From 24fbdf2b0a820684b69b10893e82cdb1a76ca14d Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Tue, 13 Jun 2023 16:47:56 +0200
Subject: [PATCH] [chore] Refactor AP authentication, other small bits of
tidying up (#1874)
---
internal/ap/contextkey.go | 36 -
internal/ap/extract.go | 63 +-
internal/api/activitypub/emoji/emojiget.go | 2 +-
.../api/activitypub/publickey/publickeyget.go | 2 +-
internal/api/activitypub/users/featured.go | 2 +-
internal/api/activitypub/users/followers.go | 2 +-
internal/api/activitypub/users/following.go | 2 +-
internal/api/activitypub/users/inboxpost.go | 2 +-
.../api/activitypub/users/inboxpost_test.go | 25 +
internal/api/activitypub/users/outboxget.go | 2 +-
internal/api/activitypub/users/repliesget.go | 2 +-
internal/api/activitypub/users/statusget.go | 2 +-
internal/api/activitypub/users/user_test.go | 2 +
internal/api/activitypub/users/userget.go | 2 +-
internal/api/util/signaturectx.go | 40 --
internal/federation/authenticate.go | 491 +++++++-------
internal/federation/federatingactor.go | 36 +-
internal/federation/federatingactor_test.go | 6 +-
internal/federation/federatingdb/accept.go | 9 +-
internal/federation/federatingdb/announce.go | 9 +-
internal/federation/federatingdb/create.go | 9 +-
internal/federation/federatingdb/delete.go | 9 +-
.../federatingdb/federatingdb_test.go | 6 +-
internal/federation/federatingdb/reject.go | 9 +-
internal/federation/federatingdb/undo.go | 9 +-
internal/federation/federatingdb/update.go | 22 +-
internal/federation/federatingdb/util.go | 40 +-
internal/federation/federatingprotocol.go | 420 ++++++++----
.../federation/federatingprotocol_test.go | 635 ++++++++++--------
internal/federation/federator_test.go | 51 +-
internal/gtscontext/context.go | 103 ++-
internal/gtscontext/log_hooks.go | 2 +-
internal/middleware/signaturecheck.go | 117 ++--
internal/transport/transport.go | 4 +-
internal/typeutils/astointernal.go | 7 +-
internal/util/unique.go | 54 +-
internal/web/profile.go | 21 +-
internal/web/thread.go | 21 +-
38 files changed, 1280 insertions(+), 996 deletions(-)
delete mode 100644 internal/ap/contextkey.go
delete mode 100644 internal/api/util/signaturectx.go
diff --git a/internal/ap/contextkey.go b/internal/ap/contextkey.go
deleted file mode 100644
index af9b62d0e..000000000
--- a/internal/ap/contextkey.go
+++ /dev/null
@@ -1,36 +0,0 @@
-// GoToSocial
-// Copyright (C) GoToSocial Authors admin@gotosocial.org
-// SPDX-License-Identifier: AGPL-3.0-or-later
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program. If not, see .
-
-package ap
-
-// ContextKey is a type used specifically for settings values on contexts within go-fed AP request chains
-type ContextKey string
-
-const (
- // ContextReceivingAccount can be used the set and retrieve the account being interacted with / receiving an activity in their inbox.
- ContextReceivingAccount ContextKey = "receivingAccount"
- // ContextRequestingAccount can be used to set and retrieve the account of an incoming federation request.
- // This will often be the actor of the instance that's posting the request.
- ContextRequestingAccount ContextKey = "requestingAccount"
- // ContextOtherInvolvedIRIs can be used to set and retrieve a slice of all IRIs that are 'involved' in an Activity without being
- // the receivingAccount or the requestingAccount. In other words, people or notes who are CC'ed or Replied To by an Activity.
- ContextOtherInvolvedIRIs ContextKey = "otherInvolvedIRIs"
- // ContextRequestingPublicKeyVerifier can be used to set and retrieve the public key verifier of an incoming federation request.
- ContextRequestingPublicKeyVerifier ContextKey = "requestingPublicKeyVerifier"
- // ContextRequestingPublicKeySignature can be used to set and retrieve the value of the signature header of an incoming federation request.
- ContextRequestingPublicKeySignature ContextKey = "requestingPublicKeySignature"
-)
diff --git a/internal/ap/extract.go b/internal/ap/extract.go
index ce7c03901..ee6a513f6 100644
--- a/internal/ap/extract.go
+++ b/internal/ap/extract.go
@@ -32,6 +32,7 @@ import (
"time"
"github.com/superseriousbusiness/activity/pub"
+ "github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
"github.com/superseriousbusiness/gotosocial/internal/util"
)
@@ -343,42 +344,59 @@ func ExtractURL(i WithURL) (*url.URL, error) {
return nil, errors.New("could not extract url")
}
-// ExtractPublicKeyForOwner extracts the public key from an interface, as long as it belongs to the specified owner.
-// It will return the public key itself, the id/URL of the public key, or an error if something goes wrong.
-func ExtractPublicKeyForOwner(i WithPublicKey, forOwner *url.URL) (*rsa.PublicKey, *url.URL, error) {
- publicKeyProp := i.GetW3IDSecurityV1PublicKey()
- if publicKeyProp == nil {
- return nil, nil, errors.New("public key property was nil")
+// ExtractPublicKey extracts the public key, public key ID, and public
+// key owner ID from an interface, or an error if something goes wrong.
+func ExtractPublicKey(i WithPublicKey) (
+ *rsa.PublicKey, // pubkey
+ *url.URL, // pubkey ID
+ *url.URL, // pubkey owner
+ error,
+) {
+ pubKeyProp := i.GetW3IDSecurityV1PublicKey()
+ if pubKeyProp == nil {
+ return nil, nil, nil, gtserror.New("public key property was nil")
}
- for iter := publicKeyProp.Begin(); iter != publicKeyProp.End(); iter = iter.Next() {
+ for iter := pubKeyProp.Begin(); iter != pubKeyProp.End(); iter = iter.Next() {
+ if !iter.IsW3IDSecurityV1PublicKey() {
+ continue
+ }
+
pkey := iter.Get()
if pkey == nil {
continue
}
- pkeyID, err := pub.GetId(pkey)
- if err != nil || pkeyID == nil {
+ pubKeyID, err := pub.GetId(pkey)
+ if err != nil {
continue
}
- if pkey.GetW3IDSecurityV1Owner() == nil || pkey.GetW3IDSecurityV1Owner().Get() == nil || pkey.GetW3IDSecurityV1Owner().Get().String() != forOwner.String() {
+ pubKeyOwnerProp := pkey.GetW3IDSecurityV1Owner()
+ if pubKeyOwnerProp == nil {
continue
}
- if pkey.GetW3IDSecurityV1PublicKeyPem() == nil {
+ pubKeyOwner := pubKeyOwnerProp.GetIRI()
+ if pubKeyOwner == nil {
continue
}
- pkeyPem := pkey.GetW3IDSecurityV1PublicKeyPem().Get()
+ pubKeyPemProp := pkey.GetW3IDSecurityV1PublicKeyPem()
+ if pubKeyPemProp == nil {
+ continue
+ }
+
+ pkeyPem := pubKeyPemProp.Get()
if pkeyPem == "" {
continue
}
block, _ := pem.Decode([]byte(pkeyPem))
if block == nil {
- return nil, nil, errors.New("could not decode publicKeyPem: no PEM data")
+ continue
}
+
var p crypto.PublicKey
switch block.Type {
case "PUBLIC KEY":
@@ -386,19 +404,26 @@ func ExtractPublicKeyForOwner(i WithPublicKey, forOwner *url.URL) (*rsa.PublicKe
case "RSA PUBLIC KEY":
p, err = x509.ParsePKCS1PublicKey(block.Bytes)
default:
- return nil, nil, fmt.Errorf("could not parse public key: unknown block type: %q", block.Type)
+ err = fmt.Errorf("unknown block type: %q", block.Type)
}
if err != nil {
- return nil, nil, fmt.Errorf("could not parse public key from block bytes: %s", err)
+ err = gtserror.Newf("could not parse public key from block bytes: %w", err)
+ return nil, nil, nil, err
}
+
if p == nil {
- return nil, nil, errors.New("returned public key was empty")
+ return nil, nil, nil, gtserror.New("returned public key was empty")
}
- if publicKey, ok := p.(*rsa.PublicKey); ok {
- return publicKey, pkeyID, nil
+
+ pubKey, ok := p.(*rsa.PublicKey)
+ if !ok {
+ continue
}
+
+ return pubKey, pubKeyID, pubKeyOwner, nil
}
- return nil, nil, errors.New("couldn't find public key")
+
+ return nil, nil, nil, gtserror.New("couldn't find public key")
}
// ExtractContent returns a string representation of the interface's Content property,
diff --git a/internal/api/activitypub/emoji/emojiget.go b/internal/api/activitypub/emoji/emojiget.go
index 8ea84f565..8602b6052 100644
--- a/internal/api/activitypub/emoji/emojiget.go
+++ b/internal/api/activitypub/emoji/emojiget.go
@@ -42,7 +42,7 @@ func (m *Module) EmojiGetHandler(c *gin.Context) {
return
}
- resp, errWithCode := m.processor.Fedi().EmojiGet(apiutil.TransferSignatureContext(c), requestedEmojiID)
+ resp, errWithCode := m.processor.Fedi().EmojiGet(c.Request.Context(), requestedEmojiID)
if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
diff --git a/internal/api/activitypub/publickey/publickeyget.go b/internal/api/activitypub/publickey/publickeyget.go
index 77e969469..5ccb86328 100644
--- a/internal/api/activitypub/publickey/publickeyget.go
+++ b/internal/api/activitypub/publickey/publickeyget.go
@@ -54,7 +54,7 @@ func (m *Module) PublicKeyGETHandler(c *gin.Context) {
return
}
- resp, errWithCode := m.processor.Fedi().UserGet(apiutil.TransferSignatureContext(c), requestedUsername, c.Request.URL)
+ resp, errWithCode := m.processor.Fedi().UserGet(c.Request.Context(), requestedUsername, c.Request.URL)
if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
diff --git a/internal/api/activitypub/users/featured.go b/internal/api/activitypub/users/featured.go
index 9ccaed069..de6ff14ae 100644
--- a/internal/api/activitypub/users/featured.go
+++ b/internal/api/activitypub/users/featured.go
@@ -80,7 +80,7 @@ func (m *Module) FeaturedCollectionGETHandler(c *gin.Context) {
return
}
- resp, errWithCode := m.processor.Fedi().FeaturedCollectionGet(apiutil.TransferSignatureContext(c), requestedUsername)
+ resp, errWithCode := m.processor.Fedi().FeaturedCollectionGet(c.Request.Context(), requestedUsername)
if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
diff --git a/internal/api/activitypub/users/followers.go b/internal/api/activitypub/users/followers.go
index ddfa3e9d0..0825651a8 100644
--- a/internal/api/activitypub/users/followers.go
+++ b/internal/api/activitypub/users/followers.go
@@ -51,7 +51,7 @@ func (m *Module) FollowersGETHandler(c *gin.Context) {
return
}
- resp, errWithCode := m.processor.Fedi().FollowersGet(apiutil.TransferSignatureContext(c), requestedUsername)
+ resp, errWithCode := m.processor.Fedi().FollowersGet(c.Request.Context(), requestedUsername)
if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
diff --git a/internal/api/activitypub/users/following.go b/internal/api/activitypub/users/following.go
index 79722cea1..bc6e96ca1 100644
--- a/internal/api/activitypub/users/following.go
+++ b/internal/api/activitypub/users/following.go
@@ -51,7 +51,7 @@ func (m *Module) FollowingGETHandler(c *gin.Context) {
return
}
- resp, errWithCode := m.processor.Fedi().FollowingGet(apiutil.TransferSignatureContext(c), requestedUsername)
+ resp, errWithCode := m.processor.Fedi().FollowingGet(c.Request.Context(), requestedUsername)
if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
diff --git a/internal/api/activitypub/users/inboxpost.go b/internal/api/activitypub/users/inboxpost.go
index 4f535f534..c2d3d79c4 100644
--- a/internal/api/activitypub/users/inboxpost.go
+++ b/internal/api/activitypub/users/inboxpost.go
@@ -30,7 +30,7 @@ import (
// InboxPOSTHandler deals with incoming POST requests to an actor's inbox.
// Eg., POST to https://example.org/users/whatever/inbox.
func (m *Module) InboxPOSTHandler(c *gin.Context) {
- _, err := m.processor.Fedi().InboxPost(apiutil.TransferSignatureContext(c), c.Writer, c.Request)
+ _, err := m.processor.Fedi().InboxPost(c.Request.Context(), c.Writer, c.Request)
if err != nil {
errWithCode := new(gtserror.WithCode)
diff --git a/internal/api/activitypub/users/inboxpost_test.go b/internal/api/activitypub/users/inboxpost_test.go
index 82e86fb9c..c5027f342 100644
--- a/internal/api/activitypub/users/inboxpost_test.go
+++ b/internal/api/activitypub/users/inboxpost_test.go
@@ -517,6 +517,31 @@ func (suite *InboxPostTestSuite) TestPostFromBlockedAccount() {
)
}
+func (suite *InboxPostTestSuite) TestPostFromBlockedAccountToOtherAccount() {
+ var (
+ requestingAccount = suite.testAccounts["remote_account_1"]
+ targetAccount = suite.testAccounts["local_account_1"]
+ activity = suite.testActivities["reply_to_turtle_for_turtle"]
+ statusURI = "http://fossbros-anonymous.io/users/foss_satan/statuses/2f1195a6-5cb0-4475-adf5-92ab9a0147fe"
+ )
+
+ // Post an reply to turtle to ZORK from remote account.
+ // Turtle blocks the remote account but is only tangentially
+ // related to this POST request. The response will indicate
+ // accepted but the post won't actually be processed.
+ suite.inboxPost(
+ activity.Activity,
+ requestingAccount,
+ targetAccount,
+ http.StatusAccepted,
+ `{"status":"Accepted"}`,
+ suite.signatureCheck,
+ )
+
+ _, err := suite.state.DB.GetStatusByURI(context.Background(), statusURI)
+ suite.ErrorIs(err, db.ErrNoEntries)
+}
+
func (suite *InboxPostTestSuite) TestPostUnauthorized() {
var (
requestingAccount = suite.testAccounts["remote_account_1"]
diff --git a/internal/api/activitypub/users/outboxget.go b/internal/api/activitypub/users/outboxget.go
index 7abc3921f..9e3ec2d15 100644
--- a/internal/api/activitypub/users/outboxget.go
+++ b/internal/api/activitypub/users/outboxget.go
@@ -129,7 +129,7 @@ func (m *Module) OutboxGETHandler(c *gin.Context) {
maxID = maxIDString
}
- resp, errWithCode := m.processor.Fedi().OutboxGet(apiutil.TransferSignatureContext(c), requestedUsername, page, maxID, minID)
+ resp, errWithCode := m.processor.Fedi().OutboxGet(c.Request.Context(), requestedUsername, page, maxID, minID)
if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
diff --git a/internal/api/activitypub/users/repliesget.go b/internal/api/activitypub/users/repliesget.go
index bece312b8..70764a73d 100644
--- a/internal/api/activitypub/users/repliesget.go
+++ b/internal/api/activitypub/users/repliesget.go
@@ -149,7 +149,7 @@ func (m *Module) StatusRepliesGETHandler(c *gin.Context) {
minID = minIDString
}
- resp, errWithCode := m.processor.Fedi().StatusRepliesGet(apiutil.TransferSignatureContext(c), requestedUsername, requestedStatusID, page, onlyOtherAccounts, c.Query("only_other_accounts") != "", minID)
+ resp, errWithCode := m.processor.Fedi().StatusRepliesGet(c.Request.Context(), requestedUsername, requestedStatusID, page, onlyOtherAccounts, c.Query("only_other_accounts") != "", minID)
if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
diff --git a/internal/api/activitypub/users/statusget.go b/internal/api/activitypub/users/statusget.go
index b9e526080..4a107c5a1 100644
--- a/internal/api/activitypub/users/statusget.go
+++ b/internal/api/activitypub/users/statusget.go
@@ -58,7 +58,7 @@ func (m *Module) StatusGETHandler(c *gin.Context) {
return
}
- resp, errWithCode := m.processor.Fedi().StatusGet(apiutil.TransferSignatureContext(c), requestedUsername, requestedStatusID)
+ resp, errWithCode := m.processor.Fedi().StatusGet(c.Request.Context(), requestedUsername, requestedStatusID)
if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
diff --git a/internal/api/activitypub/users/user_test.go b/internal/api/activitypub/users/user_test.go
index 8e30eecf3..d0487777b 100644
--- a/internal/api/activitypub/users/user_test.go
+++ b/internal/api/activitypub/users/user_test.go
@@ -56,6 +56,7 @@ type UserStandardTestSuite struct {
testAttachments map[string]*gtsmodel.MediaAttachment
testStatuses map[string]*gtsmodel.Status
testBlocks map[string]*gtsmodel.Block
+ testActivities map[string]testrig.ActivityWithSignature
// module being tested
userModule *users.Module
@@ -72,6 +73,7 @@ func (suite *UserStandardTestSuite) SetupSuite() {
suite.testAttachments = testrig.NewTestAttachments()
suite.testStatuses = testrig.NewTestStatuses()
suite.testBlocks = testrig.NewTestBlocks()
+ suite.testActivities = testrig.NewTestActivities(suite.testAccounts)
}
func (suite *UserStandardTestSuite) SetupTest() {
diff --git a/internal/api/activitypub/users/userget.go b/internal/api/activitypub/users/userget.go
index 7dc7f0822..536da9e81 100644
--- a/internal/api/activitypub/users/userget.go
+++ b/internal/api/activitypub/users/userget.go
@@ -58,7 +58,7 @@ func (m *Module) UsersGETHandler(c *gin.Context) {
return
}
- resp, errWithCode := m.processor.Fedi().UserGet(apiutil.TransferSignatureContext(c), requestedUsername, c.Request.URL)
+ resp, errWithCode := m.processor.Fedi().UserGet(c.Request.Context(), requestedUsername, c.Request.URL)
if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
diff --git a/internal/api/util/signaturectx.go b/internal/api/util/signaturectx.go
deleted file mode 100644
index 38abfdeb1..000000000
--- a/internal/api/util/signaturectx.go
+++ /dev/null
@@ -1,40 +0,0 @@
-// GoToSocial
-// Copyright (C) GoToSocial Authors admin@gotosocial.org
-// SPDX-License-Identifier: AGPL-3.0-or-later
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program. If not, see .
