validate additionalPublicKeys
This commit is contained in:
parent
02dfe0a3d5
commit
1835397385
|
@ -152,7 +152,7 @@ export class ApDbResolverService implements OnApplicationShutdown {
|
||||||
@bindThis
|
@bindThis
|
||||||
public async getAuthUserFromApId(uri: string): Promise<{
|
public async getAuthUserFromApId(uri: string): Promise<{
|
||||||
user: MiRemoteUser;
|
user: MiRemoteUser;
|
||||||
key: MiUserPublickey | null;
|
key: MiUserPublickey[] | null;
|
||||||
} | null> {
|
} | null> {
|
||||||
const user = await this.apPersonService.resolvePerson(uri) as MiRemoteUser;
|
const user = await this.apPersonService.resolvePerson(uri) as MiRemoteUser;
|
||||||
if (user.isDeleted) return null;
|
if (user.isDeleted) return null;
|
||||||
|
|
|
@ -194,6 +194,37 @@ export class ApPersonService implements OnModuleInit {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (x.additionalPublicKeys) {
|
||||||
|
if (!x.publicKey) {
|
||||||
|
throw new Error('invalid Actor: additionalPublicKeys is set but publicKey is not');
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!Array.isArray(x.additionalPublicKeys)) {
|
||||||
|
throw new Error('invalid Actor: additionalPublicKeys is not an array');
|
||||||
|
}
|
||||||
|
|
||||||
|
for (const key of x.additionalPublicKeys) {
|
||||||
|
if (typeof key.id !== 'string') {
|
||||||
|
throw new Error('invalid Actor: additionalPublicKeys.id is not a string');
|
||||||
|
}
|
||||||
|
|
||||||
|
const keyIdHost = this.punyHost(key.id);
|
||||||
|
if (keyIdHost !== expectHost) {
|
||||||
|
throw new Error('invalid Actor: additionalPublicKeys.id has different host');
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!key.signature) {
|
||||||
|
throw new Error('invalid Actor: additionalPublicKeys.signature is not set');
|
||||||
|
}
|
||||||
|
if (typeof key.signature.type !== 'string') {
|
||||||
|
throw new Error('invalid Actor: additionalPublicKeys.signature.type is not a string');
|
||||||
|
}
|
||||||
|
if (typeof key.signature.signatureValue !== 'string') {
|
||||||
|
throw new Error('invalid Actor: additionalPublicKeys.signature.signatureValue is not a string');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return x;
|
return x;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue