From e9fe8ba2365e59c4569466fa75a0eafa7e74ee24 Mon Sep 17 00:00:00 2001 From: alemi Date: Sat, 11 May 2024 17:37:31 +0200 Subject: [PATCH] fix: also reject deletions which are not GONE --- src/routes/activitypub/inbox.rs | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/routes/activitypub/inbox.rs b/src/routes/activitypub/inbox.rs index fffb0ad..df0bda3 100644 --- a/src/routes/activitypub/inbox.rs +++ b/src/routes/activitypub/inbox.rs @@ -40,9 +40,16 @@ pub async fn post( Json(activity): Json ) -> crate::Result<()> { let Identity::Remote(server) = auth else { - if activity.activity_type() != Some(ActivityType::Delete) { // this is spammy af, ignore them! - tracing::warn!("refusing unauthorized activity: {}", pretty_json!(activity)); + if activity.activity_type() == Some(ActivityType::Delete) { + // this is spammy af, ignore them! + // we basically received a delete for a user we can't fetch and verify, meaning remote + // deleted someone we never saw. technically we deleted nothing so we should return error, + // but mastodon keeps hammering us trying to delete this user, so just make mastodon happy + // and return 200 without even bothering checking this stuff + // would be cool if mastodon played nicer with the network... + return Ok(()); } + tracing::warn!("refusing unauthorized activity: {}", pretty_json!(activity)); if matches!(auth, Identity::Anonymous) { return Err(UpubError::unauthorized()); } else {