AkkomaGang/akkoma
AkkomaGang
/
akkoma
12
63
Fork 83
Code Issues 173 Pull Requests 15 Packages Projects 2 Releases 12 Wiki Activity

[bug] 500 internal server error when federating Like activity from Bridgy Fed #438

New Issue
Open
opened 2023-01-18 23:07:25 +00:00 by snarfed · 18 comments
snarfed commented 2023-01-18 23:07:25 +00:00
Copy Link

Details

tested against akko.wtf, not my own instance

Version

3.5.0-12-g63f2d1cb

PostgreSQL version

No response

What were you trying to do?

Hi! I tried federating a Like from Bridgy Fed to this post on akko.wtf (running backend v3.5.0-12-g63f2d1cb), and it failed. Details below. Also tracking here. Not urgent, thanks in advance for looking!

What did you expect to happen?

HTTP 200 or 202 on the inbox delivery request to https://akko.wtf/users/rei/inbox.

What actually happened?

HTTP 500 error with body {"errors":{"detail":"Internal server error"}}.

This is the same error we got from Pleroma, so it's probably activity handling code that hasn't changed since the fork. I'm guessing it choked on some part of the AS2 that's a composite object when it expects a string, maybe actor.

Bridgy Fed log here. Full AS2 object we delivered is below.

Logs

{
  "published": "2023-01-18T14:54:09-08:00",
  "content": "likes <a class=\"u-like u-like-of\" href=\"https://akko.wtf/notice/ARP7mWTNZxbJAzPTIe\">Luna Nova</a>",
  "url": "https://fed.brid.gy/r/https://snarfed.org/2023-01-18_luna-nova",
  "actor": {
    "url": "https://fed.brid.gy/r/https://snarfed.org/",
    "image": {
      "url": "https://secure.gravatar.com/avatar/947b5f3f323da0ef785b6f02d9c265d6?s=96&d=blank&r=g",
      "type": "Image"
    },
    "type": "Person",
    "name": "Ryan Barrett",
    "icon": {
      "url": "https://secure.gravatar.com/avatar/947b5f3f323da0ef785b6f02d9c265d6?s=96&d=blank&r=g",
      "type": "Image"
    },
    "id": "https://fed.brid.gy/snarfed.org",
    "preferredUsername": "snarfed.org"
  },
  "@context": "https://www.w3.org/ns/activitystreams",
  "type": "Like",
  "object": "https://akko.wtf/objects/8044263c-b1d3-495a-9a43-131bee571c80",
  "id": "https://fed.brid.gy/r/https://snarfed.org/2023-01-18_luna-nova",
  "cc": [
    "https://akko.wtf/users/rei",
    "https://www.w3.org/ns/activitystreams#Public",
    "https://akko.wtf/users/rei/followers"
  ],
  "to": [
    "https://www.w3.org/ns/activitystreams#Public"
  ]
}

Severity

I cannot use the software

Have you searched for this issue?

