From d60d29bf981e05981fda05065fb6e9339949383b Mon Sep 17 00:00:00 2001
From: alemi <me@alemi.dev>
Date: Sat, 13 Apr 2024 03:31:37 +0200
Subject: [PATCH] fix: continue as anon if can't fetch user

---
 src/server/auth.rs | 31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/src/server/auth.rs b/src/server/auth.rs
index 621122a..a86475f 100644
--- a/src/server/auth.rs
+++ b/src/server/auth.rs
@@ -93,23 +93,24 @@ where
 			};
 
 			let user_id = unverified.key_id().replace("#main-key", "");
-			let user = ctx.fetch().user(&user_id).await?;
-			let pubkey = PKey::public_key_from_pem(user.public_key.as_bytes())?;
-			
-			let valid = unverified.verify(|sig, to_sign| {
-				let mut verifier = Verifier::new(MessageDigest::sha256(), &pubkey).unwrap();
-				verifier.update(to_sign.as_bytes())?;
-				Ok(verifier.verify(&base64::prelude::BASE64_URL_SAFE.decode(sig).unwrap_or_default())?) as crate::Result<bool>
-			})?;
+			if let Ok(user) = ctx.fetch().user(&user_id).await {
+				let pubkey = PKey::public_key_from_pem(user.public_key.as_bytes())?;
+				
+				let valid = unverified.verify(|sig, to_sign| {
+					let mut verifier = Verifier::new(MessageDigest::sha256(), &pubkey).unwrap();
+					verifier.update(to_sign.as_bytes())?;
+					Ok(verifier.verify(&base64::prelude::BASE64_URL_SAFE.decode(sig).unwrap_or_default())?) as crate::Result<bool>
+				})?;
 
-			if !valid {
-				return Err(UpubError::unauthorized());
+				if !valid {
+					return Err(UpubError::unauthorized());
+				}
+
+				// TODO assert payload's digest is equal to signature's
+
+				// TODO introduce hardened mode which identifies remotes by user and not server
+				identity = Identity::Remote(Context::server(&user_id));
 			}
-
-			// TODO assert payload's digest is equal to signature's
-
-			// TODO introduce hardened mode which identifies remotes by user and not server
-			identity = Identity::Remote(Context::server(&user_id));
 		}
 
 		Ok(AuthIdentity(identity))