Write warning to log if request signer differs from activity signer

2022-10-31 22:25:02 +00:00 · 2022-10-31 22:25:02 +00:00 · 4193ba94a5
commit 4193ba94a5
parent 67eb654203
1 changed files with 10 additions and 2 deletions
--- a/src/activitypub/receiver.rs
+++ b/src/activitypub/receiver.rs
@ -182,8 +182,16 @@ pub async fn receive_activity(
    // Verify embedded signature
    match verify_signed_activity(config, db_client, activity_raw).await {
        Ok(signer) => {
-            let signer_id = signer.actor_id(&config.instance_url());
-            log::info!("activity signed by {}", signer_id);
+            let activity_signer_id = signer.actor_id(&config.instance_url());
+            if activity_signer_id != signer_id {
+                log::warn!(
+                    "request signer {} is different from activity signer {}",
+                    signer_id,
+                    activity_signer_id,
+                );
+            } else {
+                log::debug!("activity signed by {}", activity_signer_id);
+            };
        },
        Err(AuthenticationError::NoJsonSignature) => (), // ignore
        Err(other_error) => {