-
-package util
-
-import (
- "context"
-
- "github.com/gin-gonic/gin"
- "github.com/superseriousbusiness/gotosocial/internal/ap"
-)
-
-// TransferSignatureContext transfers a signature verifier and signature from a gin context to a go context.
-func TransferSignatureContext(c *gin.Context) context.Context {
- ctx := c.Request.Context()
-
- if verifier, signed := c.Get(string(ap.ContextRequestingPublicKeyVerifier)); signed {
- ctx = context.WithValue(ctx, ap.ContextRequestingPublicKeyVerifier, verifier)
- }
-
- if signature, signed := c.Get(string(ap.ContextRequestingPublicKeySignature)); signed {
- ctx = context.WithValue(ctx, ap.ContextRequestingPublicKeySignature, signature)
- }
-
- return ctx
-}
diff --git a/internal/federation/authenticate.go b/internal/federation/authenticate.go
index 5fe4873d4..80998680e 100644
--- a/internal/federation/authenticate.go
+++ b/internal/federation/authenticate.go
@@ -19,298 +19,297 @@ package federation
import (
"context"
- "crypto/x509"
+ "crypto/rsa"
"encoding/json"
- "encoding/pem"
"errors"
"fmt"
"net/http"
"net/url"
- "strings"
+ "codeberg.org/gruf/go-kv"
"github.com/go-fed/httpsig"
- "github.com/superseriousbusiness/activity/pub"
"github.com/superseriousbusiness/activity/streams"
- "github.com/superseriousbusiness/activity/streams/vocab"
"github.com/superseriousbusiness/gotosocial/internal/ap"
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/gtscontext"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
"github.com/superseriousbusiness/gotosocial/internal/log"
)
-/*
-publicKeyer is BORROWED DIRECTLY FROM https://github.com/go-fed/apcore/blob/master/ap/util.go
-Thank you @cj@mastodon.technology ! <3
-*/
-type publicKeyer interface {
- GetW3IDSecurityV1PublicKey() vocab.W3IDSecurityV1PublicKeyProperty
-}
-
-/*
-getPublicKeyFromResponse is adapted from https://github.com/go-fed/apcore/blob/master/ap/util.go
-Thank you @cj@mastodon.technology ! <3
-*/
-func getPublicKeyFromResponse(c context.Context, b []byte, keyID *url.URL) (vocab.W3IDSecurityV1PublicKey, error) {
- m := make(map[string]interface{})
- if err := json.Unmarshal(b, &m); err != nil {
- return nil, err
+var (
+ errUnsigned = errors.New("http request wasn't signed or http signature was invalid")
+ signingAlgorithms = []httpsig.Algorithm{
+ httpsig.RSA_SHA256, // Prefer common RSA_SHA256.
+ httpsig.RSA_SHA512, // Fall back to less common RSA_SHA512.
+ httpsig.ED25519, // Try ED25519 as a long shot.
}
+)
- t, err := streams.ToType(c, m)
- if err != nil {
- return nil, err
- }
-
- pker, ok := t.(publicKeyer)
- if !ok {
- return nil, fmt.Errorf("ActivityStreams type cannot be converted to one known to have publicKey property: %T", t)
- }
-
- pkp := pker.GetW3IDSecurityV1PublicKey()
- if pkp == nil {
- return nil, errors.New("publicKey property is not provided")
- }
-
- var pkpFound vocab.W3IDSecurityV1PublicKey
- for pkpIter := pkp.Begin(); pkpIter != pkp.End(); pkpIter = pkpIter.Next() {
- if !pkpIter.IsW3IDSecurityV1PublicKey() {
- continue
- }
- pkValue := pkpIter.Get()
- var pkID *url.URL
- pkID, err = pub.GetId(pkValue)
- if err != nil {
- return nil, err
- }
- if pkID.String() != keyID.String() {
- continue
- }
- pkpFound = pkValue
- break
- }
-
- if pkpFound == nil {
- return nil, fmt.Errorf("cannot find publicKey with id: %s", keyID)
- }
-
- return pkpFound, nil
-}
-
-// AuthenticateFederatedRequest authenticates any kind of incoming federated request from a remote server. This includes things like
-// GET requests for dereferencing our users or statuses etc, and POST requests for delivering new Activities. The function returns
-// the URL of the owner of the public key used in the requesting http signature.
+// AuthenticateFederatedRequest authenticates any kind of incoming federated
+// request from a remote server. This includes things like GET requests for
+// dereferencing our users or statuses etc, and POST requests for delivering
+// new Activities. The function returns the URL of the owner of the public key
+// used in the requesting http signature.
//
-// Authenticate in this case is defined as making sure that the http request is actually signed by whoever claims
-// to have signed it, by fetching the public key from the signature and checking it against the remote public key.
+// 'Authenticate' in this case is defined as making sure that the http request
+// is actually signed by whoever claims to have signed it, by fetching the public
+// key from the signature and checking it against the remote public key.
//
-// The provided username will be used to generate a transport for making remote requests/derefencing the public key ID of the request signature.
-// Ideally you should pass in the username of the user *being requested*, so that the remote server can decide how to handle the request based on who's making it.
-// Ie., if the request on this server is for https://example.org/users/some_username then you should pass in the username 'some_username'.
-// The remote server will then know that this is the user making the dereferencing request, and they can decide to allow or deny the request depending on their settings.
+// The provided username will be used to generate a transport for making remote
+// requests/derefencing the public key ID of the request signature. Ideally you
+// should pass in the username of the user *being requested*, so that the remote
+// server can decide how to handle the request based on who's making it. Ie., if
+// the request on this server is for https://example.org/users/some_username then
+// you should pass in the username 'some_username'. The remote server will then
+// know that this is the user making the dereferencing request, and they can decide
+// to allow or deny the request depending on their settings.
//
-// Note that it is also valid to pass in an empty string here, in which case the keys of the instance account will be used.
+// Note that it is also valid to pass in an empty string here, in which case the
+// keys of the instance account will be used.
//
-// Also note that this function *does not* dereference the remote account that the signature key is associated with.
-// Other functions should use the returned URL to dereference the remote account, if required.
+// Also note that this function *does not* dereference the remote account that
+// the signature key is associated with. Other functions should use the returned
+// URL to dereference the remote account, if required.
func (f *federator) AuthenticateFederatedRequest(ctx context.Context, requestedUsername string) (*url.URL, gtserror.WithCode) {
- var publicKey interface{}
- var pkOwnerURI *url.URL
- var err error
-
- // thanks to signaturecheck.go in the security package, we should already have a signature verifier set on the context
- vi := ctx.Value(ap.ContextRequestingPublicKeyVerifier)
- if vi == nil {
- err := errors.New("http request wasn't signed or http signature was invalid")
- errWithCode := gtserror.NewErrorUnauthorized(err, err.Error())
- log.Debug(ctx, errWithCode)
+ // Thanks to the signature check middleware,
+ // we should already have an http signature
+ // verifier set on the context. If we don't,
+ // this is an unsigned request.
+ verifier := gtscontext.HTTPSignatureVerifier(ctx)
+ if verifier == nil {
+ err := gtserror.Newf("%w", errUnsigned)
+ errWithCode := gtserror.NewErrorUnauthorized(err, errUnsigned.Error(), "(verifier)")
return nil, errWithCode
}
- verifier, ok := vi.(httpsig.Verifier)
- if !ok {
- err := errors.New("http request wasn't signed or http signature was invalid")
- errWithCode := gtserror.NewErrorUnauthorized(err, err.Error())
- log.Debug(ctx, errWithCode)
+ // We should have the signature itself set too.
+ signature := gtscontext.HTTPSignature(ctx)
+ if signature == "" {
+ err := gtserror.Newf("%w", errUnsigned)
+ errWithCode := gtserror.NewErrorUnauthorized(err, errUnsigned.Error(), "(signature)")
return nil, errWithCode
}
- // we should have the signature itself set too
- si := ctx.Value(ap.ContextRequestingPublicKeySignature)
- if si == nil {
- err := errors.New("http request wasn't signed or http signature was invalid")
- errWithCode := gtserror.NewErrorUnauthorized(err, err.Error())
- log.Debug(ctx, errWithCode)
+ // And finally the public key ID URI.
+ pubKeyID := gtscontext.HTTPSignaturePubKeyID(ctx)
+ if pubKeyID == nil {
+ err := gtserror.Newf("%w", errUnsigned)
+ errWithCode := gtserror.NewErrorUnauthorized(err, errUnsigned.Error(), "(pubKeyID)")
return nil, errWithCode
}
- signature, ok := si.(string)
- if !ok {
- err := errors.New("http request wasn't signed or http signature was invalid")
- errWithCode := gtserror.NewErrorUnauthorized(err, err.Error())
- log.Debug(ctx, errWithCode)
- return nil, errWithCode
- }
-
- // now figure out who actually signed it
- requestingPublicKeyID, err := url.Parse(verifier.KeyId())
- if err != nil {
- errWithCode := gtserror.NewErrorBadRequest(err, fmt.Sprintf("couldn't parse public key URL %s", verifier.KeyId()))
- log.Debug(ctx, errWithCode)
- return nil, errWithCode
- }
+ // At this point we know the request was signed,
+ // so now we need to validate the signature.
var (
- requestingLocalAccount *gtsmodel.Account
- requestingRemoteAccount *gtsmodel.Account
- requestingHost = requestingPublicKeyID.Host
+ pubKeyIDStr = pubKeyID.String()
+ requestingAccountURI *url.URL
+ pubKey interface{}
+ errWithCode gtserror.WithCode
)
- if host := config.GetHost(); strings.EqualFold(requestingHost, host) {
- // LOCAL ACCOUNT REQUEST
- // the request is coming from INSIDE THE HOUSE so skip the remote dereferencing
- log.Tracef(ctx, "proceeding without dereference for local public key %s", requestingPublicKeyID)
+ l := log.
+ WithContext(ctx).
+ WithFields(kv.Fields{
+ {"requestedUsername", requestedUsername},
+ {"pubKeyID", pubKeyIDStr},
+ }...)
- requestingLocalAccount, err = f.db.GetAccountByPubkeyID(ctx, requestingPublicKeyID.String())
- if err != nil {
- errWithCode := gtserror.NewErrorInternalError(fmt.Errorf("couldn't get account with public key uri %s from the database: %s", requestingPublicKeyID.String(), err))
- log.Debug(ctx, errWithCode)
- return nil, errWithCode
- }
-
- publicKey = requestingLocalAccount.PublicKey
-
- pkOwnerURI, err = url.Parse(requestingLocalAccount.URI)
- if err != nil {
- errWithCode := gtserror.NewErrorBadRequest(err, fmt.Sprintf("couldn't parse public key owner URL %s", requestingLocalAccount.URI))
- log.Debug(ctx, errWithCode)
- return nil, errWithCode
- }
- } else if requestingRemoteAccount, err = f.db.GetAccountByPubkeyID(ctx, requestingPublicKeyID.String()); err == nil {
- // REMOTE ACCOUNT REQUEST WITH KEY CACHED LOCALLY
- // this is a remote account and we already have the public key for it so use that
- log.Tracef(ctx, "proceeding without dereference for cached public key %s", requestingPublicKeyID)
- publicKey = requestingRemoteAccount.PublicKey
- pkOwnerURI, err = url.Parse(requestingRemoteAccount.URI)
- if err != nil {
- errWithCode := gtserror.NewErrorBadRequest(err, fmt.Sprintf("couldn't parse public key owner URL %s", requestingRemoteAccount.URI))
- log.Debug(ctx, errWithCode)
- return nil, errWithCode
- }
+ if pubKeyID.Host == config.GetHost() {
+ l.Trace("public key is ours, no dereference needed")
+ requestingAccountURI, pubKey, errWithCode = f.derefDBOnly(ctx, pubKeyIDStr)
} else {
- // REMOTE ACCOUNT REQUEST WITHOUT KEY CACHED LOCALLY
- // the request is remote and we don't have the public key yet,
- // so we need to authenticate the request properly by dereferencing the remote key
- gone, err := f.CheckGone(ctx, requestingPublicKeyID)
- if err != nil {
- errWithCode := gtserror.NewErrorInternalError(fmt.Errorf("error checking for tombstone for %s: %s", requestingPublicKeyID, err))
- log.Debug(ctx, errWithCode)
- return nil, errWithCode
- }
-
- if gone {
- errWithCode := gtserror.NewErrorGone(fmt.Errorf("account with public key %s is gone", requestingPublicKeyID))
- log.Debug(ctx, errWithCode)
- return nil, errWithCode
- }
-
- log.Tracef(ctx, "proceeding with dereference for uncached public key %s", requestingPublicKeyID)
- trans, err := f.transportController.NewTransportForUsername(gtscontext.SetFastFail(ctx), requestedUsername)
- if err != nil {
- errWithCode := gtserror.NewErrorInternalError(fmt.Errorf("error creating transport for %s: %s", requestedUsername, err))
- log.Debug(ctx, errWithCode)
- return nil, errWithCode
- }
-
- // The actual http call to the remote server is made right here in the Dereference function.
- b, err := trans.Dereference(ctx, requestingPublicKeyID)
- if err != nil {
- if gtserror.StatusCode(err) == http.StatusGone {
- // if we get a 410 error it means the account that owns this public key has been deleted;
- // we should add a tombstone to our database so that we can avoid trying to deref it in future
- if err := f.HandleGone(ctx, requestingPublicKeyID); err != nil {
- errWithCode := gtserror.NewErrorInternalError(fmt.Errorf("error marking account with public key %s as gone: %s", requestingPublicKeyID, err))
- log.Debug(ctx, errWithCode)
- return nil, errWithCode
- }
- errWithCode := gtserror.NewErrorGone(fmt.Errorf("account with public key %s is gone", requestingPublicKeyID))
- log.Debug(ctx, errWithCode)
- return nil, errWithCode
- }
-
- errWithCode := gtserror.NewErrorUnauthorized(fmt.Errorf("error dereferencing public key %s: %s", requestingPublicKeyID, err))
- log.Debug(ctx, errWithCode)
- return nil, errWithCode
- }
-
- // if the key isn't in the response, we can't authenticate the request
- requestingPublicKey, err := getPublicKeyFromResponse(ctx, b, requestingPublicKeyID)
- if err != nil {
- errWithCode := gtserror.NewErrorUnauthorized(fmt.Errorf("error parsing public key %s: %s", requestingPublicKeyID, err))
- log.Debug(ctx, errWithCode)
- return nil, errWithCode
- }
-
- // we should be able to get the actual key embedded in the vocab.W3IDSecurityV1PublicKey
- pkPemProp := requestingPublicKey.GetW3IDSecurityV1PublicKeyPem()
- if pkPemProp == nil || !pkPemProp.IsXMLSchemaString() {
- errWithCode := gtserror.NewErrorUnauthorized(errors.New("publicKeyPem property is not provided or it is not embedded as a value"))
- log.Debug(ctx, errWithCode)
- return nil, errWithCode
- }
-
- // and decode the PEM so that we can parse it as a golang public key
- pubKeyPem := pkPemProp.Get()
- block, _ := pem.Decode([]byte(pubKeyPem))
- if block == nil || block.Type != "PUBLIC KEY" {
- errWithCode := gtserror.NewErrorUnauthorized(errors.New("could not decode publicKeyPem to PUBLIC KEY pem block type"))
- log.Debug(ctx, errWithCode)
- return nil, errWithCode
- }
-
- publicKey, err = x509.ParsePKIXPublicKey(block.Bytes)
- if err != nil {
- errWithCode := gtserror.NewErrorUnauthorized(fmt.Errorf("could not parse public key %s from block bytes: %s", requestingPublicKeyID, err))
- log.Debug(ctx, errWithCode)
- return nil, errWithCode
- }
-
- // all good! we just need the URI of the key owner to return
- pkOwnerProp := requestingPublicKey.GetW3IDSecurityV1Owner()
- if pkOwnerProp == nil || !pkOwnerProp.IsIRI() {
- errWithCode := gtserror.NewErrorUnauthorized(errors.New("publicKeyOwner property is not provided or it is not embedded as a value"))
- log.Debug(ctx, errWithCode)
- return nil, errWithCode
- }
- pkOwnerURI = pkOwnerProp.GetIRI()
+ l.Trace("public key is not ours, checking if we need to dereference")
+ requestingAccountURI, pubKey, errWithCode = f.deref(ctx, requestedUsername, pubKeyIDStr, pubKeyID)
}
- // after all that, public key should be defined
- if publicKey == nil {
- errWithCode := gtserror.NewErrorInternalError(errors.New("returned public key was empty"))
- log.Debug(ctx, errWithCode)
+ if errWithCode != nil {
return nil, errWithCode
}
- // do the actual authentication here!
- algos := []httpsig.Algorithm{
- httpsig.RSA_SHA256,
- httpsig.RSA_SHA512,
- httpsig.ED25519,
+ // Ensure public key now defined.
