use verify_http_signature in validate_callback

rename verify_signature
This commit is contained in:
Django Doucet 2023-04-02 16:38:39 -06:00
parent 90b45438b2
commit 2293c0b3d7
2 changed files with 14 additions and 19 deletions

View file

@ -112,7 +112,7 @@ class Signature {
} }
} }
public static function verify_signature( $request = null ) { public static function verify_http_signature( $request = null ) {
$headers = $request->get_headers(); $headers = $request->get_headers();
$headers['(request-target)'][0] = strtolower( $request->get_method() ) . ' /wp-json' . $request->get_route(); $headers['(request-target)'][0] = strtolower( $request->get_method() ) . ' /wp-json' . $request->get_route();

View file

@ -74,17 +74,10 @@ class Inbox {
return $served; return $served;
} }
$signature = $request->get_header( 'signature' ); if ( ! \Activitypub\Signature::verify_http_signature( $request ) ) {
if ( ! $signature ) {
return $served; return $served;
} }
$headers = $request->get_headers();
// verify signature
\Activitypub\Signature::verify_signature( $request );
return $served; return $served;
} }
@ -237,6 +230,12 @@ class Inbox {
$params['id'] = array( $params['id'] = array(
'required' => true, 'required' => true,
'sanitize_callback' => 'esc_url_raw', 'sanitize_callback' => 'esc_url_raw',
'validate_callback' => function( $param, $request, $key ) {
if ( ! \Activitypub\Signature::verify_http_signature( $request ) ) {
return false;
}
return $param;
},
); );
$params['actor'] = array( $params['actor'] = array(
@ -281,6 +280,12 @@ class Inbox {
'required' => true, 'required' => true,
'type' => 'string', 'type' => 'string',
'sanitize_callback' => 'esc_url_raw', 'sanitize_callback' => 'esc_url_raw',
'validate_callback' => function( $param, $request, $key ) {
if ( ! \Activitypub\Signature::verify_http_signature( $request ) ) {
return false;
}
return $param;
},
); );
$params['actor'] = array( $params['actor'] = array(
@ -339,16 +344,6 @@ class Inbox {
}, },
); );
$params['validated'] = array(
'sanitize_callback' => function( $param, $request, $key ) {
if ( \is_string( $param ) ) {
$param = array( $param );
}
return $param;
},
);
return $params; return $params;
} }