From 6d5d3d9ea18ba348d67af9af7e60d268ebe981e0 Mon Sep 17 00:00:00 2001 From: dakkar Date: Sun, 31 Dec 2023 13:27:38 +0000 Subject: [PATCH 1/2] auth-fetch: ask to never cache responses MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I could have factored out all the lines that set cache headers, but that would have made future merges even more complicated ☹ thanks ShittyCopper for reporting the problem! --- .../src/server/ActivityPubServerService.ts | 55 +++++++++++++------ 1 file changed, 39 insertions(+), 16 deletions(-) diff --git a/packages/backend/src/server/ActivityPubServerService.ts b/packages/backend/src/server/ActivityPubServerService.ts index 68de73823..c3992eac8 100644 --- a/packages/backend/src/server/ActivityPubServerService.ts +++ b/packages/backend/src/server/ActivityPubServerService.ts @@ -129,6 +129,13 @@ export class ActivityPubServerService { this is also inspired by FireFish's `checkFetch` */ + /* tell any caching proxy that they should not cache these + responses: we wouldn't want the proxy to return a 403 to + someone presenting a valid signature, or return a cached + response body to someone we've blocked! + */ + reply.header('Cache-Control', 'private, max-age=0, must-revalidate'); + /* we always allow requests about our instance actor, because when a remote instance needs to check our signature on a request we sent, it will need to fetch information about the user that @@ -322,11 +329,13 @@ export class ActivityPubServerService { if (profile.followersVisibility === 'private') { reply.code(403); - reply.header('Cache-Control', 'public, max-age=30'); + if (!this.config.checkActivityPubGetSignature) + reply.header('Cache-Control', 'public, max-age=30'); return; } else if (profile.followersVisibility === 'followers') { reply.code(403); - reply.header('Cache-Control', 'public, max-age=30'); + if (!this.config.checkActivityPubGetSignature) + reply.header('Cache-Control', 'public, max-age=30'); return; } //#endregion @@ -378,7 +387,8 @@ export class ActivityPubServerService { user.followersCount, `${partOf}?page=true`, ); - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) + reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return (this.apRendererService.addContext(rendered)); } @@ -416,11 +426,13 @@ export class ActivityPubServerService { if (profile.followingVisibility === 'private') { reply.code(403); - reply.header('Cache-Control', 'public, max-age=30'); + if (!this.config.checkActivityPubGetSignature) + reply.header('Cache-Control', 'public, max-age=30'); return; } else if (profile.followingVisibility === 'followers') { reply.code(403); - reply.header('Cache-Control', 'public, max-age=30'); + if (!this.config.checkActivityPubGetSignature) + reply.header('Cache-Control', 'public, max-age=30'); return; } //#endregion @@ -472,7 +484,8 @@ export class ActivityPubServerService { user.followingCount, `${partOf}?page=true`, ); - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) + reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return (this.apRendererService.addContext(rendered)); } @@ -513,7 +526,8 @@ export class ActivityPubServerService { renderedNotes, ); - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) + reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return (this.apRendererService.addContext(rendered)); } @@ -604,7 +618,8 @@ export class ActivityPubServerService { `${partOf}?page=true`, `${partOf}?page=true&since_id=000000000000000000000000`, ); - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) + reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return (this.apRendererService.addContext(rendered)); } @@ -617,7 +632,8 @@ export class ActivityPubServerService { return; } - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) + reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return (this.apRendererService.addContext(await this.apRendererService.renderPerson(user as MiLocalUser))); } @@ -707,7 +723,8 @@ export class ActivityPubServerService { return; } - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) + reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return this.apRendererService.addContext(await this.apRendererService.renderNote(note, false)); }); @@ -730,7 +747,8 @@ export class ActivityPubServerService { return; } - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) + reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return (this.apRendererService.addContext(await this.packActivity(note))); }); @@ -775,7 +793,8 @@ export class ActivityPubServerService { const keypair = await this.userKeypairService.getUserKeypair(user.id); if (this.userEntityService.isLocalUser(user)) { - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) + reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return (this.apRendererService.addContext(this.apRendererService.renderKey(user, keypair))); } else { @@ -825,7 +844,8 @@ export class ActivityPubServerService { return; } - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) + reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return (this.apRendererService.addContext(await this.apRendererService.renderEmoji(emoji))); }); @@ -848,7 +868,8 @@ export class ActivityPubServerService { return; } - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) + reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return (this.apRendererService.addContext(await this.apRendererService.renderLike(reaction, note))); }); @@ -876,7 +897,8 @@ export class ActivityPubServerService { return; } - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) + reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return (this.apRendererService.addContext(this.apRendererService.renderFollow(follower, followee))); }); @@ -913,7 +935,8 @@ export class ActivityPubServerService { return; } - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) + reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return (this.apRendererService.addContext(this.apRendererService.renderFollow(follower, followee))); }); From 61c193c08f17c00b643f3d7087858b5a2f7693ce Mon Sep 17 00:00:00 2001 From: dakkar Date: Sun, 31 Dec 2023 16:17:45 +0000 Subject: [PATCH 2/2] lint --- .../src/server/ActivityPubServerService.ts | 48 +++++++------------ 1 file changed, 16 insertions(+), 32 deletions(-) diff --git a/packages/backend/src/server/ActivityPubServerService.ts b/packages/backend/src/server/ActivityPubServerService.ts index c3992eac8..8fa8320c8 100644 --- a/packages/backend/src/server/ActivityPubServerService.ts +++ b/packages/backend/src/server/ActivityPubServerService.ts @@ -329,13 +329,11 @@ export class ActivityPubServerService { if (profile.followersVisibility === 'private') { reply.code(403); - if (!this.config.checkActivityPubGetSignature) - reply.header('Cache-Control', 'public, max-age=30'); + if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=30'); return; } else if (profile.followersVisibility === 'followers') { reply.code(403); - if (!this.config.checkActivityPubGetSignature) - reply.header('Cache-Control', 'public, max-age=30'); + if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=30'); return; } //#endregion @@ -387,8 +385,7 @@ export class ActivityPubServerService { user.followersCount, `${partOf}?page=true`, ); - if (!this.config.checkActivityPubGetSignature) - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return (this.apRendererService.addContext(rendered)); } @@ -426,13 +423,11 @@ export class ActivityPubServerService { if (profile.followingVisibility === 'private') { reply.code(403); - if (!this.config.checkActivityPubGetSignature) - reply.header('Cache-Control', 'public, max-age=30'); + if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=30'); return; } else if (profile.followingVisibility === 'followers') { reply.code(403); - if (!this.config.checkActivityPubGetSignature) - reply.header('Cache-Control', 'public, max-age=30'); + if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=30'); return; } //#endregion @@ -484,8 +479,7 @@ export class ActivityPubServerService { user.followingCount, `${partOf}?page=true`, ); - if (!this.config.checkActivityPubGetSignature) - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return (this.apRendererService.addContext(rendered)); } @@ -526,8 +520,7 @@ export class ActivityPubServerService { renderedNotes, ); - if (!this.config.checkActivityPubGetSignature) - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return (this.apRendererService.addContext(rendered)); } @@ -618,8 +611,7 @@ export class ActivityPubServerService { `${partOf}?page=true`, `${partOf}?page=true&since_id=000000000000000000000000`, ); - if (!this.config.checkActivityPubGetSignature) - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return (this.apRendererService.addContext(rendered)); } @@ -632,8 +624,7 @@ export class ActivityPubServerService { return; } - if (!this.config.checkActivityPubGetSignature) - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return (this.apRendererService.addContext(await this.apRendererService.renderPerson(user as MiLocalUser))); } @@ -723,8 +714,7 @@ export class ActivityPubServerService { return; } - if (!this.config.checkActivityPubGetSignature) - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return this.apRendererService.addContext(await this.apRendererService.renderNote(note, false)); }); @@ -747,8 +737,7 @@ export class ActivityPubServerService { return; } - if (!this.config.checkActivityPubGetSignature) - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return (this.apRendererService.addContext(await this.packActivity(note))); }); @@ -793,8 +782,7 @@ export class ActivityPubServerService { const keypair = await this.userKeypairService.getUserKeypair(user.id); if (this.userEntityService.isLocalUser(user)) { - if (!this.config.checkActivityPubGetSignature) - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return (this.apRendererService.addContext(this.apRendererService.renderKey(user, keypair))); } else { @@ -844,8 +832,7 @@ export class ActivityPubServerService { return; } - if (!this.config.checkActivityPubGetSignature) - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return (this.apRendererService.addContext(await this.apRendererService.renderEmoji(emoji))); }); @@ -868,8 +855,7 @@ export class ActivityPubServerService { return; } - if (!this.config.checkActivityPubGetSignature) - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return (this.apRendererService.addContext(await this.apRendererService.renderLike(reaction, note))); }); @@ -897,8 +883,7 @@ export class ActivityPubServerService { return; } - if (!this.config.checkActivityPubGetSignature) - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return (this.apRendererService.addContext(this.apRendererService.renderFollow(follower, followee))); }); @@ -935,8 +920,7 @@ export class ActivityPubServerService { return; } - if (!this.config.checkActivityPubGetSignature) - reply.header('Cache-Control', 'public, max-age=180'); + if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180'); this.setResponseType(request, reply); return (this.apRendererService.addContext(this.apRendererService.renderFollow(follower, followee))); });