fix public key re-fetch logic

This commit is contained in:
Hazelnoot 2024-10-14 14:41:16 -04:00
parent 78a75171c2
commit 5eb9a263e2
1 changed files with 7 additions and 11 deletions

View File

@ -118,19 +118,15 @@ export class InboxProcessorService implements OnApplicationShutdown {
// HTTP-Signatureの検証 // HTTP-Signatureの検証
let httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem); let httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
// また、signatureのsignerは、activity.actorと一致する必要がある if (!httpSignatureValidated) {
if (!httpSignatureValidated || authUser.user.uri !== activity.actor) { authUser.key = await this.apDbResolverService.refetchPublicKeyForApId(authUser.user);
let renewKeyFailed = true; if (authUser.key != null) {
httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
if (!httpSignatureValidated) {
authUser.key = await this.apDbResolverService.refetchPublicKeyForApId(authUser.user);
if (authUser.key != null) {
httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
renewKeyFailed = false;
}
} }
}
// また、signatureのsignerは、activity.actorと一致する必要がある
if (!httpSignatureValidated || authUser.user.uri !== getApId(activity.actor)) {
// 一致しなくても、でもLD-Signatureがありそうならそっちも見る // 一致しなくても、でもLD-Signatureがありそうならそっちも見る
const ldSignature = activity.signature; const ldSignature = activity.signature;
if (ldSignature) { if (ldSignature) {