mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-10-29 11:52:25 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

[chore] No sigs for retrieving instance actor

Browse source 
As a possible path towards resolving #1186, this removes the signature
check on the instance actor. Also adds a test to check authentication
for a user other than the instance actor to ensure we don't poke a big
hole into that check.
This commit is contained in:
Daenney 2025-06-03 19:11:07 +02:00
commit e65bda768c
6 changed files with 120 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

10
internal/processing/fedi/user.go
View file

@ -24,6 +24,7 @@ import (
"net/url"
"code.superseriousbusiness.org/gotosocial/internal/ap"
"code.superseriousbusiness.org/gotosocial/internal/config"
"code.superseriousbusiness.org/gotosocial/internal/db"
"code.superseriousbusiness.org/gotosocial/internal/gtserror"
"code.superseriousbusiness.org/gotosocial/internal/uris"
@ -46,6 +47,15 @@ func (p *Processor) UserGet(ctx context.Context, requestedUsername string, reque
return nil, gtserror.NewErrorInternalError(err)
}
if requestedUsername == config.InstanceActor() && uris.IsInstanceActorPath(requestURL) {
accountable, err := p.converter.AccountToAS(ctx, receiver)
if err != nil {
err := gtserror.Newf("error converting account: %w", err)
return nil, gtserror.NewErrorInternalError(err)
}
return data(accountable)
}
if uris.IsPublicKeyPath(requestURL) {
// If request is on a public key path, we don't need to
// authenticate this request. However, we'll only serve