@evanp/activitypub-bot 0.17.0 → 0.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/httpsignature.js +6 -2
- package/package.json +2 -2
package/lib/httpsignature.js
CHANGED
|
@@ -43,8 +43,8 @@ export class HTTPSignature {
|
|
|
43
43
|
throw createHttpError(401, 'No algorithm provided')
|
|
44
44
|
}
|
|
45
45
|
this.#logger.debug({ algorithm }, 'validating signature')
|
|
46
|
-
if (algorithm
|
|
47
|
-
throw createHttpError(401, 'Only rsa-sha256
|
|
46
|
+
if (!(algorithm === 'rsa-sha256' || (algorithm === 'hs2019' && this.#isRSAKey(publicKeyPem)))) {
|
|
47
|
+
throw createHttpError(401, 'Only rsa-sha256 or hs2019 with RSA supported')
|
|
48
48
|
}
|
|
49
49
|
if (!params.headers) {
|
|
50
50
|
throw createHttpError(401, 'No headers provided')
|
|
@@ -192,4 +192,8 @@ export class HTTPSignature {
|
|
|
192
192
|
verifier.end()
|
|
193
193
|
return isValid
|
|
194
194
|
}
|
|
195
|
+
|
|
196
|
+
#isRSAKey (publicKeyPem) {
|
|
197
|
+
return crypto.createPublicKey(publicKeyPem).asymmetricKeyType === 'rsa'
|
|
198
|
+
}
|
|
195
199
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@evanp/activitypub-bot",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.18.0",
|
|
4
4
|
"description": "server-side ActivityPub bot framework",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "lib/index.js",
|
|
@@ -43,7 +43,7 @@
|
|
|
43
43
|
"sequelize": "^6.37.7"
|
|
44
44
|
},
|
|
45
45
|
"devDependencies": {
|
|
46
|
-
"@evanp/activitypub-nock": "^0.
|
|
46
|
+
"@evanp/activitypub-nock": "^0.5.0",
|
|
47
47
|
"eslint": "^8.57.1",
|
|
48
48
|
"eslint-config-standard": "^17.1.0",
|
|
49
49
|
"eslint-plugin-import": "^2.29.1",
|