diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2023-09-12 11:43:12 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2023-09-12 10:43:12 +0100 |
| commit | 4b594516ec5fe6d849663d877db5a0614de03089 (patch) | |
| tree | d822d87aaba9d2836294198d43bc59fc210b6167 /internal/processing/fedi | |
| parent | [feature] Support Actor URIs for webfinger queries (#2187) (diff) | |
| download | gotosocial-4b594516ec5fe6d849663d877db5a0614de03089.tar.xz | |
[feature] Allow admins to expire remote public keys; refetch expired keys on demand (#2183)
Diffstat (limited to 'internal/processing/fedi')
| -rw-r--r-- | internal/processing/fedi/common.go | 6 | ||||
| -rw-r--r-- | internal/processing/fedi/user.go | 9 |
2 files changed, 8 insertions, 7 deletions
diff --git a/internal/processing/fedi/common.go b/internal/processing/fedi/common.go index 1331a20e0..38c31ffd2 100644 --- a/internal/processing/fedi/common.go +++ b/internal/processing/fedi/common.go @@ -48,7 +48,7 @@ func (p *Processor) authenticate(ctx context.Context, requestedUsername string) // Ensure request signed, and use signature URI to // get requesting account, dereferencing if necessary. - requestingAccountURI, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUsername) + pubKeyAuth, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUsername) if errWithCode != nil { return nil, nil, errWithCode } @@ -56,10 +56,10 @@ func (p *Processor) authenticate(ctx context.Context, requestedUsername string) requestingAccount, _, err := p.federator.GetAccountByURI( gtscontext.SetFastFail(ctx), requestedUsername, - requestingAccountURI, + pubKeyAuth.OwnerURI, ) if err != nil { - err = gtserror.Newf("error getting account %s: %w", requestingAccountURI, err) + err = gtserror.Newf("error getting account %s: %w", pubKeyAuth.OwnerURI, err) return nil, nil, gtserror.NewErrorUnauthorized(err) } diff --git a/internal/processing/fedi/user.go b/internal/processing/fedi/user.go index 4a55df01f..f3305c103 100644 --- a/internal/processing/fedi/user.go +++ b/internal/processing/fedi/user.go @@ -66,7 +66,7 @@ func (p *Processor) UserGet(ctx context.Context, requestedUsername string, reque // If the request is not on a public key path, we want to // try to authenticate it before we serve any data, so that // we can serve a more complete profile. - requestingAccountURI, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUsername) + pubKeyAuth, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUsername) if errWithCode != nil { return nil, errWithCode // likely 401 } @@ -89,7 +89,7 @@ func (p *Processor) UserGet(ctx context.Context, requestedUsername string, reque // Instead, we end up in an 'I'll show you mine if you show me // yours' situation, where we sort of agree to reveal each // other's profiles at the same time. - if p.federator.Handshaking(requestedUsername, requestingAccountURI) { + if p.federator.Handshaking(requestedUsername, pubKeyAuth.OwnerURI) { return data(person) } @@ -98,10 +98,11 @@ func (p *Processor) UserGet(ctx context.Context, requestedUsername string, reque requestingAccount, _, err := p.federator.GetAccountByURI( // On a hot path so fail quickly. gtscontext.SetFastFail(ctx), - requestedUsername, requestingAccountURI, + requestedUsername, + pubKeyAuth.OwnerURI, ) if err != nil { - err := gtserror.Newf("error getting account %s: %w", requestingAccountURI, err) + err := gtserror.Newf("error getting account %s: %w", pubKeyAuth.OwnerURI, err) return nil, gtserror.NewErrorUnauthorized(err) } |