Add handling of Linked Data Signatures in payloads (#4687)

* Add handling of Linked Data Signatures in payloads * Add a way to sign JSON, fix canonicalization of signature options * Fix signatureValue encoding, send out signed JSON when distributing * Add missing security context
2017-08-26 13:47:38 +02:00 · 2017-08-26 13:47:38 +02:00 · 00840f4f2e
commit 00840f4f2e
parent 1cebfed23e
25 changed files with 369 additions and 30 deletions
--- a/app/services/activitypub/process_collection_service.rb
+++ b/app/services/activitypub/process_collection_service.rb
@ -9,6 +9,8 @@ class ActivityPub::ProcessCollectionService < BaseService

    return if @account.suspended? || !supported_context?

+    verify_account! if different_actor?
+
    case @json['type']
    when 'Collection', 'CollectionPage'
      process_items @json['items']
@ -23,6 +25,10 @@ class ActivityPub::ProcessCollectionService < BaseService

  private

+  def different_actor?
+    @json['actor'].present? && value_or_id(@json['actor']) != @account.uri && @json['signature'].present?
+  end
+
  def process_items(items)
    items.reverse_each.map { |item| process_item(item) }.compact
  end
@ -35,4 +41,9 @@ class ActivityPub::ProcessCollectionService < BaseService
    activity = ActivityPub::Activity.factory(item, @account)
    activity&.perform
  end
+
+  def verify_account!
+    account  = ActivityPub::LinkedDataSignature.new(@json).verify_account!
+    @account = account unless account.nil?
+  end
 end