  • I have double-checked and have not found this issue mentioned anywhere.
### Details tested against akko.wtf, not my own instance ### Version 3.5.0-12-g63f2d1cb ### PostgreSQL version _No response_ ### What were you trying to do? Hi! I tried federating a `Like` from [Bridgy Fed](https://fed.brid.gy/) to [this post](https://akko.wtf/notice/ARP7mWTNZxbJAzPTIe) on akko.wtf (running backend v[3.5.0-12-g63f2d1cb](https://akkoma.dev/AkkomaGang/akkoma/commit/63f2d1cb)), and it failed. Details below. [Also tracking here.](https://github.com/snarfed/bridgy-fed/issues/374) Not urgent, thanks in advance for looking! ### What did you expect to happen? HTTP 200 or 202 on the inbox delivery request to `https://akko.wtf/users/rei/inbox`. ### What actually happened? HTTP 500 error with body `{"errors":{"detail":"Internal server error"}}`. This is the [same error we got from Pleroma](https://github.com/snarfed/bridgy-fed/issues/12#issuecomment-1385812088), so it's probably activity handling code that hasn't changed since the fork. I'm guessing it choked on some part of the AS2 that's a composite object when it expects a string, maybe `actor`. [Bridgy Fed log here.](https://fed.brid.gy/log?start_time=1674082460&key=https://snarfed.org/2023-01-18_luna-nova%20https://akko.wtf/objects/8044263c-b1d3-495a-9a43-131bee571c80&module=) Full AS2 object we delivered is below. ### Logs ```json { "published": "2023-01-18T14:54:09-08:00", "content": "likes <a class=\"u-like u-like-of\" href=\"https://akko.wtf/notice/ARP7mWTNZxbJAzPTIe\">Luna Nova</a>", "url": "https://fed.brid.gy/r/https://snarfed.org/2023-01-18_luna-nova", "actor": { "url": "https://fed.brid.gy/r/https://snarfed.org/", "image": { "url": "https://secure.gravatar.com/avatar/947b5f3f323da0ef785b6f02d9c265d6?s=96&d=blank&r=g", "type": "Image" }, "type": "Person", "name": "Ryan Barrett", "icon": { "url": "https://secure.gravatar.com/avatar/947b5f3f323da0ef785b6f02d9c265d6?s=96&d=blank&r=g", "type": "Image" }, "id": "https://fed.brid.gy/snarfed.org", "preferredUsername": "snarfed.org" }, "@context": "https://www.w3.org/ns/activitystreams", "type": "Like", "object": "https://akko.wtf/objects/8044263c-b1d3-495a-9a43-131bee571c80", "id": "https://fed.brid.gy/r/https://snarfed.org/2023-01-18_luna-nova", "cc": [ "https://akko.wtf/users/rei", "https://www.w3.org/ns/activitystreams#Public", "https://akko.wtf/users/rei/followers" ], "to": [ "https://www.w3.org/ns/activitystreams#Public" ] } ``` ### Severity I cannot use the software ### Have you searched for this issue? - [x] I have double-checked and have not found this issue mentioned anywhere.
snarfed added the
bug
 label 2023-01-18 23:07:25 +00:00
floatingghost commented 2023-01-18 23:31:55 +00:00
Owner
Copy Link

my guess would be that the usernames are failing validation since they contain restricted characters, and thus failing the http signature check

I'll have to check , but a rejection would probably be the correct behaviour

my guess would be that the usernames are failing validation since they contain restricted characters, and thus failing the http signature check I'll have to check , but a rejection would probably be the correct behaviour
snarfed commented 2023-01-18 23:50:23 +00:00
Author
Copy Link

Hah, true! Afaik neither the AS2 core nor vocab specs define allowed or restricted characters for preferredUsername, but regardless, you're right, that Markdown value is clearly wrong. Good eyes, thanks for the catch, I'll fix and try again.

Hah, true! Afaik neither the AS2 [core](https://www.w3.org/TR/activitystreams-core/) nor [vocab](https://www.w3.org/TR/activitystreams-core/) specs define allowed or restricted characters for `preferredUsername`, but regardless, you're right, that Markdown value is clearly wrong. Good eyes, thanks for the catch, I'll fix and try again.
snarfed commented 2023-01-19 00:28:17 +00:00
Author
Copy Link

Ah, my mistake, that was a copy paste artifact from the Bridgy Fed log where it got auto-linked. The actual preferredUsername value was just snarfed.org. I've updated the activity JSON in the issue here.

Ah, my mistake, that was a copy paste artifact from the [Bridgy Fed log](https://fed.brid.gy/log?start_time=1674082460&key=https://snarfed.org/2023-01-18_luna-nova%20https://akko.wtf/objects/8044263c-b1d3-495a-9a43-131bee571c80&module=) where it got auto-linked. The actual `preferredUsername` value was just `snarfed.org`. I've updated the activity JSON in the issue here.
ilja commented 2023-01-21 15:27:33 +00:00
Contributor
Copy Link

I tried debugging, but got stuck :( Here's what I did in case someone else wants to debug further:

  1. I can fetch the actor fine using pleroma-fe search, so the actor is OK (see screenshot)
  2. When fetching the Like by id, it has a correct content-type content-type: application/activity+json
    • curl -v 'https://fed.brid.gy/r/https://snarfed.org/2023-01-18_luna-nova' -H 'accept: application/activity+json' | jq .
  3. We can't debug trying to fetch the Like activity through the search, because apparently Akkoma can't fetch a Like that way :( I tried with a like from my own instance and that didn't work either. I don't know why Akkoma doesn't allow this, it works for actors and things like Article or Note.
  4. I tried adding a test[1]. I changed some id's to make the test not fail on signature or containment with the set-up I did, but I don't think I changed something so fundamental to the object that it would behave differently. The test passed, however, so it's still unclear why sending the Like doesn't work. Maybe the set-up could be done better to keep true to the actual example we have here, but I'm not really expecting a different result.