+ if pubKey == nil {
+ err := gtserror.New("public key was nil")
+ return nil, gtserror.NewErrorInternalError(err)
}
- for _, algo := range algos {
- log.Tracef(ctx, "trying algo: %s", algo)
- err := verifier.Verify(publicKey, algo)
+ // Try to authenticate using permitted algorithms in
+ // order of most -> least common. Return OK as soon
+ // as one passes.
+ for _, algo := range signingAlgorithms {
+ l.Tracef("trying %s", algo)
+
+ err := verifier.Verify(pubKey, algo)
if err == nil {
- log.Tracef(ctx, "authentication for %s PASSED with algorithm %s", pkOwnerURI, algo)
- return pkOwnerURI, nil
+ l.Tracef("authentication PASSED with %s", algo)
+ return requestingAccountURI, nil
}
- log.Tracef(ctx, "authentication for %s NOT PASSED with algorithm %s: %s", pkOwnerURI, algo, err)
+
+ l.Tracef("authentication NOT PASSED with %s: %q", algo, err)
}
- errWithCode := gtserror.NewErrorUnauthorized(fmt.Errorf("authentication not passed for public key owner %s; signature value was '%s'", pkOwnerURI, signature))
- log.Debug(ctx, errWithCode)
- return nil, errWithCode
+ // At this point no algorithms passed.
+ err := gtserror.Newf(
+ "authentication NOT PASSED for public key %s; tried algorithms %+v; signature value was '%s'",
+ pubKeyIDStr, signature, signingAlgorithms,
+ )
+
+ return nil, gtserror.NewErrorUnauthorized(err, err.Error())
+}
+
+// derefDBOnly tries to dereference the given public
+// key using only entries already in the database.
+func (f *federator) derefDBOnly(
+ ctx context.Context,
+ pubKeyIDStr string,
+) (*url.URL, interface{}, gtserror.WithCode) {
+ reqAcct, err := f.db.GetAccountByPubkeyID(ctx, pubKeyIDStr)
+ if err != nil {
+ err = gtserror.Newf("db error getting account with pubKeyID %s: %w", pubKeyIDStr, err)
+ return nil, nil, gtserror.NewErrorInternalError(err)
+ }
+
+ reqAcctURI, err := url.Parse(reqAcct.URI)
+ if err != nil {
+ err = gtserror.Newf("error parsing account uri with pubKeyID %s: %w", pubKeyIDStr, err)
+ return nil, nil, gtserror.NewErrorInternalError(err)
+ }
+
+ return reqAcctURI, reqAcct.PublicKey, nil
+}
+
+// deref tries to dereference the given public key by first
+// checking in the database, and then (if no entries found)
+// calling the remote pub key URI and extracting the key.
+func (f *federator) deref(
+ ctx context.Context,
+ requestedUsername string,
+ pubKeyIDStr string,
+ pubKeyID *url.URL,
+) (*url.URL, interface{}, gtserror.WithCode) {
+ l := log.
+ WithContext(ctx).
+ WithFields(kv.Fields{
+ {"requestedUsername", requestedUsername},
+ {"pubKeyID", pubKeyIDStr},
+ }...)
+
+ // Try a database only deref first. We may already
+ // have the requesting account cached locally.
+ reqAcctURI, pubKey, errWithCode := f.derefDBOnly(ctx, pubKeyIDStr)
+ if errWithCode == nil {
+ l.Trace("public key cached, no dereference needed")
+ return reqAcctURI, pubKey, nil
+ }
+
+ l.Trace("public key not cached, trying dereference")
+
+ // If we've tried to get this account before and we
+ // now have a tombstone for it (ie., it's been deleted
+ // from remote), don't try to dereference it again.
+ gone, err := f.CheckGone(ctx, pubKeyID)
+ if err != nil {
+ err := gtserror.Newf("error checking for tombstone for %s: %w", pubKeyIDStr, err)
+ return nil, nil, gtserror.NewErrorInternalError(err)
+ }
+
+ if gone {
+ err := gtserror.Newf("account with public key %s is gone", pubKeyIDStr)
+ return nil, nil, gtserror.NewErrorGone(err)
+ }
+
+ // Make an http call to get the pubkey.
+ pubKeyBytes, errWithCode := f.callForPubKey(ctx, requestedUsername, pubKeyID)
+ if errWithCode != nil {
+ return nil, nil, errWithCode
+ }
+
+ // Extract the key and the owner from the response.
+ pubKey, pubKeyOwner, err := parsePubKeyBytes(ctx, pubKeyBytes, pubKeyID)
+ if err != nil {
+ err := fmt.Errorf("error parsing public key %s: %w", pubKeyID, err)
+ return nil, nil, gtserror.NewErrorUnauthorized(err)
+ }
+
+ return pubKeyOwner, pubKey, nil
+}
+
+// callForPubKey handles the nitty gritty of actually
+// making a request for the given pubKeyID with a
+// transport created on behalf of requestedUsername.
+func (f *federator) callForPubKey(
+ ctx context.Context,
+ requestedUsername string,
+ pubKeyID *url.URL,
+) ([]byte, gtserror.WithCode) {
+ // Use a transport to dereference the remote.
+ trans, err := f.transportController.NewTransportForUsername(
+ // We're on a hot path: don't retry if req fails.
+ gtscontext.SetFastFail(ctx),
+ requestedUsername,
+ )
+ if err != nil {
+ err = gtserror.Newf("error creating transport for %s: %w", requestedUsername, err)
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ // The actual http call to the remote server is
+ // made right here by the Dereference function.
+ pubKeyBytes, err := trans.Dereference(ctx, pubKeyID)
+ if err == nil {
+ // No problem.
+ return pubKeyBytes, nil
+ }
+
+ if gtserror.StatusCode(err) == http.StatusGone {
+ // 410 indicates remote public key no longer exists
+ // (account deleted, moved, etc). Add a tombstone
+ // to our database so that we can avoid trying to
+ // dereference it in future.
+ if err := f.HandleGone(ctx, pubKeyID); err != nil {
+ err := gtserror.Newf("error marking public key %s as gone: %w", pubKeyID, err)
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ err := gtserror.Newf("account with public key %s is gone", pubKeyID)
+ return nil, gtserror.NewErrorGone(err)
+ }
+
+ // Fall back to generic error.
+ err = gtserror.Newf("error dereferencing public key %s: %w", pubKeyID, err)
+ return nil, gtserror.NewErrorInternalError(err)
+}
+
+// parsePubKeyBytes extracts an rsa public key from the
+// given pubKeyBytes by trying to parse the pubKeyBytes
+// as an ActivityPub type. It will return the public key
+// itself, and the URI of the public key owner.
+func parsePubKeyBytes(
+ ctx context.Context,
+ pubKeyBytes []byte,
+ pubKeyID *url.URL,
+) (*rsa.PublicKey, *url.URL, error) {
+ m := make(map[string]interface{})
+ if err := json.Unmarshal(pubKeyBytes, &m); err != nil {
+ return nil, nil, err
+ }
+
+ t, err := streams.ToType(ctx, m)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ withPublicKey, ok := t.(ap.WithPublicKey)
+ if !ok {
+ err = gtserror.Newf("resource at %s with type %T could not be converted to ap.WithPublicKey", pubKeyID, t)
+ return nil, nil, err
+ }
+
+ pubKey, _, pubKeyOwnerID, err := ap.ExtractPublicKey(withPublicKey)
+ if err != nil {
+ err = gtserror.Newf("resource at %s with type %T did not contain recognizable public key", pubKeyID, t)
+ return nil, nil, err
+ }
+
+ return pubKey, pubKeyOwnerID, nil
}
diff --git a/internal/federation/federatingactor.go b/internal/federation/federatingactor.go
index 25282235a..708114484 100644
--- a/internal/federation/federatingactor.go
+++ b/internal/federation/federatingactor.go
@@ -84,15 +84,14 @@ func IsASMediaType(ct string) bool {
}
}
-// federatingActor wraps the pub.FederatingActor interface
+// federatingActor wraps the pub.FederatingActor
// with some custom GoToSocial-specific logic.
type federatingActor struct {
sideEffectActor pub.DelegateActor
wrapped pub.FederatingActor
}
-// newFederatingProtocol returns a new federatingActor, which
-// implements the pub.FederatingActor interface.
+// newFederatingActor returns a federatingActor.
func newFederatingActor(c pub.CommonBehavior, s2s pub.FederatingProtocol, db pub.Database, clock pub.Clock) pub.FederatingActor {
sideEffectActor := pub.NewSideEffectActor(c, s2s, nil, db, clock)
sideEffectActor.Serialize = ap.Serialize // hook in our own custom Serialize function
@@ -133,8 +132,11 @@ func (f *federatingActor) PostInboxScheme(ctx context.Context, w http.ResponseWr
ctx, authenticated, err := f.sideEffectActor.AuthenticatePostInbox(ctx, w, r)
if err != nil {
return false, gtserror.NewErrorInternalError(err)
- } else if !authenticated {
- return false, gtserror.NewErrorUnauthorized(errors.New("unauthorized"))
+ }
+
+ if !authenticated {
+ err = errors.New("not authenticated")
+ return false, gtserror.NewErrorUnauthorized(err)
}
/*
@@ -148,20 +150,38 @@ func (f *federatingActor) PostInboxScheme(ctx context.Context, w http.ResponseWr
return false, errWithCode
}
- // Set additional context data.
+ // Set additional context data. Primarily this means
+ // looking at the Activity and seeing which IRIs are
+ // involved in it tangentially.
ctx, err = f.sideEffectActor.PostInboxRequestBodyHook(ctx, r, activity)
if err != nil {
return false, gtserror.NewErrorInternalError(err)
}
- // Check authorization of the activity.
+ // Check authorization of the activity; this will include blocks.
authorized, err := f.sideEffectActor.AuthorizePostInbox(ctx, w, activity)
if err != nil {
+ if errors.As(err, new(errOtherIRIBlocked)) {
+ // There's no direct block between requester(s) and
+ // receiver. However, one or more of the other IRIs
+ // involved in the request (account replied to, note
+ // boosted, etc) is blocked either at domain level or
+ // by the receiver. We don't need to return 403 here,
+ // instead, just return 202 accepted but don't do any
+ // further processing of the activity.
+ return true, nil
+ }
+
+ // Real error has occurred.
return false, gtserror.NewErrorInternalError(err)
}
if !authorized {
- return false, gtserror.NewErrorForbidden(errors.New("blocked"))
+ // Block exists either from this instance against
+ // one or more directly involved actors, or between
+ // receiving account and one of those actors.
+ err = errors.New("blocked")
+ return false, gtserror.NewErrorForbidden(err)
}
// Copy existing URL + add request host and scheme.
diff --git a/internal/federation/federatingactor_test.go b/internal/federation/federatingactor_test.go
index a8f71af4c..cdc265d82 100644
--- a/internal/federation/federatingactor_test.go
+++ b/internal/federation/federatingactor_test.go
@@ -58,7 +58,7 @@ func (suite *FederatingActorTestSuite) TestSendNoRemoteFollowers() {
tc := testrig.NewTestTransportController(&suite.state, httpClient)
// setup module being tested
- federator := federation.NewFederator(&suite.state, testrig.NewTestFederatingDB(&suite.state), tc, suite.tc, testrig.NewTestMediaManager(&suite.state))
+ federator := federation.NewFederator(&suite.state, testrig.NewTestFederatingDB(&suite.state), tc, suite.typeconverter, testrig.NewTestMediaManager(&suite.state))
activity, err := federator.FederatingActor().Send(ctx, testrig.URLMustParse(testAccount.OutboxURI), testActivity)
suite.NoError(err)
@@ -73,7 +73,7 @@ func (suite *FederatingActorTestSuite) TestSendRemoteFollower() {
testAccount := suite.testAccounts["local_account_1"]
testRemoteAccount := suite.testAccounts["remote_account_1"]
- err := suite.db.Put(ctx, >smodel.Follow{
+ err := suite.state.DB.Put(ctx, >smodel.Follow{
ID: "01G1TRWV4AYCDBX5HRWT2EVBCV",
CreatedAt: testrig.TimeMustParse("2022-06-02T12:22:21+02:00"),
UpdatedAt: testrig.TimeMustParse("2022-06-02T12:22:21+02:00"),
@@ -103,7 +103,7 @@ func (suite *FederatingActorTestSuite) TestSendRemoteFollower() {
httpClient := testrig.NewMockHTTPClient(nil, "../../testrig/media")
tc := testrig.NewTestTransportController(&suite.state, httpClient)
// setup module being tested
- federator := federation.NewFederator(&suite.state, testrig.NewTestFederatingDB(&suite.state), tc, suite.tc, testrig.NewTestMediaManager(&suite.state))
+ federator := federation.NewFederator(&suite.state, testrig.NewTestFederatingDB(&suite.state), tc, suite.typeconverter, testrig.NewTestMediaManager(&suite.state))
activity, err := federator.FederatingActor().Send(ctx, testrig.URLMustParse(testAccount.OutboxURI), testActivity)
suite.NoError(err)
diff --git a/internal/federation/federatingdb/accept.go b/internal/federation/federatingdb/accept.go
index 1c39bc134..7d3e16d4e 100644
--- a/internal/federation/federatingdb/accept.go
+++ b/internal/federation/federatingdb/accept.go
@@ -41,12 +41,9 @@ func (f *federatingDB) Accept(ctx context.Context, accept vocab.ActivityStreamsA
l.Debug("entering Accept")
}
- receivingAccount, _ := extractFromCtx(ctx)
- if receivingAccount == nil {
- // If the receiving account wasn't set on the context, that means this request didn't pass
- // through the API, but came from inside GtS as the result of another activity on this instance. That being so,
- // we can safely just ignore this activity, since we know we've already processed it elsewhere.
- return nil
+ receivingAccount, _, internal := extractFromCtx(ctx)
+ if internal {
+ return nil // Already processed.
}
acceptObject := accept.GetActivityStreamsObject()
diff --git a/internal/federation/federatingdb/announce.go b/internal/federation/federatingdb/announce.go
index 88b150cf0..ab230cdfb 100644
--- a/internal/federation/federatingdb/announce.go
+++ b/internal/federation/federatingdb/announce.go
@@ -39,12 +39,9 @@ func (f *federatingDB) Announce(ctx context.Context, announce vocab.ActivityStre
l.Debug("entering Announce")
}
- receivingAccount, _ := extractFromCtx(ctx)
- if receivingAccount == nil {
- // If the receiving account wasn't set on the context, that means this request didn't pass
- // through the API, but came from inside GtS as the result of another activity on this instance. That being so,
- // we can safely just ignore this activity, since we know we've already processed it elsewhere.
- return nil
+ receivingAccount, _, internal := extractFromCtx(ctx)
+ if internal {
+ return nil // Already processed.
}
boost, isNew, err := f.typeConverter.ASAnnounceToStatus(ctx, announce)
diff --git a/internal/federation/federatingdb/create.go b/internal/federation/federatingdb/create.go
index f68279d37..3650f8c3d 100644
--- a/internal/federation/federatingdb/create.go
+++ b/internal/federation/federatingdb/create.go
@@ -57,12 +57,9 @@ func (f *federatingDB) Create(ctx context.Context, asType vocab.Type) error {
l.Trace("entering Create")
}
- receivingAccount, requestingAccount := extractFromCtx(ctx)
- if receivingAccount == nil {
- // If the receiving account wasn't set on the context, that means this request didn't pass
- // through the API, but came from inside GtS as the result of another activity on this instance. That being so,
- // we can safely just ignore this activity, since we know we've already processed it elsewhere.
- return nil
+ receivingAccount, requestingAccount, internal := extractFromCtx(ctx)
+ if internal {
+ return nil // Already processed.
}
switch asType.GetTypeName() {
diff --git a/internal/federation/federatingdb/delete.go b/internal/federation/federatingdb/delete.go
index 7a8b51329..95f9be354 100644
--- a/internal/federation/federatingdb/delete.go
+++ b/internal/federation/federatingdb/delete.go
@@ -40,12 +40,9 @@ func (f *federatingDB) Delete(ctx context.Context, id *url.URL) error {
}...)
l.Debug("entering Delete")
- receivingAccount, requestingAccount := extractFromCtx(ctx)
- if receivingAccount == nil {
- // If the receiving account wasn't set on the context, that means this request didn't pass
- // through the API, but came from inside GtS as the result of another activity on this instance. That being so,
- // we can safely just ignore this activity, since we know we've already processed it elsewhere.
- return nil
+ receivingAccount, requestingAccount, internal := extractFromCtx(ctx)
+ if internal {
+ return nil // Already processed.
}
// in a delete we only get the URI, we can't know if we have a status or a profile or something else,
diff --git a/internal/federation/federatingdb/federatingdb_test.go b/internal/federation/federatingdb/federatingdb_test.go
index 6a6cb9262..6a8754519 100644
--- a/internal/federation/federatingdb/federatingdb_test.go
+++ b/internal/federation/federatingdb/federatingdb_test.go
@@ -21,9 +21,9 @@ import (
"context"
"github.com/stretchr/testify/suite"
- "github.com/superseriousbusiness/gotosocial/internal/ap"
"github.com/superseriousbusiness/gotosocial/internal/db"
"github.com/superseriousbusiness/gotosocial/internal/federation/federatingdb"
+ "github.com/superseriousbusiness/gotosocial/internal/gtscontext"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
"github.com/superseriousbusiness/gotosocial/internal/messages"
"github.com/superseriousbusiness/gotosocial/internal/state"
@@ -107,7 +107,7 @@ func (suite *FederatingDBTestSuite) TearDownTest() {
func createTestContext(receivingAccount *gtsmodel.Account, requestingAccount *gtsmodel.Account) context.Context {
ctx := context.Background()
- ctx = context.WithValue(ctx, ap.ContextReceivingAccount, receivingAccount)
- ctx = context.WithValue(ctx, ap.ContextRequestingAccount, requestingAccount)
+ ctx = gtscontext.SetReceivingAccount(ctx, receivingAccount)
+ ctx = gtscontext.SetRequestingAccount(ctx, requestingAccount)
return ctx
}
diff --git a/internal/federation/federatingdb/reject.go b/internal/federation/federatingdb/reject.go
index 17f0f84d0..10882db83 100644
--- a/internal/federation/federatingdb/reject.go
+++ b/internal/federation/federatingdb/reject.go
@@ -40,12 +40,9 @@ func (f *federatingDB) Reject(ctx context.Context, reject vocab.ActivityStreamsR
l.Debug("entering Reject")
}
- receivingAccount, _ := extractFromCtx(ctx)
- if receivingAccount == nil {
- // If the receiving account or federator channel wasn't set on the context, that means this request didn't pass
- // through the API, but came from inside GtS as the result of another activity on this instance. That being so,
- // we can safely just ignore this activity, since we know we've already processed it elsewhere.
