diff --git a/src/activitypub/fetcher/helpers.rs b/src/activitypub/fetcher/helpers.rs index 62b6695..0396f68 100644 --- a/src/activitypub/fetcher/helpers.rs +++ b/src/activitypub/fetcher/helpers.rs @@ -12,6 +12,7 @@ use crate::activitypub::handlers::{ use crate::activitypub::identifiers::parse_local_object_id; use crate::config::{Config, Instance}; use crate::errors::{DatabaseError, HttpError, ValidationError}; +use crate::http_signatures::verify::VerificationError; use crate::models::posts::queries::{ get_post_by_id, get_post_by_remote_object_id, @@ -44,6 +45,9 @@ pub enum ImportError { #[error(transparent)] DatabaseError(#[from] DatabaseError), + + #[error(transparent)] + AuthError(#[from] VerificationError), } impl From for HttpError { @@ -55,6 +59,9 @@ impl From for HttpError { }, ImportError::ValidationError(error) => error.into(), ImportError::DatabaseError(error) => error.into(), + ImportError::AuthError(_) => { + HttpError::AuthError("invalid signature") + }, } } } diff --git a/src/activitypub/receiver.rs b/src/activitypub/receiver.rs index c544410..ef7ee38 100644 --- a/src/activitypub/receiver.rs +++ b/src/activitypub/receiver.rs @@ -4,10 +4,13 @@ use serde_json::Value; use tokio_postgres::GenericClient; use crate::config::Config; -use crate::errors::{ConversionError, HttpError, ValidationError}; -use crate::http_signatures::verify::verify_signed_request; +use crate::errors::{ConversionError, ValidationError}; +use crate::http_signatures::verify::{ + verify_signed_request, + VerificationError, +}; use super::activity::{Activity, Object}; -use super::fetcher::helpers::import_post; +use super::fetcher::helpers::{import_post, ImportError}; use super::handlers::{ accept_follow::handle_accept_follow, add::handle_add, @@ -86,7 +89,7 @@ pub fn find_object_id(object: &Value) -> Result { } fn require_actor_signature(actor_id: &str, signer_id: &str) - -> Result<(), HttpError> + -> Result<(), VerificationError> { if actor_id != signer_id { // Forwarded activity @@ -95,7 +98,7 @@ fn require_actor_signature(actor_id: &str, signer_id: &str) signer_id, actor_id, ); - return Err(HttpError::AuthError("actor and request signer do not match")); + return Err(VerificationError::InvalidSigner); }; Ok(()) } @@ -105,7 +108,7 @@ pub async fn receive_activity( db_client: &mut impl GenericClient, request: &HttpRequest, activity_raw: &Value, -) -> Result<(), HttpError> { +) -> Result<(), ImportError> { let activity: Activity = serde_json::from_value(activity_raw.clone()) .map_err(|_| ValidationError("invalid activity"))?; let activity_type = activity.activity_type.clone(); @@ -127,7 +130,7 @@ pub async fn receive_activity( return Ok(()); }; log::warn!("invalid signature: {}", error); - return Err(HttpError::AuthError("invalid signature")); + return Err(error.into()); }, }; let signer_id = signer.actor_id(&config.instance_url()); diff --git a/src/http_signatures/verify.rs b/src/http_signatures/verify.rs index 8781031..4bad8a6 100644 --- a/src/http_signatures/verify.rs +++ b/src/http_signatures/verify.rs @@ -44,6 +44,9 @@ pub enum VerificationError { #[error("invalid signature")] InvalidSignature, + + #[error("actor and request signer do not match")] + InvalidSigner, } struct HttpSignatureData {