forked from mirror/misskey
validate additionalPublicKeys
This commit is contained in:
parent
02dfe0a3d5
commit
1835397385
@ -152,7 +152,7 @@ export class ApDbResolverService implements OnApplicationShutdown {
|
||||
@bindThis
|
||||
public async getAuthUserFromApId(uri: string): Promise<{
|
||||
user: MiRemoteUser;
|
||||
key: MiUserPublickey | null;
|
||||
key: MiUserPublickey[] | null;
|
||||
} | null> {
|
||||
const user = await this.apPersonService.resolvePerson(uri) as MiRemoteUser;
|
||||
if (user.isDeleted) return null;
|
||||
|
@ -194,6 +194,37 @@ export class ApPersonService implements OnModuleInit {
|
||||
}
|
||||
}
|
||||
|
||||
if (x.additionalPublicKeys) {
|
||||
if (!x.publicKey) {
|
||||
throw new Error('invalid Actor: additionalPublicKeys is set but publicKey is not');
|
||||
}
|
||||
|
||||
if (!Array.isArray(x.additionalPublicKeys)) {
|
||||
throw new Error('invalid Actor: additionalPublicKeys is not an array');
|
||||
}
|
||||
|
||||
for (const key of x.additionalPublicKeys) {
|
||||
if (typeof key.id !== 'string') {
|
||||
throw new Error('invalid Actor: additionalPublicKeys.id is not a string');
|
||||
}
|
||||
|
||||
const keyIdHost = this.punyHost(key.id);
|
||||
if (keyIdHost !== expectHost) {
|
||||
throw new Error('invalid Actor: additionalPublicKeys.id has different host');
|
||||
}
|
||||
|
||||
if (!key.signature) {
|
||||
throw new Error('invalid Actor: additionalPublicKeys.signature is not set');
|
||||
}
|
||||
if (typeof key.signature.type !== 'string') {
|
||||
throw new Error('invalid Actor: additionalPublicKeys.signature.type is not a string');
|
||||
}
|
||||
if (typeof key.signature.signatureValue !== 'string') {
|
||||
throw new Error('invalid Actor: additionalPublicKeys.signature.signatureValue is not a string');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return x;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user