Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-05-06 09:17:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: ActivityPub.fetchPublicKey to better handle key IDs that return CryptographicKey objects, #14130

Browse Source
This commit is contained in:
Julian Lam
2026-03-30 10:20:35 -04:00
parent d0d5441340
commit c37a9103c8
1 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/activitypub/index.js
View File

@@ -197,11 +197,15 @@ ActivityPub.fetchPublicKey = async (uri) => {
// Used for retrieving the public key from the passed-in keyId uri
const body = await ActivityPub.get('uid', 0, uri);
if (!body.hasOwnProperty('publicKey')) {
throw new Error('[[error:activitypub.pubKey-not-found]]');
if (body.hasOwnProperty('publicKeyPem')) {
// CryptographicKey returned (correct)
return body.publicKeyPem;
} else if (body.hasOwnProperty('publicKey') && body?.publicKey?.publicKeyPem) {
// Actor object returned (less correct)
return body.publicKey.publicKeyPem;
}
return body.publicKey;
throw new Error('[[error:activitypub.pubKey-not-found]]');
};
ActivityPub.sign = async ({ key, keyId }, url, payload) => {
@@ -288,7 +292,7 @@ ActivityPub.verify = async (req) => {
// Retrieve public key from remote instance
ActivityPub.helpers.log(`[activitypub/verify] Retrieving pubkey for ${keyId}`);
const { publicKeyPem } = await ActivityPub.fetchPublicKey(keyId);
const publicKeyPem = await ActivityPub.fetchPublicKey(keyId);
const verify = createVerify('sha256');
verify.update(signed_string);