mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-11-13 03:37:28 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

[chore/security] refactor AuthenticateFederatedRequest() to handle account deref + suspension checks (#2371)

Browse source 
* refactor AuthenticateFederatedRequest() to handle account suspension + fetching of owner

* small fixups

* small changes

* revert to 'IsEitherBlocked' instead of just 'IsBlocked" :grimace:

* update code comment to indicate that AuthenticateFederatedRequest() will handle account + instance dereferencing
This commit is contained in:
kim 2023-11-21 10:35:30 +00:00 committed by GitHub
commit 42d8011ff4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 205 additions and 198 deletions
Download patch file Download diff file Expand all files Collapse all files

1
internal/processing/fedi/status.go
View file

@ -35,7 +35,6 @@ import (
// StatusGet handles the getting of a fedi/activitypub representation of a local status.
// It performs appropriate authentication before returning a JSON serializable interface.
func (p *Processor) StatusGet(ctx context.Context, requestedUser string, statusID string) (interface{}, gtserror.WithCode) {
// Authenticate using http signature.
// Authenticate the incoming request, getting related user accounts.
requester, receiver, errWithCode := p.authenticate(ctx, requestedUser)
if errWithCode != nil {