notfire/Iceshrimp.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[backend/federation] Fail fast when instance is blocked in AuthorizedFetchMiddleware

Browse source
This commit is contained in:
Laura Hausmann 2024-02-19 03:04:26 +01:00
parent 5a2e5af3ac
commit d4dd1ca104
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
1 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
Iceshrimp.Backend/Core/Middleware/AuthorizedFetchMiddleware.cs
View file

@ -57,6 +57,10 @@ public class AuthorizedFetchMiddleware(
var sig = HttpSignature.Parse(sigHeader.ToString());
if (await fedCtrlSvc.ShouldBlockAsync(sig.KeyId))
throw new GracefulException(HttpStatusCode.Forbidden, "Forbidden", "Instance is blocked",
supressLog: true);
// First, we check if we already have the key
key = await db.UserPublickeys.Include(p => p.User).FirstOrDefaultAsync(p => p.KeyId == sig.KeyId);
@ -84,7 +88,8 @@ public class AuthorizedFetchMiddleware(
// We want to check both the user host & the keyId host (as account & web domain might be different)
if (await fedCtrlSvc.ShouldBlockAsync(key.User.Host, key.KeyId))
throw GracefulException.Forbidden("Instance is blocked");
throw new GracefulException(HttpStatusCode.Forbidden, "Forbidden", "Instance is blocked",
supressLog: true);
List<string> headers = request.ContentLength > 0 || attribute.ForceBody
? ["(request-target)", "digest", "host", "date"]
@ -129,6 +134,9 @@ public class AuthorizedFetchMiddleware(
throw new Exception($"Job data is not an ASActivity - Type: {obj.Type}");
if (activity.Actor == null)
throw new Exception("Activity has no actor");
if (await fedCtrlSvc.ShouldBlockAsync(new Uri(activity.Actor.Id).Host))
throw new GracefulException(HttpStatusCode.Forbidden, "Forbidden", "Instance is blocked",
supressLog: true);
key = null;
key = await db.UserPublickeys
.Include(p => p.User)
@ -145,6 +153,10 @@ public class AuthorizedFetchMiddleware(
throw new Exception($"Failed to fetch public key for user {activity.Actor.Id}");
}
if (await fedCtrlSvc.ShouldBlockAsync(key.User.Host, new Uri(key.KeyId).Host))
throw new GracefulException(HttpStatusCode.Forbidden, "Forbidden", "Instance is blocked",
supressLog: true);
// We need to re-run deserialize & expand with date time handling disabled for JSON-LD canonicalization to work correctly
var rawDeserialized = JsonConvert.DeserializeObject<JObject?>(body, JsonSerializerSettings);
var rawExpanded = LdHelpers.Expand(rawDeserialized);