This commit is contained in:
ThatOneCalculator 2023-06-27 22:20:52 -07:00 committed by Namekuji
parent 516e0f8ecf
commit 487e7ba43c
No known key found for this signature in database
GPG key ID: 1D62332C07FBA532
2 changed files with 19 additions and 8 deletions

View file

@ -7,6 +7,8 @@ import DbResolver from "@/remote/activitypub/db-resolver.js";
import { getApId } from "@/remote/activitypub/type.js"; import { getApId } from "@/remote/activitypub/type.js";
import { shouldBlockInstance } from "@/misc/should-block-instance.js"; import { shouldBlockInstance } from "@/misc/should-block-instance.js";
import type { IncomingMessage } from "http"; import type { IncomingMessage } from "http";
import type { CacheableRemoteUser } from "@/models/entities/user.js";
import type { UserPublickey } from "@/models/entities/user-publickey.js";
export async function hasSignature(req: IncomingMessage): Promise<string> { export async function hasSignature(req: IncomingMessage): Promise<string> {
const meta = await fetchMeta(); const meta = await fetchMeta();
@ -98,7 +100,10 @@ export async function checkFetch(req: IncomingMessage): Promise<number> {
export async function getSignatureUser( export async function getSignatureUser(
req: IncomingMessage, req: IncomingMessage,
): Promise<CacheableRemoteUser> { ): Promise<{
user: CacheableRemoteUser;
key: UserPublickey | null;
} | null> {
let authUser; let authUser;
const meta = await fetchMeta(); const meta = await fetchMeta();
if (meta.secureMode || meta.privateMode) { if (meta.secureMode || meta.privateMode) {
@ -114,7 +119,7 @@ export async function getSignatureUser(
const host = toPuny(keyId.hostname); const host = toPuny(keyId.hostname);
if (await shouldBlockInstance(host, meta)) { if (await shouldBlockInstance(host, meta)) {
return 403; return null;
} }
if ( if (
@ -137,20 +142,20 @@ export async function getSignatureUser(
authUser = await dbResolver.getAuthUserFromKeyId(signature.keyId); authUser = await dbResolver.getAuthUserFromKeyId(signature.keyId);
// keyIdでわからなければ、resolveしてみる // keyIdでわからなければ、resolveしてみる
if (authUser == null) { if (!authUser) {
try { try {
keyId.hash = ""; keyId.hash = "";
authUser = await dbResolver.getAuthUserFromApId( authUser = await dbResolver.getAuthUserFromApId(
getApId(keyId.toString()), getApId(keyId.toString()),
); );
} catch (e) { } catch {
// できなければ駄目 // できなければ駄目
return null; return null;
} }
} }
// publicKey がなくても終了 // publicKey がなくても終了
if (authUser?.key == null) { if (!authUser?.key) {
return null; return null;
} }

View file

@ -108,17 +108,23 @@ router.get("/notes/:note", async (ctx, next) => {
return; return;
} }
if (note.visibility == "followers") { if (note.visibility === "followers") {
serverLogger.debug( serverLogger.debug(
"Responding to request for follower-only note, validating access...", "Responding to request for follower-only note, validating access...",
); );
let remoteUser = await getSignatureUser(ctx.req); const remoteUser = await getSignatureUser(ctx.req);
serverLogger.debug("Local note author user:"); serverLogger.debug("Local note author user:");
serverLogger.debug(JSON.stringify(note, null, 2)); serverLogger.debug(JSON.stringify(note, null, 2));
serverLogger.debug("Authenticated remote user:"); serverLogger.debug("Authenticated remote user:");
serverLogger.debug(JSON.stringify(remoteUser, null, 2)); serverLogger.debug(JSON.stringify(remoteUser, null, 2));
let relation = await Users.getRelation(remoteUser.user.id, note.userId); if (remoteUser == null) {
serverLogger.debug("Rejecting: no user");
ctx.status = 401;
return;
}
const relation = await Users.getRelation(remoteUser.user.id, note.userId);
serverLogger.debug("Relation:"); serverLogger.debug("Relation:");
serverLogger.debug(JSON.stringify(relation, null, 2)); serverLogger.debug(JSON.stringify(relation, null, 2));