From d9fc2c061d2008e2a132f9e58a378d1204696c9a Mon Sep 17 00:00:00 2001 From: Laura Hausmann Date: Wed, 28 Jun 2023 01:02:28 +0200 Subject: [PATCH] Add signature to remote note lookup --- packages/backend/src/remote/activitypub/request.ts | 2 ++ packages/backend/src/remote/activitypub/resolver.ts | 8 ++++++++ packages/backend/src/server/api/endpoints/ap/show.ts | 5 +++-- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/packages/backend/src/remote/activitypub/request.ts b/packages/backend/src/remote/activitypub/request.ts index ffb3e25a3..7360f9544 100644 --- a/packages/backend/src/remote/activitypub/request.ts +++ b/packages/backend/src/remote/activitypub/request.ts @@ -3,6 +3,7 @@ import { getUserKeypair } from "@/misc/keypair-store.js"; import type { User } from "@/models/entities/user.js"; import { getResponse } from "../../misc/fetch.js"; import { createSignedPost, createSignedGet } from "./ap-request.js"; +import { apLogger } from "@/remote/activitypub/logger.js"; export default async (user: { id: User["id"] }, url: string, object: any) => { const body = JSON.stringify(object); @@ -35,6 +36,7 @@ export default async (user: { id: User["id"] }, url: string, object: any) => { * @param url URL to fetch */ export async function signedGet(url: string, user: { id: User["id"] }) { + apLogger.debug("running signedGet on url: " + url); const keypair = await getUserKeypair(user.id); const req = createSignedGet({ diff --git a/packages/backend/src/remote/activitypub/resolver.ts b/packages/backend/src/remote/activitypub/resolver.ts index 054792760..e6bbf9faf 100644 --- a/packages/backend/src/remote/activitypub/resolver.ts +++ b/packages/backend/src/remote/activitypub/resolver.ts @@ -23,6 +23,7 @@ import renderCreate from "@/remote/activitypub/renderer/create.js"; import { renderActivity } from "@/remote/activitypub/renderer/index.js"; import renderFollow from "@/remote/activitypub/renderer/follow.js"; import { shouldBlockInstance } from "@/misc/should-block-instance.js"; +import { apLogger } from "@/remote/activitypub/logger.js"; export default class Resolver { private history: Set; @@ -34,6 +35,10 @@ export default class Resolver { this.recursionLimit = recursionLimit; } + public setUser(user) { + this.user = user; + } + public getHistory(): string[] { return Array.from(this.history); } @@ -102,6 +107,9 @@ export default class Resolver { this.user = await getInstanceActor(); } + apLogger.debug("getting object from remote, authenticated as user:"); + apLogger.debug(JSON.stringify(this.user, null, 2)); + const object = ( this.user ? await signedGet(value, this.user) diff --git a/packages/backend/src/server/api/endpoints/ap/show.ts b/packages/backend/src/server/api/endpoints/ap/show.ts index 0bd3414ee..2fdf24075 100644 --- a/packages/backend/src/server/api/endpoints/ap/show.ts +++ b/packages/backend/src/server/api/endpoints/ap/show.ts @@ -127,6 +127,7 @@ async function fetchAny( // fetching Object once from remote const resolver = new Resolver(); + resolver.setUser(me); const object = await resolver.resolve(uri); // /@user If a URI other than the id is specified, @@ -144,8 +145,8 @@ async function fetchAny( return await mergePack( me, - isActor(object) ? await createPerson(getApId(object)) : null, - isPost(object) ? await createNote(getApId(object), undefined, true) : null, + isActor(object) ? await createPerson(getApId(object), resolver) : null, + isPost(object) ? await createNote(getApId(object), resolver, true) : null, ); }