heartles/egirlskey
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

auth-fetch: ask to never cache responses

Browse source 
I could have factored out all the lines that set cache headers, but
that would have made future merges even more complicated ☹

thanks ShittyCopper for reporting the problem!
This commit is contained in:
dakkar 2023-12-31 13:27:38 +00:00
parent 97dea59e49
commit 6d5d3d9ea1
1 changed files with 39 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
packages/backend/src/server/ActivityPubServerService.ts
View file

@ -129,6 +129,13 @@ export class ActivityPubServerService {
this is also inspired by FireFish's `checkFetch` this is also inspired by FireFish's `checkFetch`
*/ */
/* tell any caching proxy that they should not cache these
responses: we wouldn't want the proxy to return a 403 to
someone presenting a valid signature, or return a cached
response body to someone we've blocked!
*/
reply.header('Cache-Control', 'private, max-age=0, must-revalidate');
/* we always allow requests about our instance actor, because when /* we always allow requests about our instance actor, because when
a remote instance needs to check our signature on a request we a remote instance needs to check our signature on a request we
sent, it will need to fetch information about the user that sent, it will need to fetch information about the user that
@ -322,11 +329,13 @@ export class ActivityPubServerService {
if (profile.followersVisibility === 'private') { if (profile.followersVisibility === 'private') {
reply.code(403); reply.code(403);
reply.header('Cache-Control', 'public, max-age=30'); if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=30');
return; return;
} else if (profile.followersVisibility === 'followers') { } else if (profile.followersVisibility === 'followers') {
reply.code(403); reply.code(403);
reply.header('Cache-Control', 'public, max-age=30'); if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=30');
return; return;
} }
//#endregion //#endregion
@ -378,7 +387,8 @@ export class ActivityPubServerService {
user.followersCount, user.followersCount,
`${partOf}?page=true`, `${partOf}?page=true`,
); );
reply.header('Cache-Control', 'public, max-age=180'); if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply); this.setResponseType(request, reply);
return (this.apRendererService.addContext(rendered)); return (this.apRendererService.addContext(rendered));
} }
@ -416,11 +426,13 @@ export class ActivityPubServerService {
if (profile.followingVisibility === 'private') { if (profile.followingVisibility === 'private') {
reply.code(403); reply.code(403);
reply.header('Cache-Control', 'public, max-age=30'); if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=30');
return; return;
} else if (profile.followingVisibility === 'followers') { } else if (profile.followingVisibility === 'followers') {
reply.code(403); reply.code(403);
reply.header('Cache-Control', 'public, max-age=30'); if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=30');
return; return;
} }
//#endregion //#endregion
@ -472,7 +484,8 @@ export class ActivityPubServerService {
user.followingCount, user.followingCount,
`${partOf}?page=true`, `${partOf}?page=true`,
); );
reply.header('Cache-Control', 'public, max-age=180'); if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply); this.setResponseType(request, reply);
return (this.apRendererService.addContext(rendered)); return (this.apRendererService.addContext(rendered));
} }
@ -513,7 +526,8 @@ export class ActivityPubServerService {
renderedNotes, renderedNotes,
); );
reply.header('Cache-Control', 'public, max-age=180'); if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply); this.setResponseType(request, reply);
return (this.apRendererService.addContext(rendered)); return (this.apRendererService.addContext(rendered));
} }
@ -604,7 +618,8 @@ export class ActivityPubServerService {
`${partOf}?page=true`, `${partOf}?page=true`,
`${partOf}?page=true&since_id=000000000000000000000000`, `${partOf}?page=true&since_id=000000000000000000000000`,
); );
reply.header('Cache-Control', 'public, max-age=180'); if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply); this.setResponseType(request, reply);
return (this.apRendererService.addContext(rendered)); return (this.apRendererService.addContext(rendered));
} }
@ -617,7 +632,8 @@ export class ActivityPubServerService {
return; return;
} }
reply.header('Cache-Control', 'public, max-age=180'); if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply); this.setResponseType(request, reply);
return (this.apRendererService.addContext(await this.apRendererService.renderPerson(user as MiLocalUser))); return (this.apRendererService.addContext(await this.apRendererService.renderPerson(user as MiLocalUser)));
} }
@ -707,7 +723,8 @@ export class ActivityPubServerService {
return; return;
} }
reply.header('Cache-Control', 'public, max-age=180'); if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply); this.setResponseType(request, reply);
return this.apRendererService.addContext(await this.apRendererService.renderNote(note, false)); return this.apRendererService.addContext(await this.apRendererService.renderNote(note, false));
}); });
@ -730,7 +747,8 @@ export class ActivityPubServerService {
return; return;
} }
reply.header('Cache-Control', 'public, max-age=180'); if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply); this.setResponseType(request, reply);
return (this.apRendererService.addContext(await this.packActivity(note))); return (this.apRendererService.addContext(await this.packActivity(note)));
}); });
@ -775,7 +793,8 @@ export class ActivityPubServerService {
const keypair = await this.userKeypairService.getUserKeypair(user.id); const keypair = await this.userKeypairService.getUserKeypair(user.id);
if (this.userEntityService.isLocalUser(user)) { if (this.userEntityService.isLocalUser(user)) {
reply.header('Cache-Control', 'public, max-age=180'); if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply); this.setResponseType(request, reply);
return (this.apRendererService.addContext(this.apRendererService.renderKey(user, keypair))); return (this.apRendererService.addContext(this.apRendererService.renderKey(user, keypair)));
} else { } else {
@ -825,7 +844,8 @@ export class ActivityPubServerService {
return; return;
} }
reply.header('Cache-Control', 'public, max-age=180'); if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply); this.setResponseType(request, reply);
return (this.apRendererService.addContext(await this.apRendererService.renderEmoji(emoji))); return (this.apRendererService.addContext(await this.apRendererService.renderEmoji(emoji)));
}); });
@ -848,7 +868,8 @@ export class ActivityPubServerService {
return; return;
} }
reply.header('Cache-Control', 'public, max-age=180'); if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply); this.setResponseType(request, reply);
return (this.apRendererService.addContext(await this.apRendererService.renderLike(reaction, note))); return (this.apRendererService.addContext(await this.apRendererService.renderLike(reaction, note)));
}); });
@ -876,7 +897,8 @@ export class ActivityPubServerService {
return; return;
} }
reply.header('Cache-Control', 'public, max-age=180'); if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply); this.setResponseType(request, reply);
return (this.apRendererService.addContext(this.apRendererService.renderFollow(follower, followee))); return (this.apRendererService.addContext(this.apRendererService.renderFollow(follower, followee)));
}); });
@ -913,7 +935,8 @@ export class ActivityPubServerService {
return; return;
} }
reply.header('Cache-Control', 'public, max-age=180'); if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply); this.setResponseType(request, reply);
return (this.apRendererService.addContext(this.apRendererService.renderFollow(follower, followee))); return (this.apRendererService.addContext(this.apRendererService.renderFollow(follower, followee)));
}); });