Sign anonymous user requests as the relay actor to allow
following interoperability with Mastodon.
This commit is contained in:
parent
a78dc261e5
commit
75526e9f53
|
@ -49,12 +49,13 @@ defmodule Mobilizon.Federation.HTTPSignatures.Signature do
|
|||
end
|
||||
|
||||
# Gets a public key for a given ActivityPub actor ID (url).
|
||||
# sign annonymous fetches with the relay actor's key
|
||||
@spec get_public_key_for_url(String.t()) ::
|
||||
{:ok, String.t()}
|
||||
| {:error, :actor_not_found | :pem_decode_error}
|
||||
defp get_public_key_for_url(url) do
|
||||
with {:ok, %Actor{} = actor} <-
|
||||
ActivityPubActor.get_or_fetch_actor_by_url(url, ignore_sign_object_fetches: true) do
|
||||
ActivityPubActor.get_or_fetch_actor_by_url(url, on_behalf_of: Relay.get_actor()) do
|
||||
get_actor_public_key(actor)
|
||||
end
|
||||
end
|
||||
|
@ -101,11 +102,9 @@ defmodule Mobilizon.Federation.HTTPSignatures.Signature do
|
|||
# Special case if ever it's our own actor fetching ourselves
|
||||
get_actor_public_key(relay)
|
||||
else
|
||||
# In this specific case we don't sign object fetches because
|
||||
# this would cause infinite recursion when servers both need
|
||||
# to fetch each other's keys
|
||||
# Sign anonymous fetches using the relay actor's key
|
||||
with {:ok, %Actor{} = actor} <-
|
||||
ActivityPubActor.make_actor_from_url(actor_url, ignore_sign_object_fetches: true) do
|
||||
ActivityPubActor.make_actor_from_url(actor_url, on_behalf_of: Relay.get_actor()) do
|
||||
get_actor_public_key(actor)
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue