refactor: move activitypub-related middlewares to their own file

2025-11-02 03:55:55 +01:00 · 2024-01-18 11:50:14 -05:00
parent 04423232c6
commit 538776f9c7
4 changed files with 55 additions and 44 deletions
--- a/src/middleware/activitypub.js
+++ b/src/middleware/activitypub.js
@@ -0,0 +1,48 @@
+'use strict';
+
+const meta = require('../meta');
+const activitypub = require('../activitypub');
+
+const middleware = module.exports;
+
+middleware.enabled = async (req, res, next) => next(!meta.config.activitypubEnabled ? 'route' : undefined);
+
+middleware.assertS2S = async function (req, res, next) {
+	// For whatever reason, express accepts does not recognize "profile" as a valid differentiator
+	// Therefore, manual header parsing is used here.
+	const { accept, 'content-type': contentType } = req.headers;
+	if (!(accept || contentType)) {
+		return next('route');
+	}
+
+	const acceptable = [
+		'application/activity+json',
+		'application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
+	];
+	const pass = (accept && accept.split(',').some((value) => {
+		const parts = value.split(';').map(v => v.trim());
+		return acceptable.includes(value || parts[0]);
+	})) || (contentType && acceptable.includes(contentType));
+
+	if (!pass) {
+		return next('route');
+	}
+
+	next();
+};
+
+middleware.validate = async function (req, res, next) {
+	// Checks the validity of the incoming payload against the sender and rejects on failure
+	const verified = await activitypub.verify(req);
+	if (!verified) {
+		return res.sendStatus(400);
+	}
+
+	// Sanity-check payload schema
+	const required = ['type'];
+	if (!required.every(prop => req.body.hasOwnProperty(prop))) {
+		return res.sendStatus(400);
+	}
+
+	next();
+};