From 04d5d59acbf340382ecb63c0f98dd55e32e11035 Mon Sep 17 00:00:00 2001
From: FChannel <=>
Date: Thu, 28 Jan 2021 15:55:32 -0800
Subject: remote auth for follow request

---
 OutboxPost.go | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/OutboxPost.go b/OutboxPost.go
index 979173f..fc4a84a 100644
--- a/OutboxPost.go
+++ b/OutboxPost.go
@@ -531,15 +531,16 @@ func ParseInboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) {
 		
 	case "Follow":
 		for _, e := range activity.To {
-
-			if GetActorFromDB(db, e).Id != "" {
-				response := AcceptFollow(activity)
-				response = SetActorFollowerDB(db, response)
-				MakeActivityRequest(db, response)
-			} else {
-				fmt.Println("follow request for rejected")				
-				response := RejectFollow(activity)
-				MakeActivityRequest(db, response)
+			if len(auth) > 1 && RemoteActorHasAuth(activity.Actor.Id, auth[1]) {
+				if GetActorFromDB(db, e).Id != "" {
+					response := AcceptFollow(activity)
+					response = SetActorFollowerDB(db, response)
+					MakeActivityRequest(db, response)
+				} else {
+					fmt.Println("follow request for rejected")				
+					response := RejectFollow(activity)
+					MakeActivityRequest(db, response)
+				}
 			}
 		}
 		break
-- 
cgit v1.2.3