From fe97dda295eecf24dc7ead4ac9edbc6f4dbd309c Mon Sep 17 00:00:00 2001 From: les Date: Mon, 26 Apr 2021 11:25:35 +0200 Subject: [PATCH] create instance in any case --- server/federation/helpers.js | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/server/federation/helpers.js b/server/federation/helpers.js index 38b02c2f..5fae81ea 100644 --- a/server/federation/helpers.js +++ b/server/federation/helpers.js @@ -27,7 +27,6 @@ const Helpers = { ] if (urlToIgnore.includes(req.path)) { log.debug(`Ignore noisy fediverse ${req.path}`) - log.debug(req) return res.status(404).send('Not Found') } next() @@ -161,16 +160,17 @@ const Helpers = { }) .catch(e => { log.error(e) - return false + return Instance.create({ name: domain, domain, blocked: false }) }) return instance }, // ref: https://blog.joinmastodon.org/2018/07/how-to-make-friends-and-verify-requests/ async verifySignature (req, res, next) { + // TODO: why do I need instance? const instance = await Helpers.getInstance(req.body.actor) if (!instance) { - log.warn(`[AP] Verify Signature: Instance not found ${req.body.actor}`) + log.warn(`Verify Signature: Instance not found ${req.body.actor}`) return res.status(401).send('Instance not found') } if (instance.blocked) { @@ -188,11 +188,17 @@ const Helpers = { return res.status(401).send('User blocked') } - // little hack -> https://github.com/joyent/node-http-signature/pull/83 - // req.headers.authorization = 'Signature ' + req.headers.signature - req.fedi_user = user + // TODO: check Digest // cannot do this with json bodyparser + // const digest = crypto.createHash('sha256') + // .update(req.body) + // .digest('base64') + // if (`SHA-256=${digest}` !== req.headers.signature) { + // log.warning(`Signature mismatch ${req.headers.signature} - ${digest}`) + // return res.status(401).send('Signature mismatch') + // } + // another little hack :/ // https://github.com/joyent/node-http-signature/issues/87 req.url = '/federation' + req.url