[chore] Refactor AP authentication, other small bits of tidying up (#1874)

author: tobi <31960611+tsmethurst@users.noreply.github.com> 2023-06-13 16:47:56 +0200
committer: GitHub <noreply@github.com> 2023-06-13 15:47:56 +0100
commit: 24fbdf2b0a820684b69b10893e82cdb1a76ca14d (patch)
tree: d44a092d0bffb8159e4844bfaf4ef84a82f41e2e /internal/api
parent: [docs] Add certificates and firewalling to advanced (#1888) (diff)
download: gotosocial-24fbdf2b0a820684b69b10893e82cdb1a76ca14d.tar.xz
13 files changed, 37 insertions, 50 deletions
diff --git a/internal/api/activitypub/emoji/emojiget.go b/internal/api/activitypub/emoji/emojiget.go
index 8ea84f565..8602b6052 100644
--- a/internal/api/activitypub/emoji/emojiget.go
+++ b/internal/api/activitypub/emoji/emojiget.go
@@ -42,7 +42,7 @@ func (m *Module) EmojiGetHandler(c *gin.Context) {
 		return
 	}
 
-	resp, errWithCode := m.processor.Fedi().EmojiGet(apiutil.TransferSignatureContext(c), requestedEmojiID)
+	resp, errWithCode := m.processor.Fedi().EmojiGet(c.Request.Context(), requestedEmojiID)
 	if errWithCode != nil {
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/activitypub/publickey/publickeyget.go b/internal/api/activitypub/publickey/publickeyget.go
index 77e969469..5ccb86328 100644
--- a/internal/api/activitypub/publickey/publickeyget.go
+++ b/internal/api/activitypub/publickey/publickeyget.go
@@ -54,7 +54,7 @@ func (m *Module) PublicKeyGETHandler(c *gin.Context) {
 		return
 	}
 
-	resp, errWithCode := m.processor.Fedi().UserGet(apiutil.TransferSignatureContext(c), requestedUsername, c.Request.URL)
+	resp, errWithCode := m.processor.Fedi().UserGet(c.Request.Context(), requestedUsername, c.Request.URL)
 	if errWithCode != nil {
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/activitypub/users/featured.go b/internal/api/activitypub/users/featured.go
index 9ccaed069..de6ff14ae 100644
--- a/internal/api/activitypub/users/featured.go
+++ b/internal/api/activitypub/users/featured.go
@@ -80,7 +80,7 @@ func (m *Module) FeaturedCollectionGETHandler(c *gin.Context) {
 		return
 	}
 
-	resp, errWithCode := m.processor.Fedi().FeaturedCollectionGet(apiutil.TransferSignatureContext(c), requestedUsername)
+	resp, errWithCode := m.processor.Fedi().FeaturedCollectionGet(c.Request.Context(), requestedUsername)
 	if errWithCode != nil {
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/activitypub/users/followers.go b/internal/api/activitypub/users/followers.go
index ddfa3e9d0..0825651a8 100644
--- a/internal/api/activitypub/users/followers.go
+++ b/internal/api/activitypub/users/followers.go
@@ -51,7 +51,7 @@ func (m *Module) FollowersGETHandler(c *gin.Context) {
 		return
 	}
 
-	resp, errWithCode := m.processor.Fedi().FollowersGet(apiutil.TransferSignatureContext(c), requestedUsername)
+	resp, errWithCode := m.processor.Fedi().FollowersGet(c.Request.Context(), requestedUsername)
 	if errWithCode != nil {
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/activitypub/users/following.go b/internal/api/activitypub/users/following.go
index 79722cea1..bc6e96ca1 100644
--- a/internal/api/activitypub/users/following.go
+++ b/internal/api/activitypub/users/following.go
@@ -51,7 +51,7 @@ func (m *Module) FollowingGETHandler(c *gin.Context) {
 		return
 	}
 
