Add more security check/verification

app.py

@@ -901,14 +901,19 @@ def inbox():
     logger.debug(f'req_headers={request.headers}')
     logger.debug(f'raw_data={data}')
     try:                                            
-        print(verify_request(ACTOR_SERVICE))        
-    except Exception:                                         
+        if not verify_request(ACTOR_SERVICE):
+            raise Exception('failed to verify request')
+    except Exception:
         logger.exception('failed to verify request, trying to verify the payload by fetching the remote')
         try:
             data = OBJECT_SERVICE.get(data['id'])
         except Exception:
             logger.exception(f'failed to fetch remote id at {data["id"]}')
-            abort(422)
+            return Response(
+                status=422,
+                headers={'Content-Type': 'application/json'},
+                response=json.dumps({'error': 'failed to verify request (using HTTP signatures or fetching the IRI)'}),
+            )
 
     activity = activitypub.parse_activity(data)                 
     logger.debug(f'inbox activity={activity}/{data}')