about summary refs log tree commit diff
path: root/app/services/activitypub
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2017-08-26 13:47:38 +0200
committerGitHub <noreply@github.com>2017-08-26 13:47:38 +0200
commit00840f4f2edb8d1d46638ccbc90a1f4462d0867a (patch)
treec4f6c9a4967df5d5f23094ddefed88c621d6c3ff /app/services/activitypub
parent1cebfed23e03b9d31796cdc139acde1b6dccd9f3 (diff)
Add handling of Linked Data Signatures in payloads (#4687)
* Add handling of Linked Data Signatures in payloads

* Add a way to sign JSON, fix canonicalization of signature options

* Fix signatureValue encoding, send out signed JSON when distributing

* Add missing security context
Diffstat (limited to 'app/services/activitypub')
-rw-r--r--app/services/activitypub/process_collection_service.rb11
1 files changed, 11 insertions, 0 deletions
diff --git a/app/services/activitypub/process_collection_service.rb b/app/services/activitypub/process_collection_service.rb
index cd861c075..2cf15553d 100644
--- a/app/services/activitypub/process_collection_service.rb
+++ b/app/services/activitypub/process_collection_service.rb
@@ -9,6 +9,8 @@ class ActivityPub::ProcessCollectionService < BaseService
 
     return if @account.suspended? || !supported_context?
 
+    verify_account! if different_actor?
+
     case @json['type']
     when 'Collection', 'CollectionPage'
       process_items @json['items']
@@ -23,6 +25,10 @@ class ActivityPub::ProcessCollectionService < BaseService
 
   private
 
+  def different_actor?
+    @json['actor'].present? && value_or_id(@json['actor']) != @account.uri && @json['signature'].present?
+  end
+
   def process_items(items)
     items.reverse_each.map { |item| process_item(item) }.compact
   end
@@ -35,4 +41,9 @@ class ActivityPub::ProcessCollectionService < BaseService
     activity = ActivityPub::Activity.factory(item, @account)
     activity&.perform
   end
+
+  def verify_account!
+    account  = ActivityPub::LinkedDataSignature.new(@json).verify_account!
+    @account = account unless account.nil?
+  end
 end