Compare commits

...

5 commits

Author SHA1 Message Date
Marie
94fee180b9 merge: additional authorised fetch logging (#328) 2024-01-08 22:25:46 +01:00
Marie
9d9ca6d67a merge: hide preview for quote renote 2024-01-08 22:02:28 +01:00
dakkar
9d939bcc49 authorised fetch: log more details
this will help debugging problems in the implementation; thanks to
@ShittyKopper for the suggestion
2024-01-08 18:54:01 +00:00
dakkar
3b75e93706 remove extraneous renoteUr[il] filters 2024-01-08 13:59:15 +00:00
ShittyKopper
ca3770470e re-re-fix: hide preview of quote-renote 2024-01-08 13:55:14 +00:00
3 changed files with 16 additions and 14 deletions

View file

@ -162,23 +162,25 @@ export class ActivityPubServerService {
return true;
}
const keyId = new URL(signature.keyId);
const keyHost = this.utilityService.toPuny(keyId.hostname);
const logPrefix = `${request.id} ${request.url} (by ${request.headers['user-agent']}) apparently from ${keyHost}:`;
if (signature.params.headers.indexOf('host') === -1
|| request.headers.host !== this.config.host) {
// no destination host, or not us: refuse
this.authlogger.warn(`${request.id} ${request.url} no destination host, or not us: refuse`);
this.authlogger.warn(`${logPrefix} no destination host, or not us: refuse`);
reply.code(401);
return true;
}
const keyId = new URL(signature.keyId);
const keyHost = this.utilityService.toPuny(keyId.hostname);
const meta = await this.metaService.fetch();
if (this.utilityService.isBlockedHost(meta.blockedHosts, keyHost)) {
/* blocked instance: refuse (we don't care if the signature is
good, if they even pretend to be from a blocked instance,
they're out) */
this.authlogger.warn(`${request.id} ${request.url} instance ${keyHost} is blocked: refuse`);
this.authlogger.warn(`${logPrefix} instance is blocked: refuse`);
reply.code(401);
return true;
}
@ -193,13 +195,13 @@ export class ActivityPubServerService {
/* keyId is often in the shape `${user.uri}#${keyname}`, try
fetching information about the remote user */
const candidate = formatURL(keyId, { fragment: false });
this.authlogger.info(`${request.id} ${request.url} we don't know the user for keyId ${keyId}, trying to fetch via ${candidate}`);
this.authlogger.info(`${logPrefix} we don't know the user for keyId ${keyId}, trying to fetch via ${candidate}`);
authUser = await this.apDbResolverService.getAuthUserFromApId(candidate);
}
if (authUser?.key == null) {
// we can't figure out who the signer is, or we can't get their key: refuse
this.authlogger.warn(`${request.id} ${request.url} we can't figure out who the signer is, or we can't get their key: refuse`);
this.authlogger.warn(`${logPrefix} we can't figure out who the signer is, or we can't get their key: refuse`);
reply.code(401);
return true;
}
@ -207,20 +209,20 @@ export class ActivityPubServerService {
let httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
if (!httpSignatureValidated) {
this.authlogger.info(`${request.id} ${request.url} failed to validate signature, re-fetching the key for ${authUser.user.uri}`);
this.authlogger.info(`${logPrefix} failed to validate signature, re-fetching the key for ${authUser.user.uri}`);
// maybe they changed their key? refetch it
authUser.key = await this.apDbResolverService.refetchPublicKeyForApId(authUser.user);
if (authUser.key != null) {
httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
} else {
this.authlogger.warn(`${request.id} ${request.url} failed to re-fetch key for ${authUser.user}`);
this.authlogger.warn(`${logPrefix} failed to re-fetch key for ${authUser.user}`);
}
}
if (!httpSignatureValidated) {
// bad signature: refuse
this.authlogger.info(`${request.id} ${request.url} failed to validate signature: refuse`);
this.authlogger.info(`${logPrefix} failed to validate signature: refuse`);
reply.code(401);
return true;
}

View file

@ -281,8 +281,8 @@ const renoteUri = appearNote.value.renote ? appearNote.value.renote.uri : null;
const isMyRenote = $i && ($i.id === note.value.userId);
const showContent = ref(defaultStore.state.uncollapseCW);
const parsed = computed(() => appearNote.value.text ? mfm.parse(appearNote.value.text).filter(u => u !== renoteUrl && u !== renoteUri) : null);
const urls = computed(() => parsed.value ? extractUrlFromMfm(parsed.value) : null);
const parsed = computed(() => appearNote.value.text ? mfm.parse(appearNote.value.text) : null);
const urls = computed(() => parsed.value ? extractUrlFromMfm(parsed.value).filter(u => u !== renoteUrl && u !== renoteUri) : null);
const isLong = shouldCollapsed(appearNote.value, urls.value ?? []);
const collapsed = defaultStore.state.expandLongNote && appearNote.value.cw == null ? false : ref(appearNote.value.cw == null && isLong);
const isDeleted = ref(false);

View file

@ -282,8 +282,8 @@ const renoteUri = appearNote.value.renote ? appearNote.value.renote.uri : null;
const isMyRenote = $i && ($i.id === note.value.userId);
const showContent = ref(defaultStore.state.uncollapseCW);
const parsed = computed(() => appearNote.value.text ? mfm.parse(appearNote.value.text).filter(u => u !== renoteUrl && u !== renoteUri) : null);
const urls = computed(() => parsed.value ? extractUrlFromMfm(parsed.value) : null);
const parsed = computed(() => appearNote.value.text ? mfm.parse(appearNote.value.text) : null);
const urls = computed(() => parsed.value ? extractUrlFromMfm(parsed.value).filter(u => u !== renoteUrl && u !== renoteUri) : null);
const isLong = shouldCollapsed(appearNote.value, urls.value ?? []);
const collapsed = defaultStore.state.expandLongNote && appearNote.value.cw == null ? false : ref(appearNote.value.cw == null && isLong);
const isDeleted = ref(false);