convert Authorized Fetch to a setting and add support for hybrid mode (essential metadata only)

2025-02-21 22:04:36 -05:00 · 2025-02-21 22:04:36 -05:00 · a35c2f214b
commit a35c2f214b
parent e3d949ced6
28 changed files with 517 additions and 103 deletions
--- a/packages/backend/src/models/Meta.ts
+++ b/packages/backend/src/models/Meta.ts
@ -4,6 +4,7 @@
 */

 import { Entity, Column, PrimaryColumn, ManyToOne, JoinColumn } from 'typeorm';
+import { type InstanceUnsignedFetchOption, instanceUnsignedFetchOptions } from '@/const.js';
 import { id } from './util/id.js';
 import { MiUser } from './User.js';

@ -749,4 +750,14 @@ export class MiMeta {
 		default: '{}',
 	})
 	public federationHosts: string[];
+
+	/**
+	 * In combination with user.allowUnsignedFetch, controls enforcement of HTTP signatures for inbound ActivityPub fetches (GET requests).
+	 * TODO warning if config value is present
+	 */
+	@Column('enum', {
+		enum: instanceUnsignedFetchOptions,
+		default: 'always',
+	})
+	public allowUnsignedFetch: InstanceUnsignedFetchOption;
 }
--- a/packages/backend/src/models/User.ts
+++ b/packages/backend/src/models/User.ts
@ -4,6 +4,7 @@
 */

 import { Entity, Column, Index, OneToOne, JoinColumn, PrimaryColumn } from 'typeorm';
+import { type UserUnsignedFetchOption, userUnsignedFetchOptions } from '@/const.js';
 import { id } from './util/id.js';
 import { MiDriveFile } from './DriveFile.js';

@ -125,7 +126,7 @@ export class MiUser {
 	})
 	public backgroundId: MiDriveFile['id'] | null;

-	@OneToOne(type => MiDriveFile, {
+	@OneToOne(() => MiDriveFile, {
 		onDelete: 'SET NULL',
 	})
 	@JoinColumn()
@ -357,6 +358,15 @@ export class MiUser {
 	})
 	public rejectQuotes: boolean;

+	/**
+	 * In combination with meta.allowUnsignedFetch, controls enforcement of HTTP signatures for inbound ActivityPub fetches (GET requests).
+	 */
+	@Column('enum', {
+		enum: userUnsignedFetchOptions,
+		default: 'staff',
+	})
+	public allowUnsignedFetch: UserUnsignedFetchOption;
+
 	constructor(data: Partial<MiUser>) {
 		if (data == null) return;

@ -394,5 +404,5 @@ export const nameSchema = { type: 'string', minLength: 1, maxLength: 50 } as con
 export const descriptionSchema = { type: 'string', minLength: 1, maxLength: 1500 } as const;
 export const followedMessageSchema = { type: 'string', minLength: 1, maxLength: 256 } as const;
 export const locationSchema = { type: 'string', minLength: 1, maxLength: 50 } as const;
-export const listenbrainzSchema = { type: "string", minLength: 1, maxLength: 128 } as const;
+export const listenbrainzSchema = { type: 'string', minLength: 1, maxLength: 128 } as const;
 export const birthdaySchema = { type: 'string', pattern: /^([0-9]{4})-([0-9]{2})-([0-9]{2})$/.toString().slice(1, -1) } as const;
--- a/packages/backend/src/models/json-schema/meta.ts
+++ b/packages/backend/src/models/json-schema/meta.ts
@ -3,6 +3,8 @@
 * SPDX-License-Identifier: AGPL-3.0-only
 */

+import { instanceUnsignedFetchOptions } from '@/const.js';
+
 export const packedMetaLiteSchema = {
 	type: 'object',
 	optional: false, nullable: false,
@ -397,6 +399,11 @@ export const packedMetaDetailedOnlySchema = {
 			type: 'boolean',
 			optional: false, nullable: false,
 		},
+		allowUnsignedFetch: {
+			type: 'string',
+			enum: instanceUnsignedFetchOptions,
+			optional: false, nullable: false,
+		},
 	},
 } as const;

--- a/packages/backend/src/models/json-schema/user.ts
+++ b/packages/backend/src/models/json-schema/user.ts
@ -3,6 +3,8 @@
 * SPDX-License-Identifier: AGPL-3.0-only
 */

+import { userUnsignedFetchOptions } from '@/const.js';
+
 export const notificationRecieveConfig = {
 	type: 'object',
 	oneOf: [
@ -769,6 +771,11 @@ export const packedMeDetailedOnlySchema = {
 			enum: ['default', 'parent', 'defaultParent', 'parentDefault'],
 			nullable: false, optional: false,
 		},
+		allowUnsignedFetch: {
+			type: 'string',
+			enum: userUnsignedFetchOptions,
+			nullable: false, optional: false,
+		},
 	},
 } as const;