Next thing I guess is to see if we can trigger a Like from a Birdy Fed instance and follow in Akkoma what happens with it, but at first glance, that seems more involved than simply making an account and pressing a like button (pls tell me if I'm wrong, or what would be the easiest way to try this).

[1] Click to expand I add the following test to test/pleroma/web/activity_pub/activity_pub_controller_test.exs under `describe "/inbox"`. Note that I change the object and actor to ones who I added first in the test. The object shouldn't matter, and I assume the actor also isn't the problem since we can properly fetch that one.

Note that I change the actor id, but keep it an object.

    test "it inserts an incoming Like activity from birdy fed", %{conn: conn} do
      note_activity = insert(:note_activity)
      note_object = Object.normalize(note_activity, fetch: false)
      user = User.get_cached_by_ap_id(note_activity.data["actor"])

      data =
        File.read!("test/fixtures/fedi-birdyfed-like-activity.json")
        |> Jason.decode!()
        |> Map.put("object", note_object.data["id"])

      data =
        data
        |> Map.put("actor", data["actor"] |> Map.put("id", user.ap_id))
        |> IO.inspect(label: "Like")

      conn =
        conn
        |> assign(:valid_signature, true)
        |> put_req_header(
          "signature",
          "keyId=\"#{user.ap_id}/main-key\""
        )
        |> put_req_header("content-type", "application/activity+json")
        |> post("/inbox", data)

      assert "ok" == json_response(conn, 200)

      ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
      assert Activity.get_by_ap_id(data["id"])
    end

test/fixtures/fedi-birdyfed-like-activity.json has the following content I got from the OP (I also tried with the content I fetched with curl 'https://fed.brid.gy/r/https://snarfed.org/2023-01-18_luna-nova' -H 'accept: application/activity+json'). Note that I changed the id to use domain http://localhost:4001. This is because we otherwise get a containment error.

