Resolve account by signature in inbox

3 files changed, 41 insertions, 1 deletions

diff --git a/src/processor/http/index.ts b/src/processor/http/index.ts
index a001cf11f7..b3161cb992 100644
--- a/src/processor/http/index.ts
+++ b/src/processor/http/index.ts
@@ -1,10 +1,12 @@
 import follow from './follow';
 import performActivityPub from './perform-activitypub';
+import processInbox from './process-inbox';
 import reportGitHubFailure from './report-github-failure';
 
 const handlers = {
   follow,
   performActivityPub,
+  processInbox,
   reportGitHubFailure,
 };
 
diff --git a/src/processor/http/perform-activitypub.ts b/src/processor/http/perform-activitypub.ts
index d8981ea126..420ed9ec75 100644
--- a/src/processor/http/perform-activitypub.ts
+++ b/src/processor/http/perform-activitypub.ts
@@ -2,5 +2,5 @@ import User from '../../models/user';
 import act from '../../remote/activitypub/act';
 
 export default ({ data }, done) => User.findOne({ _id: data.actor })
-	.then(actor => act(actor, data.outbox, data.distribute))
+	.then(actor => act(actor, data.outbox, false))
 	.then(() => done(), done);
diff --git a/src/processor/http/process-inbox.ts b/src/processor/http/process-inbox.ts
new file mode 100644
index 0000000000..78c20f8a7e
--- /dev/null
+++ b/src/processor/http/process-inbox.ts
@@ -0,0 +1,38 @@
+import { verifySignature } from 'http-signature';
+import parseAcct from '../../acct/parse';
+import User, { IRemoteUser } from '../../models/user';
+import act from '../../remote/activitypub/act';
+import resolvePerson from '../../remote/activitypub/resolve-person';
+
+export default ({ data }, done) => (async () => {
+	const keyIdLower = data.signature.keyId.toLowerCase();
+	let user;
+
+	if (keyIdLower.startsWith('acct:')) {
+		const { username, host } = parseAcct(keyIdLower.slice('acct:'.length));
+		if (host === null) {
+			throw 'request was made by local user';
+		}
+
+		user = await User.findOne({ usernameLower: username, hostLower: host }) as IRemoteUser;
+	} else {
+		user = await User.findOne({
+			host: { $ne: null },
+			'account.publicKey.id': data.signature.keyId
+		}) as IRemoteUser;
+
+		if (user === null) {
+			user = await resolvePerson(data.signature.keyId);
+		}
+	}
+
+	if (user === null) {
+		throw 'failed to resolve user';
+	}
+
+	if (!verifySignature(data.signature, user.account.publicKey.publicKeyPem)) {
+		throw 'signature verification failed';
+	}
+
+	await act(user, data.inbox, true);
+})().then(done, done);