forked from alemi/upub
fix: more appropriate http signature errors
if we cant fetch from db its our fault (500), if we cant fetch your actor its your fault (4xx)
This commit is contained in:
parent
1814d7b187
commit
e6b9120bbf
1 changed files with 17 additions and 12 deletions
|
@ -1,7 +1,7 @@
|
|||
use axum::{extract::{FromRef, FromRequestParts}, http::{header, request::Parts}};
|
||||
use sea_orm::{ColumnTrait, Condition, EntityTrait, QueryFilter};
|
||||
use httpsign::HttpSignature;
|
||||
use upub::traits::Fetcher;
|
||||
use upub::traits::{fetch::PullError, Fetcher};
|
||||
|
||||
use crate::ApiError;
|
||||
|
||||
|
@ -120,8 +120,10 @@ where
|
|||
.next().ok_or(ApiError::bad_request())?
|
||||
.to_string();
|
||||
|
||||
let user = ctx.fetch_user(&user_id, ctx.db()).await?;
|
||||
|
||||
match ctx.fetch_user(&user_id, ctx.db()).await {
|
||||
Err(PullError::Database(x)) => return Err(PullError::Database(x).into()),
|
||||
Err(_) => tracing::debug!("could not fetch {user_id} to verify signature"),
|
||||
Ok(user) => {
|
||||
let valid = http_signature
|
||||
.build_from_parts(parts)
|
||||
.verify(&user.public_key)?;
|
||||
|
@ -135,6 +137,9 @@ where
|
|||
.await?
|
||||
.ok_or_else(ApiError::internal_server_error)?; // user but not their domain???
|
||||
identity = Identity::Remote { user: user.id, domain: user.domain, internal };
|
||||
},
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Ok(AuthIdentity(identity))
|
||||
|
|
Loading…
Reference in a new issue