Add secure mode to REST get requests

includes/class-signature.php

@@ -195,8 +195,7 @@ class Signature {
 			}
 		}
 
-		strtok( $signature_block['keyId'], '?');
+		$public_key = \Activitypub\get_remote_metadata_by_actor( strtok( strip_fragment_from_url( $signature_block['keyId'] ), '?' ) ); // phpcs:ignore
-		$public_key = \Activitypub\get_remote_metadata_by_actor( $signature_block['keyId'] ); // phpcs:ignore
 		if ( \is_wp_error( $public_key ) ) {
 			return $public_key;
 		} else {

includes/rest/class-server.php

@@ -90,13 +90,13 @@ class Server {
 				}
 			} else {
 				// SecureMode/Authorized fetch.
-				// $secure_mode = \get_option( 'activitypub_use_secure_mode', '0' );
+				$secure_mode = \get_option( 'activitypub_use_secure_mode', '0' );
-				// if ( $secure_mode ) {
+				if ( $secure_mode ) {
-				//	$verified_request = Signature::verify_http_signature( $request );
+					$verified_request = Signature::verify_http_signature( $request );
-				// 	if ( \is_wp_error( $verified_request ) ) {
+					if ( \is_wp_error( $verified_request ) ) {
-				// 		return $verified_request;
+						return $verified_request;
-				// 	}
+					}
-				// }
+				}
 			}
 		}
 	}