1
0
Fork 0
forked from alemi/upub

fix: more appropriate http signature errors

if we cant fetch from db its our fault (500), if we cant fetch your
actor its your fault (4xx)
This commit is contained in:
əlemi 2024-06-07 19:05:37 +02:00
parent 1814d7b187
commit e6b9120bbf
Signed by: alemi
GPG key ID: A4895B84D311642C

View file

@ -1,7 +1,7 @@
use axum::{extract::{FromRef, FromRequestParts}, http::{header, request::Parts}}; use axum::{extract::{FromRef, FromRequestParts}, http::{header, request::Parts}};
use sea_orm::{ColumnTrait, Condition, EntityTrait, QueryFilter}; use sea_orm::{ColumnTrait, Condition, EntityTrait, QueryFilter};
use httpsign::HttpSignature; use httpsign::HttpSignature;
use upub::traits::Fetcher; use upub::traits::{fetch::PullError, Fetcher};
use crate::ApiError; use crate::ApiError;
@ -120,21 +120,26 @@ where
.next().ok_or(ApiError::bad_request())? .next().ok_or(ApiError::bad_request())?
.to_string(); .to_string();
let user = ctx.fetch_user(&user_id, ctx.db()).await?; match ctx.fetch_user(&user_id, ctx.db()).await {
Err(PullError::Database(x)) => return Err(PullError::Database(x).into()),
Err(_) => tracing::debug!("could not fetch {user_id} to verify signature"),
Ok(user) => {
let valid = http_signature
.build_from_parts(parts)
.verify(&user.public_key)?;
let valid = http_signature if !valid {
.build_from_parts(parts) tracing::warn!("refusing mismatching http signature");
.verify(&user.public_key)?; return Err(ApiError::unauthorized());
}
if !valid { let internal = upub::model::instance::Entity::domain_to_internal(&user.domain, ctx.db())
tracing::warn!("refusing mismatching http signature"); .await?
return Err(ApiError::unauthorized()); .ok_or_else(ApiError::internal_server_error)?; // user but not their domain???
identity = Identity::Remote { user: user.id, domain: user.domain, internal };
},
} }
let internal = upub::model::instance::Entity::domain_to_internal(&user.domain, ctx.db())
.await?
.ok_or_else(ApiError::internal_server_error)?; // user but not their domain???
identity = Identity::Remote { user: user.id, domain: user.domain, internal };
} }
Ok(AuthIdentity(identity)) Ok(AuthIdentity(identity))