[chore] No sigs for retrieving instance actor

As a possible path towards resolving #1186, this removes the signature check on the instance actor. Also adds a test to check authentication for a user other than the instance actor to ensure we don't poke a big hole into that check.
2025-11-08 02:19:33 -06:00 · 2025-06-03 19:11:07 +02:00 · 2025-06-03 19:11:07 +02:00 · e65bda768c
commit e65bda768c
parent be6d80c020
6 changed files with 120 additions and 4 deletions
--- a/internal/api/activitypub/users/userget.go
+++ b/internal/api/activitypub/users/userget.go
@ -23,6 +23,7 @@ import (
 	"strings"

 	apiutil "code.superseriousbusiness.org/gotosocial/internal/api/util"
+	"code.superseriousbusiness.org/gotosocial/internal/config"
 	"code.superseriousbusiness.org/gotosocial/internal/gtserror"
 	"github.com/gin-gonic/gin"
 )
@ -65,3 +66,19 @@ func (m *Module) UsersGETHandler(c *gin.Context) {

 	apiutil.JSONType(c, http.StatusOK, contentType, resp)
 }
+
+func (m *Module) InstanceActorGETHandler(c *gin.Context) {
+	contentType, err := apiutil.NegotiateAccept(c, apiutil.ActivityPubHeaders...)
+	if err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	resp, errWithCode := m.processor.Fedi().UserGet(c.Request.Context(), config.InstanceActor(), c.Request.URL)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	apiutil.JSONType(c, http.StatusOK, contentType, resp)
+}