move signature verification to callback
This commit is contained in:
parent
bb21803b18
commit
036ee3180b
1 changed files with 10 additions and 16 deletions
|
@ -134,6 +134,11 @@ class Inbox {
|
||||||
* @return WP_REST_Response
|
* @return WP_REST_Response
|
||||||
*/
|
*/
|
||||||
public static function user_inbox_post( $request ) {
|
public static function user_inbox_post( $request ) {
|
||||||
|
// SecureMode/Authorized fetch.
|
||||||
|
if ( ! \Activitypub\Signature::verify_http_signature( $request ) ) {
|
||||||
|
return new \WP_REST_Response( array(), 403 );
|
||||||
|
}
|
||||||
|
|
||||||
$user_id = $request->get_param( 'user_id' );
|
$user_id = $request->get_param( 'user_id' );
|
||||||
|
|
||||||
$data = $request->get_params();
|
$data = $request->get_params();
|
||||||
|
@ -154,6 +159,11 @@ class Inbox {
|
||||||
* @return WP_REST_Response
|
* @return WP_REST_Response
|
||||||
*/
|
*/
|
||||||
public static function shared_inbox_post( $request ) {
|
public static function shared_inbox_post( $request ) {
|
||||||
|
// SecureMode/Authorized fetch.
|
||||||
|
if ( ! \Activitypub\Signature::verify_http_signature( $request ) ) {
|
||||||
|
return new \WP_REST_Response( array(), 403 );
|
||||||
|
}
|
||||||
|
|
||||||
$data = $request->get_params();
|
$data = $request->get_params();
|
||||||
$type = $request->get_param( 'type' );
|
$type = $request->get_param( 'type' );
|
||||||
$users = self::extract_recipients( $data );
|
$users = self::extract_recipients( $data );
|
||||||
|
@ -233,16 +243,6 @@ class Inbox {
|
||||||
'sanitize_callback' => 'esc_url_raw',
|
'sanitize_callback' => 'esc_url_raw',
|
||||||
);
|
);
|
||||||
|
|
||||||
$params['signature'] = array(
|
|
||||||
'required' => true,
|
|
||||||
'validate_callback' => function( $param, $request, $key ) {
|
|
||||||
if ( ! Signature::verify_http_signature( $request ) ) {
|
|
||||||
return false; // returns http 400 rest_invalid_param
|
|
||||||
}
|
|
||||||
return $param;
|
|
||||||
},
|
|
||||||
);
|
|
||||||
|
|
||||||
$params['actor'] = array(
|
$params['actor'] = array(
|
||||||
'required' => true,
|
'required' => true,
|
||||||
'sanitize_callback' => function( $param, $request, $key ) {
|
'sanitize_callback' => function( $param, $request, $key ) {
|
||||||
|
@ -285,12 +285,6 @@ class Inbox {
|
||||||
'required' => true,
|
'required' => true,
|
||||||
'type' => 'string',
|
'type' => 'string',
|
||||||
'sanitize_callback' => 'esc_url_raw',
|
'sanitize_callback' => 'esc_url_raw',
|
||||||
'validate_callback' => function( $param, $request, $key ) {
|
|
||||||
if ( ! Signature::verify_http_signature( $request ) ) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
return $param;
|
|
||||||
},
|
|
||||||
);
|
);
|
||||||
|
|
||||||
$params['actor'] = array(
|
$params['actor'] = array(
|
||||||
|
|
Loading…
Reference in a new issue