{
  "published": "2023-01-18T14:54:09-08:00",
  "content": "likes <a class=\"u-like u-like-of\" href=\"https://akko.wtf/notice/ARP7mWTNZxbJAzPTIe\">Luna Nova</a>",
  "url": "https://fed.brid.gy/r/https://snarfed.org/2023-01-18_luna-nova",
  "actor": {
    "url": "https://fed.brid.gy/r/https://snarfed.org/",
    "image": {
      "url": "https://secure.gravatar.com/avatar/947b5f3f323da0ef785b6f02d9c265d6?s=96&d=blank&r=g",
      "type": "Image"
    },
    "type": "Person",
    "name": "Ryan Barrett",
    "icon": {
      "url": "https://secure.gravatar.com/avatar/947b5f3f323da0ef785b6f02d9c265d6?s=96&d=blank&r=g",
      "type": "Image"
    },
    "id": "https://fed.brid.gy/snarfed.org",
    "preferredUsername": "snarfed.org"
  },
  "@context": "https://www.w3.org/ns/activitystreams",
  "type": "Like",
  "object": "https://akko.wtf/objects/8044263c-b1d3-495a-9a43-131bee571c80",
  "id": "http://localhost:4001/r/https://snarfed.org/2023-01-18_luna-nova",
  "cc": [
    "https://akko.wtf/users/rei",
    "https://www.w3.org/ns/activitystreams#Public",
    "https://akko.wtf/users/rei/followers"
  ],
  "to": [
    "https://www.w3.org/ns/activitystreams#Public"
  ]
}```
</details>
I tried debugging, but got stuck :( Here's what I did in case someone else wants to debug further: 1. I can fetch the actor fine using pleroma-fe search, so the actor is OK (see screenshot) 2. When fetching the Like by id, it has a correct content-type `content-type: application/activity+json` * `curl -v 'https://fed.brid.gy/r/https://snarfed.org/2023-01-18_luna-nova' -H 'accept: application/activity+json' | jq .` 3. We can't debug trying to fetch the Like activity through the search, because apparently Akkoma can't fetch a Like that way :( I tried with a like from my own instance and that didn't work either. I don't know why Akkoma doesn't allow this, it works for actors and things like Article or Note. 4. I tried adding a test[1]. I changed some id's to make the test not fail on signature or containment with the set-up I did, but I don't think I changed something so fundamental to the object that it would behave differently. The test passed, however, so it's still unclear why sending the Like doesn't work. Maybe the set-up could be done better to keep true to the actual example we have here, but I'm not really expecting a different result. Next thing I guess is to see if we can trigger a Like from a Birdy Fed instance and follow in Akkoma what happens with it, but at first glance, that seems more involved than simply making an account and pressing a like button (pls tell me if I'm wrong, or what would be the easiest way to try this). <details> <summary>[1] Click to expand</summary> I add the following test to test/pleroma/web/activity_pub/activity_pub_controller_test.exs under `describe "/inbox"`. Note that I change the object and actor to ones who I added first in the test. The object shouldn't matter, and I assume the actor also isn't the problem since we can properly fetch that one. Note that I change the actor id, but keep it an object. ``` test "it inserts an incoming Like activity from birdy fed", %{conn: conn} do note_activity = insert(:note_activity) note_object = Object.normalize(note_activity, fetch: false) user = User.get_cached_by_ap_id(note_activity.data["actor"]) data = File.read!("test/fixtures/fedi-birdyfed-like-activity.json") |> Jason.decode!() |> Map.put("object", note_object.data["id"]) data = data |> Map.put("actor", data["actor"] |> Map.put("id", user.ap_id)) |> IO.inspect(label: "Like") conn = conn |> assign(:valid_signature, true) |> put_req_header( "signature", "keyId=\"#{user.ap_id}/main-key\"" ) |> put_req_header("content-type", "application/activity+json") |> post("/inbox", data) assert "ok" == json_response(conn, 200) ObanHelpers.perform(all_enqueued(worker: ReceiverWorker)) assert Activity.get_by_ap_id(data["id"]) end ``` test/fixtures/fedi-birdyfed-like-activity.json has the following content I got from the OP (I also tried with the content I fetched with `curl 'https://fed.brid.gy/r/https://snarfed.org/2023-01-18_luna-nova' -H 'accept: application/activity+json'`). Note that I changed the id to use domain `http://localhost:4001`. This is because we otherwise get a containment error. ``` { "published": "2023-01-18T14:54:09-08:00", "content": "likes <a class=\"u-like u-like-of\" href=\"https://akko.wtf/notice/ARP7mWTNZxbJAzPTIe\">Luna Nova</a>", "url": "https://fed.brid.gy/r/https://snarfed.org/2023-01-18_luna-nova", "actor": { "url": "https://fed.brid.gy/r/https://snarfed.org/", "image": { "url": "https://secure.gravatar.com/avatar/947b5f3f323da0ef785b6f02d9c265d6?s=96&d=blank&r=g", "type": "Image" }, "type": "Person", "name": "Ryan Barrett", "icon": { "url": "https://secure.gravatar.com/avatar/947b5f3f323da0ef785b6f02d9c265d6?s=96&d=blank&r=g", "type": "Image" }, "id": "https://fed.brid.gy/snarfed.org", "preferredUsername": "snarfed.org" }, "@context": "https://www.w3.org/ns/activitystreams", "type": "Like", "object": "https://akko.wtf/objects/8044263c-b1d3-495a-9a43-131bee571c80", "id": "http://localhost:4001/r/https://snarfed.org/2023-01-18_luna-nova", "cc": [ "https://akko.wtf/users/rei", "https://www.w3.org/ns/activitystreams#Public", "https://akko.wtf/users/rei/followers" ], "to": [ "https://www.w3.org/ns/activitystreams#Public" ] }``` </details>
snarfed-org_actor_screenshot.png
197 KiB
snarfed-org_actor_screenshot.png
floatingghost commented 2023-01-21 15:33:16 +00:00
Owner
Copy Link

yeah I did some similar testing, to the same result

whatever is happening, it's happening during http sig verification

and bridgy is... not the easiest thing to get a test instance of

yeah I did some similar testing, to the same result whatever is happening, it's happening during http sig verification and bridgy is... not the easiest thing to get a test instance of
snarfed commented 2023-01-21 18:42:30 +00:00
Author
Copy Link

Thanks for all the sleuthing, sorry this is hard to test! I'm happy to federate another like from Bridgy Fed whenever you want.

