From 0f4aab24a8719e3d646175ec85abf9250ef9a489 Mon Sep 17 00:00:00 2001 From: Gabe Kangas Date: Sat, 11 Jun 2022 15:11:17 -0700 Subject: [PATCH] Tweaks for sig verify error message --- activitypub/inbox/worker.go | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/activitypub/inbox/worker.go b/activitypub/inbox/worker.go index 2d0fd9403..a427cad08 100644 --- a/activitypub/inbox/worker.go +++ b/activitypub/inbox/worker.go @@ -21,7 +21,7 @@ import ( func handle(request apmodels.InboxRequest) { if verified, err := Verify(request.Request); err != nil { - log.Debugln("Error in attempting to verify request", err) + log.Errorln("Error in attempting to verify request", err) return } else if !verified { log.Debugln("Request failed verification", err) @@ -35,6 +35,7 @@ func handle(request apmodels.InboxRequest) { // Verify will Verify the http signature of an inbound request as well as // check it against the list of blocked domains. +// nolint: cyclop func Verify(request *http.Request) (bool, error) { verifier, err := httpsig.NewVerifier(request) if err != nil { @@ -51,6 +52,10 @@ func Verify(request *http.Request) (bool, error) { } signature := request.Header.Get("signature") + if signature == "" { + return false, errors.New("http signature header not found in request") + } + var algorithmString string signatureComponents := strings.Split(signature, ",") for _, component := range signatureComponents { @@ -102,8 +107,7 @@ func Verify(request *http.Request) (bool, error) { // The verifier will verify the Digest in addition to the HTTP signature if err := verifier.Verify(parsedKey, algorithm); err != nil { - log.Warnln("verification error for", pubKeyID, err) - return false, errors.Wrap(err, "verification error: "+pubKeyID.String()) + return false, errors.Wrap(err, algorithmString+" http signature verification error for: "+pubKeyID.String()) } return true, nil