From 4a4d8f0069d9289afe22b5b0ca24fda83a30b4e0 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Wed, 13 Jan 2021 21:38:22 -0700 Subject: [PATCH] Update InboxWorker, fix race condition in account deletes --- app/Jobs/InboxPipeline/InboxValidator.php | 52 +++++++++++++++++++++ app/Jobs/InboxPipeline/InboxWorker.php | 55 +++++++++++++++++++++-- 2 files changed, 104 insertions(+), 3 deletions(-) diff --git a/app/Jobs/InboxPipeline/InboxValidator.php b/app/Jobs/InboxPipeline/InboxValidator.php index 732ad0825..64015f880 100644 --- a/app/Jobs/InboxPipeline/InboxValidator.php +++ b/app/Jobs/InboxPipeline/InboxValidator.php @@ -14,6 +14,7 @@ use Illuminate\Foundation\Bus\Dispatchable; use Illuminate\Queue\InteractsWithQueue; use Illuminate\Queue\SerializesModels; use Zttp\Zttp; +use App\Jobs\DeletePipeline\DeleteRemoteProfilePipeline; class InboxValidator implements ShouldQueue { @@ -59,6 +60,57 @@ class InboxValidator implements ShouldQueue return; } + if( $payload['type'] === 'Delete' && + ( ( is_string($payload['object']) && + $payload['object'] === $payload['actor'] ) || + ( is_array($payload['object']) && + isset($payload['object']['id'], $payload['object']['type']) && + $payload['object']['type'] === 'Person' && + $payload['actor'] === $payload['object']['id'] + )) + ) { + $actor = $payload['actor']; + $hash = strlen($actor) <= 48 ? + 'b:' . base64_encode($actor) : + 'h:' . hash('sha256', $actor); + + $lockKey = 'ap:inbox:actor-delete-exists:lock:' . $hash; + Cache::lock($lockKey, 10)->block(5, function () use( + $headers, + $payload, + $actor, + $hash + ) { + $key = 'ap:inbox:actor-delete-exists:' . $hash; + $actorDelete = Cache::remember($key, now()->addMinutes(15), function() use($actor) { + return Profile::whereRemoteUrl($actor) + ->whereNotNull('domain') + ->exists(); + }); + if($actorDelete) { + if($this->verifySignature($headers, $payload) == true) { + Cache::set($key, false); + $profile = Profile::whereNotNull('domain') + ->whereNull('status') + ->whereRemoteUrl($actor) + ->first(); + if($profile) { + DeleteRemoteProfilePipeline::dispatchNow($profile); + } + return; + } else { + // Signature verification failed, exit. + return; + } + } else { + // Remote user doesn't exist, exit early. + return; + } + }); + + return; + } + if($profile->status != null) { return; } diff --git a/app/Jobs/InboxPipeline/InboxWorker.php b/app/Jobs/InboxPipeline/InboxWorker.php index c4ddab6e7..efb2c62e9 100644 --- a/app/Jobs/InboxPipeline/InboxWorker.php +++ b/app/Jobs/InboxPipeline/InboxWorker.php @@ -14,13 +14,13 @@ use Illuminate\Foundation\Bus\Dispatchable; use Illuminate\Queue\InteractsWithQueue; use Illuminate\Queue\SerializesModels; use Zttp\Zttp; +use App\Jobs\DeletePipeline\DeleteRemoteProfilePipeline; class InboxWorker implements ShouldQueue { use Dispatchable, InteractsWithQueue, Queueable, SerializesModels; protected $headers; - protected $profile; protected $payload; public $timeout = 60; @@ -56,6 +56,57 @@ class InboxWorker implements ShouldQueue return; } + if( $payload['type'] === 'Delete' && + ( ( is_string($payload['object']) && + $payload['object'] === $payload['actor'] ) || + ( is_array($payload['object']) && + isset($payload['object']['id'], $payload['object']['type']) && + $payload['object']['type'] === 'Person' && + $payload['actor'] === $payload['object']['id'] + )) + ) { + $actor = $payload['actor']; + $hash = strlen($actor) <= 48 ? + 'b:' . base64_encode($actor) : + 'h:' . hash('sha256', $actor); + + $lockKey = 'ap:inbox:actor-delete-exists:lock:' . $hash; + Cache::lock($lockKey, 10)->block(5, function () use( + $headers, + $payload, + $actor, + $hash + ) { + $key = 'ap:inbox:actor-delete-exists:' . $hash; + $actorDelete = Cache::remember($key, now()->addMinutes(15), function() use($actor) { + return Profile::whereRemoteUrl($actor) + ->whereNotNull('domain') + ->exists(); + }); + if($actorDelete) { + if($this->verifySignature($headers, $payload) == true) { + Cache::set($key, false); + $profile = Profile::whereNotNull('domain') + ->whereNull('status') + ->whereRemoteUrl($actor) + ->first(); + if($profile) { + DeleteRemoteProfilePipeline::dispatchNow($profile); + } + return; + } else { + // Signature verification failed, exit. + return; + } + } else { + // Remote user doesn't exist, exit early. + return; + } + }); + + return; + } + if($this->verifySignature($headers, $payload) == true) { (new Inbox($headers, $profile, $payload))->handle(); return; @@ -95,12 +146,10 @@ class InboxWorker implements ShouldQueue ) { if(parse_url($bodyDecoded['object']['attributedTo'], PHP_URL_HOST) !== $keyDomain) { return; - abort(400, 'Invalid request'); } } if(!$keyDomain || !$idDomain || $keyDomain !== $idDomain) { return; - abort(400, 'Invalid request'); } $actor = Profile::whereKeyId($keyId)->first(); if(!$actor) {