Apply patch from perallamint on github

Temporary fix: allow signing bypass for 410 gone actors DIRTY FIX: implement sigcheck_bypass for 410'ing actors
2022-12-19 09:44:04 -06:00 · 2022-12-19 09:44:04 -06:00 · 886c7d0ac6
parent 178d23bcbd
commit 886c7d0ac6
3 changed files with 33 additions and 7 deletions
--- a/src/error.rs
+++ b/src/error.rs
@ -26,6 +26,10 @@ impl Error {
    pub(crate) fn is_bad_request(&self) -> bool {
        matches!(self.kind, ErrorKind::Status(_, StatusCode::BAD_REQUEST))
    }
+
+    pub(crate) fn is_gone(&self) -> bool {
+        matches!(self.kind, ErrorKind::Status(_, StatusCode::GONE))
+    }
 }

 impl std::fmt::Debug for Error {
--- a/src/middleware/verifier.rs
+++ b/src/middleware/verifier.rs
@ -65,11 +65,21 @@ impl MyVerify {

            actor_id
        } else {
-            self.0
+            match self
+                .0
                .fetch::<PublicKeyResponse>(public_key_id.as_str())
-                .await?
-                .actor_id()
-                .ok_or(ErrorKind::MissingId)?
+                .await
+            {
+                Ok(res) => res.actor_id().ok_or(ErrorKind::MissingId),
+                Err(e) => {
+                    if e.is_gone() {
+                        tracing::warn!("Actor gone: {}, trusting it for now.", public_key_id);
+                        return Ok(true);
+                    } else {
+                        return Err(e);
+                    }
+                }
+            }?
        };

        // Previously we verified the sig from an actor's local cache
--- a/src/routes/inbox.rs
+++ b/src/routes/inbox.rs
@ -27,14 +27,26 @@ pub(crate) async fn route(
    verified: Option<(SignatureVerified, DigestVerified)>,
 ) -> Result<HttpResponse, Error> {
    let input = input.into_inner();
+    println!("ActivityActor: {:?}", input);

-    let actor = actors
+    let actor = match actors
        .get(
            input.actor()?.as_single_id().ok_or(ErrorKind::MissingId)?,
            &client,
        )
-        .await?
-        .into_inner();
+        .await
+    {
+        Ok(actor) => actor.into_inner(),
+        Err(e) => {
+            // Eat up the message if actor is 410 and message is delete
+            let kind = input.kind().ok_or(ErrorKind::MissingKind)?;
+            if e.is_gone() && *kind == ValidTypes::Delete {
+                return Ok(accepted(serde_json::json!({})));
+            } else {
+                return Err(e);
+            }
+        }
+    };

    let is_allowed = state.db.is_allowed(actor.id.clone()).await?;
    let is_connected = state.db.is_connected(actor.id.clone()).await?;