diff --git a/packages/backend/src/remote/activitypub/check-fetch.ts b/packages/backend/src/remote/activitypub/check-fetch.ts index 3e52575a94..a3e241c254 100644 --- a/packages/backend/src/remote/activitypub/check-fetch.ts +++ b/packages/backend/src/remote/activitypub/check-fetch.ts @@ -7,6 +7,8 @@ import DbResolver from "@/remote/activitypub/db-resolver.js"; import { getApId } from "@/remote/activitypub/type.js"; import { shouldBlockInstance } from "@/misc/should-block-instance.js"; import type { IncomingMessage } from "http"; +import type { CacheableRemoteUser } from "@/models/entities/user.js"; +import type { UserPublickey } from "@/models/entities/user-publickey.js"; export async function hasSignature(req: IncomingMessage): Promise { const meta = await fetchMeta(); @@ -98,7 +100,10 @@ export async function checkFetch(req: IncomingMessage): Promise { export async function getSignatureUser( req: IncomingMessage, -): Promise { +): Promise<{ + user: CacheableRemoteUser; + key: UserPublickey | null; +} | null> { let authUser; const meta = await fetchMeta(); if (meta.secureMode || meta.privateMode) { @@ -114,7 +119,7 @@ export async function getSignatureUser( const host = toPuny(keyId.hostname); if (await shouldBlockInstance(host, meta)) { - return 403; + return null; } if ( @@ -137,20 +142,20 @@ export async function getSignatureUser( authUser = await dbResolver.getAuthUserFromKeyId(signature.keyId); // keyIdでわからなければ、resolveしてみる - if (authUser == null) { + if (!authUser) { try { keyId.hash = ""; authUser = await dbResolver.getAuthUserFromApId( getApId(keyId.toString()), ); - } catch (e) { + } catch { // できなければ駄目 return null; } } // publicKey がなくても終了 - if (authUser?.key == null) { + if (!authUser?.key) { return null; } diff --git a/packages/backend/src/server/activitypub.ts b/packages/backend/src/server/activitypub.ts index 548aafdd2f..f9d5eb99c3 100644 --- a/packages/backend/src/server/activitypub.ts +++ b/packages/backend/src/server/activitypub.ts @@ -108,17 +108,23 @@ router.get("/notes/:note", async (ctx, next) => { return; } - if (note.visibility == "followers") { + if (note.visibility === "followers") { serverLogger.debug( "Responding to request for follower-only note, validating access...", ); - let remoteUser = await getSignatureUser(ctx.req); + const remoteUser = await getSignatureUser(ctx.req); serverLogger.debug("Local note author user:"); serverLogger.debug(JSON.stringify(note, null, 2)); serverLogger.debug("Authenticated remote user:"); serverLogger.debug(JSON.stringify(remoteUser, null, 2)); - let relation = await Users.getRelation(remoteUser.user.id, note.userId); + if (remoteUser == null) { + serverLogger.debug("Rejecting: no user"); + ctx.status = 401; + return; + } + + const relation = await Users.getRelation(remoteUser.user.id, note.userId); serverLogger.debug("Relation:"); serverLogger.debug(JSON.stringify(relation, null, 2));