forked from alemi/upub
fix: also reject deletions which are not GONE
This commit is contained in:
parent
292b9f06d8
commit
e9fe8ba236
1 changed files with 9 additions and 2 deletions
|
@ -40,9 +40,16 @@ pub async fn post(
|
||||||
Json(activity): Json<serde_json::Value>
|
Json(activity): Json<serde_json::Value>
|
||||||
) -> crate::Result<()> {
|
) -> crate::Result<()> {
|
||||||
let Identity::Remote(server) = auth else {
|
let Identity::Remote(server) = auth else {
|
||||||
if activity.activity_type() != Some(ActivityType::Delete) { // this is spammy af, ignore them!
|
if activity.activity_type() == Some(ActivityType::Delete) {
|
||||||
tracing::warn!("refusing unauthorized activity: {}", pretty_json!(activity));
|
// this is spammy af, ignore them!
|
||||||
|
// we basically received a delete for a user we can't fetch and verify, meaning remote
|
||||||
|
// deleted someone we never saw. technically we deleted nothing so we should return error,
|
||||||
|
// but mastodon keeps hammering us trying to delete this user, so just make mastodon happy
|
||||||
|
// and return 200 without even bothering checking this stuff
|
||||||
|
// would be cool if mastodon played nicer with the network...
|
||||||
|
return Ok(());
|
||||||
}
|
}
|
||||||
|
tracing::warn!("refusing unauthorized activity: {}", pretty_json!(activity));
|
||||||
if matches!(auth, Identity::Anonymous) {
|
if matches!(auth, Identity::Anonymous) {
|
||||||
return Err(UpubError::unauthorized());
|
return Err(UpubError::unauthorized());
|
||||||
} else {
|
} else {
|
||||||
|
|
Loading…
Reference in a new issue