[feature] Read + Write tombstones for deleted Actors (#1005)

* [feature] Read + Write tombstones for deleted Actors * copyTombstone * update to use resultcache instead of old ttl cache Signed-off-by: kim <grufwub@gmail.com> * update go-cache library to fix result cache capacity / ordering bugs Signed-off-by: kim <grufwub@gmail.com> * bump go-cache/v3 to v3.1.6 to fix bugs Signed-off-by: kim <grufwub@gmail.com> * switch on status code * better explain ErrGone reasoning Signed-off-by: kim <grufwub@gmail.com> Co-authored-by: kim <grufwub@gmail.com>
2026-01-05 08:03:16 -06:00 · 2022-11-11 12:18:38 +01:00 · 2022-11-11 12:18:38 +01:00 · edcee14d07
commit edcee14d07
parent 948e90b95a
47 changed files with 3808 additions and 7 deletions
--- a/internal/federation/authenticate.go
+++ b/internal/federation/authenticate.go
@ -37,6 +37,7 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/log"
+	"github.com/superseriousbusiness/gotosocial/internal/transport"
 )

 /*
@ -201,8 +202,21 @@ func (f *federator) AuthenticateFederatedRequest(ctx context.Context, requestedU
 		// REMOTE ACCOUNT REQUEST WITHOUT KEY CACHED LOCALLY
 		// the request is remote and we don't have the public key yet,
 		// so we need to authenticate the request properly by dereferencing the remote key
+		gone, err := f.CheckGone(ctx, requestingPublicKeyID)
+		if err != nil {
+			errWithCode := gtserror.NewErrorInternalError(fmt.Errorf("error checking for tombstone for %s: %s", requestingPublicKeyID, err))
+			log.Debug(errWithCode)
+			return nil, errWithCode
+		}
+
+		if gone {
+			errWithCode := gtserror.NewErrorGone(fmt.Errorf("account with public key %s is gone", requestingPublicKeyID))
+			log.Debug(errWithCode)
+			return nil, errWithCode
+		}
+
 		log.Tracef("proceeding with dereference for uncached public key %s", requestingPublicKeyID)
-		transport, err := f.transportController.NewTransportForUsername(ctx, requestedUsername)
+		trans, err := f.transportController.NewTransportForUsername(ctx, requestedUsername)
 		if err != nil {
 			errWithCode := gtserror.NewErrorInternalError(fmt.Errorf("error creating transport for %s: %s", requestedUsername, err))
 			log.Debug(errWithCode)
@ -210,8 +224,21 @@ func (f *federator) AuthenticateFederatedRequest(ctx context.Context, requestedU
 		}

 		// The actual http call to the remote server is made right here in the Dereference function.
-		b, err := transport.Dereference(ctx, requestingPublicKeyID)
+		b, err := trans.Dereference(ctx, requestingPublicKeyID)
 		if err != nil {
+			if errors.Is(err, transport.ErrGone) {
+				// if we get a 410 error it means the account that owns this public key has been deleted;
+				// we should add a tombstone to our database so that we can avoid trying to deref it in future
+				if err := f.HandleGone(ctx, requestingPublicKeyID); err != nil {
+					errWithCode := gtserror.NewErrorInternalError(fmt.Errorf("error marking account with public key %s as gone: %s", requestingPublicKeyID, err))
+					log.Debug(errWithCode)
+					return nil, errWithCode
+				}
+				errWithCode := gtserror.NewErrorGone(fmt.Errorf("account with public key %s is gone", requestingPublicKeyID))
+				log.Debug(errWithCode)
+				return nil, errWithCode
+			}
+
 			errWithCode := gtserror.NewErrorUnauthorized(fmt.Errorf("error dereferencing public key %s: %s", requestingPublicKeyID, err))
 			log.Debug(errWithCode)
 			return nil, errWithCode
--- a/internal/federation/federatingprotocol.go
+++ b/internal/federation/federatingprotocol.go
@ -169,6 +169,13 @@ func (f *federator) AuthenticatePostInbox(ctx context.Context, w http.ResponseWr
 			// if 400, 401, or 403, obey the interface by writing the header and bailing
 			w.WriteHeader(errWithCode.Code())
 			return ctx, false, nil
+		case http.StatusGone:
+			// if the requesting account has gone (http 410) then likely
+			// inbox post was a delete, we can just write 202 and leave,
+			// since we didn't know about the account anyway, so we can't
+			// do any further processing
+			w.WriteHeader(http.StatusAccepted)
+			return ctx, false, nil
 		default:
 			// if not, there's been a proper error
 			return ctx, false, err
--- a/internal/federation/federatingprotocol_test.go
+++ b/internal/federation/federatingprotocol_test.go
@ -182,6 +182,94 @@ func (suite *FederatingProtocolTestSuite) TestAuthenticatePostInbox() {
 	suite.Equal(sendingAccount.Username, requestingAccount.Username)
 }

