From b7533b566bf569ebed92f4dd15077981bf5bd9c4 Mon Sep 17 00:00:00 2001 From: SouthFox Date: Wed, 28 Feb 2024 14:39:24 +0800 Subject: [PATCH] [fix] ensure get actor first --- app/utils/precheck.py | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/app/utils/precheck.py b/app/utils/precheck.py index 8076141..d98f034 100644 --- a/app/utils/precheck.py +++ b/app/utils/precheck.py @@ -13,8 +13,7 @@ from sqlalchemy import select async def inbox_prechecker( - request: fastapi.Request, - db_session: AsyncSession = fastapi.Depends(get_db_session) + request: fastapi.Request, db_session: AsyncSession = fastapi.Depends(get_db_session) ) -> bool: """ Check http request @@ -47,8 +46,7 @@ async def inbox_prechecker( ) ).one_or_none() ): - logger.info(f"Dropping unnecessary delete activity " + - payload["actor"]) + logger.info(f"Dropping unnecessary delete activity " + payload["actor"]) raise fastapi.HTTPException(status_code=202) except fastapi.HTTPException as http_exc: raise http_exc @@ -56,10 +54,7 @@ async def inbox_prechecker( logger.exception("Failed to precheck delete activity") actor_id = payload["actor"] - send_actor_id = parsec_signature["keyid"].split('#')[0] - - if actor_id != send_actor_id: - return await ldsig.verify_signature(db_session, payload) + send_actor_id = parsec_signature["keyid"].split("#")[0] _actor = await fetch_actor(db_session, actor_id) @@ -71,6 +66,9 @@ async def inbox_prechecker( logger.warning("actor gone? ") raise KeyError + if actor_id != send_actor_id: + return await ldsig.verify_signature(db_session, payload) + body = await request.body() signture_string = HttpSignature.build_signature_string( request.method, @@ -80,9 +78,8 @@ async def inbox_prechecker( request.headers, ) is_verify = HttpSignature.verify_signature( - signture_string, - parsec_signature["signature"], - pubkey) + signture_string, parsec_signature["signature"], pubkey + ) logger.info(signture_string) logger.info(f"verify? {is_verify}")