From 464dd8067dc54ed75bbe9bd22238eb4394566e21 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Tue, 9 Apr 2024 11:29:57 -0400
Subject: [PATCH] fix: additional verbose logging for signature verification

---
 src/activitypub/index.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/activitypub/index.js b/src/activitypub/index.js
index 8cf1066886..098dff0eb7 100644
--- a/src/activitypub/index.js
+++ b/src/activitypub/index.js
@@ -152,7 +152,9 @@ ActivityPub.sign = async ({ key, keyId }, url, payload) => {
 };
 
 ActivityPub.verify = async (req) => {
+	winston.verbose('[activitypub/verify] Starting signature verification...');
 	if (!req.headers.hasOwnProperty('signature')) {
+		winston.verbose('[activitypub/verify]   Failed, no signature header.');
 		return false;
 	}
 
@@ -179,14 +181,17 @@ ActivityPub.verify = async (req) => {
 	// Verify the signature string via public key
 	try {
 		// Retrieve public key from remote instance
+		winston.verbose(`[activitypub/verify] Retrieving pubkey for ${keyId}`);
 		const { publicKeyPem } = await ActivityPub.fetchPublicKey(keyId);
 
 		const verify = createVerify('sha256');
 		verify.update(signed_string);
 		verify.end();
+		winston.verbose('[activitypub/verify] Attempting signed string verification');
 		const verified = verify.verify(publicKeyPem, signature, 'base64');
 		return verified;
 	} catch (e) {
+		winston.verbose('[activitypub/verify]   Failed, key retrieval or verification failure.');
 		return false;
 	}
 };