Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: key ownership cross-check to also work with remote categories, #13255

Browse Source
This commit is contained in:
Julian Lam
2025-03-31 15:17:25 -04:00
parent 4379df68f5
commit 6dee3e56e6
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/middleware/activitypub.js
View File

@@ -105,7 +105,8 @@ middleware.assertPayload = async function (req, res, next) {
// Cross-check key ownership against received actor
await activitypub.actors.assert(actor);
const compare = ((await db.getObjectField(`userRemote:${actor}:keys`, 'id')) || '').replace(/#[\w-]+$/, '');
let compare = await db.getObjectsFields([`userRemote:${actor}:keys`, `categoryRemote:${actor}:keys`], ['id']);
compare = compare.reduce((keyId, { id }) => keyId || id, '').replace(/#[\w-]+$/, '');
const { signature } = req.headers;
let keyId = new Map(signature.split(',').filter(Boolean).map((v) => {
const index = v.indexOf('=');