- return nil
+ receivingAccount, _, internal := extractFromCtx(ctx)
+ if internal {
+ return nil // Already processed.
}
rejectObject := reject.GetActivityStreamsObject()
diff --git a/internal/federation/federatingdb/undo.go b/internal/federation/federatingdb/undo.go
index c17bd2e90..704ca5502 100644
--- a/internal/federation/federatingdb/undo.go
+++ b/internal/federation/federatingdb/undo.go
@@ -43,12 +43,9 @@ func (f *federatingDB) Undo(ctx context.Context, undo vocab.ActivityStreamsUndo)
l.Debug("entering Undo")
}
- receivingAccount, _ := extractFromCtx(ctx)
- if receivingAccount == nil {
- // If the receiving account wasn't set on the context, that means this request didn't pass
- // through the API, but came from inside GtS as the result of another activity on this instance. That being so,
- // we can safely just ignore this activity, since we know we've already processed it elsewhere.
- return nil
+ receivingAccount, _, internal := extractFromCtx(ctx)
+ if internal {
+ return nil // Already processed.
}
undoObject := undo.GetActivityStreamsObject()
diff --git a/internal/federation/federatingdb/update.go b/internal/federation/federatingdb/update.go
index 5c8785c08..aad386085 100644
--- a/internal/federation/federatingdb/update.go
+++ b/internal/federation/federatingdb/update.go
@@ -52,28 +52,14 @@ func (f *federatingDB) Update(ctx context.Context, asType vocab.Type) error {
l.Debug("entering Update")
}
- receivingAccount, _ := extractFromCtx(ctx)
- if receivingAccount == nil {
- // If the receiving account wasn't set on the context, that means
- // this request didn't pass through the API, but came from inside
- // GtS as the result of another activity on this instance. As such,
- // we must have already processed it in order to reach this stage.
- return nil
- }
-
- requestingAcctI := ctx.Value(ap.ContextRequestingAccount)
- if requestingAcctI == nil {
- return errors.New("Update: requesting account wasn't set on context")
- }
-
- requestingAcct, ok := requestingAcctI.(*gtsmodel.Account)
- if !ok {
- return errors.New("Update: requesting account was set on context but couldn't be parsed")
+ receivingAccount, requestingAccount, internal := extractFromCtx(ctx)
+ if internal {
+ return nil // Already processed.
}
switch asType.GetTypeName() {
case ap.ActorApplication, ap.ActorGroup, ap.ActorOrganization, ap.ActorPerson, ap.ActorService:
- return f.updateAccountable(ctx, receivingAccount, requestingAcct, asType)
+ return f.updateAccountable(ctx, receivingAccount, requestingAccount, asType)
}
return nil
diff --git a/internal/federation/federatingdb/util.go b/internal/federation/federatingdb/util.go
index 8e9f67c59..d46451e21 100644
--- a/internal/federation/federatingdb/util.go
+++ b/internal/federation/federatingdb/util.go
@@ -30,6 +30,7 @@ import (
"github.com/superseriousbusiness/gotosocial/internal/ap"
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/db"
+ "github.com/superseriousbusiness/gotosocial/internal/gtscontext"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
"github.com/superseriousbusiness/gotosocial/internal/id"
"github.com/superseriousbusiness/gotosocial/internal/log"
@@ -296,30 +297,23 @@ func (f *federatingDB) collectIRIs(ctx context.Context, iris []*url.URL) (vocab.
return collection, nil
}
-// extractFromCtx extracts some useful values from a context passed into the federatingDB via the API:
-// - The target account that owns the inbox or URI being interacted with.
-// - The requesting account that posted to the inbox.
-// - A channel that messages for the processor can be placed into.
+// extractFromCtx extracts some useful values from a context passed into the federatingDB:
//
-// If a value is not present, nil will be returned for it. It's up to the caller to check this and respond appropriately.
-func extractFromCtx(ctx context.Context) (receivingAccount, requestingAccount *gtsmodel.Account) {
- receivingAccountI := ctx.Value(ap.ContextReceivingAccount)
- if receivingAccountI != nil {
- var ok bool
- receivingAccount, ok = receivingAccountI.(*gtsmodel.Account)
- if !ok {
- log.Panicf(ctx, "context entry with key %s could not be asserted to *gtsmodel.Account", ap.ContextReceivingAccount)
- }
- }
+// - The account that owns the inbox or URI being interacted with.
+// - The account that POSTed a request to the inbox.
+// - Whether this is an internal request (one originating not from
+// the API but from inside the instance).
+//
+// If the request is internal, the caller can assume that the activity has
+// already been processed elsewhere, and should return with no further action.
+func extractFromCtx(ctx context.Context) (receivingAccount *gtsmodel.Account, requestingAccount *gtsmodel.Account, internal bool) {
+ receivingAccount = gtscontext.ReceivingAccount(ctx)
+ requestingAccount = gtscontext.RequestingAccount(ctx)
- requestingAcctI := ctx.Value(ap.ContextRequestingAccount)
- if requestingAcctI != nil {
- var ok bool
- requestingAccount, ok = requestingAcctI.(*gtsmodel.Account)
- if !ok {
- log.Panicf(ctx, "context entry with key %s could not be asserted to *gtsmodel.Account", ap.ContextRequestingAccount)
- }
- }
+ // If the receiving account wasn't set on the context, that
+ // means this request didn't pass through the API, but
+ // came from inside GtS as the result of a local activity.
+ internal = receivingAccount == nil
return
}
@@ -329,9 +323,11 @@ func marshalItem(item vocab.Type) (string, error) {
if err != nil {
return "", err
}
+
b, err := json.Marshal(m)
if err != nil {
return "", err
}
+
return string(b), nil
}
diff --git a/internal/federation/federatingprotocol.go b/internal/federation/federatingprotocol.go
index d7e598edc..18feb2429 100644
--- a/internal/federation/federatingprotocol.go
+++ b/internal/federation/federatingprotocol.go
@@ -20,23 +20,56 @@ package federation
import (
"context"
"errors"
- "fmt"
"net/http"
"net/url"
+ "strings"
+ "codeberg.org/gruf/go-kv"
"github.com/superseriousbusiness/activity/pub"
"github.com/superseriousbusiness/activity/streams"
"github.com/superseriousbusiness/activity/streams/vocab"
"github.com/superseriousbusiness/gotosocial/internal/ap"
+ "github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/db"
"github.com/superseriousbusiness/gotosocial/internal/gtscontext"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
"github.com/superseriousbusiness/gotosocial/internal/log"
"github.com/superseriousbusiness/gotosocial/internal/uris"
"github.com/superseriousbusiness/gotosocial/internal/util"
)
+type errOtherIRIBlocked struct {
+ account string
+ domainBlock bool
+ iriStrs []string
+}
+
+func (e errOtherIRIBlocked) Error() string {
+ iriStrsNice := "[" + strings.Join(e.iriStrs, ", ") + "]"
+ if e.domainBlock {
+ return "domain block exists for one or more of " + iriStrsNice
+ }
+ return "block exists between " + e.account + " and one or more of " + iriStrsNice
+}
+
+func newErrOtherIRIBlocked(
+ account string,
+ domainBlock bool,
+ otherIRIs []*url.URL,
+) error {
+ e := errOtherIRIBlocked{
+ account: account,
+ domainBlock: domainBlock,
+ iriStrs: make([]string, 0, len(otherIRIs)),
+ }
+
+ for _, iri := range otherIRIs {
+ e.iriStrs = append(e.iriStrs, iri.String())
+ }
+
+ return e
+}
+
/*
GO FED FEDERATING PROTOCOL INTERFACE
FederatingProtocol contains behaviors an application needs to satisfy for the
@@ -47,77 +80,104 @@ import (
application.
*/
-// PostInboxRequestBodyHook callback after parsing the request body for a federated request
-// to the Actor's inbox.
+// PostInboxRequestBodyHook callback after parsing the request body for a
+// federated request to the Actor's inbox.
//
-// Can be used to set contextual information based on the Activity
-// received.
-//
-// Only called if the Federated Protocol is enabled.
+// Can be used to set contextual information based on the Activity received.
//
// Warning: Neither authentication nor authorization has taken place at
// this time. Doing anything beyond setting contextual information is
// strongly discouraged.
//
-// If an error is returned, it is passed back to the caller of
-// PostInbox. In this case, the DelegateActor implementation must not
-// write a response to the ResponseWriter as is expected that the caller
-// to PostInbox will do so when handling the error.
+// If an error is returned, it is passed back to the caller of PostInbox.
+// In this case, the DelegateActor implementation must not write a response
+// to the ResponseWriter as is expected that the caller to PostInbox will
+// do so when handling the error.
func (f *federator) PostInboxRequestBodyHook(ctx context.Context, r *http.Request, activity pub.Activity) (context.Context, error) {
- // extract any other IRIs involved in this activity
- otherInvolvedIRIs := []*url.URL{}
+ // Extract any other IRIs involved in this activity.
+ otherIRIs := []*url.URL{}
- // check if the Activity itself has an 'inReplyTo'
+ // Get the ID of the Activity itslf.
+ activityID, err := pub.GetId(activity)
+ if err == nil {
+ otherIRIs = append(otherIRIs, activityID)
+ }
+
+ // Check if the Activity has an 'inReplyTo'.
if replyToable, ok := activity.(ap.ReplyToable); ok {
if inReplyToURI := ap.ExtractInReplyToURI(replyToable); inReplyToURI != nil {
- otherInvolvedIRIs = append(otherInvolvedIRIs, inReplyToURI)
+ otherIRIs = append(otherIRIs, inReplyToURI)
}
}
- // now check if the Object of the Activity (usually a Note or something) has an 'inReplyTo'
- if object := activity.GetActivityStreamsObject(); object != nil {
- if replyToable, ok := object.(ap.ReplyToable); ok {
- if inReplyToURI := ap.ExtractInReplyToURI(replyToable); inReplyToURI != nil {
- otherInvolvedIRIs = append(otherInvolvedIRIs, inReplyToURI)
- }
- }
- }
-
- // check for Tos and CCs on Activity itself
+ // Check for TOs and CCs on the Activity.
if addressable, ok := activity.(ap.Addressable); ok {
- if ccURIs, err := ap.ExtractCCs(addressable); err == nil {
- otherInvolvedIRIs = append(otherInvolvedIRIs, ccURIs...)
- }
if toURIs, err := ap.ExtractTos(addressable); err == nil {
- otherInvolvedIRIs = append(otherInvolvedIRIs, toURIs...)
+ otherIRIs = append(otherIRIs, toURIs...)
+ }
+
+ if ccURIs, err := ap.ExtractCCs(addressable); err == nil {
+ otherIRIs = append(otherIRIs, ccURIs...)
}
}
- // and on the Object itself
- if object := activity.GetActivityStreamsObject(); object != nil {
- if addressable, ok := object.(ap.Addressable); ok {
- if ccURIs, err := ap.ExtractCCs(addressable); err == nil {
- otherInvolvedIRIs = append(otherInvolvedIRIs, ccURIs...)
+ // Now perform the same checks, but for the Object(s) of the Activity.
+ objectProp := activity.GetActivityStreamsObject()
+ for iter := objectProp.Begin(); iter != objectProp.End(); iter = iter.Next() {
+ if iter.IsIRI() {
+ otherIRIs = append(otherIRIs, iter.GetIRI())
+ continue
+ }
+
+ t := iter.GetType()
+ if t == nil {
+ continue
+ }
+
+ objectID, err := pub.GetId(t)
+ if err == nil {
+ otherIRIs = append(otherIRIs, objectID)
+ }
+
+ if replyToable, ok := t.(ap.ReplyToable); ok {
+ if inReplyToURI := ap.ExtractInReplyToURI(replyToable); inReplyToURI != nil {
+ otherIRIs = append(otherIRIs, inReplyToURI)
}
+ }
+
+ if addressable, ok := t.(ap.Addressable); ok {
if toURIs, err := ap.ExtractTos(addressable); err == nil {
- otherInvolvedIRIs = append(otherInvolvedIRIs, toURIs...)
+ otherIRIs = append(otherIRIs, toURIs...)
+ }
+
+ if ccURIs, err := ap.ExtractCCs(addressable); err == nil {
+ otherIRIs = append(otherIRIs, ccURIs...)
}
}
}
- // remove any duplicate entries in the slice we put together
- deduped := util.UniqueURIs(otherInvolvedIRIs)
+ // Clean any instances of the public URI, since
+ // we don't care about that in this context.
+ otherIRIs = func(iris []*url.URL) []*url.URL {
+ np := make([]*url.URL, 0, len(iris))
- // clean any instances of the public URI since we don't care about that in this context
- cleaned := []*url.URL{}
- for _, u := range deduped {
- if !pub.IsPublic(u.String()) {
- cleaned = append(cleaned, u)
+ for _, i := range iris {
+ if !pub.IsPublic(i.String()) {
+ np = append(np, i)
+ }
}
- }
- withOtherInvolvedIRIs := context.WithValue(ctx, ap.ContextOtherInvolvedIRIs, cleaned)
- return withOtherInvolvedIRIs, nil
+ return np
+ }(otherIRIs)
+
+ // OtherIRIs will likely contain some
+ // duplicate entries now, so remove them.
+ otherIRIs = util.UniqueURIs(otherIRIs)
+
+ // Finished, set other IRIs on the context
+ // so they can be checked for blocks later.
+ ctx = gtscontext.SetOtherIRIs(ctx, otherIRIs)
+ return ctx, nil
}
// AuthenticatePostInbox delegates the authentication of a POST to an
@@ -143,23 +203,23 @@ func (f *federator) AuthenticatePostInbox(ctx context.Context, w http.ResponseWr
// account by parsing username from `/users/{username}/inbox`.
username, err := uris.ParseInboxPath(r.URL)
if err != nil {
- err = fmt.Errorf("AuthenticatePostInbox: could not parse %s as inbox path: %w", r.URL.String(), err)
+ err = gtserror.Newf("could not parse %s as inbox path: %w", r.URL.String(), err)
return nil, false, err
}
if username == "" {
- err = errors.New("AuthenticatePostInbox: inbox username was empty")
+ err = gtserror.New("inbox username was empty")
return nil, false, err
}
receivingAccount, err := f.db.GetAccountByUsernameDomain(ctx, username, "")
if err != nil {
- err = fmt.Errorf("AuthenticatePostInbox: could not fetch receiving account %s: %w", username, err)
+ err = gtserror.Newf("could not fetch receiving account %s: %w", username, err)
return nil, false, err
}
- // Check who's delivering by inspecting the http signature.
- publicKeyOwnerURI, errWithCode := f.AuthenticateFederatedRequest(ctx, receivingAccount.Username)
+ // Check who's trying to deliver to us by inspecting the http signature.
+ pubKeyOwner, errWithCode := f.AuthenticateFederatedRequest(ctx, receivingAccount.Username)
if errWithCode != nil {
switch errWithCode.Code() {
case http.StatusUnauthorized, http.StatusForbidden, http.StatusBadRequest:
@@ -184,25 +244,30 @@ func (f *federator) AuthenticatePostInbox(ctx context.Context, w http.ResponseWr
// Authentication has passed, check if we need to create a
// new instance entry for the Host of the requesting account.
- if _, err := f.db.GetInstance(ctx, publicKeyOwnerURI.Host); err != nil {
+ if _, err := f.db.GetInstance(ctx, pubKeyOwner.Host); err != nil {
if !errors.Is(err, db.ErrNoEntries) {
// There's been an actual error.
- err = fmt.Errorf("AuthenticatePostInbox: error getting instance %s: %w", publicKeyOwnerURI.Host, err)
+ err = gtserror.Newf("error getting instance %s: %w", pubKeyOwner.Host, err)
return ctx, false, err
}
- // we don't have an entry for this instance yet so dereference it
- instance, err := f.GetRemoteInstance(gtscontext.SetFastFail(ctx), username, &url.URL{
- Scheme: publicKeyOwnerURI.Scheme,
- Host: publicKeyOwnerURI.Host,
- })
+ // We don't have an entry for this
+ // instance yet; go dereference it.
+ instance, err := f.GetRemoteInstance(
+ gtscontext.SetFastFail(ctx),
+ username,
+ &url.URL{
+ Scheme: pubKeyOwner.Scheme,
+ Host: pubKeyOwner.Host,
+ },
+ )
if err != nil {
- err = fmt.Errorf("AuthenticatePostInbox: error dereferencing instance %s: %w", publicKeyOwnerURI.Host, err)
+ err = gtserror.Newf("error dereferencing instance %s: %w", pubKeyOwner.Host, err)
return nil, false, err
}
- if err := f.db.Put(ctx, instance); err != nil {
- err = fmt.Errorf("AuthenticatePostInbox: error inserting instance entry for %s: %w", publicKeyOwnerURI.Host, err)
+ if err := f.db.Put(ctx, instance); err != nil && !errors.Is(err, db.ErrAlreadyExists) {
+ err = gtserror.Newf("error inserting instance entry for %s: %w", pubKeyOwner.Host, err)
return nil, false, err
}
}
@@ -210,7 +275,11 @@ func (f *federator) AuthenticatePostInbox(ctx context.Context, w http.ResponseWr
// We know the public key owner URI now, so we can
// dereference the remote account (or just get it
// from the db if we already have it).
