diff options
| author |  Tobi Smethurst <31960611+tsmethurst@users.noreply.github.com> | 2021-06-27 16:52:18 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2021-06-27 16:52:18 +0200 |
| commit | 87cf621e21283728b2bb5517c6a6981087cc7ce5 (patch) | |
| tree | bd53f99ac3a0f242668bc33a3aeb0b3350957fb7 /internal/federation | |
| parent | Go fmt (diff) | |
| download | gotosocial-87cf621e21283728b2bb5517c6a6981087cc7ce5.tar.xz | |
Remote instance dereferencing (#70)
Remote instances are now dereferenced when they post to an inbox on a GtS instance.
Dereferencing will be done first by checking the /api/v1/instance endpoint of an instance.
If that doesn't work, /.well-known/nodeinfo will be checked.
If that doesn't work, only a minimal representation of the instance will be stored.
A new field was added to the Instance database model. To create it:
alter table instances add column contact_account_username text;
Diffstat (limited to 'internal/federation')
| -rw-r--r-- | internal/federation/authenticate.go (renamed from internal/federation/util.go) | 193 | ||||
| -rw-r--r-- | internal/federation/commonbehavior.go | 55 | ||||
| -rw-r--r-- | internal/federation/dereference.go | 153 | ||||
| -rw-r--r-- | internal/federation/federatingprotocol.go | 23 | ||||
| -rw-r--r-- | internal/federation/federator.go | 4 | ||||
| -rw-r--r-- | internal/federation/transport.go | 84 |
6 files changed, 300 insertions, 212 deletions
diff --git a/internal/federation/util.go b/internal/federation/authenticate.go index 9ec0770f6..c4183144b 100644 --- a/internal/federation/util.go +++ b/internal/federation/authenticate.go @@ -35,8 +35,6 @@ import ( "github.com/go-fed/httpsig" "github.com/superseriousbusiness/gotosocial/internal/db" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" - "github.com/superseriousbusiness/gotosocial/internal/transport" - "github.com/superseriousbusiness/gotosocial/internal/typeutils" ) /* @@ -99,11 +97,14 @@ func getPublicKeyFromResponse(c context.Context, b []byte, keyID *url.URL) (voca // AuthenticateFederatedRequest authenticates any kind of incoming federated request from a remote server. This includes things like // GET requests for dereferencing our users or statuses etc, and POST requests for delivering new Activities. The function returns -// the URL of the owner of the public key used in the http signature. +// the URL of the owner of the public key used in the requesting http signature. // -// Authenticate in this case is defined as just making sure that the http request is actually signed by whoever claims -// to have signed it, by fetching the public key from the signature and checking it against the remote public key. This function -// *does not* check whether the request is authorized, only whether it's authentic. +// Authenticate in this case is defined as making sure that the http request is actually signed by whoever claims +// to have signed it, by fetching the public key from the signature and checking it against the remote public key. +// +// To avoid making unnecessary http calls towards blocked domains, this function *does* bail early if an instance-level domain block exists +// for the request from the incoming domain. However, it does not check whether individual blocks exist between the requesting user or domain +// and the requested user: this should be done elsewhere. // // The provided username will be used to generate a transport for making remote requests/derefencing the public key ID of the request signature. // Ideally you should pass in the username of the user *being requested*, so that the remote server can decide how to handle the request based on who's making it. @@ -114,7 +115,12 @@ func getPublicKeyFromResponse(c context.Context, b []byte, keyID *url.URL) (voca // // Also note that this function *does not* dereference the remote account that the signature key is associated with. // Other functions should use the returned URL to dereference the remote account, if required. -func (f *federator) AuthenticateFederatedRequest(username string, r *http.Request) (*url.URL, error) { +func (f *federator) AuthenticateFederatedRequest(requestedUsername string, r *http.Request) (*url.URL, error) { + + var publicKey interface{} + var pkOwnerURI *url.URL + var err error + // set this extra field for signature validation