[chore] Refactor AP authentication, other small bits of tidying up (#1874)

2025-06-05 21:59:39 +02:00 · 2023-06-13 16:47:56 +02:00
parent 433b56d2f9
commit 24fbdf2b0a
38 changed files with 1280 additions and 996 deletions
--- a/internal/gtscontext/context.go
+++ b/internal/gtscontext/context.go
@@ -19,6 +19,10 @@ package gtscontext

 import (
 	"context"
+	"net/url"
+
+	"github.com/go-fed/httpsig"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 )

 // package private context key type.
@@ -29,8 +33,14 @@ const (
 	_ ctxkey = iota
 	barebonesKey
 	fastFailKey
-	pubKeyIDKey
+	outgoingPubKeyIDKey
 	requestIDKey
+	receivingAccountKey
+	requestingAccountKey
+	otherIRIsKey
+	httpSigVerifierKey
+	httpSigKey
+	httpSigPubKeyIDKey
 )

 // RequestID returns the request ID associated with context. This value will usually
@@ -48,18 +58,97 @@ func SetRequestID(ctx context.Context, id string) context.Context {
 	return context.WithValue(ctx, requestIDKey, id)
 }

-// PublicKeyID returns the public key ID (URI) associated with context. This
+// OutgoingPublicKeyID returns the public key ID (URI) associated with context. This
 // value is useful for logging situations in which a given public key URI is
 // relevant, e.g. for outgoing requests being signed by the given key.
-func PublicKeyID(ctx context.Context) string {
-	id, _ := ctx.Value(pubKeyIDKey).(string)
+func OutgoingPublicKeyID(ctx context.Context) string {
+	id, _ := ctx.Value(outgoingPubKeyIDKey).(string)
 	return id
 }

-// SetPublicKeyID stores the given public key ID value and returns the wrapped
+// SetOutgoingPublicKeyID stores the given public key ID value and returns the wrapped
 // context. See PublicKeyID() for further information on the public key ID value.
-func SetPublicKeyID(ctx context.Context, id string) context.Context {
-	return context.WithValue(ctx, pubKeyIDKey, id)
+func SetOutgoingPublicKeyID(ctx context.Context, id string) context.Context {
+	return context.WithValue(ctx, outgoingPubKeyIDKey, id)
+}
+
+// ReceivingAccount returns the local account who owns the resource being
+// interacted with (inbox, uri, etc) in the current ActivityPub request chain.
+func ReceivingAccount(ctx context.Context) *gtsmodel.Account {
+	acct, _ := ctx.Value(receivingAccountKey).(*gtsmodel.Account)
+	return acct
+}
+
+// SetReceivingAccount stores the given receiving account value and returns the wrapped
+// context. See ReceivingAccount() for further information on the receiving account value.
+func SetReceivingAccount(ctx context.Context, acct *gtsmodel.Account) context.Context {
+	return context.WithValue(ctx, receivingAccountKey, acct)
+}
+
+// RequestingAccount returns the remote account interacting with a local
+// resource (inbox, uri, etc) in the current ActivityPub request chain.
+func RequestingAccount(ctx context.Context) *gtsmodel.Account {
+	acct, _ := ctx.Value(requestingAccountKey).(*gtsmodel.Account)
+	return acct
+}
+
+// SetRequestingAccount stores the given requesting account value and returns the wrapped
+// context. See RequestingAccount() for further information on the requesting account value.
+func SetRequestingAccount(ctx context.Context, acct *gtsmodel.Account) context.Context {
+	return context.WithValue(ctx, requestingAccountKey, acct)
+}
+
+// OtherIRIs returns other IRIs which are involved in the current ActivityPub request
+// chain. This usually means: other accounts who are mentioned, CC'd, TO'd, or boosted
+// by the current inbox POST request.
+func OtherIRIs(ctx context.Context) []*url.URL {
+	iris, _ := ctx.Value(otherIRIsKey).([]*url.URL)
+	return iris
+}
+
+// SetOtherIRIs stores the given IRIs slice and returns the wrapped context.
+// See OtherIRIs() for further information on the IRIs slice value.
+func SetOtherIRIs(ctx context.Context, iris []*url.URL) context.Context {
+	return context.WithValue(ctx, otherIRIsKey, iris)
+}
+
+// HTTPSignatureVerifier returns an http signature verifier for the current ActivityPub
+// request chain. This verifier can be called to authenticate the current request.
+func HTTPSignatureVerifier(ctx context.Context) httpsig.Verifier {
+	verifier, _ := ctx.Value(httpSigVerifierKey).(httpsig.Verifier)
+	return verifier
+}
+
+// SetHTTPSignatureVerifier stores the given http signature verifier and returns the
+// wrapped context. See HTTPSignatureVerifier() for further information on the verifier value.
+func SetHTTPSignatureVerifier(ctx context.Context, verifier httpsig.Verifier) context.Context {
+	return context.WithValue(ctx, httpSigVerifierKey, verifier)
+}
+
+// HTTPSignature returns the http signature string
+// value for the current ActivityPub request chain.
+func HTTPSignature(ctx context.Context) string {
+	signature, _ := ctx.Value(httpSigKey).(string)
+	return signature
+}
+
+// SetHTTPSignature stores the given http signature string and returns the wrapped
+// context. See HTTPSignature() for further information on the verifier value.
+func SetHTTPSignature(ctx context.Context, signature string) context.Context {
+	return context.WithValue(ctx, httpSigKey, signature)
+}
+
+// HTTPSignaturePubKeyID returns the public key id of the http signature
+// for the current ActivityPub request chain.
+func HTTPSignaturePubKeyID(ctx context.Context) *url.URL {
+	pubKeyID, _ := ctx.Value(httpSigPubKeyIDKey).(*url.URL)
+	return pubKeyID
+}
+
+// SetHTTPSignaturePubKeyID stores the given http signature public key id and returns
+// the wrapped context. See HTTPSignaturePubKeyID() for further information on the value.
+func SetHTTPSignaturePubKeyID(ctx context.Context, pubKeyID *url.URL) context.Context {
+	return context.WithValue(ctx, httpSigPubKeyIDKey, pubKeyID)
 }

 // IsFastFail returns whether the "fastfail" context key has been set. This