Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: closes #13405, catch errors in ap.verify

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2025-05-11 22:31:00 -04:00
parent 20ab90694c
commit 8174578c5b
1 changed files with 41 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
src/activitypub/index.js
View File

@@ -232,49 +232,49 @@ ActivityPub.verify = async (req) => {
return false;
}
// Break the signature apart
let { keyId, headers, signature, algorithm, created, expires } = req.headers.signature.split(',').reduce((memo, cur) => {
const split = cur.split('="');
const key = split.shift();
const value = split.join('="');
memo[key] = value.slice(0, -1);
return memo;
}, {});
const acceptableHashes = getHashes();
if (algorithm === 'hs2019' || !acceptableHashes.includes(algorithm)) {
algorithm = 'sha256';
}
// Re-construct signature string
const signed_string = headers.split(' ').reduce((memo, cur) => {
switch (cur) {
case '(request-target)': {
memo.push(`${cur}: ${String(req.method).toLowerCase()} ${req.baseUrl}${req.path}`);
break;
}
case '(created)': {
memo.push(`${cur}: ${created}`);
break;
}
case '(expires)': {
memo.push(`${cur}: ${expires}`);
break;
}
default: {
memo.push(`${cur}: ${req.headers[cur]}`);
break;
}
}
return memo;
}, []).join('\n');
// Verify the signature string via public key
try {
// Break the signature apart
let { keyId, headers, signature, algorithm, created, expires } = req.headers.signature.split(',').reduce((memo, cur) => {
const split = cur.split('="');
const key = split.shift();
const value = split.join('="');
memo[key] = value.slice(0, -1);
return memo;
}, {});
const acceptableHashes = getHashes();
if (algorithm === 'hs2019' || !acceptableHashes.includes(algorithm)) {
algorithm = 'sha256';
}
// Re-construct signature string
const signed_string = headers.split(' ').reduce((memo, cur) => {
switch (cur) {
case '(request-target)': {
memo.push(`${cur}: ${String(req.method).toLowerCase()} ${req.baseUrl}${req.path}`);
break;
}
case '(created)': {
memo.push(`${cur}: ${created}`);
break;
}
case '(expires)': {
memo.push(`${cur}: ${expires}`);
break;
}
default: {
memo.push(`${cur}: ${req.headers[cur]}`);
break;
}
}
return memo;
}, []).join('\n');
// Retrieve public key from remote instance
ActivityPub.helpers.log(`[activitypub/verify] Retrieving pubkey for ${keyId}`);
const { publicKeyPem } = await ActivityPub.fetchPublicKey(keyId);