mirror of
https://git.joinsharkey.org/Sharkey/Sharkey.git
synced 2024-11-24 23:43:10 +02:00
Compare commits
No commits in common. "94fee180b92af2ff8751173d939297d584ea5244" and "d3fbef20f4a192d5c399d1ece4c01e369c1fea68" have entirely different histories.
94fee180b9
...
d3fbef20f4
3 changed files with 14 additions and 16 deletions
|
@ -162,25 +162,23 @@ export class ActivityPubServerService {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
const keyId = new URL(signature.keyId);
|
|
||||||
const keyHost = this.utilityService.toPuny(keyId.hostname);
|
|
||||||
|
|
||||||
const logPrefix = `${request.id} ${request.url} (by ${request.headers['user-agent']}) apparently from ${keyHost}:`;
|
|
||||||
|
|
||||||
if (signature.params.headers.indexOf('host') === -1
|
if (signature.params.headers.indexOf('host') === -1
|
||||||
|| request.headers.host !== this.config.host) {
|
|| request.headers.host !== this.config.host) {
|
||||||
// no destination host, or not us: refuse
|
// no destination host, or not us: refuse
|
||||||
this.authlogger.warn(`${logPrefix} no destination host, or not us: refuse`);
|
this.authlogger.warn(`${request.id} ${request.url} no destination host, or not us: refuse`);
|
||||||
reply.code(401);
|
reply.code(401);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const keyId = new URL(signature.keyId);
|
||||||
|
const keyHost = this.utilityService.toPuny(keyId.hostname);
|
||||||
|
|
||||||
const meta = await this.metaService.fetch();
|
const meta = await this.metaService.fetch();
|
||||||
if (this.utilityService.isBlockedHost(meta.blockedHosts, keyHost)) {
|
if (this.utilityService.isBlockedHost(meta.blockedHosts, keyHost)) {
|
||||||
/* blocked instance: refuse (we don't care if the signature is
|
/* blocked instance: refuse (we don't care if the signature is
|
||||||
good, if they even pretend to be from a blocked instance,
|
good, if they even pretend to be from a blocked instance,
|
||||||
they're out) */
|
they're out) */
|
||||||
this.authlogger.warn(`${logPrefix} instance is blocked: refuse`);
|
this.authlogger.warn(`${request.id} ${request.url} instance ${keyHost} is blocked: refuse`);
|
||||||
reply.code(401);
|
reply.code(401);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -195,13 +193,13 @@ export class ActivityPubServerService {
|
||||||
/* keyId is often in the shape `${user.uri}#${keyname}`, try
|
/* keyId is often in the shape `${user.uri}#${keyname}`, try
|
||||||
fetching information about the remote user */
|
fetching information about the remote user */
|
||||||
const candidate = formatURL(keyId, { fragment: false });
|
const candidate = formatURL(keyId, { fragment: false });
|
||||||
this.authlogger.info(`${logPrefix} we don't know the user for keyId ${keyId}, trying to fetch via ${candidate}`);
|
this.authlogger.info(`${request.id} ${request.url} we don't know the user for keyId ${keyId}, trying to fetch via ${candidate}`);
|
||||||
authUser = await this.apDbResolverService.getAuthUserFromApId(candidate);
|
authUser = await this.apDbResolverService.getAuthUserFromApId(candidate);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (authUser?.key == null) {
|
if (authUser?.key == null) {
|
||||||
// we can't figure out who the signer is, or we can't get their key: refuse
|
// we can't figure out who the signer is, or we can't get their key: refuse
|
||||||
this.authlogger.warn(`${logPrefix} we can't figure out who the signer is, or we can't get their key: refuse`);
|
this.authlogger.warn(`${request.id} ${request.url} we can't figure out who the signer is, or we can't get their key: refuse`);
|
||||||
reply.code(401);
|
reply.code(401);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -209,20 +207,20 @@ export class ActivityPubServerService {
|
||||||
let httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
|
let httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
|
||||||
|
|
||||||
if (!httpSignatureValidated) {
|
if (!httpSignatureValidated) {
|
||||||
this.authlogger.info(`${logPrefix} failed to validate signature, re-fetching the key for ${authUser.user.uri}`);
