server: check for valid keyId URL before parse

packages/backend/src/queue/processors/inbox.ts

@@ -29,18 +29,18 @@ export default async (job: Bull.Job<InboxJobData>): Promise<string> => {
 	logger.debug(JSON.stringify(info, null, 2));
 	//#endregion
 
-	const host = toPuny(new URL(signature.keyId).hostname);
+	const keyIdLower = signature.keyId.toLowerCase();
+	if (keyIdLower.startsWith('acct:')) {
+		return `Old keyId is no longer supported. ${keyIdLower}`;
+	}
+
+	const host = toPuny(new URL(keyIdLower).hostname);
 
 	// Stop if the host is blocked.
 	if (await shouldBlockInstance(host)) {
 		return `Blocked request: ${host}`;
 	}
 
-	const keyIdLower = signature.keyId.toLowerCase();
-	if (keyIdLower.startsWith('acct:')) {
-		return `Old keyId is no longer supported. ${keyIdLower}`;
-	}
-
 	const resolver = new Resolver();
 
 	let authUser;