diff --git a/packages/backend/src/remote/activitypub/check-fetch.ts b/packages/backend/src/remote/activitypub/check-fetch.ts index a3e241c254..c885b4a199 100644 --- a/packages/backend/src/remote/activitypub/check-fetch.ts +++ b/packages/backend/src/remote/activitypub/check-fetch.ts @@ -98,81 +98,21 @@ export async function checkFetch(req: IncomingMessage): Promise { return 200; } -export async function getSignatureUser( - req: IncomingMessage, -): Promise<{ +export async function getSignatureUser(req: IncomingMessage): Promise<{ user: CacheableRemoteUser; key: UserPublickey | null; } | null> { - let authUser; - const meta = await fetchMeta(); - if (meta.secureMode || meta.privateMode) { - let signature; + const signature = httpSignature.parseRequest(req, { headers: [] }); + const keyId = new URL(signature.keyId); + const dbResolver = new DbResolver(); - try { - signature = httpSignature.parseRequest(req, { headers: [] }); - } catch (e) { - return null; - } - - const keyId = new URL(signature.keyId); - const host = toPuny(keyId.hostname); - - if (await shouldBlockInstance(host, meta)) { - return null; - } - - if ( - meta.privateMode && - host !== config.host && - !meta.allowedHosts.includes(host) - ) { - return null; - } - - const keyIdLower = signature.keyId.toLowerCase(); - if (keyIdLower.startsWith("acct:")) { - // Old keyId is no longer supported. - return null; - } - - const dbResolver = new DbResolver(); - - // HTTP-Signature keyIdを元にDBから取得 - authUser = await dbResolver.getAuthUserFromKeyId(signature.keyId); - - // keyIdでわからなければ、resolveしてみる - if (!authUser) { - try { - keyId.hash = ""; - authUser = await dbResolver.getAuthUserFromApId( - getApId(keyId.toString()), - ); - } catch { - // できなければ駄目 - return null; - } - } - - // publicKey がなくても終了 - if (!authUser?.key) { - return null; - } - - // もう一回チェック - if (authUser.user.host !== host) { - return null; - } - - // HTTP-Signatureの検証 - const httpSignatureValidated = httpSignature.verifySignature( - signature, - authUser.key.keyPem, - ); - - if (!httpSignatureValidated) { - return null; - } + // Retrieve from DB by HTTP-Signature keyId + const authUser = await dbResolver.getAuthUserFromKeyId(signature.keyId); + if (authUser) { + return authUser; } - return authUser; + + // Resolve if failed to retrieve by keyId + keyId.hash = ""; + return await dbResolver.getAuthUserFromApId(getApId(keyId.toString())); }