hope

ashjasjhs
pain
2023-05-26 21:18:50 +02:00 · 2023-05-26 21:14:24 +02:00 · 2023-05-26 21:04:12 +02:00 · 2023-05-26 20:40:02 +02:00
1 changed files with 94 additions and 0 deletions
--- a/packages/backend/src/queue/processors/inbox.ts
+++ b/packages/backend/src/queue/processors/inbox.ts
@ -36,30 +36,56 @@ export default async (job: Bull.Job<InboxJobData>): Promise<string> => {
 	logger.debug(JSON.stringify(info, null, 2));
 	//#endregion
 	const host = toPuny(new URL(signature.keyId).hostname);
 	let pain = host === "relay.fedi.buzz";
 	let i = 0;
 	if(pain) {
 		logger.warn("Inbox a " + i);
 		i += 1;
 	}
 	// interrupt if blocked
 	const meta = await fetchMeta();
 	if (await shouldBlockInstance(host, meta)) {
 		return `Blocked request: ${host}`;
 	}
 	if(pain) {
 		logger.warn("Inbox b " + i);
 		i += 1;
 	}
 	// only whitelisted instances in private mode
 	if (meta.privateMode && !meta.allowedHosts.includes(host)) {
 		return `Blocked request: ${host}`;
 	}
 	if(pain) {
 		logger.warn("Inbox c " + i);
 		i += 1;
 	}
 	const keyIdLower = signature.keyId.toLowerCase();
 	if (keyIdLower.startsWith("acct:")) {
 		return `Old keyId is no longer supported. ${keyIdLower}`;
 	}
 	if(pain) {
 		logger.warn("Inbox d " + i);
 		i += 1;
 	}
 	const dbResolver = new DbResolver();
 	if(pain) {
 		logger.warn("Inbox e " + i);
 		i += 1;
 	}
 	// HTTP-Signature keyId from DB
 	let authUser: {
 		user: CacheableRemoteUser;
 		key: UserPublickey | null;
 	} | null = await dbResolver.getAuthUserFromKeyId(signature.keyId);
 	if(pain) {
 		logger.warn("Inbox f " + i);
 		i += 1;
 	}
 	// keyIdでわからなければ、activity.actorを元にDBから取得 || activity.actorを元にリモートから取得
 	if (authUser == null) {
@ -78,22 +104,40 @@ export default async (job: Bull.Job<InboxJobData>): Promise<string> => {
 		}
 	}
 	if(pain) {
 		logger.warn("Inbox g " + i);
 		i += 1;
 	}
 	// それでもわからなければ終了
 	if (authUser == null) {
 		return "skip: failed to resolve user";
 	}
 	if(pain) {
 		logger.warn("Inbox h " + i);
 		i += 1;
 	}
 	// publicKey がなくても終了
 	if (authUser.key == null) {
 		return "skip: failed to resolve user publicKey";
 	}
 	if(pain) {
 		logger.warn("Inbox i " + i);
 		i += 1;
 	}
 	// HTTP-Signatureの検証
 	const httpSignatureValidated = httpSignature.verifySignature(
 		signature,
 		authUser.key.keyPem,
 	);
 	if(pain) {
 		logger.warn("Inbox j " + i);
 		i += 1;
 	}
 	// また、signatureのsignerは、activity.actorと一致する必要がある
 	if (!httpSignatureValidated || authUser.user.uri !== activity.actor) {
 		// 一致しなくても、でもLD-Signatureがありそうならそっちも見る
@ -101,6 +145,11 @@ export default async (job: Bull.Job<InboxJobData>): Promise<string> => {
 			if (activity.signature.type !== "RsaSignature2017") {
 				return `skip: unsupported LD-signature type ${activity.signature.type}`;
 			}
 	if(pain) {
 		logger.warn("Inbox k " + i);
 		i += 1;
 	}
 			// activity.signature.creator: https://example.oom/users/user#main-key
 			// みたいになっててUserを引っ張れば公開キーも入ることを期待する
@ -108,6 +157,10 @@ export default async (job: Bull.Job<InboxJobData>): Promise<string> => {
 				const candicate = activity.signature.creator.replace(/#.*/, "");
 				await resolvePerson(candicate).catch(() => null);
 			}
 			if(pain) {
 				logger.warn("Inbox l " + i);
 				i += 1;
 			}
 			// keyIdからLD-Signatureのユーザーを取得
 			authUser = await dbResolver.getAuthUserFromKeyId(
@ -116,10 +169,18 @@ export default async (job: Bull.Job<InboxJobData>): Promise<string> => {
 			if (authUser == null) {
 				return "skip: LD-Signatureのユーザーが取得できませんでした";
 			}
 			if(pain) {
 				logger.warn("Inbox m " + i);
 				i += 1;
 			}
 			if (authUser.key == null) {
 				return "skip: LD-SignatureのユーザーはpublicKeyを持っていませんでした";
 			}
 			if(pain) {
 				logger.warn("Inbox n " + i);
 				i += 1;
 			}
 			// LD-Signature検証
 			const ldSignature = new LdSignature();
@ -129,22 +190,42 @@ export default async (job: Bull.Job<InboxJobData>): Promise<string> => {
 			if (!verified) {
 				return "skip: LD-Signatureの検証に失敗しました";
 			}
 			if(pain) {
 				logger.warn("Inbox o " + i);
 				i += 1;
 			}
 			// もう一度actorチェック
 			if (authUser.user.uri !== activity.actor) {
 				return `skip: LD-Signature user(${authUser.user.uri}) !== activity.actor(${activity.actor})`;
 			}
 			if(pain) {
 				logger.warn("Inbox p " + i);
 				i += 1;
 			}
 			// ブロックしてたら中断
 			const ldHost = extractDbHost(authUser.user.uri);
 			if (await shouldBlockInstance(ldHost, meta)) {
 				return `Blocked request: ${ldHost}`;
 			}
 			if(pain) {
 				logger.warn("Inbox ü " + i);
 				i += 1;
 			}
 		} else {
 			if(pain) {
 				logger.warn("Inbox error q " + i);
 				i += 1;
 			}
 			return `skip: http-signature verification failed and no LD-Signature. keyId=${signature.keyId}`;
 		}
 	}
 	if(pain) {
 		logger.warn("Inbox r " + i);
 		i += 1;
 	}
 	// activity.idがあればホストが署名者のホストであることを確認する
 	if (typeof activity.id === "string") {
 		const signerHost = extractDbHost(authUser.user.uri!);
@ -154,6 +235,10 @@ export default async (job: Bull.Job<InboxJobData>): Promise<string> => {
 		}
 	}
 	if(pain) {
 		logger.warn("Inbox u " + i);
 		i += 1;
 	}
 	// Update stats
 	registerOrFetchInstanceDoc(authUser.user.host).then((i) => {
 		Instances.update(i.id, {
@ -169,7 +254,16 @@ export default async (job: Bull.Job<InboxJobData>): Promise<string> => {
 		federationChart.inbox(i.host);
 	});
 	if(pain) {
 		logger.warn("Inbox v " + i);
 		i += 1;
 	}
 	// アクティビティを処理
 	await perform(authUser.user, activity);
 	if(pain) {
 		logger.warn("Inbox w " + i);
 		i += 1;
 	}
 	return "ok";
 };
Author	SHA1	Message	Date
April John	5012401724	hope	2023-05-26 21:18:50 +02:00
April John	9d3e604425	ashjasjhs	2023-05-26 21:14:24 +02:00
April John	faef71ceb3	pain	2023-05-26 21:04:12 +02:00
April John	981ead61db	uwu	2023-05-26 20:40:02 +02:00