ActivityPub: Check inbox requests for valid signature.

author Roger Braun <roger@rogerbraun.net>

Tue, 12 Dec 2017 09:17:50 +0000 (10:17 +0100)

committer Roger Braun <roger@rogerbraun.net>

Tue, 12 Dec 2017 09:17:50 +0000 (10:17 +0100)
author Roger Braun <roger@rogerbraun.net>
Tue, 12 Dec 2017 09:17:50 +0000 (10:17 +0100)
committer Roger Braun <roger@rogerbraun.net>
Tue, 12 Dec 2017 09:17:50 +0000 (10:17 +0100)
diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex

index a9c0401bc59432128439c068df7906bc4c2fadcb..0f631dd4bef48d3ce7b4a664d8e9c24187ba38ee 100644 (file)
--- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
@@ -18,7 +18,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
      end
    end
  
-  def inbox(conn, params) do
+  # TODO: Move signature failure halt into plug
+  def inbox(%{assigns: %{valid_signature: true}} = conn, params) do
      {:ok, activity} = ActivityPub.insert(params, false)
      json(conn, "ok")
    end
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex

index 4803a6370cf0dcb8c2c9faf9cc49cacebfaaa814..4f9ebf5e8a1e93f105320afae60744039111f32d 100644 (file)
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -219,9 +219,11 @@ defmodule Pleroma.Web.Router do
  
    pipeline :activitypub do
      plug :accepts, ["activity+json"]
+    plug Pleroma.Web.Plugs.HTTPSignaturePlug
    end
  
    scope "/", Pleroma.Web.ActivityPub do
+    pipe_through :activitypub
      post "/users/:nickname/inbox", ActivityPubController, :inbox
    end
author	Roger Braun <roger@rogerbraun.net>
	Tue, 12 Dec 2017 09:17:50 +0000 (10:17 +0100)
committer	Roger Braun <roger@rogerbraun.net>
	Tue, 12 Dec 2017 09:17:50 +0000 (10:17 +0100)
lib/pleroma/web/activity_pub/activity_pub_controller.ex		patch \| blob \| history
lib/pleroma/web/router.ex		patch \| blob \| history