summaryrefslogtreecommitdiff
path: root/src/queue/processors
diff options
context:
space:
mode:
Diffstat (limited to 'src/queue/processors')
-rw-r--r--src/queue/processors/inbox.ts10
1 files changed, 4 insertions, 6 deletions
diff --git a/src/queue/processors/inbox.ts b/src/queue/processors/inbox.ts
index f37f663ed5..3a0bdbe28a 100644
--- a/src/queue/processors/inbox.ts
+++ b/src/queue/processors/inbox.ts
@@ -56,12 +56,10 @@ export default async (job: Bull.Job<InboxJobData>): Promise<string> => {
}
// HTTP-Signatureの検証
- if (!httpSignature.verifySignature(signature, authUser.key.keyPem)) {
- return 'signature verification failed';
- }
+ const httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
- // signatureのsignerは、activity.actorと一致する必要がある
- if (authUser.user.uri !== activity.actor) {
+ // また、signatureのsignerは、activity.actorと一致する必要がある
+ if (!httpSignatureValidated || authUser.user.uri !== activity.actor) {
// 一致しなくても、でもLD-Signatureがありそうならそっちも見る
if (activity.signature) {
if (activity.signature.type !== 'RsaSignature2017') {
@@ -93,7 +91,7 @@ export default async (job: Bull.Job<InboxJobData>): Promise<string> => {
return `skip: LD-Signature user(${authUser.user.uri}) !== activity.actor(${activity.actor})`;
}
} else {
- return 'signature verification failed';
+ throw `skip: http-signature verification failed.`;
}
}
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-03 22:30:14 +0000