Merge branch 'issue_1426' into 'main'

Sign anonymous user requests as the relay actor to allow Mastodon users to follow Mobilizòn groups Closes #1426 See merge request framasoft/mobilizon!1547
2024-04-10 17:59:57 +00:00 · 2024-04-10 17:59:57 +00:00 · 37ec84c8e7
parent 162d4f5fb1 75526e9f53
commit 37ec84c8e7
1 changed files with 4 additions and 5 deletions
--- a/lib/federation/http_signatures/signature.ex
+++ b/lib/federation/http_signatures/signature.ex
@ -49,12 +49,13 @@ defmodule Mobilizon.Federation.HTTPSignatures.Signature do
  end

  # Gets a public key for a given ActivityPub actor ID (url).
+  # sign annonymous fetches with the relay actor's key
  @spec get_public_key_for_url(String.t()) ::
          {:ok, String.t()}
          | {:error, :actor_not_found | :pem_decode_error}
  defp get_public_key_for_url(url) do
    with {:ok, %Actor{} = actor} <-
-           ActivityPubActor.get_or_fetch_actor_by_url(url, ignore_sign_object_fetches: true) do
+           ActivityPubActor.get_or_fetch_actor_by_url(url, on_behalf_of: Relay.get_actor()) do
      get_actor_public_key(actor)
    end
  end
@ -101,11 +102,9 @@ defmodule Mobilizon.Federation.HTTPSignatures.Signature do
      # Special case if ever it's our own actor fetching ourselves
      get_actor_public_key(relay)
    else
-      # In this specific case we don't sign object fetches because
-      # this would cause infinite recursion when servers both need
-      # to fetch each other's keys
+      # Sign anonymous fetches using the relay actor's key
      with {:ok, %Actor{} = actor} <-
-             ActivityPubActor.make_actor_from_url(actor_url, ignore_sign_object_fetches: true) do
+             ActivityPubActor.make_actor_from_url(actor_url, on_behalf_of: Relay.get_actor()) do
        get_actor_public_key(actor)
      end
    end