Merge 5641b0b3ad into 794cb9ffe2

packages/backend/src/core/activitypub/ApDbResolverService.ts

@@ -169,6 +169,19 @@ export class ApDbResolverService implements OnApplicationShutdown {
 		};
 	}
 
+	/**
+	 * Miskey User -> Refetched Key
+	 */
+	@bindThis
+	public async refetchPublicKeyForApId(user: MiRemoteUser): Promise<MiUserPublickey | null> {
+		await this.apPersonService.updatePerson(user.uri!);
+		const key = this.userPublickeysRepository.findOneBy({ userId: user.id });
+		if (key != null) {
+			await this.publicKeyByUserIdCache.set(user.id, key);
+		}
+		return key;
+	}
+
 	@bindThis
 	public dispose(): void {
 		this.publicKeyCache.dispose();

packages/backend/src/queue/processors/InboxProcessorService.ts

@@ -116,7 +116,18 @@ export class InboxProcessorService implements OnApplicationShutdown {
 		}
 
 		// HTTP-Signatureの検証
-		const httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
+		let httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
+
+		// If signature validation failed, try refetching the actor
+		if (!httpSignatureValidated) {
+			authUser.key = await this.apDbResolverService.refetchPublicKeyForApId(authUser.user);
+
+			if (authUser.key == null) {
+				throw new Bull.UnrecoverableError('skip: failed to re-resolve user publicKey');
+			}
+
+			httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
+		}
 
 		// また、signatureのsignerは、activity.actorと一致する必要がある
 		if (!httpSignatureValidated || authUser.user.uri !== activity.actor) {