r.Header.Set("host", f.config.Host) @@ -130,11 +136,19 @@ func (f *federator) AuthenticateFederatedRequest(username string, r *http.Reques return nil, fmt.Errorf("could not parse key id into a url: %s", err) } - var publicKey interface{} - var pkOwnerURI *url.URL + // if the domain is blocked we want to make as few calls towards it as possible, so already bail here if that's the case! + blockedDomain, err := f.blockedDomain(requestingPublicKeyID.Host) + if err != nil { + return nil, fmt.Errorf("could not tell if domain %s was blocked or not: %s", requestingPublicKeyID.Host, err) + } + if blockedDomain { + return nil, fmt.Errorf("host %s was domain blocked, aborting auth", requestingPublicKeyID.Host) + } + requestingRemoteAccount := >smodel.Account{} requestingLocalAccount := >smodel.Account{} - if strings.EqualFold(requestingPublicKeyID.Host, f.config.Host) { + requestingHost := requestingPublicKeyID.Host + if strings.EqualFold(requestingHost, f.config.Host) { // LOCAL ACCOUNT REQUEST // the request is coming from INSIDE THE HOUSE so skip the remote dereferencing if err := f.db.GetWhere([]db.Where{{Key: "public_key_uri", Value: requestingPublicKeyID.String()}}, requestingLocalAccount); err != nil { @@ -157,7 +171,7 @@ func (f *federator) AuthenticateFederatedRequest(username string, r *http.Reques // REMOTE ACCOUNT REQUEST WITHOUT KEY CACHED LOCALLY // the request is remote and we don't have the public key yet, // so we need to authenticate the request properly by dereferencing the remote key - transport, err := f.GetTransportForUser(username) + transport, err := f.GetTransportForUser(requestedUsername) if err != nil { return nil, fmt.Errorf("transport err: %s", err) } @@ -212,154 +226,19 @@ func (f *federator) AuthenticateFederatedRequest(username string, r *http.Reques return pkOwnerURI, nil } -func (f *federator) DereferenceRemoteAccount(username string, remoteAccountID *url.URL) (typeutils.Accountable, error) { - f.startHandshake(username, remoteAccountID) - defer f.stopHandshake(username, remoteAccountID) - - transport, err := f.GetTransportForUser(username) - if err != nil { - return nil, fmt.Errorf("transport err: %s", err) - } - - b, err := transport.Dereference(context.Background(), remoteAccountID) - if err != nil { - return nil, fmt.Errorf("error deferencing %s: %s", remoteAccountID.String(), err) - } - - m := make(map[string]interface{}) - if err := json.Unmarshal(b, &m); err != nil { - return nil, fmt.Errorf("error unmarshalling bytes into json: %s", err) - } - - t, err := streams.ToType(context.Background(), m) - if err != nil { - return nil, fmt.Errorf("error resolving json into ap vocab type: %s", err) - } - - switch t.GetTypeName() { - case string(gtsmodel.ActivityStreamsPerson): - p, ok := t.(vocab.ActivityStreamsPerson) - if !ok { - return nil, errors.New("error resolving type as activitystreams person") - } - return p, nil - case string(gtsmodel.ActivityStreamsApplication): - p, ok := t.(vocab.ActivityStreamsApplication) - if !ok { - return nil, errors.New("error resolving type as activitystreams application") - } - return p, nil - case string(gtsmodel.ActivityStreamsService): - p, ok := t.(vocab.ActivityStreamsService) - if !ok { - return nil, errors.New("error resolving type as activitystreams service") - } - return p, nil - } - - return nil, fmt.Errorf("type name %s not supported", t.GetTypeName()) -} - -func (f *federator) DereferenceRemoteStatus(username string, remoteStatusID *url.URL) (typeutils.Statusable, error) { - transport, err := f.GetTransportForUser(username) - if err != nil { - return nil, fmt.Errorf("transport err: %s", err) - } - - b, err := transport.Dereference(context.Background(), remoteStatusID) - if err != nil { - return nil, fmt.Errorf("error deferencing %s: %s", remoteStatusID.String(), err) - } - - m := make(map[string]interface{}) - if err := json.Unmarshal(b, &m); err != nil { - return nil, fmt.Errorf("error unmarshalling bytes into json: %s", err) - } - - t, err := streams.ToType(context.Background(), m) - if err != nil { - return nil, fmt.Errorf("error resolving json into ap vocab type: %s", err) - } - - // Article, Document, Image, Video, Note, Page, Event, Place, Mention, Profile - switch t.GetTypeName() { - case gtsmodel.ActivityStreamsArticle: - p, ok := t.