Check that json signatured are present on inbox posts

2021-01-03 14:25:20 +00:00 · 2021-01-03 14:25:20 +00:00 · e8290d99d5
parent c09596f1e2
commit e8290d99d5
1 changed files with 33 additions and 0 deletions
--- a/inbox.py
+++ b/inbox.py
@ -10,6 +10,7 @@ import json
 import os
 import datetime
 import time
+from jsonldsig import jsonldVerify
 from utils import hasUsersPath
 from utils import validPostDate
 from utils import getFullDomain
@ -2702,6 +2703,38 @@ def runInboxQueue(recentPostsCache: {}, maxRecentPosts: int,
        if debug:
            print('DEBUG: http header signature check success')

+        hasJsonSig = True
+
+        if not queueJson['post'].get('signature'):
+            print('WARN: jsonld inbox signature signature missing')
+            hasJsonSig = False
+
+        if not queueJson['post']['signature'].get('type'):
+            print('WARN: jsonld inbox signature type missing')
+            hasJsonSig = False
+
+#        if not jsonldVerify(queueJson['post'], pubKey):
+#            hasJsonSig = False
+#            if debug:
+#                print('**************************************')
+#                print('WARN: jsonld signature check failed ' +
+#                      str(queueJson['post']))
+#                print('--------------------------------------')
+#                print(keyId)
+#                print(pubKey)
+#                print('**************************************')
+#        else:
+#            if debug:
+#                print('jsonld inbox signature check success')
+#
+        if not hasJsonSig:
+            # json signature check failed
+            if os.path.isfile(queueFilename):
+                os.remove(queueFilename)
+            if len(queue) > 0:
+                queue.pop(0)
+            continue
+
        # set the id to the same as the post filename
        # This makes the filename and the id consistent
        # if queueJson['post'].get('id'):