refactor: simplify getSignatureUser
This commit is contained in:
parent
487e7ba43c
commit
89e4e3ea5b
1 changed files with 12 additions and 72 deletions
|
@ -98,81 +98,21 @@ export async function checkFetch(req: IncomingMessage): Promise<number> {
|
||||||
return 200;
|
return 200;
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function getSignatureUser(
|
export async function getSignatureUser(req: IncomingMessage): Promise<{
|
||||||
req: IncomingMessage,
|
|
||||||
): Promise<{
|
|
||||||
user: CacheableRemoteUser;
|
user: CacheableRemoteUser;
|
||||||
key: UserPublickey | null;
|
key: UserPublickey | null;
|
||||||
} | null> {
|
} | null> {
|
||||||
let authUser;
|
const signature = httpSignature.parseRequest(req, { headers: [] });
|
||||||
const meta = await fetchMeta();
|
const keyId = new URL(signature.keyId);
|
||||||
if (meta.secureMode || meta.privateMode) {
|
const dbResolver = new DbResolver();
|
||||||
let signature;
|
|
||||||
|
|
||||||
try {
|
// Retrieve from DB by HTTP-Signature keyId
|
||||||
signature = httpSignature.parseRequest(req, { headers: [] });
|
const authUser = await dbResolver.getAuthUserFromKeyId(signature.keyId);
|
||||||
} catch (e) {
|
if (authUser) {
|
||||||
return null;
|
return authUser;
|
||||||
}
|
|
||||||
|
|
||||||
const keyId = new URL(signature.keyId);
|
|
||||||
const host = toPuny(keyId.hostname);
|
|
||||||
|
|
||||||
if (await shouldBlockInstance(host, meta)) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (
|
|
||||||
meta.privateMode &&
|
|
||||||
host !== config.host &&
|
|
||||||
!meta.allowedHosts.includes(host)
|
|
||||||
) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
const keyIdLower = signature.keyId.toLowerCase();
|
|
||||||
if (keyIdLower.startsWith("acct:")) {
|
|
||||||
// Old keyId is no longer supported.
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
const dbResolver = new DbResolver();
|
|
||||||
|
|
||||||
// HTTP-Signature keyIdを元にDBから取得
|
|
||||||
authUser = await dbResolver.getAuthUserFromKeyId(signature.keyId);
|
|
||||||
|
|
||||||
// keyIdでわからなければ、resolveしてみる
|
|
||||||
if (!authUser) {
|
|
||||||
try {
|
|
||||||
keyId.hash = "";
|
|
||||||
authUser = await dbResolver.getAuthUserFromApId(
|
|
||||||
getApId(keyId.toString()),
|
|
||||||
);
|
|
||||||
} catch {
|
|
||||||
// できなければ駄目
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// publicKey がなくても終了
|
|
||||||
if (!authUser?.key) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
// もう一回チェック
|
|
||||||
if (authUser.user.host !== host) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
// HTTP-Signatureの検証
|
|
||||||
const httpSignatureValidated = httpSignature.verifySignature(
|
|
||||||
signature,
|
|
||||||
authUser.key.keyPem,
|
|
||||||
);
|
|
||||||
|
|
||||||
if (!httpSignatureValidated) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return authUser;
|
|
||||||
|
// Resolve if failed to retrieve by keyId
|
||||||
|
keyId.hash = "";
|
||||||
|
return await dbResolver.getAuthUserFromApId(getApId(keyId.toString()));
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue