Merge branch 'develop' into feature/activitypub

[akkoma] / lib / pleroma / web / activity_pub / activity_pub_controller.ex

diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
index f0dc86a7fbcf053ede85342edc7e8c78c62a9ca4..edbcb938a0b7eee90fbe3bc019dd055a2560f1fc 100644 (file)
--- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
@@ -12,14 +12,18 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
   def user(conn, %{"nickname" => nickname}) do
     with %User{} = user <- User.get_cached_by_nickname(nickname),
          {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
-      json(conn, UserView.render("user.json", %{user: user}))
+      conn
+      |> put_resp_header("content-type", "application/activity+json")
+      |> json(UserView.render("user.json", %{user: user}))
     end
   end
 
   def object(conn, %{"uuid" => uuid}) do
     with ap_id <- o_status_url(conn, :object, uuid),
          %Object{} = object <- Object.get_cached_by_ap_id(ap_id) do
-      json(conn, ObjectView.render("object.json", %{object: object}))
+      conn
+      |> put_resp_header("content-type", "application/activity+json")
+      |> json(ObjectView.render("object.json", %{object: object}))
     end
   end
 
@@ -30,8 +34,15 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
   end
 
   def inbox(conn, params) do
-    Logger.info("Signature error.")
-    Logger.info(inspect(conn.req_headers))
+    headers = Enum.into(conn.req_headers, %{})
+    if !(String.contains?(headers["signature"] || "", params["actor"])) do
+      Logger.info("Signature not from author, relayed message, ignoring.")
+    else
+      Logger.info("Signature error.")
+      Logger.info("Could not validate #{params["actor"]}")
+      Logger.info(inspect(conn.req_headers))
+    end
+
     json(conn, "ok")
   end