve public key from remote instance
winston.verbose(`[activitypub/verify] Retrieving pubkey for ${keyId}`);
const { publicKeyPem } = await ActivityPub.fetchPublicKey(keyId);
const verify = createVerify('sha256');
verify.update(signed_string);
verify.end();
winston.verbose('[activitypub/verify] Attempting signed string verification');
const verified = verify.verify(publicKeyPem, signature, 'base64');
return verified;
} catch (e) {
winston.verbose('[activitypub/verify] Failed, key retrieval or verification failure.');
return false;
}
};