- requestingAccount, _, err := f.GetAccountByURI(gtscontext.SetFastFail(ctx), username, publicKeyOwnerURI)
+ requestingAccount, _, err := f.GetAccountByURI(
+ gtscontext.SetFastFail(ctx),
+ username,
+ pubKeyOwner,
+ )
if err != nil {
if gtserror.StatusCode(err) == http.StatusGone {
// This is the same case as the http.StatusGone check above.
@@ -222,113 +291,196 @@ func (f *federator) AuthenticatePostInbox(ctx context.Context, w http.ResponseWr
w.WriteHeader(http.StatusAccepted)
return ctx, false, nil
}
- err = fmt.Errorf("AuthenticatePostInbox: couldn't get requesting account %s: %w", publicKeyOwnerURI, err)
+
+ err = gtserror.Newf("couldn't get requesting account %s: %w", pubKeyOwner, err)
return nil, false, err
}
// We have everything we need now, set the requesting
// and receiving accounts on the context for later use.
- withRequesting := context.WithValue(ctx, ap.ContextRequestingAccount, requestingAccount)
- withReceiving := context.WithValue(withRequesting, ap.ContextReceivingAccount, receivingAccount)
- return withReceiving, true, nil
+ ctx = gtscontext.SetRequestingAccount(ctx, requestingAccount)
+ ctx = gtscontext.SetReceivingAccount(ctx, receivingAccount)
+ return ctx, true, nil
}
// Blocked should determine whether to permit a set of actors given by
// their ids are able to interact with this particular end user due to
// being blocked or other application-specific logic.
-//
-// If an error is returned, it is passed back to the caller of
-// PostInbox.
-//
-// If no error is returned, but authentication or authorization fails,
-// then blocked must be true and error nil. An http.StatusForbidden
-// will be written in the wresponse.
-//
-// Finally, if the authentication and authorization succeeds, then
-// blocked must be false and error nil. The request will continue
-// to be processed.
func (f *federator) Blocked(ctx context.Context, actorIRIs []*url.URL) (bool, error) {
- log.Tracef(ctx, "entering BLOCKED function with IRI list: %+v", actorIRIs)
+ // Fetch relevant items from request context.
+ // These should have been set further up the flow.
+ receivingAccount := gtscontext.ReceivingAccount(ctx)
+ if receivingAccount == nil {
+ err := gtserror.New("couldn't determine blocks (receiving account not set on request context)")
+ return false, err
+ }
- // check domain blocks first for the given actor IRIs
+ requestingAccount := gtscontext.RequestingAccount(ctx)
+ if requestingAccount == nil {
+ err := gtserror.New("couldn't determine blocks (requesting account not set on request context)")
+ return false, err
+ }
+
+ otherIRIs := gtscontext.OtherIRIs(ctx)
+ if otherIRIs == nil {
+ err := gtserror.New("couldn't determine blocks (otherIRIs not set on request context)")
+ return false, err
+ }
+
+ l := log.
+ WithContext(ctx).
+ WithFields(kv.Fields{
+ {"actorIRIs", actorIRIs},
+ {"receivingAccount", receivingAccount.URI},
+ {"requestingAccount", requestingAccount.URI},
+ {"otherIRIs", otherIRIs},
+ }...)
+ l.Trace("checking blocks")
+
+ // Start broad by checking domain-level blocks first for
+ // the given actor IRIs; if any of them are domain blocked
+ // then we can save some work.
blocked, err := f.db.AreURIsBlocked(ctx, actorIRIs)
if err != nil {
- return false, fmt.Errorf("error checking domain blocks of actorIRIs: %s", err)
+ err = gtserror.Newf("error checking domain blocks of actorIRIs: %w", err)
+ return false, err
}
+
if blocked {
+ l.Trace("one or more actorIRIs are domain blocked")
return blocked, nil
}
- // check domain blocks for any other involved IRIs
- otherInvolvedIRIsI := ctx.Value(ap.ContextOtherInvolvedIRIs)
- otherInvolvedIRIs, ok := otherInvolvedIRIsI.([]*url.URL)
- if !ok {
- log.Error(ctx, "other involved IRIs not set on request context")
- return false, errors.New("other involved IRIs not set on request context, so couldn't determine blocks")
- }
- blocked, err = f.db.AreURIsBlocked(ctx, otherInvolvedIRIs)
- if err != nil {
- return false, fmt.Errorf("error checking domain blocks of otherInvolvedIRIs: %s", err)
- }
- if blocked {
- return blocked, nil
- }
-
- // now check for user-level block from receiving against requesting account
- receivingAccountI := ctx.Value(ap.ContextReceivingAccount)
- receivingAccount, ok := receivingAccountI.(*gtsmodel.Account)
- if !ok {
- log.Error(ctx, "receiving account not set on request context")
- return false, errors.New("receiving account not set on request context, so couldn't determine blocks")
- }
- requestingAccountI := ctx.Value(ap.ContextRequestingAccount)
- requestingAccount, ok := requestingAccountI.(*gtsmodel.Account)
- if !ok {
- log.Error(ctx, "requesting account not set on request context")
- return false, errors.New("requesting account not set on request context, so couldn't determine blocks")
- }
- // the receiver shouldn't block the sender
+ // Now user level blocks. Receiver should not block requester.
blocked, err = f.db.IsBlocked(ctx, receivingAccount.ID, requestingAccount.ID)
if err != nil {
- return false, fmt.Errorf("error checking user-level blocks: %s", err)
+ err = gtserror.Newf("db error checking block between receiver and requester: %w", err)
+ return false, err
}
+
if blocked {
+ l.Trace("receiving account blocks requesting account")
return blocked, nil
}
- // get account IDs for other involved accounts
- var involvedAccountIDs []string
- for _, iri := range otherInvolvedIRIs {
- var involvedAccountID string
- if involvedStatus, err := f.db.GetStatusByURI(ctx, iri.String()); err == nil {
- involvedAccountID = involvedStatus.AccountID
- } else if involvedAccount, err := f.db.GetAccountByURI(ctx, iri.String()); err == nil {
- involvedAccountID = involvedAccount.ID
+ // We've established that no blocks exist between directly
+ // involved actors, but what about IRIs of other actors and
+ // objects which are tangentially involved in the activity
+ // (ie., replied to, boosted)?
+ //
+ // If one or more of these other IRIs is domain blocked, or
+ // blocked by the receiving account, this shouldn't return
+ // blocked=true to send a 403, since that would be rather
+ // silly behavior. Instead, we should indicate to the caller
+ // that we should stop processing the activity and just write
+ // 202 Accepted instead.
+ //
+ // For this, we can use the errOtherIRIBlocked type, which
+ // will be checked for
+
+ // Check high-level domain blocks first.
+ blocked, err = f.db.AreURIsBlocked(ctx, otherIRIs)
+ if err != nil {
+ err := gtserror.Newf("error checking domain block of otherIRIs: %w", err)
+ return false, err
+ }
+
+ if blocked {
+ err := newErrOtherIRIBlocked(receivingAccount.URI, true, otherIRIs)
+ l.Trace(err.Error())
+ return false, err
+ }
+
+ // For each other IRI, check whether the IRI points to an
+ // account or a status, and try to get (an) accountID(s)
+ // from it to do further checks on.
+ //
+ // We use a map for this instead of a slice in order to
+ // deduplicate entries and avoid doing the same check twice.
+ // The map value is the host of the otherIRI.
+ accountIDs := make(map[string]string, len(otherIRIs))
+ for _, iri := range otherIRIs {
+ // Assemble iri string just once.
+ iriStr := iri.String()
+
+ account, err := f.db.GetAccountByURI(
+ // We're on a hot path, fetch bare minimum.
+ gtscontext.SetBarebones(ctx),
+ iriStr,
+ )
+ if err != nil && !errors.Is(err, db.ErrNoEntries) {
+ // Real db error.
+ err = gtserror.Newf("db error trying to get %s as account: %w", iriStr, err)
+ return false, err
+ } else if err == nil {
+ // IRI is for an account.
+ accountIDs[account.ID] = iri.Host
+ continue
}
- if involvedAccountID != "" {
- involvedAccountIDs = append(involvedAccountIDs, involvedAccountID)
+ status, err := f.db.GetStatusByURI(
+ // We're on a hot path, fetch bare minimum.
+ gtscontext.SetBarebones(ctx),
+ iriStr,
+ )
+ if err != nil && !errors.Is(err, db.ErrNoEntries) {
+ // Real db error.
+ err = gtserror.Newf("db error trying to get %s as status: %w", iriStr, err)
+ return false, err
+ } else if err == nil {
+ // IRI is for a status.
+ accountIDs[status.AccountID] = iri.Host
+ continue
}
}
- deduped := util.UniqueStrings(involvedAccountIDs)
- for _, involvedAccountID := range deduped {
- // the involved account shouldn't block whoever is making this request
- blocked, err = f.db.IsBlocked(ctx, involvedAccountID, requestingAccount.ID)
+ // Get our own host value just once outside the loop.
+ ourHost := config.GetHost()
+
+ for accountID, iriHost := range accountIDs {
+ // Receiver shouldn't block other IRI owner.
+ //
+ // This check protects against cases where someone on our
+ // instance is receiving a boost from someone they don't
+ // block, but the boost target is the status of an account
+ // they DO have blocked, or the boosted status mentions an
+ // account they have blocked. In this case, it's v. unlikely
+ // they care to see the boost in their timeline, so there's
+ // no point in us processing it.
+ blocked, err = f.db.IsBlocked(ctx, receivingAccount.ID, accountID)
if err != nil {
- return false, fmt.Errorf("error checking user-level otherInvolvedIRI blocks: %s", err)
- }
- if blocked {
- return blocked, nil
+ err = gtserror.Newf("db error checking block between receiver and other account: %w", err)
+ return false, err
}
- // whoever is receiving this request shouldn't block the involved account
- blocked, err = f.db.IsBlocked(ctx, receivingAccount.ID, involvedAccountID)
- if err != nil {
- return false, fmt.Errorf("error checking user-level otherInvolvedIRI blocks: %s", err)
- }
if blocked {
- return blocked, nil
+ l.Trace("receiving account blocks one or more otherIRIs")
+ err := newErrOtherIRIBlocked(receivingAccount.URI, false, otherIRIs)
+ return false, err
+ }
+
+ // If other account is from our instance (indicated by the
+ // host of the URI stored in the map), ensure they don't block
+ // the requester.
+ //
+ // This check protects against cases where one of our users
+ // might be mentioned by the requesting account, and therefore
+ // appear in otherIRIs, but the activity itself has been sent
+ // to a different account on our instance. In other words, two
+ // accounts are gossiping about + trying to tag a third account
+ // who has one or the other of them blocked.
+ if iriHost == ourHost {
+ blocked, err = f.db.IsBlocked(ctx, accountID, requestingAccount.ID)
+ if err != nil {
+ err = gtserror.Newf("db error checking block between other account and requester: %w", err)
+ return false, err
+ }
+
+ if blocked {
+ l.Trace("one or more otherIRIs belonging to us blocks requesting account")
+ err := newErrOtherIRIBlocked(requestingAccount.URI, false, otherIRIs)
+ return false, err
+ }
}
}
diff --git a/internal/federation/federatingprotocol_test.go b/internal/federation/federatingprotocol_test.go
index 3350099b0..8da6859dd 100644
--- a/internal/federation/federatingprotocol_test.go
+++ b/internal/federation/federatingprotocol_test.go
@@ -18,7 +18,10 @@
package federation_test
import (
+ "bytes"
"context"
+ "encoding/json"
+ "io"
"net/http"
"net/http/httptest"
"net/url"
@@ -27,7 +30,7 @@ import (
"github.com/go-fed/httpsig"
"github.com/stretchr/testify/suite"
"github.com/superseriousbusiness/gotosocial/internal/ap"
- "github.com/superseriousbusiness/gotosocial/internal/federation"
+ "github.com/superseriousbusiness/gotosocial/internal/gtscontext"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
"github.com/superseriousbusiness/gotosocial/testrig"
)
@@ -36,342 +39,402 @@ type FederatingProtocolTestSuite struct {
FederatorStandardTestSuite
}
-func (suite *FederatingProtocolTestSuite) TestPostInboxRequestBodyHook1() {
- // the activity we're gonna use
- activity := suite.testActivities["dm_for_zork"]
-
- httpClient := testrig.NewMockHTTPClient(nil, "../../testrig/media")
- tc := testrig.NewTestTransportController(&suite.state, httpClient)
- // setup module being tested
- federator := federation.NewFederator(&suite.state, testrig.NewTestFederatingDB(&suite.state), tc, suite.tc, testrig.NewTestMediaManager(&suite.state))
-
- // setup request
- ctx := context.Background()
- request := httptest.NewRequest(http.MethodPost, "http://localhost:8080/users/the_mighty_zork/inbox", nil) // the endpoint we're hitting
- request.Header.Set("Signature", activity.SignatureHeader)
-
- // trigger the function being tested, and return the new context it creates
- newContext, err := federator.PostInboxRequestBodyHook(ctx, request, activity.Activity)
- suite.NoError(err)
- suite.NotNil(newContext)
-
- involvedIRIsI := newContext.Value(ap.ContextOtherInvolvedIRIs)
- involvedIRIs, ok := involvedIRIsI.([]*url.URL)
- if !ok {
- suite.FailNow("couldn't get involved IRIs from context")
- }
-
- suite.Len(involvedIRIs, 1)
- suite.Contains(involvedIRIs, testrig.URLMustParse("http://localhost:8080/users/the_mighty_zork"))
-}
-
-func (suite *FederatingProtocolTestSuite) TestPostInboxRequestBodyHook2() {
- // the activity we're gonna use
- activity := suite.testActivities["reply_to_turtle_for_zork"]
-
- httpClient := testrig.NewMockHTTPClient(nil, "../../testrig/media")
- tc := testrig.NewTestTransportController(&suite.state, httpClient)
-
- // setup module being tested
- federator := federation.NewFederator(&suite.state, testrig.NewTestFederatingDB(&suite.state), tc, suite.tc, testrig.NewTestMediaManager(&suite.state))
-
- // setup request
- ctx := context.Background()
- request := httptest.NewRequest(http.MethodPost, "http://localhost:8080/users/the_mighty_zork/inbox", nil) // the endpoint we're hitting
- request.Header.Set("Signature", activity.SignatureHeader)
-
- // trigger the function being tested, and return the new context it creates
- newContext, err := federator.PostInboxRequestBodyHook(ctx, request, activity.Activity)
- suite.NoError(err)
- suite.NotNil(newContext)
-
- involvedIRIsI := newContext.Value(ap.ContextOtherInvolvedIRIs)
- involvedIRIs, ok := involvedIRIsI.([]*url.URL)
- if !ok {
- suite.FailNow("couldn't get involved IRIs from context")
- }
-
- suite.Len(involvedIRIs, 2)
- suite.Contains(involvedIRIs, testrig.URLMustParse("http://localhost:8080/users/1happyturtle"))
- suite.Contains(involvedIRIs, testrig.URLMustParse("http://fossbros-anonymous.io/users/foss_satan/followers"))
-}
-
-func (suite *FederatingProtocolTestSuite) TestPostInboxRequestBodyHook3() {
- // the activity we're gonna use
- activity := suite.testActivities["reply_to_turtle_for_turtle"]
-
- httpClient := testrig.NewMockHTTPClient(nil, "../../testrig/media")
- tc := testrig.NewTestTransportController(&suite.state, httpClient)
-
- // setup module being tested
- federator := federation.NewFederator(&suite.state, testrig.NewTestFederatingDB(&suite.state), tc, suite.tc, testrig.NewTestMediaManager(&suite.state))
-
- // setup request
- ctx := context.Background()
- request := httptest.NewRequest(http.MethodPost, "http://localhost:8080/users/1happyturtle/inbox", nil) // the endpoint we're hitting
