summaryrefslogtreecommitdiff
path: root/packages/backend/src/queue/processors/InboxProcessorService.ts
diff options
context:
space:
mode:
Diffstat (limited to 'packages/backend/src/queue/processors/InboxProcessorService.ts')
-rw-r--r--packages/backend/src/queue/processors/InboxProcessorService.ts60
1 files changed, 29 insertions, 31 deletions
diff --git a/packages/backend/src/queue/processors/InboxProcessorService.ts b/packages/backend/src/queue/processors/InboxProcessorService.ts
index 9564724c62..5f82d558b3 100644
--- a/packages/backend/src/queue/processors/InboxProcessorService.ts
+++ b/packages/backend/src/queue/processors/InboxProcessorService.ts
@@ -21,7 +21,7 @@ import { ApDbResolverService } from '@/core/activitypub/ApDbResolverService.js';
import { StatusError } from '@/misc/status-error.js';
import { UtilityService } from '@/core/UtilityService.js';
import { ApPersonService } from '@/core/activitypub/models/ApPersonService.js';
-import { JsonLdService } from '@/core/activitypub/JsonLdService.js';
+import { isSigned, JsonLdService } from '@/core/activitypub/JsonLdService.js';
import { ApInboxService } from '@/core/activitypub/ApInboxService.js';
import { bindThis } from '@/decorators.js';
import { IdentifiableError } from '@/misc/identifiable-error.js';
@@ -31,6 +31,8 @@ import { SkApInboxLog } from '@/models/_.js';
import type { Config } from '@/config.js';
import { ApLogService, calculateDurationSince } from '@/core/ApLogService.js';
import { UpdateInstanceQueue } from '@/core/UpdateInstanceQueue.js';
+import { isRetryableError } from '@/misc/is-retryable-error.js';
+import { renderInlineError } from '@/misc/render-inline-error.js';
import { QueueLoggerService } from '../QueueLoggerService.js';
import type { InboxJobData } from '../types.js';
@@ -125,6 +127,14 @@ export class InboxProcessorService implements OnApplicationShutdown {
return `Old keyId is no longer supported. ${keyIdLower}`;
}
+ if (activity.actor as unknown == null || (Array.isArray(activity.actor) && activity.actor.length < 1)) {
+ return 'skip: activity has no actor';
+ }
+ if (typeof(activity.actor) !== 'string' && typeof(activity.actor) !== 'object') {
+ return `skip: activity actor has invalid type: ${typeof(activity.actor)}`;
+ }
+ const actorId = getApId(activity.actor);
+
// HTTP-Signature keyIdを元にDBから取得
let authUser: {
user: MiRemoteUser;
@@ -134,26 +144,25 @@ export class InboxProcessorService implements OnApplicationShutdown {
// keyIdでわからなければ、activity.actorを元にDBから取得 || activity.actorを元にリモートから取得
if (authUser == null) {
try {
- authUser = await this.apDbResolverService.getAuthUserFromApId(getApId(activity.actor));
+ authUser = await this.apDbResolverService.getAuthUserFromApId(actorId);
} catch (err) {
// 対象が4xxならスキップ
- if (err instanceof StatusError) {
- if (!err.isRetryable) {
- throw new Bull.UnrecoverableError(`skip: Ignored deleted actors on both ends ${activity.actor} - ${err.statusCode}`);
- }
- throw new Error(`Error in actor ${activity.actor} - ${err.statusCode}`);
+ if (!isRetryableError(err)) {
+ throw new Bull.UnrecoverableError(`skip: Ignored deleted actors on both ends ${actorId}`);
}
+
+ throw err;
}
}
// それでもわからなければ終了
if (authUser == null) {
- throw new Bull.UnrecoverableError(`skip: failed to resolve user ${getApId(activity.actor)}`);
