Cache remote user public keys

2022-08-15 11:14:48 -05:00 · 2022-08-15 11:14:48 -05:00 · 0b97c6aa69
parent ecefb6a2d0
commit 0b97c6aa69
3 changed files with 22 additions and 4 deletions
--- a/modules/activitypub/authorize_interaction.go
+++ b/modules/activitypub/authorize_interaction.go
@ -39,7 +39,7 @@ func AuthorizeInteraction(ctx *context.Context) {
 			ctx.ServerError("UnmarshalJSON", err)
 			return
 		}
-		err = FederatedUserNew(ctx, object.(ap.Person))
+		err = FederatedUserNew(ctx, object.(*ap.Person))
 		if err != nil {
 			ctx.ServerError("FederatedUserNew", err)
 			return
@ -52,6 +52,10 @@ func AuthorizeInteraction(ctx *context.Context) {
 		ctx.Redirect(name)
 	case forgefed.RepositoryType:
 		err = FederatedRepoNew(ctx, object.(forgefed.Repository))
+		if err != nil {
+			ctx.ServerError("FederatedRepoNew", err)
+			return
+		}
 	}

 	ctx.Status(http.StatusOK)
--- a/modules/activitypub/user.go
+++ b/modules/activitypub/user.go
@ -6,6 +6,7 @@ package activitypub

 import (
 	"context"
+	"errors"
 	"strings"

 	"code.gitea.io/gitea/models/auth"
@ -16,7 +17,7 @@ import (
 )

 // Create a new federated user from a Person object
-func FederatedUserNew(ctx context.Context, person ap.Person) error {
+func FederatedUserNew(ctx context.Context, person *ap.Person) error {
 	name, err := personIRIToName(person.GetLink())
 	if err != nil {
 		return err
@ -47,6 +48,10 @@ func FederatedUserNew(ctx context.Context, person ap.Person) error {
 		avatar = ""
 	}

+	if person.PublicKey.PublicKeyPem == "" {
+		return errors.New("person public key not found")
+	}
+
 	user := &user_model.User{
 		Name:      name,
 		FullName:  person.Name.String(), // May not exist!!
@ -55,5 +60,14 @@ func FederatedUserNew(ctx context.Context, person ap.Person) error {
 		LoginType: auth.Federated,
 		LoginName: person.GetLink().String(),
 	}
-	return user_model.CreateUser(user)
+	err = user_model.CreateUser(user)
+	if err != nil {
+		return err
+	}
+
+	err = user_model.SetUserSetting(user.ID, user_model.UserActivityPubPrivPem, "")
+	if err != nil {
+		return err
+	}
+	return user_model.SetUserSetting(user.ID, user_model.UserActivityPubPubPem, person.PublicKey.PublicKeyPem)
 }
--- a/routers/api/v1/activitypub/reqsignature.go
+++ b/routers/api/v1/activitypub/reqsignature.go
@ -80,7 +80,7 @@ func verifyHTTPSignatures(ctx *gitea_context.APIContext) (authenticated bool, er
 	// 4. Create a federated user for the actor
 	var person ap.Person
 	person.UnmarshalJSON(b)
-	err = activitypub.FederatedUserNew(ctx, person)
+	err = activitypub.FederatedUserNew(ctx, &person)
 	return authenticated, err
 }