Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: sign public key requests

Browse Source 
Lack of this signature resulted in ironically failing the verification of signed requests from Mastodon instanced configured to require signed get...
This commit is contained in:
Opliko
2024-04-09 19:27:35 +02:00
parent 464dd8067d
commit fcd5447cd4
1 changed files with 2 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/activitypub/index.js
View File

@@ -106,13 +106,9 @@ ActivityPub.getPrivateKey = async (type, id) => {
ActivityPub.fetchPublicKey = async (uri) => {
// Used for retrieving the public key from the passed-in keyId uri
const { response, body } = await request.get(uri, {
headers: {
Accept: 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
},
});
const body = await ActivityPub.get('uid', 0, uri);
if (!String(response.statusCode).startsWith('2') || !body.hasOwnProperty('publicKey')) {
if (!body.hasOwnProperty('publicKey')) {
throw new Error('[[error:activitypub.pubKey-not-found]]');
}