validate additionalPublicKeys

This commit is contained in:
tamaina 2024-02-26 21:06:05 +00:00
parent 02dfe0a3d5
commit 1835397385
2 changed files with 32 additions and 1 deletions

View file

@ -152,7 +152,7 @@ export class ApDbResolverService implements OnApplicationShutdown {
@bindThis
public async getAuthUserFromApId(uri: string): Promise<{
user: MiRemoteUser;
key: MiUserPublickey | null;
key: MiUserPublickey[] | null;
} | null> {
const user = await this.apPersonService.resolvePerson(uri) as MiRemoteUser;
if (user.isDeleted) return null;

View file

@ -194,6 +194,37 @@ export class ApPersonService implements OnModuleInit {
}
}
if (x.additionalPublicKeys) {
if (!x.publicKey) {
throw new Error('invalid Actor: additionalPublicKeys is set but publicKey is not');
}
if (!Array.isArray(x.additionalPublicKeys)) {
throw new Error('invalid Actor: additionalPublicKeys is not an array');
}
for (const key of x.additionalPublicKeys) {
if (typeof key.id !== 'string') {
throw new Error('invalid Actor: additionalPublicKeys.id is not a string');
}
const keyIdHost = this.punyHost(key.id);
if (keyIdHost !== expectHost) {
throw new Error('invalid Actor: additionalPublicKeys.id has different host');
}
if (!key.signature) {
throw new Error('invalid Actor: additionalPublicKeys.signature is not set');
}
if (typeof key.signature.type !== 'string') {
throw new Error('invalid Actor: additionalPublicKeys.signature.type is not a string');
}
if (typeof key.signature.signatureValue !== 'string') {
throw new Error('invalid Actor: additionalPublicKeys.signature.signatureValue is not a string');
}
}
}
return x;
}