+func (suite *FederatingProtocolTestSuite) TestAuthenticatePostGone() {
+	// the activity we're gonna use
+	activity := suite.testActivities["delete_https://somewhere.mysterious/users/rest_in_piss#main-key"]
+	inboxAccount := suite.testAccounts["local_account_1"]
+
+	fedWorker := concurrency.NewWorkerPool[messages.FromFederator](-1, -1)
+
+	httpClient := testrig.NewMockHTTPClient(nil, "../../testrig/media")
+	tc := testrig.NewTestTransportController(httpClient, suite.db, fedWorker)
+
+	// now setup module being tested, with the mock transport controller
+	federator := federation.NewFederator(suite.db, testrig.NewTestFederatingDB(suite.db, fedWorker), tc, suite.tc, testrig.NewTestMediaManager(suite.db, suite.storage))
+
+	request := httptest.NewRequest(http.MethodPost, "http://localhost:8080/users/the_mighty_zork/inbox", nil)
+	// we need these headers for the request to be validated
+	request.Header.Set("Signature", activity.SignatureHeader)
+	request.Header.Set("Date", activity.DateHeader)
+	request.Header.Set("Digest", activity.DigestHeader)
+
+	verifier, err := httpsig.NewVerifier(request)
+	suite.NoError(err)
+
+	ctx := context.Background()
+	// by the time AuthenticatePostInbox is called, PostInboxRequestBodyHook should have already been called,
+	// which should have set the account and username onto the request. We can replicate that behavior here:
+	ctxWithAccount := context.WithValue(ctx, ap.ContextReceivingAccount, inboxAccount)
+	ctxWithVerifier := context.WithValue(ctxWithAccount, ap.ContextRequestingPublicKeyVerifier, verifier)
+	ctxWithSignature := context.WithValue(ctxWithVerifier, ap.ContextRequestingPublicKeySignature, activity.SignatureHeader)
+
+	// we can pass this recorder as a writer and read it back after
+	recorder := httptest.NewRecorder()
+
+	// trigger the function being tested, and return the new context it creates
+	_, authed, err := federator.AuthenticatePostInbox(ctxWithSignature, recorder, request)
+	suite.NoError(err)
+	suite.False(authed)
+	suite.Equal(http.StatusAccepted, recorder.Code)
+}
+
+func (suite *FederatingProtocolTestSuite) TestAuthenticatePostGoneNoTombstoneYet() {
+	// delete the relevant tombstone
+	if err := suite.db.DeleteTombstone(context.Background(), suite.testTombstones["https://somewhere.mysterious/users/rest_in_piss#main-key"].ID); err != nil {
+		suite.FailNow(err.Error())
+	}
+
+	// the activity we're gonna use
+	activity := suite.testActivities["delete_https://somewhere.mysterious/users/rest_in_piss#main-key"]
+	inboxAccount := suite.testAccounts["local_account_1"]
+
+	fedWorker := concurrency.NewWorkerPool[messages.FromFederator](-1, -1)
+
+	httpClient := testrig.NewMockHTTPClient(nil, "../../testrig/media")
+	tc := testrig.NewTestTransportController(httpClient, suite.db, fedWorker)
+
+	// now setup module being tested, with the mock transport controller
+	federator := federation.NewFederator(suite.db, testrig.NewTestFederatingDB(suite.db, fedWorker), tc, suite.tc, testrig.NewTestMediaManager(suite.db, suite.storage))
+
+	request := httptest.NewRequest(http.MethodPost, "http://localhost:8080/users/the_mighty_zork/inbox", nil)
+	// we need these headers for the request to be validated
+	request.Header.Set("Signature", activity.SignatureHeader)
+	request.Header.Set("Date", activity.DateHeader)
+	request.Header.Set("Digest", activity.DigestHeader)
+
+	verifier, err := httpsig.NewVerifier(request)
+	suite.NoError(err)
+
+	ctx := context.Background()
+	// by the time AuthenticatePostInbox is called, PostInboxRequestBodyHook should have already been called,
+	// which should have set the account and username onto the request. We can replicate that behavior here:
+	ctxWithAccount := context.WithValue(ctx, ap.ContextReceivingAccount, inboxAccount)
+	ctxWithVerifier := context.WithValue(ctxWithAccount, ap.ContextRequestingPublicKeyVerifier, verifier)
+	ctxWithSignature := context.WithValue(ctxWithVerifier, ap.ContextRequestingPublicKeySignature, activity.SignatureHeader)
+
+	// we can pass this recorder as a writer and read it back after
+	recorder := httptest.NewRecorder()
+
+	// trigger the function being tested, and return the new context it creates
+	_, authed, err := federator.AuthenticatePostInbox(ctxWithSignature, recorder, request)
+	suite.NoError(err)
+	suite.False(authed)
+	suite.Equal(http.StatusAccepted, recorder.Code)
+
+	// there should be a tombstone in the db now for this account
+	exists, err := suite.db.TombstoneExistsWithURI(ctx, "https://somewhere.mysterious/users/rest_in_piss#main-key")
+	suite.NoError(err)
+	suite.True(exists)
+}
+
 func (suite *FederatingProtocolTestSuite) TestBlocked1() {
 	fedWorker := concurrency.NewWorkerPool[messages.FromFederator](-1, -1)
 	httpClient := testrig.NewMockHTTPClient(nil, "../../testrig/media")
--- a/internal/federation/federator_test.go
+++ b/internal/federation/federator_test.go
@ -36,6 +36,7 @@ type FederatorStandardTestSuite struct {
 	testAccounts   map[string]*gtsmodel.Account
 	testStatuses   map[string]*gtsmodel.Status
 	testActivities map[string]testrig.ActivityWithSignature
+	testTombstones map[string]*gtsmodel.Tombstone
 }

