fix: continue as anon if can't fetch user

src/server/auth.rs

@@ -93,23 +93,24 @@ where
 			};
 
 			let user_id = unverified.key_id().replace("#main-key", "");
-			let user = ctx.fetch().user(&user_id).await?;
+			if let Ok(user) = ctx.fetch().user(&user_id).await {
-			let pubkey = PKey::public_key_from_pem(user.public_key.as_bytes())?;
+				let pubkey = PKey::public_key_from_pem(user.public_key.as_bytes())?;
 				
-			let valid = unverified.verify(|sig, to_sign| {
+				let valid = unverified.verify(|sig, to_sign| {
-				let mut verifier = Verifier::new(MessageDigest::sha256(), &pubkey).unwrap();
+					let mut verifier = Verifier::new(MessageDigest::sha256(), &pubkey).unwrap();
-				verifier.update(to_sign.as_bytes())?;
+					verifier.update(to_sign.as_bytes())?;
-				Ok(verifier.verify(&base64::prelude::BASE64_URL_SAFE.decode(sig).unwrap_or_default())?) as crate::Result<bool>
+					Ok(verifier.verify(&base64::prelude::BASE64_URL_SAFE.decode(sig).unwrap_or_default())?) as crate::Result<bool>
-			})?;
+				})?;
 
-			if !valid {
+				if !valid {
-				return Err(UpubError::unauthorized());
+					return Err(UpubError::unauthorized());
+				}
+
+				// TODO assert payload's digest is equal to signature's
+
+				// TODO introduce hardened mode which identifies remotes by user and not server
+				identity = Identity::Remote(Context::server(&user_id));
 			}
-
-			// TODO assert payload's digest is equal to signature's
-
-			// TODO introduce hardened mode which identifies remotes by user and not server
-			identity = Identity::Remote(Context::server(&user_id));
 		}
 
 		Ok(AuthIdentity(identity))