diff --git a/includes/class-signature.php b/includes/class-signature.php index a25d939..1ef447b 100644 --- a/includes/class-signature.php +++ b/includes/class-signature.php @@ -112,7 +112,7 @@ class Signature { } } - public static function verify_signature( $request = null ) { + public static function verify_http_signature( $request = null ) { $headers = $request->get_headers(); $headers['(request-target)'][0] = strtolower( $request->get_method() ) . ' /wp-json' . $request->get_route(); diff --git a/includes/rest/class-inbox.php b/includes/rest/class-inbox.php index c3ca058..0869533 100644 --- a/includes/rest/class-inbox.php +++ b/includes/rest/class-inbox.php @@ -74,17 +74,10 @@ class Inbox { return $served; } - $signature = $request->get_header( 'signature' ); - - if ( ! $signature ) { + if ( ! \Activitypub\Signature::verify_http_signature( $request ) ) { return $served; } - $headers = $request->get_headers(); - - // verify signature - \Activitypub\Signature::verify_signature( $request ); - return $served; } @@ -237,6 +230,12 @@ class Inbox { $params['id'] = array( 'required' => true, 'sanitize_callback' => 'esc_url_raw', + 'validate_callback' => function( $param, $request, $key ) { + if ( ! \Activitypub\Signature::verify_http_signature( $request ) ) { + return false; + } + return $param; + }, ); $params['actor'] = array( @@ -281,6 +280,12 @@ class Inbox { 'required' => true, 'type' => 'string', 'sanitize_callback' => 'esc_url_raw', + 'validate_callback' => function( $param, $request, $key ) { + if ( ! \Activitypub\Signature::verify_http_signature( $request ) ) { + return false; + } + return $param; + }, ); $params['actor'] = array( @@ -339,16 +344,6 @@ class Inbox { }, ); - $params['validated'] = array( - 'sanitize_callback' => function( $param, $request, $key ) { - if ( \is_string( $param ) ) { - $param = array( $param ); - } - - return $param; - }, - ); - return $params; }