From edcee14d07bae129e2d1a06d99c30fc6f659ff5e Mon Sep 17 00:00:00 2001 From: tobi <31960611+tsmethurst@users.noreply.github.com> Date: Fri, 11 Nov 2022 12:18:38 +0100 Subject: [feature] Read + Write tombstones for deleted Actors (#1005) * [feature] Read + Write tombstones for deleted Actors * copyTombstone * update to use resultcache instead of old ttl cache Signed-off-by: kim * update go-cache library to fix result cache capacity / ordering bugs Signed-off-by: kim * bump go-cache/v3 to v3.1.6 to fix bugs Signed-off-by: kim * switch on status code * better explain ErrGone reasoning Signed-off-by: kim Co-authored-by: kim --- internal/federation/authenticate.go | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) (limited to 'internal/federation/authenticate.go') diff --git a/internal/federation/authenticate.go b/internal/federation/authenticate.go index ab93fbeaf..3144d9d05 100644 --- a/internal/federation/authenticate.go +++ b/internal/federation/authenticate.go @@ -37,6 +37,7 @@ import ( "github.com/superseriousbusiness/gotosocial/internal/gtserror" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" "github.com/superseriousbusiness/gotosocial/internal/log" + "github.com/superseriousbusiness/gotosocial/internal/transport" ) /* @@ -201,8 +202,21 @@ func (f *federator) AuthenticateFederatedRequest(ctx context.Context, requestedU // REMOTE ACCOUNT REQUEST WITHOUT KEY CACHED LOCALLY // the request is remote and we don't have the public key yet, // so we need to authenticate the request properly by dereferencing the remote key + gone, err := f.CheckGone(ctx, requestingPublicKeyID) + if err != nil { + errWithCode := gtserror.NewErrorInternalError(fmt.Errorf("error checking for tombstone for %s: %s", requestingPublicKeyID, err)) + log.Debug(errWithCode) + return nil, errWithCode + } + + if gone { + errWithCode := gtserror.NewErrorGone(fmt.Errorf("account with public key %s is gone", requestingPublicKeyID)) + log.Debug(errWithCode) + return nil, errWithCode + } + log.Tracef("proceeding with dereference for uncached public key %s", requestingPublicKeyID) - transport, err := f.transportController.NewTransportForUsername(ctx, requestedUsername) + trans, err := f.transportController.NewTransportForUsername(ctx, requestedUsername) if err != nil { errWithCode := gtserror.NewErrorInternalError(fmt.Errorf("error creating transport for %s: %s", requestedUsername, err)) log.Debug(errWithCode) @@ -210,8 +224,21 @@ func (f *federator) AuthenticateFederatedRequest(ctx context.Context, requestedU } // The actual http call to the remote server is made right here in the Dereference function. - b, err := transport.Dereference(ctx, requestingPublicKeyID) + b, err := trans.Dereference(ctx, requestingPublicKeyID) if err != nil { + if errors.Is(err, transport.ErrGone) { + // if we get a 410 error it means the account that owns this public key has been deleted; + // we should add a tombstone to our database so that we can avoid trying to deref it in future + if err := f.HandleGone(ctx, requestingPublicKeyID); err != nil { + errWithCode := gtserror.NewErrorInternalError(fmt.Errorf("error marking account with public key %s as gone: %s", requestingPublicKeyID, err)) + log.Debug(errWithCode) + return nil, errWithCode + } + errWithCode := gtserror.NewErrorGone(fmt.Errorf("account with public key %s is gone", requestingPublicKeyID)) + log.Debug(errWithCode) + return nil, errWithCode + } + errWithCode := gtserror.NewErrorUnauthorized(fmt.Errorf("error dereferencing public key %s: %s", requestingPublicKeyID, err)) log.Debug(errWithCode) return nil, errWithCode -- cgit v1.2.3