|
this.authlogger.info(`${request.id} ${request.url} failed to validate signature, re-fetching the key for ${authUser.user.uri}`);
|
||||||
// maybe they changed their key? refetch it
|
// maybe they changed their key? refetch it
|
||||||
authUser.key = await this.apDbResolverService.refetchPublicKeyForApId(authUser.user);
|
authUser.key = await this.apDbResolverService.refetchPublicKeyForApId(authUser.user);
|
||||||
|
|
||||||
if (authUser.key != null) {
|
if (authUser.key != null) {
|
||||||
httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
|
httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
|
||||||
} else {
|
} else {
|
||||||
this.authlogger.warn(`${logPrefix} failed to re-fetch key for ${authUser.user}`);
|
this.authlogger.warn(`${request.id} ${request.url} failed to re-fetch key for ${authUser.user}`);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!httpSignatureValidated) {
|
if (!httpSignatureValidated) {
|
||||||
// bad signature: refuse
|
// bad signature: refuse
|
||||||
this.authlogger.info(`${logPrefix} failed to validate signature: refuse`);
|
this.authlogger.info(`${request.id} ${request.url} failed to validate signature: refuse`);
|
||||||
reply.code(401);
|
reply.code(401);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -281,8 +281,8 @@ const renoteUri = appearNote.value.renote ? appearNote.value.renote.uri : null;
|
||||||
|
|
||||||
const isMyRenote = $i && ($i.id === note.value.userId);
|
const isMyRenote = $i && ($i.id === note.value.userId);
|
||||||
const showContent = ref(defaultStore.state.uncollapseCW);
|
const showContent = ref(defaultStore.state.uncollapseCW);
|
||||||
const parsed = computed(() => appearNote.value.text ? mfm.parse(appearNote.value.text) : null);
|
const parsed = computed(() => appearNote.value.text ? mfm.parse(appearNote.value.text).filter(u => u !== renoteUrl && u !== renoteUri) : null);
|
||||||
const urls = computed(() => parsed.value ? extractUrlFromMfm(parsed.value).filter(u => u !== renoteUrl && u !== renoteUri) : null);
|
const urls = computed(() => parsed.value ? extractUrlFromMfm(parsed.value) : null);
|
||||||
const isLong = shouldCollapsed(appearNote.value, urls.value ?? []);
|
const isLong = shouldCollapsed(appearNote.value, urls.value ?? []);
|
||||||
const collapsed = defaultStore.state.expandLongNote && appearNote.value.cw == null ? false : ref(appearNote.value.cw == null && isLong);
|
const collapsed = defaultStore.state.expandLongNote && appearNote.value.cw == null ? false : ref(appearNote.value.cw == null && isLong);
|
||||||
const isDeleted = ref(false);
|
const isDeleted = ref(false);
|
||||||
|
|
|
@ -282,8 +282,8 @@ const renoteUri = appearNote.value.renote ? appearNote.value.renote.uri : null;
|
||||||
|
|
||||||
const isMyRenote = $i && ($i.id === note.value.userId);
|
const isMyRenote = $i && ($i.id === note.value.userId);
|
||||||
const showContent = ref(defaultStore.state.uncollapseCW);
|
const showContent = ref(defaultStore.state.uncollapseCW);
|
||||||
const parsed = computed(() => appearNote.value.text ? mfm.parse(appearNote.value.text) : null);
|
const parsed = computed(() => appearNote.value.text ? mfm.parse(appearNote.value.text).filter(u => u !== renoteUrl && u !== renoteUri) : null);
|
||||||
const urls = computed(() => parsed.value ? extractUrlFromMfm(parsed.value).filter(u => u !== renoteUrl && u !== renoteUri) : null);
|
const urls = computed(() => parsed.value ? extractUrlFromMfm(parsed.value) : null);
|
||||||
const isLong = shouldCollapsed(appearNote.value, urls.value ?? []);
|
const isLong = shouldCollapsed(appearNote.value, urls.value ?? []);
|
||||||
const collapsed = defaultStore.state.expandLongNote && appearNote.value.cw == null ? false : ref(appearNote.value.cw == null && isLong);
|
const collapsed = defaultStore.state.expandLongNote && appearNote.value.cw == null ? false : ref(appearNote.value.cw == null && isLong);
|
||||||
const isDeleted = ref(false);
|
const isDeleted = ref(false);
|
||||||
|
|
Loading…
Reference in a new issue