首页 发现 帮助
注册 登录
oleg
/
pixelfed
镜像自地址 https://github.com/pixelfed/pixelfed.git
1
0
派生 0
文件 工单管理 0 Wiki
浏览代码

Update InboxWorker, fix race condition in account deletes

Daniel Supernault 4 年之前
父节点
16989e3063
当前提交
4a4d8f0069
共有 2 个文件被更改,包括 104 次插入3 次删除
合并视图 显示文件统计
  1. 52 0
      app/Jobs/InboxPipeline/InboxValidator.php
  2. 52 3
      app/Jobs/InboxPipeline/InboxWorker.php

+ 52 - 0
app/Jobs/InboxPipeline/InboxValidator.php
查看文件 

@@ -14,6 +14,7 @@ use Illuminate\Foundation\Bus\Dispatchable;
 
 use Illuminate\Queue\InteractsWithQueue;
 
 use Illuminate\Queue\InteractsWithQueue;
 
 use Illuminate\Queue\SerializesModels;
 
 use Illuminate\Queue\SerializesModels;
 
 use Zttp\Zttp;
 
 use Zttp\Zttp;
 
+use App\Jobs\DeletePipeline\DeleteRemoteProfilePipeline;
 
 
 
 class InboxValidator implements ShouldQueue
 
 class InboxValidator implements ShouldQueue
 
 {
 
 {
 
@@ -59,6 +60,57 @@ class InboxValidator implements ShouldQueue
 
             return;
 
             return;
 
         }
 
         }
 
 
 
+        if( $payload['type'] === 'Delete' &&
 
+            ( ( is_string($payload['object']) &&
 
+                $payload['object'] === $payload['actor'] ) ||
 
+            ( is_array($payload['object']) &&
 
+              isset($payload['object']['id'], $payload['object']['type']) &&
 
+              $payload['object']['type'] === 'Person' &&
 
+              $payload['actor'] === $payload['object']['id']
 
+            ))
 
+        ) {
 
+            $actor = $payload['actor'];
 
+            $hash = strlen($actor) <= 48 ? 
+                'b:' . base64_encode($actor) :
 
+                'h:' . hash('sha256', $actor);
 
+
 
+            $lockKey = 'ap:inbox:actor-delete-exists:lock:' . $hash;
 
+            Cache::lock($lockKey, 10)->block(5, function () use(
 
+                $headers,
 
+                $payload,
 
+                $actor,
 
+                $hash
 
+            ) {
 
+                $key = 'ap:inbox:actor-delete-exists:' . $hash;
 
+                $actorDelete = Cache::remember($key, now()->addMinutes(15), function() use($actor) {
 
+                    return Profile::whereRemoteUrl($actor)
 
+                        ->whereNotNull('domain')
 
+                        ->exists();
 
+                });
 
+                if($actorDelete) {
 
+                    if($this->verifySignature($headers, $payload) == true) {
 
+                        Cache::set($key, false);
 
+                        $profile = Profile::whereNotNull('domain')
 
+                            ->whereNull('status')
 
+                            ->whereRemoteUrl($actor)
 
+                            ->first();
 
+                        if($profile) {
 
+                            DeleteRemoteProfilePipeline::dispatchNow($profile);
 
+                        }
 
+                        return;
 
+                    } else {
 
+                        // Signature verification failed, exit.
 
+                        return;
 
+                    }
 
+                } else {
 
+                    // Remote user doesn't exist, exit early.
 