Thanks for all the sleuthing, sorry this is hard to test! I'm happy to federate another like from Bridgy Fed whenever you want.
floatingghost commented 2023-01-21 19:53:37 +00:00
Owner
Copy Link

sending the content of the Like with signature verification off ends up with it processing just fine, so yea it's 100% in sigs

now to try and isolate the part of bridgy that does that, this will be fun

sending the content of the `Like` with signature verification off ends up with it processing just fine, so yea it's 100% in sigs now to try and isolate the part of bridgy that does that, this will be fun
snarfed commented 2023-01-21 20:17:48 +00:00
Author
Copy Link

af769de99e/common.py (L120-L151)

https://github.com/snarfed/bridgy-fed/blob/af769de99eec84039590d9c1fad3326849449048/common.py#L120-L151
floatingghost commented 2023-01-21 20:55:47 +00:00
Owner
Copy Link

hm, after a rather... painful time trying to extract it, it seems to process fine :<<<

i'm going to have to debug this in prod aren't i

hm, after a rather... painful time trying to extract it, it seems to process fine :<<< i'm going to have to debug this in prod aren't i
snan commented 2023-09-26 20:18:58 +00:00
Contributor
Copy Link

More examples of this 🤷🏻‍♀️

[More examples](https://github.com/snarfed/bridgy-fed/issues/651) of this 🤷🏻‍♀️
snan commented 2023-09-26 20:23:05 +00:00
Contributor
Copy Link

And, I don't know if it's the same but similar issues in Tootik.

And, I don't know if it's the same [but similar issues in Tootik](https://github.com/dimkr/tootik/issues/17).
snarfed commented 2023-09-26 20:31:38 +00:00
Author
Copy Link

Hi! Sorry this hasn't been easier to debug. Happy to help if I can!

New example activity below that https://idiomdrottning.org/users/Sandra/inbox (@snan which Akkoma version?) 500ed on just now. Often this is because there's a full object (which is still valid AS2/AP) in a field where the receiving server (Akkoma here) expects just an id, eg attributedTo below. Not sure if that's contributing here.

