diff options
| author | syuilo <syuilotan@yahoo.co.jp> | 2019-04-18 01:12:21 +0900 |
|---|---|---|
| committer | syuilo <syuilotan@yahoo.co.jp> | 2019-04-18 01:12:21 +0900 |
| commit | 929982117f71b62dc27657c184fa596e98208c59 (patch) | |
| tree | fc59ed9e76a2606f4750b111858b23bf9c557dee /src/queue/processors | |
| parent | Merge branch 'develop' (diff) | |
| parent | 11.1.6 (diff) | |
| download | misskey-929982117f71b62dc27657c184fa596e98208c59.tar.gz misskey-929982117f71b62dc27657c184fa596e98208c59.tar.bz2 misskey-929982117f71b62dc27657c184fa596e98208c59.zip | |
Merge branch 'develop'
Diffstat (limited to 'src/queue/processors')
| -rw-r--r-- | src/queue/processors/inbox.ts | 93 |
1 files changed, 32 insertions, 61 deletions
diff --git a/src/queue/processors/inbox.ts b/src/queue/processors/inbox.ts index 05fed0566d..e657859507 100644 --- a/src/queue/processors/inbox.ts +++ b/src/queue/processors/inbox.ts @@ -1,6 +1,5 @@ import * as Bull from 'bull'; import * as httpSignature from 'http-signature'; -import parseAcct from '../../misc/acct/parse'; import { IRemoteUser } from '../../models/entities/user'; import perform from '../../remote/activitypub/perform'; import { resolvePerson, updatePerson } from '../../remote/activitypub/models/person'; @@ -12,7 +11,7 @@ import { Instances, Users, UserPublickeys } from '../../models'; import { instanceChart } from '../../services/chart'; import { UserPublickey } from '../../models/entities/user-publickey'; import fetchMeta from '../../misc/fetch-meta'; -import { toPuny, toPunyNullable } from '../../misc/convert-host'; +import { toPuny } from '../../misc/convert-host'; import { validActor } from '../../remote/activitypub/type'; import { ensure } from '../../prelude/ensure'; @@ -35,68 +34,49 @@ export default async (job: Bull.Job): Promise<void> => { let key: UserPublickey; if (keyIdLower.startsWith('acct:')) { - const acct = parseAcct(keyIdLower.slice('acct:'.length)); - const host = toPunyNullable(acct.host); - const username = toPuny(acct.username); - - if (host === null) { - logger.warn(`request was made by local user: @${username}`); - return; - } + logger.warn(`Old keyId is no longer supported. ${keyIdLower}`); + return; + } - // アクティビティ内のホストの検証 - try { - ValidateActivity(activity, host); - } catch (e) { - logger.warn(e.message); - return; - } + // アクティビティ内のホストの検証 + const host = toPuny(new URL(signature.keyId).hostname); + try { + ValidateActivity(activity, host); + } catch (e) { + logger.warn(e.message); + return; + } - // ブロックしてたら中断 - // TODO: いちいちデータベースにアクセスするのはコスト高そうなのでどっかにキャッシュしておく - const meta = await fetchMeta(); - if (meta.blockedHosts.includes(host)) { - logger.info(`Blocked request: ${host}`); - return; - } + // ブロックしてたら中断 + // TODO: いちいちデータベースにアクセスするのはコスト高そうなのでどっかにキャッシュしておく + const meta = await fetchMeta(); + if (meta.blockedHosts.includes(host)) { + logger.info(`Blocked request: ${host}`); + return; + } - user = await Users.findOne({ - usernameLower: username.toLowerCase(), - host: host - }) as IRemoteUser; + const _key = await UserPublickeys.findOne({ + keyId: signature.keyId + }); - key = await UserPublickeys.findOne(user.id).then(ensure); + if (_key) { + // 登録済みユーザー + user = await Users.findOne(_key.userId) as IRemoteUser; + key = _key; } else { - // アクティビティ内のホストの検証 - const host = toPuny(new URL(signature.keyId).hostname); - try { - ValidateActivity(activity, host); - } catch (e) { - logger.warn(e.message); - return; - } - - // ブロックしてたら中断 - // TODO: いちいちデータベースにアクセスするのはコスト高そうなのでどっかにキャッシュしておく - const meta = await fetchMeta(); - if (meta.blockedHosts.includes(host)) { - logger.info(`Blocked request: ${host}`); - return; + // 未登録ユーザーの場合はリモート解決 + user = await resolvePerson(activity.actor) as IRemoteUser; + if (user == null) { + throw new Error('failed to resolve user'); } - key = await UserPublickeys.findOne({ - keyId: signature.keyId - }).then(ensure); - - user = await Users.findOne(key.userId) as IRemoteUser; + key = await UserPublickeys.findOne(user.id).then(ensure); } // Update Person activityの場合は、ここで署名検証/更新処理まで実施して終了 if (activity.type === 'Update') { if (activity.object && validActor.includes(activity.object.type)) { - if (user == null) { - logger.warn('Update activity received, but user not registed.'); - } else if (!httpSignature.verifySignature(signature, key.keyPem)) { + if (!httpSignature.verifySignature(signature, key.keyPem)) { logger.warn('Update activity received, but signature verification failed.'); } else { updatePerson(activity.actor, null, activity.object); @@ -105,15 +85,6 @@ export default async (job: Bull.Job): Promise<void> => { } } - // アクティビティを送信してきたユーザーがまだMisskeyサーバーに登録されていなかったら登録する - if (user == null) { - user = await resolvePerson(activity.actor) as IRemoteUser; - } - - if (user == null) { - throw new Error('failed to resolve user'); - } - if (!httpSignature.verifySignature(signature, key.keyPem)) { logger.error('signature verification failed'); return; |