-	resp, errWithCode := m.processor.Fedi().FollowingGet(apiutil.TransferSignatureContext(c), requestedUsername)
+	resp, errWithCode := m.processor.Fedi().FollowingGet(c.Request.Context(), requestedUsername)
 	if errWithCode != nil {
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/activitypub/users/inboxpost.go b/internal/api/activitypub/users/inboxpost.go
index 4f535f534..c2d3d79c4 100644
--- a/internal/api/activitypub/users/inboxpost.go
+++ b/internal/api/activitypub/users/inboxpost.go
@@ -30,7 +30,7 @@ import (
 // InboxPOSTHandler deals with incoming POST requests to an actor's inbox.
 // Eg., POST to https://example.org/users/whatever/inbox.
 func (m *Module) InboxPOSTHandler(c *gin.Context) {
-	_, err := m.processor.Fedi().InboxPost(apiutil.TransferSignatureContext(c), c.Writer, c.Request)
+	_, err := m.processor.Fedi().InboxPost(c.Request.Context(), c.Writer, c.Request)
 	if err != nil {
 		errWithCode := new(gtserror.WithCode)
 
diff --git a/internal/api/activitypub/users/inboxpost_test.go b/internal/api/activitypub/users/inboxpost_test.go
index 82e86fb9c..c5027f342 100644
--- a/internal/api/activitypub/users/inboxpost_test.go
+++ b/internal/api/activitypub/users/inboxpost_test.go
@@ -517,6 +517,31 @@ func (suite *InboxPostTestSuite) TestPostFromBlockedAccount() {
 	)
 }
 
+func (suite *InboxPostTestSuite) TestPostFromBlockedAccountToOtherAccount() {
+	var (
+		requestingAccount = suite.testAccounts["remote_account_1"]
+		targetAccount     = suite.testAccounts["local_account_1"]
+		activity          = suite.testActivities["reply_to_turtle_for_turtle"]
+		statusURI         = "http://fossbros-anonymous.io/users/foss_satan/statuses/2f1195a6-5cb0-4475-adf5-92ab9a0147fe"
+	)
+
+	// Post an reply to turtle to ZORK from remote account.
+	// Turtle blocks the remote account but is only tangentially
+	// related to this POST request. The response will indicate
+	// accepted but the post won't actually be processed.
+	suite.inboxPost(
+		activity.Activity,
+		requestingAccount,
+		targetAccount,
+		http.StatusAccepted,
+		`{"status":"Accepted"}`,
+		suite.signatureCheck,
+	)
+
+	_, err := suite.state.DB.GetStatusByURI(context.Background(), statusURI)
+	suite.ErrorIs(err, db.ErrNoEntries)
+}
+
 func (suite *InboxPostTestSuite) TestPostUnauthorized() {
 	var (
 		requestingAccount = suite.testAccounts["remote_account_1"]
diff --git a/internal/api/activitypub/users/outboxget.go b/internal/api/activitypub/users/outboxget.go
index 7abc3921f..9e3ec2d15 100644
--- a/internal/api/activitypub/users/outboxget.go
+++ b/internal/api/activitypub/users/outboxget.go
@@ -129,7 +129,7 @@ func (m *Module) OutboxGETHandler(c *gin.Context) {
 		maxID = maxIDString
 	}
 
-	resp, errWithCode := m.processor.Fedi().OutboxGet(apiutil.TransferSignatureContext(c), requestedUsername, page, maxID, minID)
+	resp, errWithCode := m.processor.Fedi().OutboxGet(c.Request.Context(), requestedUsername, page, maxID, minID)
 	if errWithCode != nil {
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/activitypub/users/repliesget.go b/internal/api/activitypub/users/repliesget.go
index bece312b8..70764a73d 100644
--- a/internal/api/activitypub/users/repliesget.go
+++ b/internal/api/activitypub/users/repliesget.go
@@ -149,7 +149,7 @@ func (m *Module) StatusRepliesGETHandler(c *gin.Context) {
 		minID = minIDString
 	}
 
-	resp, errWithCode := m.processor.Fedi().StatusRepliesGet(apiutil.TransferSignatureContext(c), requestedUsername, requestedStatusID, page, onlyOtherAccounts, c.Query("only_other_accounts") != "", minID)
+	resp, errWithCode := m.processor.Fedi().StatusRepliesGet(c.Request.Context(), requestedUsername, requestedStatusID, page, onlyOtherAccounts, c.Query("only_other_accounts") != "", minID)
 	if errWithCode != nil {
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/activitypub/users/statusget.go b/internal/api/activitypub/users/statusget.go
index b9e526080..4a107c5a1 100644
--- a/internal/api/activitypub/users/statusget.go
+++ b/internal/api/activitypub/users/statusget.go
@@ -58,7 +58,7 @@ func (m *Module) StatusGETHandler(c *gin.Context) {
 		return
 	}
 