(vocab.ActivityStreamsArticle) - if !ok { - return nil, errors.New("error resolving type as ActivityStreamsArticle") - } - return p, nil - case gtsmodel.ActivityStreamsDocument: - p, ok := t.(vocab.ActivityStreamsDocument) - if !ok { - return nil, errors.New("error resolving type as ActivityStreamsDocument") - } - return p, nil - case gtsmodel.ActivityStreamsImage: - p, ok := t.(vocab.ActivityStreamsImage) - if !ok { - return nil, errors.New("error resolving type as ActivityStreamsImage") - } - return p, nil - case gtsmodel.ActivityStreamsVideo: - p, ok := t.(vocab.ActivityStreamsVideo) - if !ok { - return nil, errors.New("error resolving type as ActivityStreamsVideo") - } - return p, nil - case gtsmodel.ActivityStreamsNote: - p, ok := t.(vocab.ActivityStreamsNote) - if !ok { - return nil, errors.New("error resolving type as ActivityStreamsNote") - } - return p, nil - case gtsmodel.ActivityStreamsPage: - p, ok := t.(vocab.ActivityStreamsPage) - if !ok { - return nil, errors.New("error resolving type as ActivityStreamsPage") - } - return p, nil - case gtsmodel.ActivityStreamsEvent: - p, ok := t.(vocab.ActivityStreamsEvent) - if !ok { - return nil, errors.New("error resolving type as ActivityStreamsEvent") - } - return p, nil - case gtsmodel.ActivityStreamsPlace: - p, ok := t.(vocab.ActivityStreamsPlace) - if !ok { - return nil, errors.New("error resolving type as ActivityStreamsPlace") - } - return p, nil - case gtsmodel.ActivityStreamsProfile: - p, ok := t.(vocab.ActivityStreamsProfile) - if !ok { - return nil, errors.New("error resolving type as ActivityStreamsProfile") - } - return p, nil +func (f *federator) blockedDomain(host string) (bool, error) { + b := >smodel.DomainBlock{} + err := f.db.GetWhere([]db.Where{{Key: "domain", Value: host, CaseInsensitive: true}}, b) + if err == nil { + // block exists + return true, nil } - return nil, fmt.Errorf("type name %s not supported", t.GetTypeName()) -} - -func (f *federator) GetTransportForUser(username string) (transport.Transport, error) { - // We need an account to use to create a transport for dereferecing the signature. - // If a username has been given, we can fetch the account with that username and use it. - // Otherwise, we can take the instance account and use those credentials to make the request. - ourAccount := >smodel.Account{} - var u string - if username == "" { - u = f.config.Host - } else { - u = username - } - if err := f.db.GetLocalAccountByUsername(u, ourAccount); err != nil { - return nil, fmt.Errorf("error getting account %s from db: %s", username, err) + if _, ok := err.(db.ErrNoEntries); ok { + // there are no entries so there's no block + return false, nil } - transport, err := f.transportController.NewTransport(ourAccount.PublicKeyURI, ourAccount.PrivateKey) - if err != nil { - return nil, fmt.Errorf("error creating transport for user %s: %s", username, err) - } - return transport, nil + // there's an actual error + return false, err } diff --git a/internal/federation/commonbehavior.go b/internal/federation/commonbehavior.go index fab9ce112..29eb9b6f3 100644 --- a/internal/federation/commonbehavior.go +++ b/internal/federation/commonbehavior.go @@ -20,15 +20,10 @@ package federation import ( "context" - "fmt" "net/http" - "net/url" - "github.com/go-fed/activity/pub" "github.com/go-fed/activity/streams" "github.com/go-fed/activity/streams/vocab" - "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" - "github.com/superseriousbusiness/gotosocial/internal/util" ) /* @@ -101,53 +96,3 @@ func (f *federator) GetOutbox(ctx context.Context, r *http.Request) (vocab.Activ // the CLIENT API, not through the federation API, so we just do nothing here. return streams.NewActivityStreamsOrderedCollectionPage(), nil } - -// NewTransport returns a new Transport on behalf of a specific actor. -// -// The actorBoxIRI will be either the inbox or outbox of an actor who is -// attempting to do the dereferencing or delivery. Any authentication -// scheme applied on the request must be based on this actor. The -// request must contain some sort of credential of the user, such as a -// HTTP Signature. -// -// The gofedAgent passed in should be used by the Transport -// implementation in the User-Agent, as well as the application-specific -// user agent string. The gofedAgent will indicate this library's use as -// well as the library's version number. -// -// Any server-wide