fix: also reject deletions which are not GONE

2024-05-11 17:37:31 +02:00 · 2024-05-11 17:37:31 +02:00 · e9fe8ba236
commit e9fe8ba236
parent 292b9f06d8
1 changed files with 9 additions and 2 deletions
--- a/src/routes/activitypub/inbox.rs
+++ b/src/routes/activitypub/inbox.rs
@ -40,9 +40,16 @@ pub async fn post(
 	Json(activity): Json<serde_json::Value>
 ) -> crate::Result<()> {
 	let Identity::Remote(server) = auth else {
-		if activity.activity_type() != Some(ActivityType::Delete) { // this is spammy af, ignore them!
-			tracing::warn!("refusing unauthorized activity: {}", pretty_json!(activity));
+		if activity.activity_type() == Some(ActivityType::Delete) {
+			// this is spammy af, ignore them!
+			// we basically received a delete for a user we can't fetch and verify, meaning remote
+			// deleted someone we never saw. technically we deleted nothing so we should return error,
+			// but mastodon keeps hammering us trying to delete this user, so just make mastodon happy
+			// and return 200 without even bothering checking this stuff
+			// would be cool if mastodon played nicer with the network...
+			return Ok(());
 		}
+		tracing::warn!("refusing unauthorized activity: {}", pretty_json!(activity));
 		if matches!(auth, Identity::Anonymous) {
 			return Err(UpubError::unauthorized());
 		} else {