Compare commits

...

2 commits

3 changed files with 28 additions and 12 deletions

View file

@ -40,9 +40,16 @@ pub async fn post(
Json(activity): Json<serde_json::Value> Json(activity): Json<serde_json::Value>
) -> crate::Result<()> { ) -> crate::Result<()> {
let Identity::Remote(server) = auth else { let Identity::Remote(server) = auth else {
if activity.activity_type() != Some(ActivityType::Delete) { // this is spammy af, ignore them! if activity.activity_type() == Some(ActivityType::Delete) {
tracing::warn!("refusing unauthorized activity: {}", pretty_json!(activity)); // this is spammy af, ignore them!
// we basically received a delete for a user we can't fetch and verify, meaning remote
// deleted someone we never saw. technically we deleted nothing so we should return error,
// but mastodon keeps hammering us trying to delete this user, so just make mastodon happy
// and return 200 without even bothering checking this stuff
// would be cool if mastodon played nicer with the network...
return Ok(());
} }
tracing::warn!("refusing unauthorized activity: {}", pretty_json!(activity));
if matches!(auth, Identity::Anonymous) { if matches!(auth, Identity::Anonymous) {
return Err(UpubError::unauthorized()); return Err(UpubError::unauthorized());
} else { } else {

View file

@ -98,21 +98,21 @@ impl Http {
req = req.json(data); req = req.json(data);
} }
req.send() req.send().await
.await?
.error_for_status()
} }
pub async fn fetch<T: serde::de::DeserializeOwned>(url: &str, token: Auth) -> reqwest::Result<T> { pub async fn fetch<T: serde::de::DeserializeOwned>(url: &str, token: Auth) -> reqwest::Result<T> {
Self::request::<()>(reqwest::Method::GET, url, None, token) Self::request::<()>(reqwest::Method::GET, url, None, token)
.await? .await?
.error_for_status()?
.json::<T>() .json::<T>()
.await .await
} }
pub async fn post<T: serde::ser::Serialize>(url: &str, data: &T, token: Auth) -> reqwest::Result<()> { pub async fn post<T: serde::ser::Serialize>(url: &str, data: &T, token: Auth) -> reqwest::Result<()> {
Self::request(reqwest::Method::POST, url, Some(data), token) Self::request(reqwest::Method::POST, url, Some(data), token)
.await?; .await?
.error_for_status()?;
Ok(()) Ok(())
} }
} }

View file

@ -299,12 +299,7 @@ pub fn DebugPage() -> impl IntoView {
} }
} else { } else {
let url = format!("{URL_BASE}/dbg?id={fetch_url}"); let url = format!("{URL_BASE}/dbg?id={fetch_url}");
spawn_local(async move { spawn_local(async move { set_object.set(Arc::new(debug_fetch(&url, auth).await)) });
match Http::fetch::<serde_json::Value>(&url, auth).await {
Ok(x) => set_object.set(Arc::new(x)),
Err(e) => set_object.set(Arc::new(serde_json::Value::String(e.to_string()))),
}
});
} }
} > } >
<table class="align w-100" > <table class="align w-100" >
@ -385,3 +380,17 @@ pub fn SearchPage() -> impl IntoView {
</blockquote> </blockquote>
} }
} }
// this is a rather weird way to fetch but i want to see the bare error text if it fails!
async fn debug_fetch(url: &str, token: Auth) -> serde_json::Value {
match Http::request::<()>(reqwest::Method::GET, url, None, token).await {
Err(e) => serde_json::Value::String(format!("[!] failed sending request: {e}")),
Ok(res) => match res.text().await {
Err(e) => serde_json::Value::String(format!("[!] invalid response body: {e}")),
Ok(x) => match serde_json::from_str(&x) {
Err(_) => serde_json::Value::String(x),
Ok(v) => v,
},
}
}
}