rate-limiting that needs to occur should happen in a -// Transport implementation. This factory function allows this to be -// created, so peer servers are not DOS'd. -// -// Any retry logic should also be handled by the Transport -// implementation. -// -// Note that the library will not maintain a long-lived pointer to the -// returned Transport so that any private credentials are able to be -// garbage collected. -func (f *federator) NewTransport(ctx context.Context, actorBoxIRI *url.URL, gofedAgent string) (pub.Transport, error) { - - var username string - var err error - - if util.IsInboxPath(actorBoxIRI) { - username, err = util.ParseInboxPath(actorBoxIRI) - if err != nil { - return nil, fmt.Errorf("couldn't parse path %s as an inbox: %s", actorBoxIRI.String(), err) - } - } else if util.IsOutboxPath(actorBoxIRI) { - username, err = util.ParseOutboxPath(actorBoxIRI) - if err != nil { - return nil, fmt.Errorf("couldn't parse path %s as an outbox: %s", actorBoxIRI.String(), err) - } - } else { - return nil, fmt.Errorf("id %s was neither an inbox path nor an outbox path", actorBoxIRI.String()) - } - - account := >smodel.Account{} - if err := f.db.GetLocalAccountByUsername(username, account); err != nil { - return nil, fmt.Errorf("error getting account with username %s from the db: %s", username, err) - } - - return f.transportController.NewTransport(account.PublicKeyURI, account.PrivateKey) -} diff --git a/internal/federation/dereference.go b/internal/federation/dereference.go new file mode 100644 index 000000000..111c0b977 --- /dev/null +++ b/internal/federation/dereference.go @@ -0,0 +1,153 @@ +package federation + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "net/url" + + "github.com/go-fed/activity/streams" + "github.com/go-fed/activity/streams/vocab" + "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" + "github.com/superseriousbusiness/gotosocial/internal/typeutils" +) + +func (f *federator) DereferenceRemoteAccount(username string, remoteAccountID *url.URL) (typeutils.Accountable, error) { + f.startHandshake(username, remoteAccountID) + defer f.stopHandshake(username, remoteAccountID) + + transport, err := f.GetTransportForUser(username) + if err != nil { + return nil, fmt.Errorf("transport err: %s", err) + } + + b, err := transport.Dereference(context.Background(), remoteAccountID) + if err != nil { + return nil, fmt.Errorf("error deferencing %s: %s", remoteAccountID.String(), err) + } + + m := make(map[string]interface{}) + if err := json.Unmarshal(b, &m); err != nil { + return nil, fmt.Errorf("error unmarshalling bytes into json: %s", err) + } + + t, err := streams.ToType(context.Background(), m) + if err != nil { + return nil, fmt.Errorf("error resolving json into ap vocab type: %s", err) + } + + switch t.GetTypeName() { + case string(gtsmodel.ActivityStreamsPerson): + p, ok := t.(vocab.ActivityStreamsPerson) + if !ok { + return nil, errors.New("error resolving type as activitystreams person") + } + return p, nil + case string(gtsmodel.ActivityStreamsApplication): + p, ok := t.(vocab.ActivityStreamsApplication) + if !ok { + return nil, errors.New("error resolving type as activitystreams application") + } + return p, nil + case string(gtsmodel.ActivityStreamsService): + p, ok := t.(vocab.ActivityStreamsService) + if !ok { + return nil, errors.New("error resolving type as activitystreams service") + } + return p, nil + } + + return nil, fmt.Errorf("type name %s not supported", t.GetTypeName()) +} + +func (f *federator) DereferenceRemoteStatus(username string, remoteStatusID *url.URL) (typeutils.Statusable, error) { + transport, err := f.GetTransportForUser(username) + if err != nil { + return nil, fmt.Errorf("transport err: %s", err) + } + + b, err := transport.Dereference(context.Background(), remoteStatusID) + if err != nil { + return nil, fmt.Errorf("error deferencing %s: %s", remoteStatusID.String(), err) + } + + m := make(map[string]interface{}) + if err := json.Unmarshal(b, &m); err != nil { + return nil, fmt.Errorf("error unmarshalling bytes into json: %s", err) + } + + t, err := streams.ToType(context.Background(), m) + if err != nil { + return nil, fmt.Errorf("error resolving json into ap vocab type: %s", err) + } + + // Article, Document, Image, Video, Note, Page, Event, Place, Mention, Profile + switch t.GetTypeName() { + case gtsmodel.ActivityStreamsArticle: + p, ok := t.