convert Authorized Fetch to a setting and add support for hybrid mode (essential metadata only)

2025-02-21 22:04:36 -05:00 · 2025-02-21 22:04:36 -05:00 · a35c2f214b
commit a35c2f214b
parent e3d949ced6
28 changed files with 517 additions and 103 deletions
--- a/packages/backend/src/server/api/endpoints/admin/meta.ts
+++ b/packages/backend/src/server/api/endpoints/admin/meta.ts
@ -9,6 +9,7 @@ import { MetaService } from '@/core/MetaService.js';
 import type { Config } from '@/config.js';
 import { DI } from '@/di-symbols.js';
 import { DEFAULT_POLICIES } from '@/core/RoleService.js';
+import { instanceUnsignedFetchOptions } from '@/const.js';

 export const meta = {
 	tags: ['meta'],
@ -589,6 +590,15 @@ export const meta = {
 					optional: false, nullable: false,
 				},
 			},
+			hasLegacyAuthFetchSetting: {
+				type: 'boolean',
+				optional: false, nullable: false,
+			},
+			allowUnsignedFetch: {
+				type: 'string',
+				enum: instanceUnsignedFetchOptions,
+				optional: false, nullable: false,
+			},
 		},
 	},
 } as const;
@ -745,6 +755,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				trustedLinkUrlPatterns: instance.trustedLinkUrlPatterns,
 				federation: instance.federation,
 				federationHosts: instance.federationHosts,
+				hasLegacyAuthFetchSetting: config.checkActivityPubGetSignature != null,
+				allowUnsignedFetch: instance.allowUnsignedFetch,
 			};
 		});
 	}
--- a/packages/backend/src/server/api/endpoints/admin/update-meta.ts
+++ b/packages/backend/src/server/api/endpoints/admin/update-meta.ts
@ -8,6 +8,7 @@ import type { MiMeta } from '@/models/Meta.js';
 import { ModerationLogService } from '@/core/ModerationLogService.js';
 import { Endpoint } from '@/server/api/endpoint-base.js';
 import { MetaService } from '@/core/MetaService.js';
+import { instanceUnsignedFetchOptions } from '@/const.js';

 export const meta = {
 	tags: ['admin'],
@ -205,6 +206,11 @@ export const paramDef = {
 				type: 'string',
 			},
 		},
+		allowUnsignedFetch: {
+			type: 'string',
+			enum: instanceUnsignedFetchOptions,
+			nullable: false,
+		},
 	},
 	required: [],
 } as const;
@ -753,6 +759,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				set.federationHosts = ps.federationHosts.filter(Boolean).map(x => x.toLowerCase());
 			}

+			if (ps.allowUnsignedFetch !== undefined) {
+				set.allowUnsignedFetch = ps.allowUnsignedFetch;
+			}
+
 			const before = await this.metaService.fetch(true);

 			await this.metaService.update(set);
--- a/packages/backend/src/server/api/endpoints/i/update.ts
+++ b/packages/backend/src/server/api/endpoints/i/update.ts
@ -33,6 +33,7 @@ import type { Config } from '@/config.js';
 import { safeForSql } from '@/misc/safe-for-sql.js';
 import { AvatarDecorationService } from '@/core/AvatarDecorationService.js';
 import { notificationRecieveConfig } from '@/models/json-schema/user.js';
+import { userUnsignedFetchOptions } from '@/const.js';
 import { ApiLoggerService } from '../../ApiLoggerService.js';
 import { ApiError } from '../../error.js';

@ -255,6 +256,11 @@ export const paramDef = {
 			enum: ['default', 'parent', 'defaultParent', 'parentDefault'],
 			nullable: false,
 		},
+		allowUnsignedFetch: {
+			type: 'string',
+			enum: userUnsignedFetchOptions,
+			nullable: false,
+		},
 	},
 } as const;

@ -519,6 +525,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				profileUpdates.defaultCWPriority = ps.defaultCWPriority;
 			}

+			if (ps.allowUnsignedFetch !== undefined) {
+				updates.allowUnsignedFetch = ps.allowUnsignedFetch;
+			}
+
 			//#region emojis/tags

 			let emojis = [] as string[];