+ throw new Bull.UnrecoverableError(`skip: failed to resolve user ${actorId}`);
}
// publicKey がなくても終了
if (authUser.key == null) {
- throw new Bull.UnrecoverableError(`skip: failed to resolve user publicKey ${getApId(activity.actor)}`);
+ throw new Bull.UnrecoverableError(`skip: failed to resolve user publicKey ${actorId}`);
}
// HTTP-Signatureの検証
@@ -168,10 +177,10 @@ export class InboxProcessorService implements OnApplicationShutdown {
}
// また、signatureのsignerは、activity.actorと一致する必要がある
- if (!httpSignatureValidated || authUser.user.uri !== getApId(activity.actor)) {
+ if (!httpSignatureValidated || authUser.user.uri !== actorId) {
// 一致しなくても、でもLD-Signatureがありそうならそっちも見る
- const ldSignature = activity.signature;
- if (ldSignature) {
+ if (isSigned(activity)) {
+ const ldSignature = activity.signature;
if (ldSignature.type !== 'RsaSignature2017') {
throw new Bull.UnrecoverableError(`skip: unsupported LD-signature type ${ldSignature.type}`);
}
@@ -193,33 +202,30 @@ export class InboxProcessorService implements OnApplicationShutdown {
throw new Bull.UnrecoverableError('skip: LD-SignatureのユーザーはpublicKeyを持っていませんでした');
}
- const jsonLd = this.jsonLdService.use();
-
// LD-Signature検証
- const verified = await jsonLd.verifyRsaSignature2017(activity, authUser.key.keyPem).catch(() => false);
+ const verified = await this.jsonLdService.verifyRsaSignature2017(activity, authUser.key.keyPem).catch(() => false);
if (!verified) {
throw new Bull.UnrecoverableError('skip: LD-Signatureの検証に失敗しました');
}
// アクティビティを正規化
- delete activity.signature;
+ const copy = { ...activity, signature: undefined };
try {
- activity = await jsonLd.compact(activity) as IActivity;
+ activity = await this.jsonLdService.compact(copy) as IActivity;
} catch (e) {
throw new Bull.UnrecoverableError(`skip: failed to compact activity: ${e}`);
}
// TODO: 元のアクティビティと非互換な形に正規化される場合は転送をスキップする
// https://github.com/mastodon/mastodon/blob/664b0ca/app/services/activitypub/process_collection_service.rb#L24-L29
- activity.signature = ldSignature;
// もう一度actorチェック
- if (authUser.user.uri !== activity.actor) {
- throw new Bull.UnrecoverableError(`skip: LD-Signature user(${authUser.user.uri}) !== activity.actor(${activity.actor})`);
+ if (authUser.user.uri !== actorId) {
+ throw new Bull.UnrecoverableError(`skip: LD-Signature user(${authUser.user.uri}) !== activity.actor(${actorId})`);
}
const ldHost = this.utilityService.extractDbHost(authUser.user.uri);
if (!this.utilityService.isFederationAllowedHost(ldHost)) {
- throw new Bull.UnrecoverableError(`Blocked request: ${ldHost}`);
+ throw new Bull.UnrecoverableError(`skip: request host is blocked: ${ldHost}`);
}
} else {
throw new Bull.UnrecoverableError(`skip: http-signature verification failed and no LD-Signature. keyId=${signature.keyId}`);
@@ -292,16 +298,8 @@ export class InboxProcessorService implements OnApplicationShutdown {
}
}
- if (e instanceof StatusError && !e.isRetryable) {
- return `skip: permanent error ${e.statusCode}`;
- }
-
- if (e instanceof IdentifiableError && !e.isRetryable) {
- if (e.message) {
- return `skip: permanent error ${e.id}: ${e.message}`;
- } else {
- return `skip: permanent error ${e.id}`;
- }
+ if (!isRetryableError(e)) {
+ return `skip: permanent error ${renderInlineError(e)}`;
}
throw e;
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-03 07:23:48 +0000