yetangitu/pixelfed
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Update FederationController, move signature validation to InboxValidator job

Browse source
This commit is contained in:
Daniel Supernault 2020-05-21 19:49:30 -06:00
parent ba327ca8d6
commit 3ec5102c24
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7
2 changed files with 40 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

32
app/Http/Controllers/FederationController.php
View file

@ -100,22 +100,22 @@ class FederationController extends Controller
abort_if(!config('federation.activitypub.enabled'), 404);
abort_if(!config('federation.activitypub.inbox'), 404);
// $headers = $request->headers->all();
// $payload = $request->getContent();
// InboxValidator::dispatch($username, $headers, $payload);
$profile = Profile::whereNull('domain')->whereUsername($username)->firstOrFail();
if($profile->status != null) {
return ProfileController::accountCheck($profile);
}
$body = $request->getContent();
$bodyDecoded = json_decode($body, true, 12);
if($this->verifySignature($request, $profile) == true) {
InboxWorker::dispatch($request->headers->all(), $profile, $bodyDecoded);
} else if($this->blindKeyRotation($request, $profile) == true) {
InboxWorker::dispatch($request->headers->all(), $profile, $bodyDecoded);
} else {
abort(400, 'Bad Signature');
}
$headers = $request->headers->all();
$payload = $request->getContent();
InboxValidator::dispatch($username, $headers, $payload);
// $profile = Profile::whereNull('domain')->whereUsername($username)->firstOrFail();
// if($profile->status != null) {
// return ProfileController::accountCheck($profile);
// }
// $body = $request->getContent();
// $bodyDecoded = json_decode($body, true, 12);
// if($this->verifySignature($request, $profile) == true) {
// InboxWorker::dispatch($request->headers->all(), $profile, $bodyDecoded);
// } else if($this->blindKeyRotation($request, $profile) == true) {
// InboxWorker::dispatch($request->headers->all(), $profile, $bodyDecoded);
// } else {
// abort(400, 'Bad Signature');
// }
return;
}