{
  "id": "https://fed.brid.gy/r/https://snarfed.org/2023-09-26_sandra-cw-inappropriately-named-term-indieweb-social#bridgy-fed-create",
  "actor": "https://fed.brid.gy/snarfed.org",
  "published": "2023-09-26T20:19:22.766584+00:00",
  "@context": "https://www.w3.org/ns/activitystreams",
  "type": "Create",
  "object": {
    "published": "2023-09-26T13:05:02-07:00",
    "content": "Yes! I know NIPs well. The key difference is that anyone can publish a FEP, but NIPs can only be merged into the \u201cblessed\u201d set on <a href=\"https://github.com/nostr-protocol/nips\">github.com/nostr-protocol/nips</a>; by a committer on that repo.\n<p>fiatjaf et al are well aware of that bottleneck though, and they hope to remove it! Click through ^ to the actual table and follow its links for more info, eg <a href=\"https://github.com/nostr-protocol/nips/issues/162\">nostr-protocol/nips#162</a>.</p>\n<p><a class=\"u-in-reply-to\" href=\"https://indieweb.social/@Sandra@idiomdrottning.org/111132295475418675\">\u00a0</a></p>",
    "url": "https://fed.brid.gy/r/https://snarfed.org/2023-09-26_sandra-cw-inappropriately-named-term-indieweb-social",
    "id": "https://fed.brid.gy/r/https://snarfed.org/2023-09-26_sandra-cw-inappropriately-named-term-indieweb-social",
    "type": "Note",
    "attributedTo": {
      "url": "https://fed.brid.gy/r/https://snarfed.org/",
      "image": {
        "url": "https://secure.gravatar.com/avatar/947b5f3f323da0ef785b6f02d9c265d6?s=96&d=blank&r=g",
        "type": "Image"
      },
      "id": "https://fed.brid.gy/snarfed.org",
      "type": "Person",
      "name": "Ryan Barrett",
      "icon": {
        "url": "https://secure.gravatar.com/avatar/947b5f3f323da0ef785b6f02d9c265d6?s=96&d=blank&r=g",
        "type": "Image"
      },
      "inbox": "https://fed.brid.gy/snarfed.org/inbox",
      "outbox": "https://fed.brid.gy/snarfed.org/outbox",
      "preferredUsername": "snarfed.org"
    },
    "inReplyTo": "https://idiomdrottning.org/objects/a91f40bc-7d46-4cae-9be8-665cec8a554a",
    "cc": [
      "https://idiomdrottning.org/users/Sandra",
      "https://idiomdrottning.org/users/Sandra/followers",
      "https://indieweb.social/users/tchambers",
      "https://www.w3.org/ns/activitystreams#Public"
    ],
    "tag": [
      {
        "type": "Mention",
        "href": "https://idiomdrottning.org/users/Sandra"
      },
      {
        "type": "Mention",
        "href": "https://idiomdrottning.org/users/Sandra"
      }
    ],
    "to": [
      "https://www.w3.org/ns/activitystreams#Public"
    ]
  },
  "to": [
    "https://www.w3.org/ns/activitystreams#Public"
  ]
}
Hi! Sorry this hasn't been easier to debug. Happy to help if I can! New example activity below that https://idiomdrottning.org/users/Sandra/inbox (@snan which Akkoma version?) 500ed on just now. Often this is because there's a full object (which is still valid AS2/AP) in a field where the receiving server (Akkoma here) expects just an id, eg `attributedTo` below. Not sure if that's contributing here. ```json { "id": "https://fed.brid.gy/r/https://snarfed.org/2023-09-26_sandra-cw-inappropriately-named-term-indieweb-social#bridgy-fed-create", "actor": "https://fed.brid.gy/snarfed.org", "published": "2023-09-26T20:19:22.766584+00:00", "@context": "https://www.w3.org/ns/activitystreams", "type": "Create", "object": { "published": "2023-09-26T13:05:02-07:00", "content": "Yes! I know NIPs well. The key difference is that anyone can publish a FEP, but NIPs can only be merged into the \u201cblessed\u201d set on <a href=\"https://github.com/nostr-protocol/nips\">github.com/nostr-protocol/nips</a>; by a committer on that repo.\n<p>fiatjaf et al are well aware of that bottleneck though, and they hope to remove it! Click through ^ to the actual table and follow its links for more info, eg <a href=\"https://github.com/nostr-protocol/nips/issues/162\">nostr-protocol/nips#162</a>.</p>\n<p><a class=\"u-in-reply-to\" href=\"https://indieweb.social/@Sandra@idiomdrottning.org/111132295475418675\">\u00a0</a></p>", "url": "https://fed.brid.gy/r/https://snarfed.org/2023-09-26_sandra-cw-inappropriately-named-term-indieweb-social", "id": "https://fed.brid.gy/r/https://snarfed.org/2023-09-26_sandra-cw-inappropriately-named-term-indieweb-social", "type": "Note", "attributedTo": { "url": "https://fed.brid.gy/r/https://snarfed.org/", "image": { "url": "https://secure.gravatar.com/avatar/947b5f3f323da0ef785b6f02d9c265d6?s=96&d=blank&r=g", "type": "Image" }, "id": "https://fed.brid.gy/snarfed.org", "type": "Person", "name": "Ryan Barrett", "icon": { "url": "https://secure.gravatar.com/avatar/947b5f3f323da0ef785b6f02d9c265d6?s=96&d=blank&r=g", "type": "Image" }, "inbox": "https://fed.brid.gy/snarfed.org/inbox", "outbox": "https://fed.brid.gy/snarfed.org/outbox", "preferredUsername": "snarfed.org" }, "inReplyTo": "https://idiomdrottning.org/objects/a91f40bc-7d46-4cae-9be8-665cec8a554a", "cc": [ "https://idiomdrottning.org/users/Sandra", "https://idiomdrottning.org/users/Sandra/followers", "https://indieweb.social/users/tchambers", "https://www.w3.org/ns/activitystreams#Public" ], "tag": [ { "type": "Mention", "href": "https://idiomdrottning.org/users/Sandra" }, { "type": "Mention", "href": "https://idiomdrottning.org/users/Sandra" } ], "to": [ "https://www.w3.org/ns/activitystreams#Public" ] }, "to": [ "https://www.w3.org/ns/activitystreams#Public" ] } ```
snan commented 2023-09-27 06:44:43 +00:00
Contributor
Copy Link

The version I was running when these requests happened, and still am running as I am writing this, is git commit ebfb617b26 probably better known as one commit after the v3.10.4 tag. (It was the head of stable when last I recompiled.)

