fix: update signature parsing logic to handle values with equal signs…

… in them, closes #12538
NodeBB · Apr 29, 2024 · 596a5e4 · 596a5e4
1 parent 4d77755
commit 596a5e4
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/src/middleware/activitypub.js b/src/middleware/activitypub.js
@@ -76,7 +76,10 @@ middleware.validate = async function (req, res, next) {
 	await activitypub.actors.assert(actor);
 	const compare = await db.getObjectField(`userRemote:${actor}:keys`, 'id');
 	const { signature } = req.headers;
-	const keyId = new Map(signature.split(',').filter(Boolean).map(v => v.split('='))).get('keyId');
+	const keyId = new Map(signature.split(',').filter(Boolean).map((v) => {
+		const index = v.indexOf('=');
+		return [v.substring(0, index), v.slice(index + 1)];
+	})).get('keyId');
 	if (`"${compare}"` !== keyId) {
 		winston.verbose('[middleware/activitypub] Key ownership cross-check failed.');
 		return res.sendStatus(403);