[feature] Read + Write tombstones for deleted Actors (#1005)

* [feature] Read + Write tombstones for deleted Actors * copyTombstone * update to use resultcache instead of old ttl cache Signed-off-by: kim <grufwub@gmail.com> * update go-cache library to fix result cache capacity / ordering bugs Signed-off-by: kim <grufwub@gmail.com> * bump go-cache/v3 to v3.1.6 to fix bugs Signed-off-by: kim <grufwub@gmail.com> * switch on status code * better explain ErrGone reasoning Signed-off-by: kim <grufwub@gmail.com> Co-authored-by: kim <grufwub@gmail.com>
2025-10-31 14:42:26 -05:00 · 2022-11-11 12:18:38 +01:00 · 2022-11-11 12:18:38 +01:00 · edcee14d07
commit edcee14d07
parent 948e90b95a
47 changed files with 3808 additions and 7 deletions
--- a/internal/federation/authenticate.go
+++ b/internal/federation/authenticate.go
@ -37,6 +37,7 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/log"
+	"github.com/superseriousbusiness/gotosocial/internal/transport"
 )

 /*
@ -201,8 +202,21 @@ func (f *federator) AuthenticateFederatedRequest(ctx context.Context, requestedU
 		// REMOTE ACCOUNT REQUEST WITHOUT KEY CACHED LOCALLY
 		// the request is remote and we don't have the public key yet,
 		// so we need to authenticate the request properly by dereferencing the remote key
+		gone, err := f.CheckGone(ctx, requestingPublicKeyID)
+		if err != nil {
+			errWithCode := gtserror.NewErrorInternalError(fmt.Errorf("error checking for tombstone for %s: %s", requestingPublicKeyID, err))
+			log.Debug(errWithCode)
+			return nil, errWithCode
+		}
+
+		if gone {
+			errWithCode := gtserror.NewErrorGone(fmt.Errorf("account with public key %s is gone", requestingPublicKeyID))
+			log.Debug(errWithCode)
+			return nil, errWithCode
+		}
+
 		log.Tracef("proceeding with dereference for uncached public key %s", requestingPublicKeyID)
-		transport, err := f.transportController.NewTransportForUsername(ctx, requestedUsername)
+		trans, err := f.transportController.NewTransportForUsername(ctx, requestedUsername)
 		if err != nil {
 			errWithCode := gtserror.NewErrorInternalError(fmt.Errorf("error creating transport for %s: %s", requestedUsername, err))
 			log.Debug(errWithCode)
@ -210,8 +224,21 @@ func (f *federator) AuthenticateFederatedRequest(ctx context.Context, requestedU
 		}

 		// The actual http call to the remote server is made right here in the Dereference function.
-		b, err := transport.Dereference(ctx, requestingPublicKeyID)
+		b, err := trans.Dereference(ctx, requestingPublicKeyID)
 		if err != nil {
+			if errors.Is(err, transport.ErrGone) {
+				// if we get a 410 error it means the account that owns this public key has been deleted;
+				// we should add a tombstone to our database so that we can avoid trying to deref it in future
+				if err := f.HandleGone(ctx, requestingPublicKeyID); err != nil {
+					errWithCode := gtserror.NewErrorInternalError(fmt.Errorf("error marking account with public key %s as gone: %s", requestingPublicKeyID, err))
+					log.Debug(errWithCode)
+					return nil, errWithCode
+				}
+				errWithCode := gtserror.NewErrorGone(fmt.Errorf("account with public key %s is gone", requestingPublicKeyID))
+				log.Debug(errWithCode)
+				return nil, errWithCode
+			}
+
 			errWithCode := gtserror.NewErrorUnauthorized(fmt.Errorf("error dereferencing public key %s: %s", requestingPublicKeyID, err))
 			log.Debug(errWithCode)
 			return nil, errWithCode