@snarfed, could it be some signature issue? That's another area where Akkoma can be pretty strict 🤷🏻‍♀️

The version I was running when these requests happened, and still am running as I am writing this, is git commit ebfb617b2607970e58be934b8336dfc47be7414a probably better known as one commit after the v3.10.4 tag. (It was the head of `stable` when last I recompiled.) @snarfed, could it be some signature issue? That's another area where Akkoma can be pretty strict 🤷🏻‍♀️
snarfed commented 2023-09-27 12:46:42 +00:00
Author
Copy Link

Hmm! Other fediverse servers have been accepting Bridgy Fed's signatures for a long time, but sure, it's definitely possible.

BF generates HTTP Sigs based on the cavage 12 draft standard. It includes the Date, Host, Content-Type, Digest, (SHA-256=...), and special (request-target) headers. Code: https://github.com/snarfed/bridgy-fed/blob/main/activitypub.py#L434-L487

Hmm! Other fediverse servers have been accepting Bridgy Fed's signatures for a long time, but sure, it's definitely possible. BF generates HTTP Sigs based on the cavage 12 draft standard. It includes the Date, Host, Content-Type, Digest, (`SHA-256=...`), and special `(request-target)` headers. Code: https://github.com/snarfed/bridgy-fed/blob/main/activitypub.py#L434-L487
floatingghost commented 2023-09-27 18:12:53 +00:00
Owner
Copy Link

I didn't dive too far into your implementation, but one thing that struck me in the comment was the (request-target) header

this is actually a pseudo-header that will not make it through most http clients/reverse proxies

I didn't dive too far into your implementation, but one thing that struck me in the comment was the (request-target) header this is actually a pseudo-header that will not make it through most http clients/reverse proxies
snan commented 2023-09-27 18:18:40 +00:00
Contributor
Copy Link

Oh! And I am on a rev proxy!

Oh! And I am on a rev proxy!
snarfed commented 2023-09-27 18:24:09 +00:00
Author
Copy Link

I didn't dive too far into your implementation, but one thing that struck me in the comment was the (request-target) header

this is actually a pseudo-header that will not make it through most http clients/reverse proxies

True! (request-target) isn't actually sent as an HTTP header, it's a special synthetic value that's only included in the HTTP Sig.

https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12#section-2.3
https://docs.joinmastodon.org/spec/security/#http

> I didn't dive too far into your implementation, but one thing that struck me in the comment was the (request-target) header > > this is actually a pseudo-header that will not make it through most http clients/reverse proxies True! `(request-target)` isn't actually sent as an HTTP header, it's a special synthetic value that's only included in the HTTP Sig. https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12#section-2.3 https://docs.joinmastodon.org/spec/security/#http
snarfed commented 2023-10-12 04:02:28 +00:00
Author
Copy Link

I started compacting actor, author, and attributedTo down to just string ids in outgoing activities, and that got Akkoma to accept a Like! Replies are still 500ing though. Example delivered to https://akko.wtf/users/rei/inbox just now:

