diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2022-11-11 12:18:38 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2022-11-11 12:18:38 +0100 |
| commit | edcee14d07bae129e2d1a06d99c30fc6f659ff5e (patch) | |
| tree | 5b9d605654347fe104c55bf4b0e7fb1e1533e2a0 /internal/federation/authenticate.go | |
| parent | [feature] S3: add config flag to proxy S3 media (#1014) (diff) | |
| download | gotosocial-edcee14d07bae129e2d1a06d99c30fc6f659ff5e.tar.xz | |
[feature] Read + Write tombstones for deleted Actors (#1005)
* [feature] Read + Write tombstones for deleted Actors
* copyTombstone
* update to use resultcache instead of old ttl cache
Signed-off-by: kim <grufwub@gmail.com>
* update go-cache library to fix result cache capacity / ordering bugs
Signed-off-by: kim <grufwub@gmail.com>
* bump go-cache/v3 to v3.1.6 to fix bugs
Signed-off-by: kim <grufwub@gmail.com>
* switch on status code
* better explain ErrGone reasoning
Signed-off-by: kim <grufwub@gmail.com>
Co-authored-by: kim <grufwub@gmail.com>
Diffstat (limited to 'internal/federation/authenticate.go')
| -rw-r--r-- | internal/federation/authenticate.go | 31 |
1 files changed, 29 insertions, 2 deletions
diff --git a/internal/federation/authenticate.go b/internal/federation/authenticate.go index ab93fbeaf..3144d9d05 100644 --- a/internal/federation/authenticate.go +++ b/internal/federation/authenticate.go @@ -37,6 +37,7 @@ import ( "github.com/superseriousbusiness/gotosocial/internal/gtserror" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" "github.com/superseriousbusiness/gotosocial/internal/log" + "github.com/superseriousbusiness/gotosocial/internal/transport" ) /* @@ -201,8 +202,21 @@ func (f *federator) AuthenticateFederatedRequest(ctx context.Context, requestedU // REMOTE ACCOUNT REQUEST WITHOUT KEY CACHED LOCALLY // the request is remote and we don't have the public key yet, // so we need to authenticate the request properly by dereferencing the remote key + gone, err := f.CheckGone(ctx, requestingPublicKeyID) + if err != nil { + errWithCode := gtserror.NewErrorInternalError(fmt.Errorf("error checking for tombstone for %s: %s", requestingPublicKeyID, err)) + log.Debug(errWithCode) + return nil, errWithCode + } + + if gone { + errWithCode := gtserror.NewErrorGone(fmt.Errorf("account with public key %s is gone", requestingPublicKeyID)) + log.Debug(errWithCode) + return nil, errWithCode + } + log.Tracef("proceeding with dereference for uncached public key %s", requestingPublicKeyID) - transport, err := f.transportController.NewTransportForUsername(ctx, requestedUsername) + trans, err := f.transportController.NewTransportForUsername(ctx, requestedUsername) if err != nil { errWithCode := gtserror.NewErrorInternalError(fmt.Errorf("error creating transport for %s: %s", requestedUsername, err)) log.Debug(errWithCode) @@ -210,8 +224,21 @@ func (f *federator) AuthenticateFederatedRequest(ctx context.Context, requestedU } // The actual http call to the remote server is made right here in the Dereference function. - b, err := transport.Dereference(ctx, requestingPublicKeyID) + b, err := trans.Dereference(ctx, requestingPublicKeyID) if err != nil { + if errors.Is(err, transport.ErrGone) { + // if we get a 410 error it means the account that owns this public key has been deleted; + // we should add a tombstone to our database so that we can avoid trying to deref it in future + if err := f.HandleGone(ctx, requestingPublicKeyID); err != nil { + errWithCode := gtserror.NewErrorInternalError(fmt.Errorf("error marking account with public key %s as gone: %s", requestingPublicKeyID, err)) + log.Debug(errWithCode) + return nil, errWithCode + } + errWithCode := gtserror.NewErrorGone(fmt.Errorf("account with public key %s is gone", requestingPublicKeyID)) + log.Debug(errWithCode) + return nil, errWithCode + } + errWithCode := gtserror.NewErrorUnauthorized(fmt.Errorf("error dereferencing public key %s: %s", requestingPublicKeyID, err)) log.Debug(errWithCode) return nil, errWithCode |