start refactoring return codes from fedi endpoints, remove some cruft

2025-10-31 14:42:26 -05:00 · 2025-10-08 13:14:06 +02:00 · 2025-10-08 13:14:06 +02:00 · 47051a26d6
commit 47051a26d6
parent c6044d0142
28 changed files with 346 additions and 291 deletions
--- a/internal/federation/authenticate.go
+++ b/internal/federation/authenticate.go
@ -206,17 +206,54 @@ func (f *Federator) AuthenticateFederatedRequest(ctx context.Context, requestedU
 			false,
 		)
 		if err != nil {
-			if gtserror.StatusCode(err) == http.StatusGone {
-				// This can happen here instead of the pubkey 'gone'
-				// checks due to: the server sending account deletion
-				// notifications out, we start processing, the request above
-				// succeeds, and *then* the profile is removed and starts
-				// returning 410 Gone, at which point _this_ request fails.
-				return nil, gtserror.NewErrorGone(err)
-			}
+			// Check if a status code was returned
+			// from the failed dereference attempt.
+			switch statusCode := gtserror.StatusCode(err); statusCode {

-			err := gtserror.Newf("error dereferencing account %s: %w", pubKeyAuth.OwnerURI, err)
-			return nil, gtserror.NewErrorInternalError(err)
+			case http.StatusForbidden:
+				// If we got 403 Forbidden from the remote,
+				// we're not allowed to see the account making
+				// the request. In this case we should just
+				// return unauthorized, as we can't validate.
+				err := gtserror.Newf(
+					"received 403 Forbidden fetching account %s, cannot process request: %w",
+					pubKeyAuth.OwnerURI, err,
+				)
+				return nil, gtserror.NewErrorUnauthorized(err)
+
+			case http.StatusUnauthorized:
+				// If we got 401 Unauthorized from the remote,
+				// something likely went wrong with signature
+				// verification. In this case we should also
+				// return unauthorized, as we can't validate.
+				err := gtserror.Newf(
+					"received 401 Unauthorized fetching account %s, cannot process request: %w",
+					pubKeyAuth.OwnerURI, err,
+				)
+				return nil, gtserror.NewErrorUnauthorized(err)
+
+			case http.StatusGone:
+				// This can happen here instead of the pubkey
+				// 'gone' checks due to: the server sending account
+				// deletion notifications out, we start processing,
+				// the request above succeeds, and *then* the profile
+				// is removed and starts returning 410 Gone, at
+				// which point _this_ request fails.
+				err := gtserror.Newf(
+					"requesting account %s is gone, cannot process request: %w",
+					pubKeyAuth.OwnerURI, err,
+				)
+				return nil, gtserror.NewErrorGone(err)
+
+			default:
+				// In all other cases, return 401 Unauthorized,
+				// as we could not continue with this request.
+				err := gtserror.Newf(
+					"could not dereference requesting account %s: %w",
+					pubKeyAuth.OwnerURI, err,
+				)
+				return nil, gtserror.NewErrorUnauthorized(err)
+			}
 		}

 		// Catch a possible (but very rare) race condition where