Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: handle (created) and (expires) in http signatures

Browse Source
This commit is contained in:
Julian Lam
2024-04-11 15:20:59 -04:00
parent f783338621
commit 4d23a837fa
1 changed files with 21 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/activitypub/index.js
View File

@@ -155,7 +155,7 @@ ActivityPub.verify = async (req) => {
}
// Break the signature apart
let { keyId, headers, signature, algorithm } = req.headers.signature.split(',').reduce((memo, cur) => {
let { keyId, headers, signature, algorithm, created, expires } = req.headers.signature.split(',').reduce((memo, cur) => {
const split = cur.split('="');
const key = split.shift();
const value = split.join('="');
@@ -170,10 +170,26 @@ ActivityPub.verify = async (req) => {
// Re-construct signature string
const signed_string = headers.split(' ').reduce((memo, cur) => {
if (cur === '(request-target)') {
switch (cur) {
case '(request-target)': {
memo.push(`${cur}: ${String(req.method).toLowerCase()} ${req.baseUrl}${req.path}`);
} else if (req.headers.hasOwnProperty(cur)) {
break;
}
case '(created)': {
memo.push(`(created): ${created}`);
break;
}
case '(expires)': {
memo.push(`(expires): ${expires}`);
break;
}
default: {
memo.push(`${cur}: ${req.headers[cur]}`);
break;
}
}
return memo;