- request.Header.Set("Signature", activity.SignatureHeader)
-
- // trigger the function being tested, and return the new context it creates
- newContext, err := federator.PostInboxRequestBodyHook(ctx, request, activity.Activity)
- suite.NoError(err)
- suite.NotNil(newContext)
-
- involvedIRIsI := newContext.Value(ap.ContextOtherInvolvedIRIs)
- involvedIRIs, ok := involvedIRIsI.([]*url.URL)
- if !ok {
- suite.FailNow("couldn't get involved IRIs from context")
- }
-
- suite.Len(involvedIRIs, 2)
- suite.Contains(involvedIRIs, testrig.URLMustParse("http://localhost:8080/users/1happyturtle"))
- suite.Contains(involvedIRIs, testrig.URLMustParse("http://fossbros-anonymous.io/users/foss_satan/followers"))
-}
-
-func (suite *FederatingProtocolTestSuite) TestAuthenticatePostInbox() {
- // the activity we're gonna use
- activity := suite.testActivities["dm_for_zork"]
- sendingAccount := suite.testAccounts["remote_account_1"]
- inboxAccount := suite.testAccounts["local_account_1"]
-
- httpClient := testrig.NewMockHTTPClient(nil, "../../testrig/media")
- tc := testrig.NewTestTransportController(&suite.state, httpClient)
-
- // now setup module being tested, with the mock transport controller
- federator := federation.NewFederator(&suite.state, testrig.NewTestFederatingDB(&suite.state), tc, suite.tc, testrig.NewTestMediaManager(&suite.state))
-
- request := httptest.NewRequest(http.MethodPost, "http://localhost:8080/users/the_mighty_zork/inbox", nil)
- // we need these headers for the request to be validated
- request.Header.Set("Signature", activity.SignatureHeader)
- request.Header.Set("Date", activity.DateHeader)
- request.Header.Set("Digest", activity.DigestHeader)
-
- verifier, err := httpsig.NewVerifier(request)
- suite.NoError(err)
-
- ctx := context.Background()
- // by the time AuthenticatePostInbox is called, PostInboxRequestBodyHook should have already been called,
- // which should have set the account and username onto the request. We can replicate that behavior here:
- ctxWithAccount := context.WithValue(ctx, ap.ContextReceivingAccount, inboxAccount)
- ctxWithVerifier := context.WithValue(ctxWithAccount, ap.ContextRequestingPublicKeyVerifier, verifier)
- ctxWithSignature := context.WithValue(ctxWithVerifier, ap.ContextRequestingPublicKeySignature, activity.SignatureHeader)
-
- // we can pass this recorder as a writer and read it back after
- recorder := httptest.NewRecorder()
-
- // trigger the function being tested, and return the new context it creates
- newContext, authed, err := federator.AuthenticatePostInbox(ctxWithSignature, recorder, request)
- suite.NoError(err)
- suite.True(authed)
-
- // since we know this account already it should be set on the context
- requestingAccountI := newContext.Value(ap.ContextRequestingAccount)
- suite.NotNil(requestingAccountI)
- requestingAccount, ok := requestingAccountI.(*gtsmodel.Account)
- suite.True(ok)
- suite.Equal(sendingAccount.Username, requestingAccount.Username)
-}
-
-func (suite *FederatingProtocolTestSuite) TestAuthenticatePostGone() {
- // the activity we're gonna use
- activity := suite.testActivities["delete_https://somewhere.mysterious/users/rest_in_piss#main-key"]
- inboxAccount := suite.testAccounts["local_account_1"]
-
- httpClient := testrig.NewMockHTTPClient(nil, "../../testrig/media")
- tc := testrig.NewTestTransportController(&suite.state, httpClient)
-
- // now setup module being tested, with the mock transport controller
- federator := federation.NewFederator(&suite.state, testrig.NewTestFederatingDB(&suite.state), tc, suite.tc, testrig.NewTestMediaManager(&suite.state))
-
- request := httptest.NewRequest(http.MethodPost, "http://localhost:8080/users/the_mighty_zork/inbox", nil)
- // we need these headers for the request to be validated
- request.Header.Set("Signature", activity.SignatureHeader)
- request.Header.Set("Date", activity.DateHeader)
- request.Header.Set("Digest", activity.DigestHeader)
-
- verifier, err := httpsig.NewVerifier(request)
- suite.NoError(err)
-
- ctx := context.Background()
- // by the time AuthenticatePostInbox is called, PostInboxRequestBodyHook should have already been called,
- // which should have set the account and username onto the request. We can replicate that behavior here:
- ctxWithAccount := context.WithValue(ctx, ap.ContextReceivingAccount, inboxAccount)
- ctxWithVerifier := context.WithValue(ctxWithAccount, ap.ContextRequestingPublicKeyVerifier, verifier)
- ctxWithSignature := context.WithValue(ctxWithVerifier, ap.ContextRequestingPublicKeySignature, activity.SignatureHeader)
-
- // we can pass this recorder as a writer and read it back after
- recorder := httptest.NewRecorder()
-
- // trigger the function being tested, and return the new context it creates
- _, authed, err := federator.AuthenticatePostInbox(ctxWithSignature, recorder, request)
- suite.NoError(err)
- suite.False(authed)
- suite.Equal(http.StatusAccepted, recorder.Code)
-}
-
-func (suite *FederatingProtocolTestSuite) TestAuthenticatePostGoneNoTombstoneYet() {
- // delete the relevant tombstone
- if err := suite.db.DeleteTombstone(context.Background(), suite.testTombstones["https://somewhere.mysterious/users/rest_in_piss#main-key"].ID); err != nil {
+func (suite *FederatingProtocolTestSuite) postInboxRequestBodyHook(
+ ctx context.Context,
+ receivingAccount *gtsmodel.Account,
+ activity testrig.ActivityWithSignature,
+) context.Context {
+ raw, err := ap.Serialize(activity.Activity)
+ if err != nil {
suite.FailNow(err.Error())
}
- // the activity we're gonna use
- activity := suite.testActivities["delete_https://somewhere.mysterious/users/rest_in_piss#main-key"]
- inboxAccount := suite.testAccounts["local_account_1"]
+ b, err := json.Marshal(raw)
+ if err != nil {
+ suite.FailNow(err.Error())
+ }
+ suite.NoError(err)
+ request := httptest.NewRequest(http.MethodPost, receivingAccount.InboxURI, bytes.NewBuffer(b))
+ request.Header.Set("Signature", activity.SignatureHeader)
+ request.Header.Set("Date", activity.DateHeader)
+ request.Header.Set("Digest", activity.DigestHeader)
- httpClient := testrig.NewMockHTTPClient(nil, "../../testrig/media")
- tc := testrig.NewTestTransportController(&suite.state, httpClient)
+ newContext, err := suite.federator.PostInboxRequestBodyHook(ctx, request, activity.Activity)
+ if err != nil {
+ suite.FailNow(err.Error())
+ }
- // now setup module being tested, with the mock transport controller
- federator := federation.NewFederator(&suite.state, testrig.NewTestFederatingDB(&suite.state), tc, suite.tc, testrig.NewTestMediaManager(&suite.state))
+ return newContext
+}
- request := httptest.NewRequest(http.MethodPost, "http://localhost:8080/users/the_mighty_zork/inbox", nil)
- // we need these headers for the request to be validated
+func (suite *FederatingProtocolTestSuite) authenticatePostInbox(
+ ctx context.Context,
+ receivingAccount *gtsmodel.Account,
+ activity testrig.ActivityWithSignature,
+) (context.Context, bool, []byte, int) {
+ raw, err := ap.Serialize(activity.Activity)
+ if err != nil {
+ suite.FailNow(err.Error())
+ }
+
+ b, err := json.Marshal(raw)
+ if err != nil {
+ suite.FailNow(err.Error())
+ }
+
+ request := httptest.NewRequest(http.MethodPost, receivingAccount.InboxURI, bytes.NewBuffer(b))
request.Header.Set("Signature", activity.SignatureHeader)
request.Header.Set("Date", activity.DateHeader)
request.Header.Set("Digest", activity.DigestHeader)
verifier, err := httpsig.NewVerifier(request)
- suite.NoError(err)
+ if err != nil {
+ suite.FailNow(err.Error())
+ }
- ctx := context.Background()
- // by the time AuthenticatePostInbox is called, PostInboxRequestBodyHook should have already been called,
- // which should have set the account and username onto the request. We can replicate that behavior here:
- ctxWithAccount := context.WithValue(ctx, ap.ContextReceivingAccount, inboxAccount)
- ctxWithVerifier := context.WithValue(ctxWithAccount, ap.ContextRequestingPublicKeyVerifier, verifier)
- ctxWithSignature := context.WithValue(ctxWithVerifier, ap.ContextRequestingPublicKeySignature, activity.SignatureHeader)
+ ctx = gtscontext.SetReceivingAccount(ctx, receivingAccount)
+ ctx = gtscontext.SetHTTPSignatureVerifier(ctx, verifier)
+ ctx = gtscontext.SetHTTPSignature(ctx, activity.SignatureHeader)
+ ctx = gtscontext.SetHTTPSignaturePubKeyID(ctx, testrig.URLMustParse(verifier.KeyId()))
- // we can pass this recorder as a writer and read it back after
recorder := httptest.NewRecorder()
+ newContext, authed, err := suite.federator.AuthenticatePostInbox(ctx, recorder, request)
+ if err != nil {
+ suite.FailNow(err.Error())
+ }
- // trigger the function being tested, and return the new context it creates
- _, authed, err := federator.AuthenticatePostInbox(ctxWithSignature, recorder, request)
- suite.NoError(err)
+ res := recorder.Result()
+ defer res.Body.Close()
+
+ b, err = io.ReadAll(res.Body)
+ if err != nil {
+ suite.FailNow(err.Error())
+ }
+
+ return newContext, authed, b, res.StatusCode
+}
+
+func (suite *FederatingProtocolTestSuite) TestPostInboxRequestBodyHookDM() {
+ var (
+ receivingAccount = suite.testAccounts["local_account_1"]
+ activity = suite.testActivities["dm_for_zork"]
+ )
+
+ ctx := suite.postInboxRequestBodyHook(
+ context.Background(),
+ receivingAccount,
+ activity,
+ )
+
+ otherIRIs := gtscontext.OtherIRIs(ctx)
+ otherIRIStrs := make([]string, 0, len(otherIRIs))
+ for _, i := range otherIRIs {
+ otherIRIStrs = append(otherIRIStrs, i.String())
+ }
+
+ suite.Equal([]string{
+ "http://fossbros-anonymous.io/users/foss_satan/statuses/5424b153-4553-4f30-9358-7b92f7cd42f6/activity",
+ "http://localhost:8080/users/the_mighty_zork",
+ "http://fossbros-anonymous.io/users/foss_satan/statuses/5424b153-4553-4f30-9358-7b92f7cd42f6",
+ }, otherIRIStrs)
+}
+
+func (suite *FederatingProtocolTestSuite) TestPostInboxRequestBodyHookReply() {
+ var (
+ receivingAccount = suite.testAccounts["local_account_1"]
+ activity = suite.testActivities["reply_to_turtle_for_zork"]
+ )
+
+ ctx := suite.postInboxRequestBodyHook(
+ context.Background(),
+ receivingAccount,
+ activity,
+ )
+
+ otherIRIs := gtscontext.OtherIRIs(ctx)
+ otherIRIStrs := make([]string, 0, len(otherIRIs))
+ for _, i := range otherIRIs {
+ otherIRIStrs = append(otherIRIStrs, i.String())
+ }
+
+ suite.Equal([]string{
+ "http://fossbros-anonymous.io/users/foss_satan/statuses/2f1195a6-5cb0-4475-adf5-92ab9a0147fe",
+ "http://fossbros-anonymous.io/users/foss_satan/followers",
+ "http://localhost:8080/users/1happyturtle",
+ }, otherIRIStrs)
+}
+
+func (suite *FederatingProtocolTestSuite) TestPostInboxRequestBodyHookReplyToReply() {
+ var (
+ receivingAccount = suite.testAccounts["local_account_2"]
+ activity = suite.testActivities["reply_to_turtle_for_turtle"]
+ )
+
+ ctx := suite.postInboxRequestBodyHook(
+ context.Background(),
+ receivingAccount,
+ activity,
+ )
+
+ otherIRIs := gtscontext.OtherIRIs(ctx)
+ otherIRIStrs := make([]string, 0, len(otherIRIs))
+ for _, i := range otherIRIs {
+ otherIRIStrs = append(otherIRIStrs, i.String())
+ }
+
+ suite.Equal([]string{
+ "http://fossbros-anonymous.io/users/foss_satan/statuses/2f1195a6-5cb0-4475-adf5-92ab9a0147fe",
+ "http://fossbros-anonymous.io/users/foss_satan/followers",
+ "http://localhost:8080/users/1happyturtle",
+ }, otherIRIStrs)
+}
+
+func (suite *FederatingProtocolTestSuite) TestPostInboxRequestBodyHookAnnounceForwardedToTurtle() {
+ var (
+ receivingAccount = suite.testAccounts["local_account_2"]
+ activity = suite.testActivities["announce_forwarded_1_turtle"]
+ )
+
+ ctx := suite.postInboxRequestBodyHook(
+ context.Background(),
+ receivingAccount,
+ activity,
+ )
+
+ otherIRIs := gtscontext.OtherIRIs(ctx)
+ otherIRIStrs := make([]string, 0, len(otherIRIs))
+ for _, i := range otherIRIs {
+ otherIRIStrs = append(otherIRIStrs, i.String())
+ }
+
+ suite.Equal([]string{
+ "http://fossbros-anonymous.io/users/foss_satan/first_announce",
+ "http://example.org/users/Some_User",
+ "http://example.org/users/Some_User/statuses/afaba698-5740-4e32-a702-af61aa543bc1",
+ }, otherIRIStrs)
+}
+
+func (suite *FederatingProtocolTestSuite) TestPostInboxRequestBodyHookAnnounceForwardedToZork() {
+ var (
+ receivingAccount = suite.testAccounts["local_account_1"]
+ activity = suite.testActivities["announce_forwarded_2_zork"]
+ )
+
+ ctx := suite.postInboxRequestBodyHook(
+ context.Background(),
+ receivingAccount,
+ activity,
+ )
+
+ otherIRIs := gtscontext.OtherIRIs(ctx)
+ otherIRIStrs := make([]string, 0, len(otherIRIs))
+ for _, i := range otherIRIs {
+ otherIRIStrs = append(otherIRIStrs, i.String())
+ }
+
+ suite.Equal([]string{
+ "http://fossbros-anonymous.io/users/foss_satan/second_announce",
+ "http://example.org/users/Some_User",
+ "http://example.org/users/Some_User/statuses/afaba698-5740-4e32-a702-af61aa543bc1",
+ }, otherIRIStrs)
+}
+
+func (suite *FederatingProtocolTestSuite) TestAuthenticatePostInbox() {
+ var (
+ activity = suite.testActivities["dm_for_zork"]
+ receivingAccount = suite.testAccounts["local_account_1"]
+ )
+
+ ctx, authed, resp, code := suite.authenticatePostInbox(
+ context.Background(),
+ receivingAccount,
+ activity,
+ )
+
+ suite.NotNil(gtscontext.RequestingAccount(ctx))
+ suite.True(authed)
+ suite.Equal([]byte{}, resp)
+ suite.Equal(http.StatusOK, code)
+}
+
+func (suite *FederatingProtocolTestSuite) TestAuthenticatePostGoneWithTombstone() {
+ var (
+ activity = suite.testActivities["delete_https://somewhere.mysterious/users/rest_in_piss#main-key"]
+ receivingAccount = suite.testAccounts["local_account_1"]
+ )
+
+ ctx, authed, resp, code := suite.authenticatePostInbox(
+ context.Background(),
+ receivingAccount,
+ activity,
+ )
+
+ // Tombstone exists for this account, should simply return accepted.
+ suite.Nil(gtscontext.RequestingAccount(ctx))
suite.False(authed)
- suite.Equal(http.StatusAccepted, recorder.Code)
+ suite.Equal([]byte{}, resp)
+ suite.Equal(http.StatusAccepted, code)
+}
- // there should be a tombstone in the db now for this account
- exists, err := suite.db.TombstoneExistsWithURI(ctx, "https://somewhere.mysterious/users/rest_in_piss#main-key")
+func (suite *FederatingProtocolTestSuite) TestAuthenticatePostGoneNoTombstone() {
+ var (
+ activity = suite.testActivities["delete_https://somewhere.mysterious/users/rest_in_piss#main-key"]
+ receivingAccount = suite.testAccounts["local_account_1"]
+ testTombstone = suite.testTombstones["https://somewhere.mysterious/users/rest_in_piss#main-key"]
+ )
+
+ // Delete the tombstone; it'll have to be created again.
+ if err := suite.state.DB.DeleteTombstone(context.Background(), testTombstone.ID); err != nil {
+ suite.FailNow(err.Error())
+ }
+
+ ctx, authed, resp, code := suite.authenticatePostInbox(
+ context.Background(),
+ receivingAccount,
+ activity,
+ )
+
+ suite.Nil(gtscontext.RequestingAccount(ctx))
+ suite.False(authed)
+ suite.Equal([]byte{}, resp)
+ suite.Equal(http.StatusAccepted, code)
+
+ // Tombstone should be back, baby!
