diff options
| author | Mar0xy <marie@kaifa.ch> | 2023-10-20 12:50:56 +0200 |
|---|---|---|
| committer | Mar0xy <marie@kaifa.ch> | 2023-10-20 12:50:56 +0200 |
| commit | 71b7c31958e2ce11a4b5a11a5c282ca3bdcb41dc (patch) | |
| tree | 653fabf747e5a53cb39c9e167d2499a4430e76c7 | |
| parent | upd: wrap username in header (diff) | |
| download | sharkey-71b7c31958e2ce11a4b5a11a5c282ca3bdcb41dc.tar.gz sharkey-71b7c31958e2ce11a4b5a11a5c282ca3bdcb41dc.tar.bz2 sharkey-71b7c31958e2ce11a4b5a11a5c282ca3bdcb41dc.zip | |
upd: refetch user keys on signature failure
Reference: https://github.com/misskey-dev/misskey/pull/12051
| -rw-r--r-- | packages/backend/src/core/activitypub/ApDbResolverService.ts | 15 | ||||
| -rw-r--r-- | packages/backend/src/queue/processors/InboxProcessorService.ts | 16 |
2 files changed, 28 insertions, 3 deletions
diff --git a/packages/backend/src/core/activitypub/ApDbResolverService.ts b/packages/backend/src/core/activitypub/ApDbResolverService.ts index 995c5dcd5f..dd1687edeb 100644 --- a/packages/backend/src/core/activitypub/ApDbResolverService.ts +++ b/packages/backend/src/core/activitypub/ApDbResolverService.ts @@ -12,7 +12,7 @@ import type { MiUserPublickey } from '@/models/UserPublickey.js'; import { CacheService } from '@/core/CacheService.js'; import type { MiNote } from '@/models/Note.js'; import { bindThis } from '@/decorators.js'; -import { MiLocalUser, MiRemoteUser } from '@/models/User.js'; +import type { MiLocalUser, MiRemoteUser } from '@/models/User.js'; import { getApId } from './type.js'; import { ApPersonService } from './models/ApPersonService.js'; import type { IObject } from './type.js'; @@ -164,6 +164,19 @@ export class ApDbResolverService implements OnApplicationShutdown { }; } + /** + * Sharkey User -> Refetched Key + */ + @bindThis + public async refetchPublicKeyForApId(user: MiRemoteUser): Promise<MiUserPublickey | null> { + await this.apPersonService.updatePerson(user.uri); + const key = await this.userPublickeysRepository.findOneBy({ userId: user.id }); + if (key != null) { + await this.publicKeyByUserIdCache.set(user.id, key); + } + return key; + } + @bindThis public dispose(): void { this.publicKeyCache.dispose(); diff --git a/packages/backend/src/queue/processors/InboxProcessorService.ts b/packages/backend/src/queue/processors/InboxProcessorService.ts index 89d4ea503e..f51c9f140d 100644 --- a/packages/backend/src/queue/processors/InboxProcessorService.ts +++ b/packages/backend/src/queue/processors/InboxProcessorService.ts @@ -104,12 +104,24 @@ export class InboxProcessorService { } // HTTP-Signatureの検証 - const httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem); + let httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem); // また、signatureのsignerは、activity.actorと一致する必要がある if (!httpSignatureValidated || authUser.user.uri !== activity.actor) { + let renewKeyFailed = false; + + if (!httpSignatureValidated) { + authUser.key = await this.apDbResolverService.refetchPublicKeyForApId(authUser.user); + + if (authUser.key != null) { + httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem); + } else { + renewKeyFailed = true; + } + } + // 一致しなくても、でもLD-Signatureがありそうならそっちも見る - if (activity.signature) { + if (activity.signature && renewKeyFailed) { if (activity.signature.type !== 'RsaSignature2017') { throw new Bull.UnrecoverableError(`skip: unsupported LD-signature type ${activity.signature.type}`); } |