From 1d51e3c8d68fe79ee1103d3e412d4e823d99eaaa Mon Sep 17 00:00:00 2001 From: kim <89579420+NyaaaWhatsUpDoc@users.noreply.github.com> Date: Fri, 23 Feb 2024 15:24:40 +0000 Subject: [bugfix] 2643 bug search for account url doesnt always work when redirected (#2673) * update activity library so dereferencer returns full response and checks *final* link to allow for redirects * temporarily add bodged fixed library * remove unused code * update getAccountFeatured() to use dereferenceCollectionPage() * make sure to release map * perform a 2nd decode to ensure reader is empty after primary decode * add comment explaining choice of using Decode() instead of Unmarshal() * update embedded activity library to latest matching https://github.com/superseriousbusiness/activity/pull/21 * add checks to look for changed URI and re-check database if redirected * update max iteration count to 512, add checks during dereferenceAncestors() for indirect URLs * remove doubled-up code * fix use of status instead of current * use URIs for checking equality for security * use the latest known URI for boost_of_uri in case original was an indirect * add dereferenceCollection() function for dereferenceAccountFeatured() * pull in latest github.com/superseriousbusiness/activity version (and remove the bodge!!) * fix typo in code comments * update decodeType() to accept a readcloser and handle body closing * switch to checking using BoostOfID and add note why not using BoostOfURI * ensure InReplyTo gets unset when deleting status parent in case currently stubbed * add tests for Collection and CollectionPage iterators --- internal/federation/dereferencing/status.go | 43 ++++++++++++++++++++++++++--- 1 file changed, 39 insertions(+), 4 deletions(-) (limited to 'internal/federation/dereferencing/status.go') diff --git a/internal/federation/dereferencing/status.go b/internal/federation/dereferencing/status.go index e3f97553d..397d2aa28 100644 --- a/internal/federation/dereferencing/status.go +++ b/internal/federation/dereferencing/status.go @@ -393,16 +393,51 @@ func (d *Dereferencer) enrichStatus( if apubStatus == nil { // Dereference latest version of the status. - b, err := tsport.Dereference(ctx, uri) + rsp, err := tsport.Dereference(ctx, uri) if err != nil { err := gtserror.Newf("error dereferencing %s: %w", uri, err) return nil, nil, gtserror.SetUnretrievable(err) } - // Attempt to resolve ActivityPub status from data. - apubStatus, err = ap.ResolveStatusable(ctx, b) + // Attempt to resolve ActivityPub status from response. + apubStatus, err = ap.ResolveStatusable(ctx, rsp.Body) + + // Tidy up now done. + _ = rsp.Body.Close() + if err != nil { - return nil, nil, gtserror.Newf("error resolving statusable from data for account %s: %w", uri, err) + // ResolveStatusable will set gtserror.WrongType + // on the returned error, so we don't need to do it here. + err = gtserror.Newf("error resolving statusable %s: %w", uri, err) + return nil, nil, err + } + + // Check whether input URI and final returned URI + // have changed (i.e. we followed some redirects). + if finalURIStr := rsp.Request.URL.String(); // + finalURIStr != uri.String() { + + // NOTE: this URI check + database call is performed + // AFTER reading and closing response body, for performance. + // + // Check whether we have this status stored under *final* URI. + alreadyStatus, err := d.state.DB.GetStatusByURI(ctx, finalURIStr) + if err != nil && !errors.Is(err, db.ErrNoEntries) { + return nil, nil, gtserror.Newf("db error getting status after redirects: %w", err) + } + + if alreadyStatus != nil { + // We had this status stored + // under discovered final URI. + // + // Proceed with this status. + status = alreadyStatus + } + + // Update the input URI to + // the final determined URI + // for later URI checks. + uri = rsp.Request.URL } } -- cgit v1.2.3