use verify_http_signature in validate_callback

rename verify_signature

includes/class-signature.php

@@ -112,7 +112,7 @@ class Signature {
 		}
 	}
 
-	public static function verify_signature( $request = null ) {
+	public static function verify_http_signature( $request = null ) {
 		$headers = $request->get_headers();
 		$headers['(request-target)'][0] = strtolower( $request->get_method() ) . ' /wp-json' . $request->get_route();
 

includes/rest/class-inbox.php

@@ -74,17 +74,10 @@ class Inbox {
 			return $served;
 		}
 
-		$signature = $request->get_header( 'signature' );
-
-		if ( ! $signature ) {
+		if ( ! \Activitypub\Signature::verify_http_signature( $request ) ) {
 			return $served;
 		}
 
-		$headers = $request->get_headers();
-
-		// verify signature
-		\Activitypub\Signature::verify_signature( $request );
-
 		return $served;
 	}
 
@@ -237,6 +230,12 @@ class Inbox {
 		$params['id'] = array(
 			'required' => true,
 			'sanitize_callback' => 'esc_url_raw',
+			'validate_callback' => function( $param, $request, $key ) {
+				if ( ! \Activitypub\Signature::verify_http_signature( $request ) ) {
+					return false;
+				}
+				return $param;
+			},
 		);
 
 		$params['actor'] = array(
@@ -281,6 +280,12 @@ class Inbox {
 			'required' => true,
 			'type' => 'string',
 			'sanitize_callback' => 'esc_url_raw',
+			'validate_callback' => function( $param, $request, $key ) {
+				if ( ! \Activitypub\Signature::verify_http_signature( $request ) ) {
+					return false;
+				}
+				return $param;
+			},
 		);
 
 		$params['actor'] = array(
@@ -339,16 +344,6 @@ class Inbox {
 			},
 		);
 
-		$params['validated'] = array(
-			'sanitize_callback' => function( $param, $request, $key ) {
-				if ( \is_string( $param ) ) {
-					$param = array( $param );
-				}
-
-				return $param;
-			},
-		);
-
 		return $params;
 	}