+ exists, err := suite.state.DB.TombstoneExistsWithURI(
+ context.Background(),
+ "https://somewhere.mysterious/users/rest_in_piss#main-key",
+ )
suite.NoError(err)
suite.True(exists)
}
-func (suite *FederatingProtocolTestSuite) TestBlocked1() {
- httpClient := testrig.NewMockHTTPClient(nil, "../../testrig/media")
- tc := testrig.NewTestTransportController(&suite.state, httpClient)
- federator := federation.NewFederator(&suite.state, testrig.NewTestFederatingDB(&suite.state), tc, suite.tc, testrig.NewTestMediaManager(&suite.state))
+func (suite *FederatingProtocolTestSuite) blocked(
+ ctx context.Context,
+ receivingAccount *gtsmodel.Account,
+ requestingAccount *gtsmodel.Account,
+ otherIRIs []*url.URL,
+ actorIRIs []*url.URL,
+) (bool, error) {
+ ctx = gtscontext.SetReceivingAccount(ctx, receivingAccount)
+ ctx = gtscontext.SetRequestingAccount(ctx, requestingAccount)
+ ctx = gtscontext.SetOtherIRIs(ctx, otherIRIs)
+ return suite.federator.Blocked(ctx, actorIRIs)
+}
- sendingAccount := suite.testAccounts["remote_account_1"]
- inboxAccount := suite.testAccounts["local_account_1"]
- otherInvolvedIRIs := []*url.URL{}
- actorIRIs := []*url.URL{
- testrig.URLMustParse(sendingAccount.URI),
- }
+func (suite *FederatingProtocolTestSuite) TestBlockedNoProblem() {
+ var (
+ receivingAccount = suite.testAccounts["local_account_1"]
+ requestingAccount = suite.testAccounts["remote_account_1"]
+ otherIRIs = []*url.URL{}
+ actorIRIs = []*url.URL{
+ testrig.URLMustParse(requestingAccount.URI),
+ }
+ )
- ctx := context.Background()
- ctxWithReceivingAccount := context.WithValue(ctx, ap.ContextReceivingAccount, inboxAccount)
- ctxWithRequestingAccount := context.WithValue(ctxWithReceivingAccount, ap.ContextRequestingAccount, sendingAccount)
- ctxWithOtherInvolvedIRIs := context.WithValue(ctxWithRequestingAccount, ap.ContextOtherInvolvedIRIs, otherInvolvedIRIs)
+ blocked, err := suite.blocked(
+ context.Background(),
+ receivingAccount,
+ requestingAccount,
+ otherIRIs,
+ actorIRIs,
+ )
- blocked, err := federator.Blocked(ctxWithOtherInvolvedIRIs, actorIRIs)
suite.NoError(err)
suite.False(blocked)
}
-func (suite *FederatingProtocolTestSuite) TestBlocked2() {
- httpClient := testrig.NewMockHTTPClient(nil, "../../testrig/media")
- tc := testrig.NewTestTransportController(&suite.state, httpClient)
- federator := federation.NewFederator(&suite.state, testrig.NewTestFederatingDB(&suite.state), tc, suite.tc, testrig.NewTestMediaManager(&suite.state))
+func (suite *FederatingProtocolTestSuite) TestBlockedReceiverBlocksRequester() {
+ var (
+ receivingAccount = suite.testAccounts["local_account_1"]
+ requestingAccount = suite.testAccounts["remote_account_1"]
+ otherIRIs = []*url.URL{}
+ actorIRIs = []*url.URL{
+ testrig.URLMustParse(requestingAccount.URI),
+ }
+ )
- sendingAccount := suite.testAccounts["remote_account_1"]
- inboxAccount := suite.testAccounts["local_account_1"]
- otherInvolvedIRIs := []*url.URL{}
- actorIRIs := []*url.URL{
- testrig.URLMustParse(sendingAccount.URI),
- }
-
- ctx := context.Background()
- ctxWithReceivingAccount := context.WithValue(ctx, ap.ContextReceivingAccount, inboxAccount)
- ctxWithRequestingAccount := context.WithValue(ctxWithReceivingAccount, ap.ContextRequestingAccount, sendingAccount)
- ctxWithOtherInvolvedIRIs := context.WithValue(ctxWithRequestingAccount, ap.ContextOtherInvolvedIRIs, otherInvolvedIRIs)
-
- // insert a block from inboxAccount targeting sendingAccount
- if err := suite.db.PutBlock(context.Background(), >smodel.Block{
+ // Insert a block from receivingAccount targeting requestingAccount.
+ if err := suite.state.DB.PutBlock(context.Background(), >smodel.Block{
ID: "01G3KBEMJD4VQ2D615MPV7KTRD",
URI: "whatever",
- AccountID: inboxAccount.ID,
- TargetAccountID: sendingAccount.ID,
+ AccountID: receivingAccount.ID,
+ TargetAccountID: requestingAccount.ID,
}); err != nil {
suite.Fail(err.Error())
}
- // request should be blocked now
- blocked, err := federator.Blocked(ctxWithOtherInvolvedIRIs, actorIRIs)
+ blocked, err := suite.blocked(
+ context.Background(),
+ receivingAccount,
+ requestingAccount,
+ otherIRIs,
+ actorIRIs,
+ )
+
suite.NoError(err)
suite.True(blocked)
}
-func (suite *FederatingProtocolTestSuite) TestBlocked3() {
- httpClient := testrig.NewMockHTTPClient(nil, "../../testrig/media")
- tc := testrig.NewTestTransportController(&suite.state, httpClient)
- federator := federation.NewFederator(&suite.state, testrig.NewTestFederatingDB(&suite.state), tc, suite.tc, testrig.NewTestMediaManager(&suite.state))
+func (suite *FederatingProtocolTestSuite) TestBlockedCCd() {
+ var (
+ receivingAccount = suite.testAccounts["local_account_1"]
+ requestingAccount = suite.testAccounts["remote_account_1"]
+ ccedAccount = suite.testAccounts["remote_account_2"]
+ otherIRIs = []*url.URL{
+ testrig.URLMustParse(ccedAccount.URI),
+ }
+ actorIRIs = []*url.URL{
+ testrig.URLMustParse(requestingAccount.URI),
+ }
+ )
- sendingAccount := suite.testAccounts["remote_account_1"]
- inboxAccount := suite.testAccounts["local_account_1"]
- ccedAccount := suite.testAccounts["remote_account_2"]
-
- otherInvolvedIRIs := []*url.URL{
- testrig.URLMustParse(ccedAccount.URI),
- }
- actorIRIs := []*url.URL{
- testrig.URLMustParse(sendingAccount.URI),
- }
-
- ctx := context.Background()
- ctxWithReceivingAccount := context.WithValue(ctx, ap.ContextReceivingAccount, inboxAccount)
- ctxWithRequestingAccount := context.WithValue(ctxWithReceivingAccount, ap.ContextRequestingAccount, sendingAccount)
- ctxWithOtherInvolvedIRIs := context.WithValue(ctxWithRequestingAccount, ap.ContextOtherInvolvedIRIs, otherInvolvedIRIs)
-
- // insert a block from inboxAccount targeting CCed account
- if err := suite.db.PutBlock(context.Background(), >smodel.Block{
+ // Insert a block from receivingAccount targeting ccedAccount.
+ if err := suite.state.DB.PutBlock(context.Background(), >smodel.Block{
ID: "01G3KBEMJD4VQ2D615MPV7KTRD",
URI: "whatever",
- AccountID: inboxAccount.ID,
+ AccountID: receivingAccount.ID,
TargetAccountID: ccedAccount.ID,
}); err != nil {
suite.Fail(err.Error())
}
- blocked, err := federator.Blocked(ctxWithOtherInvolvedIRIs, actorIRIs)
- suite.NoError(err)
- suite.True(blocked)
+ blocked, err := suite.blocked(
+ context.Background(),
+ receivingAccount,
+ requestingAccount,
+ otherIRIs,
+ actorIRIs,
+ )
+
+ suite.EqualError(err, "block exists between http://localhost:8080/users/the_mighty_zork and one or more of [http://example.org/users/Some_User]")
+ suite.False(blocked)
}
-func (suite *FederatingProtocolTestSuite) TestBlocked4() {
- httpClient := testrig.NewMockHTTPClient(nil, "../../testrig/media")
- tc := testrig.NewTestTransportController(&suite.state, httpClient)
- federator := federation.NewFederator(&suite.state, testrig.NewTestFederatingDB(&suite.state), tc, suite.tc, testrig.NewTestMediaManager(&suite.state))
+func (suite *FederatingProtocolTestSuite) TestBlockedRepliedStatus() {
+ var (
+ receivingAccount = suite.testAccounts["local_account_1"]
+ requestingAccount = suite.testAccounts["remote_account_1"]
+ repliedStatus = suite.testStatuses["local_account_2_status_1"]
+ otherIRIs = []*url.URL{
+ // This status is involved because the
+ // hypothetical activity replies to it.
+ testrig.URLMustParse(repliedStatus.URI),
+ }
+ actorIRIs = []*url.URL{
+ testrig.URLMustParse(requestingAccount.URI),
+ }
+ )
- sendingAccount := suite.testAccounts["remote_account_1"]
- inboxAccount := suite.testAccounts["local_account_1"]
- repliedStatus := suite.testStatuses["local_account_2_status_1"]
+ blocked, err := suite.blocked(
+ context.Background(),
+ receivingAccount,
+ requestingAccount,
+ otherIRIs,
+ actorIRIs,
+ )
- otherInvolvedIRIs := []*url.URL{
- testrig.URLMustParse(repliedStatus.URI), // this status is involved because the hypothetical activity is a reply to this status
- }
- actorIRIs := []*url.URL{
- testrig.URLMustParse(sendingAccount.URI),
- }
-
- ctx := context.Background()
- ctxWithReceivingAccount := context.WithValue(ctx, ap.ContextReceivingAccount, inboxAccount)
- ctxWithRequestingAccount := context.WithValue(ctxWithReceivingAccount, ap.ContextRequestingAccount, sendingAccount)
- ctxWithOtherInvolvedIRIs := context.WithValue(ctxWithRequestingAccount, ap.ContextOtherInvolvedIRIs, otherInvolvedIRIs)
-
- // local account 2 (replied status account) blocks sending account already so we don't need to add a block here
-
- blocked, err := federator.Blocked(ctxWithOtherInvolvedIRIs, actorIRIs)
- suite.NoError(err)
- suite.True(blocked)
+ suite.EqualError(err, "block exists between http://fossbros-anonymous.io/users/foss_satan and one or more of [http://localhost:8080/users/1happyturtle/statuses/01F8MHBQCBTDKN6X5VHGMMN4MA]")
+ suite.False(blocked)
}
func TestFederatingProtocolTestSuite(t *testing.T) {
diff --git a/internal/federation/federator_test.go b/internal/federation/federator_test.go
index fdcfda19c..a80d590a4 100644
--- a/internal/federation/federator_test.go
+++ b/internal/federation/federator_test.go
@@ -20,10 +20,11 @@ package federation_test
import (
"github.com/stretchr/testify/suite"
- "github.com/superseriousbusiness/gotosocial/internal/db"
+ "github.com/superseriousbusiness/gotosocial/internal/federation"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
"github.com/superseriousbusiness/gotosocial/internal/state"
"github.com/superseriousbusiness/gotosocial/internal/storage"
+ "github.com/superseriousbusiness/gotosocial/internal/transport"
"github.com/superseriousbusiness/gotosocial/internal/typeutils"
"github.com/superseriousbusiness/gotosocial/internal/visibility"
"github.com/superseriousbusiness/gotosocial/testrig"
@@ -31,46 +32,58 @@ import (
type FederatorStandardTestSuite struct {
suite.Suite
- db db.DB
- storage *storage.Driver
- state state.State
- tc typeutils.TypeConverter
+ storage *storage.Driver
+ state state.State
+ typeconverter typeutils.TypeConverter
+ transportController transport.Controller
+ httpClient *testrig.MockHTTPClient
+ federator federation.Federator
+
testAccounts map[string]*gtsmodel.Account
testStatuses map[string]*gtsmodel.Status
testActivities map[string]testrig.ActivityWithSignature
testTombstones map[string]*gtsmodel.Tombstone
}
-// SetupSuite sets some variables on the suite that we can use as consts (more or less) throughout
func (suite *FederatorStandardTestSuite) SetupSuite() {
- // setup standard items
- testrig.StartWorkers(&suite.state)
- suite.storage = testrig.NewInMemoryStorage()
- suite.state.Storage = suite.storage
suite.testAccounts = testrig.NewTestAccounts()
suite.testStatuses = testrig.NewTestStatuses()
+ suite.testActivities = testrig.NewTestActivities(suite.testAccounts)
suite.testTombstones = testrig.NewTestTombstones()
}
func (suite *FederatorStandardTestSuite) SetupTest() {
+ suite.state.Caches.Init()
+ testrig.StartWorkers(&suite.state)
+
testrig.InitTestConfig()
testrig.InitTestLog()
- suite.state.Caches.Init()
- suite.db = testrig.NewTestDB(&suite.state)
- suite.tc = testrig.NewTestTypeConverter(suite.db)
- suite.state.DB = suite.db
+
+ suite.state.DB = testrig.NewTestDB(&suite.state)
+ suite.testActivities = testrig.NewTestActivities(suite.testAccounts)
+ suite.storage = testrig.NewInMemoryStorage()
+ suite.state.Storage = suite.storage
+ suite.typeconverter = testrig.NewTestTypeConverter(suite.state.DB)
testrig.StartTimelines(
&suite.state,
visibility.NewFilter(&suite.state),
- suite.tc,
+ suite.typeconverter,
)
- suite.testActivities = testrig.NewTestActivities(suite.testAccounts)
- testrig.StandardDBSetup(suite.db, suite.testAccounts)
+ suite.httpClient = testrig.NewMockHTTPClient(nil, "../../testrig/media")
+ suite.httpClient.TestRemotePeople = testrig.NewTestFediPeople()
+ suite.httpClient.TestRemoteStatuses = testrig.NewTestFediStatuses()
+
+ suite.transportController = testrig.NewTestTransportController(&suite.state, suite.httpClient)
+ suite.federator = testrig.NewTestFederator(&suite.state, suite.transportController, testrig.NewTestMediaManager(&suite.state))
+
+ testrig.StandardDBSetup(suite.state.DB, nil)
+ testrig.StandardStorageSetup(suite.storage, "../../testrig/media")
}
-// TearDownTest drops tables to make sure there's no data in the db
func (suite *FederatorStandardTestSuite) TearDownTest() {
- testrig.StandardDBTeardown(suite.db)
+ testrig.StandardDBTeardown(suite.state.DB)
+ testrig.StandardStorageTeardown(suite.storage)
+ testrig.StopWorkers(&suite.state)
}
diff --git a/internal/gtscontext/context.go b/internal/gtscontext/context.go
index d52bf2801..c8cd42208 100644
--- a/internal/gtscontext/context.go
+++ b/internal/gtscontext/context.go
@@ -19,6 +19,10 @@ package gtscontext
import (
"context"
+ "net/url"
+
+ "github.com/go-fed/httpsig"
+ "github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
)
// package private context key type.
@@ -29,8 +33,14 @@ const (
_ ctxkey = iota
barebonesKey
fastFailKey
- pubKeyIDKey
+ outgoingPubKeyIDKey
requestIDKey
+ receivingAccountKey
+ requestingAccountKey
+ otherIRIsKey
+ httpSigVerifierKey
+ httpSigKey
+ httpSigPubKeyIDKey
)
// RequestID returns the request ID associated with context. This value will usually
@@ -48,18 +58,97 @@ func SetRequestID(ctx context.Context, id string) context.Context {
return context.WithValue(ctx, requestIDKey, id)
}
-// PublicKeyID returns the public key ID (URI) associated with context. This
+// OutgoingPublicKeyID returns the public key ID (URI) associated with context. This
// value is useful for logging situations in which a given public key URI is
// relevant, e.g. for outgoing requests being signed by the given key.
-func PublicKeyID(ctx context.Context) string {
- id, _ := ctx.Value(pubKeyIDKey).(string)
+func OutgoingPublicKeyID(ctx context.Context) string {
+ id, _ := ctx.Value(outgoingPubKeyIDKey).(string)
return id
}
-// SetPublicKeyID stores the given public key ID value and returns the wrapped
+// SetOutgoingPublicKeyID stores the given public key ID value and returns the wrapped
// context. See PublicKeyID() for further information on the public key ID value.
-func SetPublicKeyID(ctx context.Context, id string) context.Context {
- return context.WithValue(ctx, pubKeyIDKey, id)
+func SetOutgoingPublicKeyID(ctx context.Context, id string) context.Context {
+ return context.WithValue(ctx, outgoingPubKeyIDKey, id)
+}
+
+// ReceivingAccount returns the local account who owns the resource being
+// interacted with (inbox, uri, etc) in the current ActivityPub request chain.
+func ReceivingAccount(ctx context.Context) *gtsmodel.Account {
+ acct, _ := ctx.Value(receivingAccountKey).(*gtsmodel.Account)
+ return acct
+}
+
+// SetReceivingAccount stores the given receiving account value and returns the wrapped
+// context. See ReceivingAccount() for further information on the receiving account value.
+func SetReceivingAccount(ctx context.Context, acct *gtsmodel.Account) context.Context {
+ return context.WithValue(ctx, receivingAccountKey, acct)
+}
+
+// RequestingAccount returns the remote account interacting with a local
+// resource (inbox, uri, etc) in the current ActivityPub request chain.
+func RequestingAccount(ctx context.Context) *gtsmodel.Account {
+ acct, _ := ctx.Value(requestingAccountKey).(*gtsmodel.Account)
+ return acct
+}
+
+// SetRequestingAccount stores the given requesting account value and returns the wrapped
+// context. See RequestingAccount() for further information on the requesting account value.
+func SetRequestingAccount(ctx context.Context, acct *gtsmodel.Account) context.Context {
+ return context.WithValue(ctx, requestingAccountKey, acct)
+}
+
+// OtherIRIs returns other IRIs which are involved in the current ActivityPub request
+// chain. This usually means: other accounts who are mentioned, CC'd, TO'd, or boosted
+// by the current inbox POST request.
+func OtherIRIs(ctx context.Context) []*url.URL {
+ iris, _ := ctx.Value(otherIRIsKey).([]*url.URL)
+ return iris
+}
+
+// SetOtherIRIs stores the given IRIs slice and returns the wrapped context.
+// See OtherIRIs() for further information on the IRIs slice value.
+func SetOtherIRIs(ctx context.Context, iris []*url.URL) context.Context {
+ return context.WithValue(ctx, otherIRIsKey, iris)
+}
+
+// HTTPSignatureVerifier returns an http signature verifier for the current ActivityPub
+// request chain. This verifier can be called to authenticate the current request.
+func HTTPSignatureVerifier(ctx context.Context) httpsig.Verifier {
+ verifier, _ := ctx.Value(httpSigVerifierKey).(httpsig.Verifier)
+ return verifier
+}
+
+// SetHTTPSignatureVerifier stores the given http signature verifier and returns the
+// wrapped context. See HTTPSignatureVerifier() for further information on the verifier value.
+func SetHTTPSignatureVerifier(ctx context.Context, verifier httpsig.Verifier) context.Context {
+ return context.WithValue(ctx, httpSigVerifierKey, verifier)
+}
+
+// HTTPSignature returns the http signature string
+// value for the current ActivityPub request chain.
