fix: more appropriate http signature errors

if we cant fetch from db its our fault (500), if we cant fetch your
actor its your fault (4xx)
This commit is contained in:
əlemi 2024-06-07 19:05:37 +02:00
parent 1814d7b187
commit e6b9120bbf
Signed by: alemi
GPG key ID: A4895B84D311642C

View file

@ -1,7 +1,7 @@
use axum::{extract::{FromRef, FromRequestParts}, http::{header, request::Parts}}; use axum::{extract::{FromRef, FromRequestParts}, http::{header, request::Parts}};
use sea_orm::{ColumnTrait, Condition, EntityTrait, QueryFilter}; use sea_orm::{ColumnTrait, Condition, EntityTrait, QueryFilter};
use httpsign::HttpSignature; use httpsign::HttpSignature;
use upub::traits::Fetcher; use upub::traits::{fetch::PullError, Fetcher};
use crate::ApiError; use crate::ApiError;
@ -120,8 +120,10 @@ where
.next().ok_or(ApiError::bad_request())? .next().ok_or(ApiError::bad_request())?
.to_string(); .to_string();
let user = ctx.fetch_user(&user_id, ctx.db()).await?; match ctx.fetch_user(&user_id, ctx.db()).await {
Err(PullError::Database(x)) => return Err(PullError::Database(x).into()),
Err(_) => tracing::debug!("could not fetch {user_id} to verify signature"),
Ok(user) => {
let valid = http_signature let valid = http_signature
.build_from_parts(parts) .build_from_parts(parts)
.verify(&user.public_key)?; .verify(&user.public_key)?;
@ -135,6 +137,9 @@ where
.await? .await?
.ok_or_else(ApiError::internal_server_error)?; // user but not their domain??? .ok_or_else(ApiError::internal_server_error)?; // user but not their domain???
identity = Identity::Remote { user: user.id, domain: user.domain, internal }; identity = Identity::Remote { user: user.id, domain: user.domain, internal };
},
}
} }
Ok(AuthIdentity(identity)) Ok(AuthIdentity(identity))