 // SetupSuite sets some variables on the suite that we can use as consts (more or less) throughout
@ -45,6 +46,7 @@ func (suite *FederatorStandardTestSuite) SetupSuite() {
 	suite.tc = testrig.NewTestTypeConverter(suite.db)
 	suite.testAccounts = testrig.NewTestAccounts()
 	suite.testStatuses = testrig.NewTestStatuses()
+	suite.testTombstones = testrig.NewTestTombstones()
 }

 func (suite *FederatorStandardTestSuite) SetupTest() {
--- a/internal/federation/gone.go
+++ b/internal/federation/gone.go
@ -0,0 +1,34 @@
+package federation
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/id"
+	"github.com/superseriousbusiness/gotosocial/internal/log"
+)
+
+// CheckGone checks if a tombstone exists in the database for AP Actor or Object with the given uri.
+func (f *federator) CheckGone(ctx context.Context, uri *url.URL) (bool, error) {
+	return f.db.TombstoneExistsWithURI(ctx, uri.String())
+}
+
+// HandleGone puts a tombstone in the database, which marks an AP Actor or Object with the given uri as gone.
+func (f *federator) HandleGone(ctx context.Context, uri *url.URL) error {
+	tombstoneID, err := id.NewULID()
+	if err != nil {
+		err = fmt.Errorf("HandleGone: error generating id for new tombstone %s: %s", uri, err)
+		log.Error(err)
+		return err
+	}
+
+	tombstone := &gtsmodel.Tombstone{
+		ID:     tombstoneID,
+		Domain: uri.Host,
+		URI:    uri.String(),
+	}
+
+	return f.db.PutTombstone(ctx, tombstone)
+}