+func HTTPSignature(ctx context.Context) string {
+ signature, _ := ctx.Value(httpSigKey).(string)
+ return signature
+}
+
+// SetHTTPSignature stores the given http signature string and returns the wrapped
+// context. See HTTPSignature() for further information on the verifier value.
+func SetHTTPSignature(ctx context.Context, signature string) context.Context {
+ return context.WithValue(ctx, httpSigKey, signature)
+}
+
+// HTTPSignaturePubKeyID returns the public key id of the http signature
+// for the current ActivityPub request chain.
+func HTTPSignaturePubKeyID(ctx context.Context) *url.URL {
+ pubKeyID, _ := ctx.Value(httpSigPubKeyIDKey).(*url.URL)
+ return pubKeyID
+}
+
+// SetHTTPSignaturePubKeyID stores the given http signature public key id and returns
+// the wrapped context. See HTTPSignaturePubKeyID() for further information on the value.
+func SetHTTPSignaturePubKeyID(ctx context.Context, pubKeyID *url.URL) context.Context {
+ return context.WithValue(ctx, httpSigPubKeyIDKey, pubKeyID)
}
// IsFastFail returns whether the "fastfail" context key has been set. This
diff --git a/internal/gtscontext/log_hooks.go b/internal/gtscontext/log_hooks.go
index 94300cbb7..494ce1f63 100644
--- a/internal/gtscontext/log_hooks.go
+++ b/internal/gtscontext/log_hooks.go
@@ -36,7 +36,7 @@ func init() {
})
// Public Key ID middleware hook.
log.Hook(func(ctx context.Context, kvs []kv.Field) []kv.Field {
- if id := PublicKeyID(ctx); id != "" {
+ if id := OutgoingPublicKeyID(ctx); id != "" {
return append(kvs, kv.Field{K: "pubKeyID", V: id})
}
return kvs
diff --git a/internal/middleware/signaturecheck.go b/internal/middleware/signaturecheck.go
index 0fba21205..df2ac0300 100644
--- a/internal/middleware/signaturecheck.go
+++ b/internal/middleware/signaturecheck.go
@@ -19,95 +19,102 @@ package middleware
import (
"context"
- "fmt"
"net/http"
"net/url"
- "github.com/superseriousbusiness/gotosocial/internal/ap"
"github.com/superseriousbusiness/gotosocial/internal/db"
+ "github.com/superseriousbusiness/gotosocial/internal/gtscontext"
"github.com/superseriousbusiness/gotosocial/internal/log"
"github.com/gin-gonic/gin"
"github.com/go-fed/httpsig"
)
-var (
- // this mimics an untyped error returned by httpsig when no signature is present;
- // define it here so that we can use it to decide what to log without hitting
- // performance too hard
- noSignatureError = fmt.Sprintf("neither %q nor %q have signature parameters", httpsig.Signature, httpsig.Authorization)
- signatureHeader = string(httpsig.Signature)
- authorizationHeader = string(httpsig.Authorization)
+const (
+ sigHeader = string(httpsig.Signature)
+ authHeader = string(httpsig.Authorization)
+ // untyped error returned by httpsig when no signature is present
+ noSigError = "neither \"" + sigHeader + "\" nor \"" + authHeader + "\" have signature parameters"
)
// SignatureCheck returns a gin middleware for checking http signatures.
//
-// The middleware first checks whether an incoming http request has been http-signed with a well-formed signature.
+// The middleware first checks whether an incoming http request has been
+// http-signed with a well-formed signature. If so, it will check if the
+// domain that signed the request is permitted to access the server, using
+// the provided uriBlocked function. If the domain is blocked, the middleware
+// will abort the request chain with http code 403 forbidden. If it is not
+// blocked, the handler will set the key verifier and the signature in the
+// context for use down the line.
//
-// If so, it will check if the domain that signed the request is permitted to access the server, using the provided isURIBlocked function.
-//
-// If it is permitted, the handler will set the key verifier and the signature in the gin context for use down the line.
-//
-// If the domain is blocked, the middleware will abort the request chain instead with http code 403 forbidden.
-//
-// In case of an error, the request will be aborted with http code 500 internal server error.
-func SignatureCheck(isURIBlocked func(context.Context, *url.URL) (bool, db.Error)) func(*gin.Context) {
+// In case of an error, the request will be aborted with http code 500.
+func SignatureCheck(uriBlocked func(context.Context, *url.URL) (bool, db.Error)) func(*gin.Context) {
return func(c *gin.Context) {
- // Acquire ctx from gin request.
ctx := c.Request.Context()
- // create the verifier from the request, this will error if the request wasn't signed
+ // Create the signature verifier from the request;
+ // this will error if the request wasn't signed.
verifier, err := httpsig.NewVerifier(c.Request)
if err != nil {
- // Something went wrong, so we need to return regardless, but only actually
- // *abort* the request with 401 if a signature was present but malformed
- if err.Error() != noSignatureError {
+ // Only actually *abort* the request with 401
+ // if a signature was present but malformed.
+ // Otherwise proceed with an unsigned request;
+ // it's up to other functions to reject this.
+ if err.Error() != noSigError {
log.Debugf(ctx, "http signature was present but invalid: %s", err)
c.AbortWithStatus(http.StatusUnauthorized)
}
+
return
}
- // The request was signed!
- // The key ID should be given in the signature so that we know where to fetch it from the remote server.
- // This will be something like https://example.org/users/whatever_requesting_user#main-key
- requestingPublicKeyIDString := verifier.KeyId()
- requestingPublicKeyID, err := url.Parse(requestingPublicKeyIDString)
+ // The request was signed! The key ID should be given
+ // in the signature so that we know where to fetch it
+ // from the remote server. This will be something like:
+ // https://example.org/users/some_remote_user#main-key
+ pubKeyIDStr := verifier.KeyId()
+
+ // Key can sometimes be nil, according to url parse
+ // func: 'Trying to parse a hostname and path without
+ // a scheme is invalid but may not necessarily return
+ // an error, due to parsing ambiguities'. Catch this.
+ pubKeyID, err := url.Parse(pubKeyIDStr)
+ if err != nil || pubKeyID == nil {
+ log.Warnf(ctx, "pubkey id %s could not be parsed as a url", pubKeyIDStr)
+ c.AbortWithStatus(http.StatusUnauthorized)
+ return
+ }
+
+ // If the domain is blocked we want to bail as fast as
+ // possible without the request proceeding further.
+ blocked, err := uriBlocked(ctx, pubKeyID)
if err != nil {
- log.Debugf(ctx, "http signature requesting public key id %s could not be parsed as a url: %s", requestingPublicKeyIDString, err)
- c.AbortWithStatus(http.StatusUnauthorized)
- return
- } else if requestingPublicKeyID == nil {
- // Key can sometimes be nil, according to url parse function:
- // 'Trying to parse a hostname and path without a scheme is invalid but may not necessarily return an error, due to parsing ambiguities'
- log.Debugf(ctx, "http signature requesting public key id %s was nil after parsing as a url", requestingPublicKeyIDString)
- c.AbortWithStatus(http.StatusUnauthorized)
- return
- }
-
- // we managed to parse the url!
- // if the domain is blocked we want to bail as early as possible
- if blocked, err := isURIBlocked(c.Request.Context(), requestingPublicKeyID); err != nil {
- log.Errorf(ctx, "could not tell if domain %s was blocked or not: %s", requestingPublicKeyID.Host, err)
+ log.Errorf(ctx, "error checking block for domain %s: %s", pubKeyID.Host, err)
c.AbortWithStatus(http.StatusInternalServerError)
return
- } else if blocked {
- log.Infof(ctx, "domain %s is blocked", requestingPublicKeyID.Host)
+ }
+
+ if blocked {
+ log.Infof(ctx, "domain %s is blocked", pubKeyID.Host)
c.AbortWithStatus(http.StatusForbidden)
return
}
- // assume signature was set on Signature header (most common behavior),
- // but fall back to Authorization header if necessary
- var signature string
- if s := c.GetHeader(signatureHeader); s != "" {
- signature = s
- } else {
- signature = c.GetHeader(authorizationHeader)
+ // Assume signature was set on Signature header,
+ // but fall back to Authorization header if necessary.
+ signature := c.GetHeader(sigHeader)
+ if signature == "" {
+ signature = c.GetHeader(authHeader)
}
- // set the verifier and signature on the context here to save some work further down the line
- c.Set(string(ap.ContextRequestingPublicKeyVerifier), verifier)
- c.Set(string(ap.ContextRequestingPublicKeySignature), signature)
+ // Set relevant values on the request context
+ // to save some work further down the line.
+ ctx = gtscontext.SetHTTPSignatureVerifier(ctx, verifier)
+ ctx = gtscontext.SetHTTPSignature(ctx, signature)
+ ctx = gtscontext.SetHTTPSignaturePubKeyID(ctx, pubKeyID)
+
+ // Replace request with a shallow
+ // copy with the new context.
+ c.Request = c.Request.WithContext(ctx)
}
}
diff --git a/internal/transport/transport.go b/internal/transport/transport.go
index 0123b3ea8..fc85e5141 100644
--- a/internal/transport/transport.go
+++ b/internal/transport/transport.go
@@ -87,7 +87,7 @@ func (t *transport) GET(r *http.Request) (*http.Response, error) {
return nil, errors.New("must be GET request")
}
ctx := r.Context() // extract, set pubkey ID.
- ctx = gtscontext.SetPublicKeyID(ctx, t.pubKeyID)
+ ctx = gtscontext.SetOutgoingPublicKeyID(ctx, t.pubKeyID)
r = r.WithContext(ctx) // replace request ctx.
r.Header.Set("User-Agent", t.controller.userAgent)
return t.controller.client.DoSigned(r, t.signGET())
@@ -99,7 +99,7 @@ func (t *transport) POST(r *http.Request, body []byte) (*http.Response, error) {
return nil, errors.New("must be POST request")
}
ctx := r.Context() // extract, set pubkey ID.
- ctx = gtscontext.SetPublicKeyID(ctx, t.pubKeyID)
+ ctx = gtscontext.SetOutgoingPublicKeyID(ctx, t.pubKeyID)
r = r.WithContext(ctx) // replace request ctx.
r.Header.Set("User-Agent", t.controller.userAgent)
return t.controller.client.DoSigned(r, t.signPOST(body))
diff --git a/internal/typeutils/astointernal.go b/internal/typeutils/astointernal.go
index 7c0b60ad5..aeb6a5917 100644
--- a/internal/typeutils/astointernal.go
+++ b/internal/typeutils/astointernal.go
@@ -196,10 +196,15 @@ func (c *converter) ASRepresentationToAccount(ctx context.Context, accountable a
// TODO: alsoKnownAs
// publicKey
- pkey, pkeyURL, err := ap.ExtractPublicKeyForOwner(accountable, uri)
+ pkey, pkeyURL, pkeyOwnerID, err := ap.ExtractPublicKey(accountable)
if err != nil {
return nil, fmt.Errorf("couldn't get public key for person %s: %s", uri.String(), err)
}
+
+ if pkeyOwnerID.String() != acct.URI {
+ return nil, fmt.Errorf("public key %s was owned by %s and not by %s", pkeyURL, pkeyOwnerID, acct.URI)
+ }
+
acct.PublicKey = pkey
acct.PublicKeyURI = pkeyURL.String()
diff --git a/internal/util/unique.go b/internal/util/unique.go
index 253bb621b..f0ded1446 100644
--- a/internal/util/unique.go
+++ b/internal/util/unique.go
@@ -19,28 +19,46 @@ package util
import "net/url"
-// UniqueStrings returns a deduplicated version of a given string slice.
-func UniqueStrings(s []string) []string {
- keys := make(map[string]bool, len(s))
- list := []string{}
- for _, entry := range s {
- if _, value := keys[entry]; !value {
- keys[entry] = true
- list = append(list, entry)
+// UniqueStrings returns a deduplicated version of the given
+// slice of strings, without changing the order of the entries.
+func UniqueStrings(strings []string) []string {
+ var (
+ l = len(strings)
+ keys = make(map[string]any, l) // Use map to dedupe items.
+ unique = make([]string, 0, l) // Return slice.
+ )
+
+ for _, str := range strings {
+ // Check if already set as a key in the map;
+ // if not, add to return slice + mark key as set.
+ if _, set := keys[str]; !set {
+ keys[str] = nil // Value doesn't matter.
+ unique = append(unique, str)
}
}
- return list
+
+ return unique
}
-// UniqueURIs returns a deduplicated version of a given *url.URL slice.
-func UniqueURIs(s []*url.URL) []*url.URL {
- keys := make(map[string]bool, len(s))
- list := []*url.URL{}
- for _, entry := range s {
- if _, value := keys[entry.String()]; !value {
- keys[entry.String()] = true
- list = append(list, entry)
+// UniqueURIs returns a deduplicated version of the given
+// slice of URIs, without changing the order of the entries.
+func UniqueURIs(uris []*url.URL) []*url.URL {
+ var (
+ l = len(uris)
+ keys = make(map[string]any, l) // Use map to dedupe items.
+ unique = make([]*url.URL, 0, l) // Return slice.
+ )
+
+ for _, uri := range uris {
+ uriStr := uri.String()
+
+ // Check if already set as a key in the map;
+ // if not, add to return slice + mark key as set.
+ if _, set := keys[uriStr]; !set {
+ keys[uriStr] = nil // Value doesn't matter.
+ unique = append(unique, uri)
}
}
- return list
+
+ return unique
}
diff --git a/internal/web/profile.go b/internal/web/profile.go
index 56f8e0a56..2ffc7411e 100644
--- a/internal/web/profile.go
+++ b/internal/web/profile.go
@@ -26,7 +26,6 @@ import (
"strings"
"github.com/gin-gonic/gin"
- "github.com/superseriousbusiness/gotosocial/internal/ap"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/config"
@@ -75,7 +74,7 @@ func (m *Module) profileGETHandler(c *gin.Context) {
// should render the account's AP representation instead
accept := apiutil.NegotiateFormat(c, string(apiutil.TextHTML), string(apiutil.AppActivityJSON), string(apiutil.AppActivityLDJSON))
if accept == string(apiutil.AppActivityJSON) || accept == string(apiutil.AppActivityLDJSON) {
- m.returnAPProfile(ctx, c, username, accept)
+ m.returnAPProfile(c, username, accept)
return
}
@@ -145,27 +144,17 @@ func (m *Module) profileGETHandler(c *gin.Context) {
})
}
-func (m *Module) returnAPProfile(ctx context.Context, c *gin.Context, username string, accept string) {
- verifier, signed := c.Get(string(ap.ContextRequestingPublicKeyVerifier))
- if signed {
- ctx = context.WithValue(ctx, ap.ContextRequestingPublicKeyVerifier, verifier)
- }
-
- signature, signed := c.Get(string(ap.ContextRequestingPublicKeySignature))
- if signed {
- ctx = context.WithValue(ctx, ap.ContextRequestingPublicKeySignature, signature)
- }
-
- user, errWithCode := m.processor.Fedi().UserGet(ctx, username, c.Request.URL)
+func (m *Module) returnAPProfile(c *gin.Context, username string, accept string) {
+ user, errWithCode := m.processor.Fedi().UserGet(c.Request.Context(), username, c.Request.URL)
if errWithCode != nil {
- apiutil.WebErrorHandler(c, errWithCode, m.processor.InstanceGetV1) //nolint:contextcheck
+ apiutil.WebErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
b, mErr := json.Marshal(user)
if mErr != nil {
err := fmt.Errorf("could not marshal json: %s", mErr)
- apiutil.WebErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) //nolint:contextcheck
+ apiutil.WebErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1)
return
}
diff --git a/internal/web/thread.go b/internal/web/thread.go
index 8d4e99bef..41f81eb14 100644
--- a/internal/web/thread.go
+++ b/internal/web/thread.go
@@ -26,7 +26,6 @@ import (
"strings"
"github.com/gin-gonic/gin"
- "github.com/superseriousbusiness/gotosocial/internal/ap"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/config"
@@ -92,7 +91,7 @@ func (m *Module) threadGETHandler(c *gin.Context) {
// should render the status's AP representation instead
accept := apiutil.NegotiateFormat(c, string(apiutil.TextHTML), string(apiutil.AppActivityJSON), string(apiutil.AppActivityLDJSON))
if accept == string(apiutil.AppActivityJSON) || accept == string(apiutil.AppActivityLDJSON) {
- m.returnAPStatus(ctx, c, username, statusID, accept)
+ m.returnAPStatus(c, username, statusID, accept)
return
}
@@ -120,27 +119,17 @@ func (m *Module) threadGETHandler(c *gin.Context) {
})
}
-func (m *Module) returnAPStatus(ctx context.Context, c *gin.Context, username string, statusID string, accept string) {
- verifier, signed := c.Get(string(ap.ContextRequestingPublicKeyVerifier))
- if signed {
- ctx = context.WithValue(ctx, ap.ContextRequestingPublicKeyVerifier, verifier)
- }
-
- signature, signed := c.Get(string(ap.ContextRequestingPublicKeySignature))
- if signed {
- ctx = context.WithValue(ctx, ap.ContextRequestingPublicKeySignature, signature)
- }
-
- status, errWithCode := m.processor.Fedi().StatusGet(ctx, username, statusID)
+func (m *Module) returnAPStatus(c *gin.Context, username string, statusID string, accept string) {
+ status, errWithCode := m.processor.Fedi().StatusGet(c.Request.Context(), username, statusID)
if errWithCode != nil {
- apiutil.WebErrorHandler(c, errWithCode, m.processor.InstanceGetV1) //nolint:contextcheck
+ apiutil.WebErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
b, mErr := json.Marshal(status)
if mErr != nil {
err := fmt.Errorf("could not marshal json: %s", mErr)
- apiutil.WebErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) //nolint:contextcheck
+ apiutil.WebErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1)
return
}