summaryrefslogtreecommitdiff
path: root/internal/federation/util.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/federation/util.go')
-rw-r--r--internal/federation/util.go16
1 files changed, 14 insertions, 2 deletions
diff --git a/internal/federation/util.go b/internal/federation/util.go
index 3f53ed6a7..6ae0152df 100644
--- a/internal/federation/util.go
+++ b/internal/federation/util.go
@@ -132,9 +132,11 @@ func (f *federator) AuthenticateFederatedRequest(username string, r *http.Reques
var publicKey interface{}
var pkOwnerURI *url.URL
+ requestingRemoteAccount := &gtsmodel.Account{}
+ requestingLocalAccount := &gtsmodel.Account{}
if strings.EqualFold(requestingPublicKeyID.Host, f.config.Host) {
+ // LOCAL ACCOUNT REQUEST
// the request is coming from INSIDE THE HOUSE so skip the remote dereferencing
- requestingLocalAccount := &gtsmodel.Account{}
if err := f.db.GetWhere([]db.Where{{Key: "public_key_uri", Value: requestingPublicKeyID.String()}}, requestingLocalAccount); err != nil {
return nil, fmt.Errorf("couldn't get local account with public key uri %s from the database: %s", requestingPublicKeyID.String(), err)
}
@@ -143,8 +145,18 @@ func (f *federator) AuthenticateFederatedRequest(username string, r *http.Reques
if err != nil {
return nil, fmt.Errorf("error parsing url %s: %s", requestingLocalAccount.URI, err)
}
+ } else if err := f.db.GetWhere([]db.Where{{Key: "public_key_uri", Value: requestingPublicKeyID.String()}}, requestingRemoteAccount); err == nil {
+ // REMOTE ACCOUNT REQUEST WITH KEY CACHED LOCALLY
+ // this is a remote account and we already have the public key for it so use that
+ publicKey = requestingRemoteAccount.PublicKey
+ pkOwnerURI, err = url.Parse(requestingRemoteAccount.URI)
+ if err != nil {
+ return nil, fmt.Errorf("error parsing url %s: %s", requestingRemoteAccount.URI, err)
+ }
} else {
- // the request is remote, so we need to authenticate the request properly by dereferencing the remote key
+ // REMOTE ACCOUNT REQUEST WITHOUT KEY CACHED LOCALLY
+ // the request is remote and we don't have the public key yet,
+ // so we need to authenticate the request properly by dereferencing the remote key
transport, err := f.GetTransportForUser(username)
if err != nil {
return nil, fmt.Errorf("transport err: %s", err)
generated by cgit v1.2.3 (git 2.46.0) at 2025-07-13 05:06:11 +0000