(vocab.ActivityStreamsArticle) + if !ok { + return nil, errors.New("error resolving type as ActivityStreamsArticle") + } + return p, nil + case gtsmodel.ActivityStreamsDocument: + p, ok := t.(vocab.ActivityStreamsDocument) + if !ok { + return nil, errors.New("error resolving type as ActivityStreamsDocument") + } + return p, nil + case gtsmodel.ActivityStreamsImage: + p, ok := t.(vocab.ActivityStreamsImage) + if !ok { + return nil, errors.New("error resolving type as ActivityStreamsImage") + } + return p, nil + case gtsmodel.ActivityStreamsVideo: + p, ok := t.(vocab.ActivityStreamsVideo) + if !ok { + return nil, errors.New("error resolving type as ActivityStreamsVideo") + } + return p, nil + case gtsmodel.ActivityStreamsNote: + p, ok := t.(vocab.ActivityStreamsNote) + if !ok { + return nil, errors.New("error resolving type as ActivityStreamsNote") + } + return p, nil + case gtsmodel.ActivityStreamsPage: + p, ok := t.(vocab.ActivityStreamsPage) + if !ok { + return nil, errors.New("error resolving type as ActivityStreamsPage") + } + return p, nil + case gtsmodel.ActivityStreamsEvent: + p, ok := t.(vocab.ActivityStreamsEvent) + if !ok { + return nil, errors.New("error resolving type as ActivityStreamsEvent") + } + return p, nil + case gtsmodel.ActivityStreamsPlace: + p, ok := t.(vocab.ActivityStreamsPlace) + if !ok { + return nil, errors.New("error resolving type as ActivityStreamsPlace") + } + return p, nil + case gtsmodel.ActivityStreamsProfile: + p, ok := t.(vocab.ActivityStreamsProfile) + if !ok { + return nil, errors.New("error resolving type as ActivityStreamsProfile") + } + return p, nil + } + + return nil, fmt.Errorf("type name %s not supported", t.GetTypeName()) +} + +func (f *federator) DereferenceRemoteInstance(username string, remoteInstanceURI *url.URL) (*gtsmodel.Instance, error) { + transport, err := f.GetTransportForUser(username) + if err != nil { + return nil, fmt.Errorf("transport err: %s", err) + } + + return transport.DereferenceInstance(context.Background(), remoteInstanceURI) +} diff --git a/internal/federation/federatingprotocol.go b/internal/federation/federatingprotocol.go index 8784c32e2..bd540af2c 100644 --- a/internal/federation/federatingprotocol.go +++ b/internal/federation/federatingprotocol.go @@ -125,6 +125,29 @@ func (f *federator) AuthenticatePostInbox(ctx context.Context, w http.ResponseWr return ctx, false, fmt.Errorf("not authenticated: %s", err) } + // authentication has passed, so add an instance entry for this instance if it hasn't been done already + i := >smodel.Instance{} + if err := f.db.GetWhere([]db.Where{{Key: "domain", Value: publicKeyOwnerURI.Host, CaseInsensitive: true}}, i); err != nil { + if _, ok := err.(db.ErrNoEntries); !ok { + // there's been an actual error + return ctx, false, fmt.Errorf("error getting requesting account with public key id %s: %s", publicKeyOwnerURI.String(), err) + } + + // we don't have an entry for this instance yet so dereference it + i, err = f.DereferenceRemoteInstance(username, &url.URL{ + Scheme: publicKeyOwnerURI.Scheme, + Host: publicKeyOwnerURI.Host, + }) + if err != nil { + return nil, false, fmt.Errorf("could not dereference new remote instance %s during AuthenticatePostInbox: %s", publicKeyOwnerURI.Host, err) + } + + // and put it in the db + if err := f.db.Put(i); err != nil { + return nil, false, fmt.Errorf("error inserting newly dereferenced instance %s: %s", publicKeyOwnerURI.Host, err) + } + } + requestingAccount := >smodel.Account{} if err := f.db.GetWhere([]db.Where{{Key: "uri", Value: publicKeyOwnerURI.String()}}, requestingAccount); err != nil { // there's been a proper error so return it diff --git a/internal/federation/federator.go b/internal/federation/federator.go index 2ee01697f..0c6b54e37 100644 --- a/internal/federation/federator.go +++ b/internal/federation/federator.go @@ -28,6 +28,7 @@ import ( "github.com/superseriousbusiness/gotosocial/internal/config" "github.com/superseriousbusiness/gotosocial/internal/db" "github.com/superseriousbusiness/gotosocial/internal/federation/federatingdb" + "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" "github.com/superseriousbusiness/gotosocial/internal/transport" "github.com/superseriousbusiness/gotosocial/internal/typeutils" ) @@ -50,6 +51,9 @@ type Federator