misty.cafe/mistykey
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

merge: Improve public key refetch for remote users (!1240)

Browse source 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/1240

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
This commit is contained in:
Hazelnoot 2025-11-15 13:37:33 -05:00
commit 01dfdc6d77
2 changed files with 30 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

28
packages/backend/src/core/activitypub/ApDbResolverService.ts
View file

@ -10,11 +10,13 @@ import type { Config } from '@/config.js';
import { MemoryKVCache } from '@/misc/cache.js'; import { MemoryKVCache } from '@/misc/cache.js';
import type { MiUserPublickey } from '@/models/UserPublickey.js'; import type { MiUserPublickey } from '@/models/UserPublickey.js';
import { CacheService } from '@/core/CacheService.js'; import { CacheService } from '@/core/CacheService.js';
import { TimeService } from '@/global/TimeService.js';
import { UtilityService } from '@/core/UtilityService.js'; import { UtilityService } from '@/core/UtilityService.js';
import type { MiNote } from '@/models/Note.js'; import type { MiNote } from '@/models/Note.js';
import { bindThis } from '@/decorators.js'; import { bindThis } from '@/decorators.js';
import type { MiLocalUser, MiRemoteUser } from '@/models/User.js'; import type { MiLocalUser, MiRemoteUser } from '@/models/User.js';
import { ApLoggerService } from '@/core/activitypub/ApLoggerService.js'; import { ApLoggerService } from '@/core/activitypub/ApLoggerService.js';
import { IdService } from '@/core/IdService.js';
import { getApId } from './type.js'; import { getApId } from './type.js';
import { ApPersonService } from './models/ApPersonService.js'; import { ApPersonService } from './models/ApPersonService.js';
import type { IObject } from './type.js'; import type { IObject } from './type.js';
@ -40,6 +42,8 @@ export class ApDbResolverService implements OnApplicationShutdown {
private apPersonService: ApPersonService, private apPersonService: ApPersonService,
private apLoggerService: ApLoggerService, private apLoggerService: ApLoggerService,
private utilityService: UtilityService, private utilityService: UtilityService,
private readonly idService: IdService,
private readonly timeService: TimeService,
) { ) {
// Caches moved to ApPersonService to avoid circular dependency // Caches moved to ApPersonService to avoid circular dependency
} }
@ -125,20 +129,36 @@ export class ApDbResolverService implements OnApplicationShutdown {
*/ */
@bindThis @bindThis
public async refetchPublicKeyForApId(user: MiRemoteUser): Promise<MiUserPublickey | null> { public async refetchPublicKeyForApId(user: MiRemoteUser): Promise<MiUserPublickey | null> {
const oldKey = await this.apPersonService.findPublicKeyByUserId(user.id);
// Don't re-fetch if we've updated the user recently
const maxUpdatedTime = this.timeService.now - (1000 * 60 * 60); // 1 hour
if ((user.lastFetchedAt && user.lastFetchedAt.valueOf() > maxUpdatedTime) ||
(user.updatedAt && user.updatedAt.valueOf() > maxUpdatedTime) ||
this.idService.parse(user.id).date.valueOf() > maxUpdatedTime
) {
this.apLoggerService.logger.debug(`Not updating public key for user ${user.id} (${user.uri}): already checked recently`);
return oldKey;
}
this.apLoggerService.logger.debug(`Updating public key for user ${user.id} (${user.uri})`); this.apLoggerService.logger.debug(`Updating public key for user ${user.id} (${user.uri})`);
const oldKey = await this.apPersonService.findPublicKeyByUserId(user.id); // updatePerson will update the public key cache if there's any changes.
await this.apPersonService.updatePerson(user.uri); await this.apPersonService.updatePerson(user.uri);
const newKey = await this.apPersonService.findPublicKeyByUserId(user.id); const newKey = await this.apPersonService.findPublicKeyByUserId(user.id);
if (newKey) { if (newKey && oldKey) {
if (oldKey && newKey.keyPem === oldKey.keyPem) { if (newKey.keyPem === oldKey.keyPem) {
this.apLoggerService.logger.debug(`Public key is up-to-date for user ${user.id} (${user.uri})`); this.apLoggerService.logger.debug(`Public key is up-to-date for user ${user.id} (${user.uri})`);
} else { } else {
this.apLoggerService.logger.info(`Updated public key for user ${user.id} (${user.uri})`); this.apLoggerService.logger.info(`Updated public key for user ${user.id} (${user.uri})`);
} }
} else if (newKey) {
this.apLoggerService.logger.info(`Registered public key for user ${user.id} (${user.uri})`);
} else if (oldKey) {
this.apLoggerService.logger.info(`Deleted public key for user ${user.id} (${user.uri})`);
} else { } else {
this.apLoggerService.logger.warn(`Failed to update public key for user ${user.id} (${user.uri})`); this.apLoggerService.logger.warn(`Could not find any public key for user ${user.id} (${user.uri})`);
} }
return newKey ?? oldKey; return newKey ?? oldKey;

7
packages/backend/src/queue/processors/InboxProcessorService.ts
View file

@ -164,7 +164,12 @@ export class InboxProcessorService implements OnApplicationShutdown {
// publicKey がなくても終了 // publicKey がなくても終了
if (authUser.key == null) { if (authUser.key == null) {
throw new Bull.UnrecoverableError(`skip: failed to resolve user publicKey ${actorId}`); // See if a key has become available since we fetched the actor
authUser.key = await this.apDbResolverService.refetchPublicKeyForApId(authUser.user);
if (authUser.key == null) {
// If it's still missing, then give up
throw new Bull.UnrecoverableError(`skip: failed to resolve user publicKey ${actorId}`);
}
} }
// HTTP-Signatureの検証 // HTTP-Signatureの検証