refactor: simplify getSignatureUser

This commit is contained in:
Namekuji 2023-06-27 22:44:16 -07:00 committed by Namekuji
parent 487e7ba43c
commit 89e4e3ea5b
No known key found for this signature in database
GPG Key ID: 1D62332C07FBA532
1 changed files with 12 additions and 72 deletions

View File

@ -98,81 +98,21 @@ export async function checkFetch(req: IncomingMessage): Promise<number> {
return 200; return 200;
} }
export async function getSignatureUser( export async function getSignatureUser(req: IncomingMessage): Promise<{
req: IncomingMessage,
): Promise<{
user: CacheableRemoteUser; user: CacheableRemoteUser;
key: UserPublickey | null; key: UserPublickey | null;
} | null> { } | null> {
let authUser; const signature = httpSignature.parseRequest(req, { headers: [] });
const meta = await fetchMeta(); const keyId = new URL(signature.keyId);
if (meta.secureMode || meta.privateMode) { const dbResolver = new DbResolver();
let signature;
try { // Retrieve from DB by HTTP-Signature keyId
signature = httpSignature.parseRequest(req, { headers: [] }); const authUser = await dbResolver.getAuthUserFromKeyId(signature.keyId);
} catch (e) { if (authUser) {
return null; return authUser;
}
const keyId = new URL(signature.keyId);
const host = toPuny(keyId.hostname);
if (await shouldBlockInstance(host, meta)) {
return null;
}
if (
meta.privateMode &&
host !== config.host &&
!meta.allowedHosts.includes(host)
) {
return null;
}
const keyIdLower = signature.keyId.toLowerCase();
if (keyIdLower.startsWith("acct:")) {
// Old keyId is no longer supported.
return null;
}
const dbResolver = new DbResolver();
// HTTP-Signature keyIdを元にDBから取得
authUser = await dbResolver.getAuthUserFromKeyId(signature.keyId);
// keyIdでわからなければ、resolveしてみる
if (!authUser) {
try {
keyId.hash = "";
authUser = await dbResolver.getAuthUserFromApId(
getApId(keyId.toString()),
);
} catch {
// できなければ駄目
return null;
}
}
// publicKey がなくても終了
if (!authUser?.key) {
return null;
}
// もう一回チェック
if (authUser.user.host !== host) {
return null;
}
// HTTP-Signatureの検証
const httpSignatureValidated = httpSignature.verifySignature(
signature,
authUser.key.keyPem,
);
if (!httpSignatureValidated) {
return null;
}
} }
return authUser;
// Resolve if failed to retrieve by keyId
keyId.hash = "";
return await dbResolver.getAuthUserFromApId(getApId(keyId.toString()));
} }