diff --git a/packages/backend/src/core/activitypub/ApDbResolverService.ts b/packages/backend/src/core/activitypub/ApDbResolverService.ts index 5c16744a77..8ac9c12f18 100644 --- a/packages/backend/src/core/activitypub/ApDbResolverService.ts +++ b/packages/backend/src/core/activitypub/ApDbResolverService.ts @@ -173,6 +173,19 @@ export class ApDbResolverService implements OnApplicationShutdown { }; } + /** + * Miskey User -> Refetched Key + */ + @bindThis + public async refetchPublicKeyForApId(user: MiRemoteUser): Promise { + await this.apPersonService.updatePerson(user.uri!); + const key = this.userPublickeysRepository.findOneBy({ userId: user.id }); + if (key != null) { + await this.publicKeyByUserIdCache.set(user.id, key); + } + return key; + } + @bindThis public dispose(): void { this.publicKeyCache.dispose(); diff --git a/packages/backend/src/queue/processors/InboxProcessorService.ts b/packages/backend/src/queue/processors/InboxProcessorService.ts index 004fe1382d..31d49c573e 100644 --- a/packages/backend/src/queue/processors/InboxProcessorService.ts +++ b/packages/backend/src/queue/processors/InboxProcessorService.ts @@ -116,7 +116,18 @@ export class InboxProcessorService implements OnApplicationShutdown { } // HTTP-Signatureの検証 - const httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem); + let httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem); + + // If signature validation failed, try refetching the actor + if (!httpSignatureValidated) { + authUser.key = await this.apDbResolverService.refetchPublicKeyForApId(authUser.user); + + if (authUser.key == null) { + throw new Bull.UnrecoverableError('skip: failed to re-resolve user publicKey'); + } + + httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem); + } // また、signatureのsignerは、activity.actorと一致する必要がある if (!httpSignatureValidated || authUser.user.uri !== activity.actor) {