{
  "id": "https://fed.brid.gy/r/https://snarfed.org/2023-10-11_luna-nova-3#bridgy-fed-create",
  "actor": "https://fed.brid.gy/snarfed.org",
  "published": "2023-10-12T03:41:54.364982+00:00",
  "@context": "https://www.w3.org/ns/activitystreams",
  "type": "Create",
  "object": {
    "published": "2023-10-11T20:41:49-07:00",
    "content": "<a class=\"u-in-reply-to\" href=\"https://akko.wtf/notice/ARP7mWTNZxbJAzPTIe\"></a>\n<div class=\"e-content\">\nsquawk\n</div>",
    "url": "https://fed.brid.gy/r/https://snarfed.org/2023-10-11_luna-nova-3",
    "id": "https://fed.brid.gy/r/https://snarfed.org/2023-10-11_luna-nova-3",
    "type": "Note",
    "attributedTo": "https://fed.brid.gy/snarfed.org",
    "inReplyTo": "https://akko.wtf/objects/8044263c-b1d3-495a-9a43-131bee571c80",
    "cc": [
      "https://akko.wtf/users/rei",
      "https://akko.wtf/users/rei/followers",
      "https://www.w3.org/ns/activitystreams#Public"
    ],
    "tag": [
      {
        "type": "Mention",
        "href": "https://akko.wtf/users/rei"
      },
      {
        "type": "Mention",
        "href": "https://akko.wtf/users/rei"
      }
    ],
    "to": [
      "https://www.w3.org/ns/activitystreams#Public"
    ]
  },
  "to": [
    "https://www.w3.org/ns/activitystreams#Public"
  ]
}
I started compacting `actor`, `author`, and `attributedTo` down to just string ids in outgoing activities, and that got Akkoma to accept a `Like`! Replies are still 500ing though. Example delivered to https://akko.wtf/users/rei/inbox just now: ```json { "id": "https://fed.brid.gy/r/https://snarfed.org/2023-10-11_luna-nova-3#bridgy-fed-create", "actor": "https://fed.brid.gy/snarfed.org", "published": "2023-10-12T03:41:54.364982+00:00", "@context": "https://www.w3.org/ns/activitystreams", "type": "Create", "object": { "published": "2023-10-11T20:41:49-07:00", "content": "<a class=\"u-in-reply-to\" href=\"https://akko.wtf/notice/ARP7mWTNZxbJAzPTIe\"></a>\n<div class=\"e-content\">\nsquawk\n</div>", "url": "https://fed.brid.gy/r/https://snarfed.org/2023-10-11_luna-nova-3", "id": "https://fed.brid.gy/r/https://snarfed.org/2023-10-11_luna-nova-3", "type": "Note", "attributedTo": "https://fed.brid.gy/snarfed.org", "inReplyTo": "https://akko.wtf/objects/8044263c-b1d3-495a-9a43-131bee571c80", "cc": [ "https://akko.wtf/users/rei", "https://akko.wtf/users/rei/followers", "https://www.w3.org/ns/activitystreams#Public" ], "tag": [ { "type": "Mention", "href": "https://akko.wtf/users/rei" }, { "type": "Mention", "href": "https://akko.wtf/users/rei" } ], "to": [ "https://www.w3.org/ns/activitystreams#Public" ] }, "to": [ "https://www.w3.org/ns/activitystreams#Public" ] } ```
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
develop
translations
stable
bad-uploader-config-warning
docker
backoff-http
user-expiry-backfill
config-db-keys
ensure-scrubbers-loaded
otp26
code-shaking-does-not-go-brr
elixir1.15
circleci
backup-fixes
mod-task
policy
mrf-coolness
frontend-switcher-9000
contentMap
language-on-posts
rabbit
credo-on-pr
unify-http
normalise-markup-by-default
buildx
v3.12.2
v3.12.1
v3.12.0
v3.11.0
v3.10.4
v3.10.3
v3.10.2
v3.10.1
v3.10.0
v3.9.3
v3.9.2
v3.9.1
V3.9.0
2023.05
v3.8.0
v3.7.1
v3.7.0
v3.6.0
v3.5.0
v3.4.0
v3.3.1
v2.4.4
v3.3.0
v3.2.3
v3.2.2
v3.2.1
stable-202209
v3.2.0
v3.1.0
stable-2022.07
v3.0.0
v0.0.1
v2.5.2-6
v2.5.2-5
v2.5.2-4
v2.5.2-3
v2.5.2-2
v2.5.2-1
v2.5.2
v2.5.1
v2.5.0-8
v2.5.0-7
v2.5.0-6
v2.5.0-5
v2.5.0-4
v2.5.0-3
v2.5.0-2
v2.5.0-1
v2.5.0
v2.4.3
pre-rebase
v2.4.2
v2.4.1
v2.4.0
soapbox-v1.1.1
soapbox-v1.1.0
soapbox-v1.0.0
v2.3.0
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
v2.0.7
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.1.9
v1.1.8
v1.1.7
v1.1.6
v1.1.5
v1.1.4
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.91
v1.0.90
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
v0.9.0
Labels
Clear labels   
approved, awaiting change

   
bug

Something is not working

  
configuration

This requires config changes

  
documentation

This is about human-readable docs

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
extremely low priority

   
feature request

Something new?

  
Fix it yourself

Support has been attempted

  
help wanted

Need some help

  
invalid

Something is wrong

  
mastodon_api

   
needs docs

   
needs tests

   
not a bug

   
planned

   
pleroma_api

   
privacy

   
question

More information is needed

  
static_fe

   
triage

   
wontfix

This won't be fixed

No Label
approved, awaiting change
bug
configuration
documentation
duplicate
enhancement
extremely low priority
feature request
Fix it yourself
help wanted
invalid
mastodon_api
needs docs
needs tests
not a bug
planned
pleroma_api
privacy
question
static_fe
triage
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
4 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: AkkomaGang/akkoma#438
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?