3 changed files with 12 additions and 28 deletions
--- a/src/routes/activitypub/inbox.rs
+++ b/src/routes/activitypub/inbox.rs
@ -40,16 +40,9 @@ pub async fn post(
 	Json(activity): Json<serde_json::Value>
 ) -> crate::Result<()> {
 	let Identity::Remote(server) = auth else {
-		if activity.activity_type() == Some(ActivityType::Delete) {
+		if activity.activity_type() != Some(ActivityType::Delete) { // this is spammy af, ignore them!
-			// this is spammy af, ignore them!
+			tracing::warn!("refusing unauthorized activity: {}", pretty_json!(activity));
 			// we basically received a delete for a user we can't fetch and verify, meaning remote
 			// deleted someone we never saw. technically we deleted nothing so we should return error,
 			// but mastodon keeps hammering us trying to delete this user, so just make mastodon happy
 			// and return 200 without even bothering checking this stuff
 			// would be cool if mastodon played nicer with the network...
 			return Ok(());
 		}
 		tracing::warn!("refusing unauthorized activity: {}", pretty_json!(activity));
 		if matches!(auth, Identity::Anonymous) {
 			return Err(UpubError::unauthorized());
 		} else {
--- a/web/src/lib.rs
+++ b/web/src/lib.rs
@ -98,21 +98,21 @@ impl Http {
 			req = req.json(data);
 		}
-		req.send().await
+		req.send()
 			.await?
 			.error_for_status()
 	}
 	pub async fn fetch<T: serde::de::DeserializeOwned>(url: &str, token: Auth) -> reqwest::Result<T> {
 		Self::request::<()>(reqwest::Method::GET, url, None, token)
 			.await?
 			.error_for_status()?
 			.json::<T>()
 			.await
 	}
 	pub async fn post<T: serde::ser::Serialize>(url: &str, data: &T, token: Auth) -> reqwest::Result<()> {
 		Self::request(reqwest::Method::POST, url, Some(data), token)
-			.await?
+			.await?;
 			.error_for_status()?;
 		Ok(())
 	}
 }
--- a/web/src/page.rs
+++ b/web/src/page.rs
@ -299,7 +299,12 @@ pub fn DebugPage() -> impl IntoView {
 						}
 					} else {
 						let url = format!("{URL_BASE}/dbg?id={fetch_url}");
-						spawn_local(async move { set_object.set(Arc::new(debug_fetch(&url, auth).await)) });
+						spawn_local(async move {
 							match Http::fetch::<serde_json::Value>(&url, auth).await {
 								Ok(x) => set_object.set(Arc::new(x)),
 								Err(e) => set_object.set(Arc::new(serde_json::Value::String(e.to_string()))),
 							}
 						});
 					}
 				} >
 				<table class="align w-100" >
@ -380,17 +385,3 @@ pub fn SearchPage() -> impl IntoView {
 		</blockquote>
 	}
 }
 // this is a rather weird way to fetch but i want to see the bare error text if it fails!
 async fn debug_fetch(url: &str, token: Auth) -> serde_json::Value {
 	match Http::request::<()>(reqwest::Method::GET, url, None, token).await {
 		Err(e) => serde_json::Value::String(format!("[!] failed sending request: {e}")),
 		Ok(res) => match res.text().await {
 			Err(e) => serde_json::Value::String(format!("[!] invalid response body: {e}")),
 			Ok(x) => match serde_json::from_str(&x) {
 				Err(_) => serde_json::Value::String(x),
 				Ok(v) => v,
 			},
 		}
 	}
 }