-	resp, errWithCode := m.processor.Fedi().StatusGet(apiutil.TransferSignatureContext(c), requestedUsername, requestedStatusID)
+	resp, errWithCode := m.processor.Fedi().StatusGet(c.Request.Context(), requestedUsername, requestedStatusID)
 	if errWithCode != nil {
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/activitypub/users/user_test.go b/internal/api/activitypub/users/user_test.go
index 8e30eecf3..d0487777b 100644
--- a/internal/api/activitypub/users/user_test.go
+++ b/internal/api/activitypub/users/user_test.go
@@ -56,6 +56,7 @@ type UserStandardTestSuite struct {
 	testAttachments  map[string]*gtsmodel.MediaAttachment
 	testStatuses     map[string]*gtsmodel.Status
 	testBlocks       map[string]*gtsmodel.Block
+	testActivities   map[string]testrig.ActivityWithSignature
 
 	// module being tested
 	userModule *users.Module
@@ -72,6 +73,7 @@ func (suite *UserStandardTestSuite) SetupSuite() {
 	suite.testAttachments = testrig.NewTestAttachments()
 	suite.testStatuses = testrig.NewTestStatuses()
 	suite.testBlocks = testrig.NewTestBlocks()
+	suite.testActivities = testrig.NewTestActivities(suite.testAccounts)
 }
 
 func (suite *UserStandardTestSuite) SetupTest() {
diff --git a/internal/api/activitypub/users/userget.go b/internal/api/activitypub/users/userget.go
index 7dc7f0822..536da9e81 100644
--- a/internal/api/activitypub/users/userget.go
+++ b/internal/api/activitypub/users/userget.go
@@ -58,7 +58,7 @@ func (m *Module) UsersGETHandler(c *gin.Context) {
 		return
 	}
 
-	resp, errWithCode := m.processor.Fedi().UserGet(apiutil.TransferSignatureContext(c), requestedUsername, c.Request.URL)
+	resp, errWithCode := m.processor.Fedi().UserGet(c.Request.Context(), requestedUsername, c.Request.URL)
 	if errWithCode != nil {
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/util/signaturectx.go b/internal/api/util/signaturectx.go
deleted file mode 100644
index 38abfdeb1..000000000
--- a/internal/api/util/signaturectx.go
+++ /dev/null
@@ -1,40 +0,0 @@
-// GoToSocial
-// Copyright (C) GoToSocial Authors admin@gotosocial.org
-// SPDX-License-Identifier: AGPL-3.0-or-later
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-package util
-
-import (
-	"context"
-
-	"github.com/gin-gonic/gin"
-	"github.com/superseriousbusiness/gotosocial/internal/ap"
-)
-
-// TransferSignatureContext transfers a signature verifier and signature from a gin context to a go context.
-func TransferSignatureContext(c *gin.Context) context.Context {
-	ctx := c.Request.Context()
-
-	if verifier, signed := c.Get(string(ap.ContextRequestingPublicKeyVerifier)); signed {
-		ctx = context.WithValue(ctx, ap.ContextRequestingPublicKeyVerifier, verifier)
-	}
-
-	if signature, signed := c.Get(string(ap.ContextRequestingPublicKeySignature)); signed {
-		ctx = context.WithValue(ctx, ap.ContextRequestingPublicKeySignature, signature)
-	}
-
-	return ctx
-}
author	tobi <31960611+tsmethurst@users.noreply.github.com>	2023-06-13 16:47:56 +0200
committer	GitHub <noreply@github.com>	2023-06-13 15:47:56 +0100
commit	24fbdf2b0a820684b69b10893e82cdb1a76ca14d (patch)
tree	d44a092d0bffb8159e4844bfaf4ef84a82f41e2e /internal/api
parent	[docs] Add certificates and firewalling to advanced (#1888) (diff)
download	gotosocial-24fbdf2b0a820684b69b10893e82cdb1a76ca14d.tar.xz