Apply patch from perallamint on github

Temporary fix: allow signing bypass for 410 gone actors
DIRTY FIX: implement sigcheck_bypass for 410'ing actors
This commit is contained in:
asonix 2022-12-19 09:44:04 -06:00
parent 178d23bcbd
commit 886c7d0ac6
3 changed files with 33 additions and 7 deletions

View file

@ -26,6 +26,10 @@ impl Error {
pub(crate) fn is_bad_request(&self) -> bool { pub(crate) fn is_bad_request(&self) -> bool {
matches!(self.kind, ErrorKind::Status(_, StatusCode::BAD_REQUEST)) matches!(self.kind, ErrorKind::Status(_, StatusCode::BAD_REQUEST))
} }
pub(crate) fn is_gone(&self) -> bool {
matches!(self.kind, ErrorKind::Status(_, StatusCode::GONE))
}
} }
impl std::fmt::Debug for Error { impl std::fmt::Debug for Error {

View file

@ -65,11 +65,21 @@ impl MyVerify {
actor_id actor_id
} else { } else {
self.0 match self
.0
.fetch::<PublicKeyResponse>(public_key_id.as_str()) .fetch::<PublicKeyResponse>(public_key_id.as_str())
.await? .await
.actor_id() {
.ok_or(ErrorKind::MissingId)? Ok(res) => res.actor_id().ok_or(ErrorKind::MissingId),
Err(e) => {
if e.is_gone() {
tracing::warn!("Actor gone: {}, trusting it for now.", public_key_id);
return Ok(true);
} else {
return Err(e);
}
}
}?
}; };
// Previously we verified the sig from an actor's local cache // Previously we verified the sig from an actor's local cache

View file

@ -27,14 +27,26 @@ pub(crate) async fn route(
verified: Option<(SignatureVerified, DigestVerified)>, verified: Option<(SignatureVerified, DigestVerified)>,
) -> Result<HttpResponse, Error> { ) -> Result<HttpResponse, Error> {
let input = input.into_inner(); let input = input.into_inner();
println!("ActivityActor: {:?}", input);
let actor = actors let actor = match actors
.get( .get(
input.actor()?.as_single_id().ok_or(ErrorKind::MissingId)?, input.actor()?.as_single_id().ok_or(ErrorKind::MissingId)?,
&client, &client,
) )
.await? .await
.into_inner(); {
Ok(actor) => actor.into_inner(),
Err(e) => {
// Eat up the message if actor is 410 and message is delete
let kind = input.kind().ok_or(ErrorKind::MissingKind)?;
if e.is_gone() && *kind == ValidTypes::Delete {
return Ok(accepted(serde_json::json!({})));
} else {
return Err(e);
}
}
};
let is_allowed = state.db.is_allowed(actor.id.clone()).await?; let is_allowed = state.db.is_allowed(actor.id.clone()).await?;
let is_connected = state.db.is_connected(actor.id.clone()).await?; let is_connected = state.db.is_connected(actor.id.clone()).await?;