interface { // DereferenceRemoteStatus can be used to get the representation of a remote status, based on its ID (which is a URI). // The given username will be used to create a transport for making outgoing requests. See the implementation for more detailed comments. DereferenceRemoteStatus(username string, remoteStatusID *url.URL) (typeutils.Statusable, error) + // DereferenceRemoteInstance takes the URL of a remote instance, and a username (optional) to spin up a transport with. It then + // does its damnedest to get some kind of information back about the instance, trying /api/v1/instance, then /.well-known/nodeinfo + DereferenceRemoteInstance(username string, remoteInstanceURI *url.URL) (*gtsmodel.Instance, error) // GetTransportForUser returns a new transport initialized with the key credentials belonging to the given username. // This can be used for making signed http requests. // diff --git a/internal/federation/transport.go b/internal/federation/transport.go new file mode 100644 index 000000000..a92f66d25 --- /dev/null +++ b/internal/federation/transport.go @@ -0,0 +1,84 @@ +package federation + +import ( + "context" + "fmt" + "net/url" + + "github.com/go-fed/activity/pub" + "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" + "github.com/superseriousbusiness/gotosocial/internal/transport" + "github.com/superseriousbusiness/gotosocial/internal/util" +) + +// NewTransport returns a new Transport on behalf of a specific actor. +// +// The actorBoxIRI will be either the inbox or outbox of an actor who is +// attempting to do the dereferencing or delivery. Any authentication +// scheme applied on the request must be based on this actor. The +// request must contain some sort of credential of the user, such as a +// HTTP Signature. +// +// The gofedAgent passed in should be used by the Transport +// implementation in the User-Agent, as well as the application-specific +// user agent string. The gofedAgent will indicate this library's use as +// well as the library's version number. +// +// Any server-wide rate-limiting that needs to occur should happen in a +// Transport implementation. This factory function allows this to be +// created, so peer servers are not DOS'd. +// +// Any retry logic should also be handled by the Transport +// implementation. +// +// Note that the library will not maintain a long-lived pointer to the +// returned Transport so that any private credentials are able to be +// garbage collected. +func (f *federator) NewTransport(ctx context.Context, actorBoxIRI *url.URL, gofedAgent string) (pub.Transport, error) { + + var username string + var err error + + if util.IsInboxPath(actorBoxIRI) { + username, err = util.ParseInboxPath(actorBoxIRI) + if err != nil { + return nil, fmt.Errorf("couldn't parse path %s as an inbox: %s", actorBoxIRI.String(), err) + } + } else if util.IsOutboxPath(actorBoxIRI) { + username, err = util.ParseOutboxPath(actorBoxIRI) + if err != nil { + return nil, fmt.Errorf("couldn't parse path %s as an outbox: %s", actorBoxIRI.String(), err) + } + } else { + return nil, fmt.Errorf("id %s was neither an inbox path nor an outbox path", actorBoxIRI.String()) + } + + account := >smodel.Account{} + if err := f.db.GetLocalAccountByUsername(username, account); err != nil { + return nil, fmt.Errorf("error getting account with username %s from the db: %s", username, err) + } + + return f.transportController.NewTransport(account.PublicKeyURI, account.PrivateKey) +} + +func (f *federator) GetTransportForUser(username string) (transport.Transport, error) { + // We need an account to use to create a transport for dereferecing something. + // If a username has been given, we can fetch the account with that username and use it. + // Otherwise, we can take the instance account and use those credentials to make the request. + ourAccount := >smodel.Account{} + var u string + if username == "" { + u = f.config.Host + } else { + u = username + } + if err := f.db.GetLocalAccountByUsername(u, ourAccount); err != nil { + return nil, fmt.Errorf("error getting account %s from db: %s", username, err) + } + + transport, err := f.transportController.NewTransport(ourAccount.PublicKeyURI, ourAccount.PrivateKey) + if err != nil { + return nil, fmt.Errorf("error creating transport for user %s: %s", username, err) + } + return transport, nil +} |