diff --git a/functions/ap/users/[id]/inbox.ts b/functions/ap/users/[id]/inbox.ts index f78eb38..ff6bfa9 100644 --- a/functions/ap/users/[id]/inbox.ts +++ b/functions/ap/users/[id]/inbox.ts @@ -12,14 +12,19 @@ import { fetchKey, verifySignature } from 'wildebeest/backend/src/utils/httpsigj import { generateDigestHeader } from 'wildebeest/backend/src/utils/http-signing-cavage' export const onRequest: PagesFunction = async ({ params, request, env }) => { - const parsedSignature = parseRequest(request) - const pubKey = await fetchKey(parsedSignature) - if (pubKey === null) { - return new Response('signature key not found', { status: 401 }) - } - const valid = await verifySignature(parsedSignature, pubKey) - if (!valid) { - return new Response('invalid signature', { status: 401 }) + try { + const parsedSignature = parseRequest(request) + const pubKey = await fetchKey(parsedSignature) + if (pubKey === null) { + return new Response('signature key not found', { status: 401 }) + } + const valid = await verifySignature(parsedSignature, pubKey) + if (!valid) { + return new Response('invalid signature', { status: 401 }) + } + } catch (err: unknown) { + console.warn((err as any).stack) + return new Response('signature verification failed', { status: 401 }) } const body = await request.text()