+                    return;
 
+                }
 
+            });
 
+
 
+            return;
 
+        }
 
+
 
         if($profile->status != null) {
 
         if($profile->status != null) {
 
             return;
 
             return;
 
         }
 
         }

+ 52 - 3
app/Jobs/InboxPipeline/InboxWorker.php
查看文件 

@@ -14,13 +14,13 @@ use Illuminate\Foundation\Bus\Dispatchable;
 
 use Illuminate\Queue\InteractsWithQueue;
 
 use Illuminate\Queue\InteractsWithQueue;
 
 use Illuminate\Queue\SerializesModels;
 
 use Illuminate\Queue\SerializesModels;
 
 use Zttp\Zttp;
 
 use Zttp\Zttp;
 
+use App\Jobs\DeletePipeline\DeleteRemoteProfilePipeline;
 
 
 
 class InboxWorker implements ShouldQueue
 
 class InboxWorker implements ShouldQueue
 
 {
 
 {
 
     use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
 
     use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
 
 
 
     protected $headers;
 
     protected $headers;
 
-    protected $profile;
 
     protected $payload;
 
     protected $payload;
 
 
 
     public $timeout = 60;
 
     public $timeout = 60;
 
@@ -56,6 +56,57 @@ class InboxWorker implements ShouldQueue
 
             return;
 
             return;
 
         }
 
         }
 
 
 
+        if( $payload['type'] === 'Delete' &&
 
+            ( ( is_string($payload['object']) &&
 
+                $payload['object'] === $payload['actor'] ) ||
 
+            ( is_array($payload['object']) &&
 
+              isset($payload['object']['id'], $payload['object']['type']) &&
 
+              $payload['object']['type'] === 'Person' &&
 
+              $payload['actor'] === $payload['object']['id']
 
+            ))
 
+        ) {
 
+            $actor = $payload['actor'];
 
+            $hash = strlen($actor) <= 48 ? 
+                'b:' . base64_encode($actor) :
 
+                'h:' . hash('sha256', $actor);
 
+
 
+            $lockKey = 'ap:inbox:actor-delete-exists:lock:' . $hash;
 
+            Cache::lock($lockKey, 10)->block(5, function () use(
 
+                $headers,
 
+                $payload,
 
+                $actor,
 
+                $hash
 
+            ) {
 
+                $key = 'ap:inbox:actor-delete-exists:' . $hash;
 
+                $actorDelete = Cache::remember($key, now()->addMinutes(15), function() use($actor) {
 
+                    return Profile::whereRemoteUrl($actor)
 
+                        ->whereNotNull('domain')
 
+                        ->exists();
 
+                });
 
+                if($actorDelete) {
 
+                    if($this->verifySignature($headers, $payload) == true) {
 
+                        Cache::set($key, false);
 
+                        $profile = Profile::whereNotNull('domain')
 
+                            ->whereNull('status')
 
+                            ->whereRemoteUrl($actor)
 
+                            ->first();
 
+                        if($profile) {
 
+                            DeleteRemoteProfilePipeline::dispatchNow($profile);
 
+                        }
 
+                        return;
 
+                    } else {
 
+                        // Signature verification failed, exit.
 
+                        return;
 
+                    }
 
+                } else {
 
+                    // Remote user doesn't exist, exit early.
 
+                    return;
 
+                }
 
+            });
 
+            
+            return;
 
+        }
 
+
 
         if($this->verifySignature($headers, $payload) == true) {
 
         if($this->verifySignature($headers, $payload) == true) {
 
             (new Inbox($headers, $profile, $payload))->handle();
 
             (new Inbox($headers, $profile, $payload))->handle();
 
             return;
 
             return;
 
@@ -95,12 +146,10 @@ class InboxWorker implements ShouldQueue
 
         ) {
 
         ) {
 
             if(parse_url($bodyDecoded['object']['attributedTo'], PHP_URL_HOST) !== $keyDomain) {
 
             if(parse_url($bodyDecoded['object']['attributedTo'], PHP_URL_HOST) !== $keyDomain) {
 
                 return;
 
                 return;
 
-                abort(400, 'Invalid request');
 
             }
 
             }
 
         }
 
         }
 
         if(!$keyDomain || !$idDomain || $keyDomain !== $idDomain) {
 
         if(!$keyDomain || !$idDomain || $keyDomain !== $idDomain) {
 
             return;
 
             return;
 
-            abort(400, 'Invalid request');
 
         }
 
         }
 
         $actor = Profile::whereKeyId($keyId)->first();
 
         $actor = Profile::whereKeyId($keyId)->first();
 
         if(!$actor) {
 
         if(!$actor) {