refactor: simplify getSignatureUser
This commit is contained in:
parent
487e7ba43c
commit
89e4e3ea5b
@ -98,81 +98,21 @@ export async function checkFetch(req: IncomingMessage): Promise<number> {
|
||||
return 200;
|
||||
}
|
||||
|
||||
export async function getSignatureUser(
|
||||
req: IncomingMessage,
|
||||
): Promise<{
|
||||
export async function getSignatureUser(req: IncomingMessage): Promise<{
|
||||
user: CacheableRemoteUser;
|
||||
key: UserPublickey | null;
|
||||
} | null> {
|
||||
let authUser;
|
||||
const meta = await fetchMeta();
|
||||
if (meta.secureMode || meta.privateMode) {
|
||||
let signature;
|
||||
|
||||
try {
|
||||
signature = httpSignature.parseRequest(req, { headers: [] });
|
||||
} catch (e) {
|
||||
return null;
|
||||
}
|
||||
|
||||
const signature = httpSignature.parseRequest(req, { headers: [] });
|
||||
const keyId = new URL(signature.keyId);
|
||||
const host = toPuny(keyId.hostname);
|
||||
|
||||
if (await shouldBlockInstance(host, meta)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
if (
|
||||
meta.privateMode &&
|
||||
host !== config.host &&
|
||||
!meta.allowedHosts.includes(host)
|
||||
) {
|
||||
return null;
|
||||
}
|
||||
|
||||
const keyIdLower = signature.keyId.toLowerCase();
|
||||
if (keyIdLower.startsWith("acct:")) {
|
||||
// Old keyId is no longer supported.
|
||||
return null;
|
||||
}
|
||||
|
||||
const dbResolver = new DbResolver();
|
||||
|
||||
// HTTP-Signature keyIdを元にDBから取得
|
||||
authUser = await dbResolver.getAuthUserFromKeyId(signature.keyId);
|
||||
|
||||
// keyIdでわからなければ、resolveしてみる
|
||||
if (!authUser) {
|
||||
try {
|
||||
keyId.hash = "";
|
||||
authUser = await dbResolver.getAuthUserFromApId(
|
||||
getApId(keyId.toString()),
|
||||
);
|
||||
} catch {
|
||||
// できなければ駄目
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
// publicKey がなくても終了
|
||||
if (!authUser?.key) {
|
||||
return null;
|
||||
}
|
||||
|
||||
// もう一回チェック
|
||||
if (authUser.user.host !== host) {
|
||||
return null;
|
||||
}
|
||||
|
||||
// HTTP-Signatureの検証
|
||||
const httpSignatureValidated = httpSignature.verifySignature(
|
||||
signature,
|
||||
authUser.key.keyPem,
|
||||
);
|
||||
|
||||
if (!httpSignatureValidated) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
// Retrieve from DB by HTTP-Signature keyId
|
||||
const authUser = await dbResolver.getAuthUserFromKeyId(signature.keyId);
|
||||
if (authUser) {
|
||||
return authUser;
|
||||
}
|
||||
|
||||
// Resolve if failed to retrieve by keyId
|
||||
keyId.hash = "";
|
||||
return await dbResolver.getAuthUserFromApId(getApId(keyId.toString()));
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user