Merge 5641b0b3ad
into 4603ab67bb
This commit is contained in:
commit
c38a104b57
|
@ -169,6 +169,19 @@ export class ApDbResolverService implements OnApplicationShutdown {
|
|||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* Miskey User -> Refetched Key
|
||||
*/
|
||||
@bindThis
|
||||
public async refetchPublicKeyForApId(user: MiRemoteUser): Promise<MiUserPublickey | null> {
|
||||
await this.apPersonService.updatePerson(user.uri!);
|
||||
const key = this.userPublickeysRepository.findOneBy({ userId: user.id });
|
||||
if (key != null) {
|
||||
await this.publicKeyByUserIdCache.set(user.id, key);
|
||||
}
|
||||
return key;
|
||||
}
|
||||
|
||||
@bindThis
|
||||
public dispose(): void {
|
||||
this.publicKeyCache.dispose();
|
||||
|
|
|
@ -116,7 +116,18 @@ export class InboxProcessorService implements OnApplicationShutdown {
|
|||
}
|
||||
|
||||
// HTTP-Signatureの検証
|
||||
const httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
|
||||
let httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
|
||||
|
||||
// If signature validation failed, try refetching the actor
|
||||
if (!httpSignatureValidated) {
|
||||
authUser.key = await this.apDbResolverService.refetchPublicKeyForApId(authUser.user);
|
||||
|
||||
if (authUser.key == null) {
|
||||
throw new Bull.UnrecoverableError('skip: failed to re-resolve user publicKey');
|
||||
}
|
||||
|
||||
httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
|
||||
}
|
||||
|
||||
// また、signatureのsignerは、activity.actorと一致する必要がある
|
||||
if (!httpSignatureValidated || authUser.user.uri !== activity.actor) {
|
||||
|
|
Loading…
Reference in New Issue