From 888ec9e579169e899b58344b18fce860477d9bfc Mon Sep 17 00:00:00 2001
From: Roger Braun <roger@rogerbraun.net>
Date: Tue, 12 Dec 2017 10:17:50 +0100
Subject: [PATCH] ActivityPub: Check inbox requests for valid signature.

---
 lib/pleroma/web/activity_pub/activity_pub_controller.ex | 3 ++-
 lib/pleroma/web/router.ex                               | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
index a9c0401bc..0f631dd4b 100644
--- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
@@ -18,7 +18,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
     end
   end
 
-  def inbox(conn, params) do
+  # TODO: Move signature failure halt into plug
+  def inbox(%{assigns: %{valid_signature: true}} = conn, params) do
     {:ok, activity} = ActivityPub.insert(params, false)
     json(conn, "ok")
   end
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 4803a6370..4f9ebf5e8 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -219,9 +219,11 @@ defmodule Pleroma.Web.Router do
 
   pipeline :activitypub do
     plug :accepts, ["activity+json"]
+    plug Pleroma.Web.Plugs.HTTPSignaturePlug
   end
 
   scope "/", Pleroma.Web.ActivityPub do
+    pipe_through :activitypub
     post "/users/:nickname/inbox", ActivityPubController, :inbox
   end