Merge pull request #2565 from pixelfed/staging

Update InboxWorker, fix race condition in account deletes

CHANGELOG.md

@@ -155,6 +155,7 @@
 - Updated AP helpers, fixed federation bug. ([a52564f3](https://github.com/pixelfed/pixelfed/commit/a52564f3))
 - Updated Helpers, cache profiles. ([1f672ecf](https://github.com/pixelfed/pixelfed/commit/1f672ecf))
 - Updated DiscoverController, improve trending api performance. ([d8d3331f](https://github.com/pixelfed/pixelfed/commit/d8d3331f))
+- Update InboxWorker, fix race condition in account deletes. ([4a4d8f00](https://github.com/pixelfed/pixelfed/commit/4a4d8f00))
 
 ## [v0.10.9 (2020-04-17)](https://github.com/pixelfed/pixelfed/compare/v0.10.8...v0.10.9)
 ### Added

app/Jobs/InboxPipeline/InboxValidator.php

@@ -14,6 +14,7 @@ use Illuminate\Foundation\Bus\Dispatchable;
 use Illuminate\Queue\InteractsWithQueue;
 use Illuminate\Queue\SerializesModels;
 use Zttp\Zttp;
+use App\Jobs\DeletePipeline\DeleteRemoteProfilePipeline;
 
 class InboxValidator implements ShouldQueue
 {
@@ -59,6 +60,57 @@ class InboxValidator implements ShouldQueue
             return;
         }
 
+        if( $payload['type'] === 'Delete' &&
+            ( ( is_string($payload['object']) &&
+                $payload['object'] === $payload['actor'] ) ||
+            ( is_array($payload['object']) &&
+              isset($payload['object']['id'], $payload['object']['type']) &&
+              $payload['object']['type'] === 'Person' &&
+              $payload['actor'] === $payload['object']['id']
+            ))
+        ) {
+            $actor = $payload['actor'];
+            $hash = strlen($actor) <= 48 ? 
+                'b:' . base64_encode($actor) :
+                'h:' . hash('sha256', $actor);
+
+            $lockKey = 'ap:inbox:actor-delete-exists:lock:' . $hash;
+            Cache::lock($lockKey, 10)->block(5, function () use(
+                $headers,
+                $payload,
+                $actor,
+                $hash
+            ) {
+                $key = 'ap:inbox:actor-delete-exists:' . $hash;
+                $actorDelete = Cache::remember($key, now()->addMinutes(15), function() use($actor) {
+                    return Profile::whereRemoteUrl($actor)
+                        ->whereNotNull('domain')
+                        ->exists();
+                });
+                if($actorDelete) {
+                    if($this->verifySignature($headers, $payload) == true) {
+                        Cache::set($key, false);
+                        $profile = Profile::whereNotNull('domain')
+                            ->whereNull('status')
+                            ->whereRemoteUrl($actor)
+                            ->first();
+                        if($profile) {
+                            DeleteRemoteProfilePipeline::dispatchNow($profile);
+                        }
+                        return;
+                    } else {
+                        // Signature verification failed, exit.
+                        return;
+                    }
+                } else {
+                    // Remote user doesn't exist, exit early.
+                    return;
+                }
+            });
+
+            return;
+        }
+
         if($profile->status != null) {
             return;
         }

app/Jobs/InboxPipeline/InboxWorker.php

@@ -14,13 +14,13 @@ use Illuminate\Foundation\Bus\Dispatchable;
 use Illuminate\Queue\InteractsWithQueue;
 use Illuminate\Queue\SerializesModels;
 use Zttp\Zttp;
+use App\Jobs\DeletePipeline\DeleteRemoteProfilePipeline;
 
 class InboxWorker implements ShouldQueue
 {
     use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
 
     protected $headers;
-    protected $profile;
     protected $payload;
 
     public $timeout = 60;
@@ -56,6 +56,57 @@ class InboxWorker implements ShouldQueue
             return;
         }
 
+        if( $payload['type'] === 'Delete' &&
+            ( ( is_string($payload['object']) &&
+                $payload['object'] === $payload['actor'] ) ||
+            ( is_array($payload['object']) &&
+              isset($payload['object']['id'], $payload['object']['type']) &&
+              $payload['object']['type'] === 'Person' &&
+              $payload['actor'] === $payload['object']['id']
+            ))
+        ) {
+            $actor = $payload['actor'];
+            $hash = strlen($actor) <= 48 ? 
+                'b:' . base64_encode($actor) :
+                'h:' . hash('sha256', $actor);
+
+            $lockKey = 'ap:inbox:actor-delete-exists:lock:' . $hash;
+            Cache::lock($lockKey, 10)->block(5, function () use(
+                $headers,
+                $payload,
+                $actor,
+                $hash
+            ) {
+                $key = 'ap:inbox:actor-delete-exists:' . $hash;
+                $actorDelete = Cache::remember($key, now()->addMinutes(15), function() use($actor) {
+                    return Profile::whereRemoteUrl($actor)
+                        ->whereNotNull('domain')
+                        ->exists();
+                });
+                if($actorDelete) {
+                    if($this->verifySignature($headers, $payload) == true) {
+                        Cache::set($key, false);
+                        $profile = Profile::whereNotNull('domain')
+                            ->whereNull('status')
+                            ->whereRemoteUrl($actor)
+                            ->first();
+                        if($profile) {
+                            DeleteRemoteProfilePipeline::dispatchNow($profile);
+                        }
+                        return;
+                    } else {
+                        // Signature verification failed, exit.
+                        return;
+                    }
+                } else {
+                    // Remote user doesn't exist, exit early.
+                    return;
+                }
+            });
+            
+            return;
+        }
+
         if($this->verifySignature($headers, $payload) == true) {
             (new Inbox($headers, $profile, $payload))->handle();
             return;
@@ -95,12 +146,10 @@ class InboxWorker implements ShouldQueue
         ) {
             if(parse_url($bodyDecoded['object']['attributedTo'], PHP_URL_HOST) !== $keyDomain) {
                 return;
-                abort(400, 'Invalid request');
             }
         }
         if(!$keyDomain || !$idDomain || $keyDomain !== $idDomain) {
             return;
-            abort(400, 'Invalid request');
         }
         $actor = Profile::whereKeyId($keyId)->first();
         if(!$actor) {

database/migrations/2020_12_14_103423_create_login_links_table.php

@@ -0,0 +1,40 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class CreateLoginLinksTable extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::create('login_links', function (Blueprint $table) {
+            $table->id();
+            $table->string('key')->index();
+            $table->string('secret')->index();
+            $table->unsignedInteger('user_id')->index();
+            $table->string('ip')->nullable();
+            $table->string('user_agent')->nullable();
+            $table->json('meta')->nullable();
+            $table->timestamp('revoked_at')->nullable()->index();
+            $table->timestamp('resent_at')->nullable()->index();
+            $table->timestamp('used_at')->nullable()->index();
+            $table->timestamps();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::dropIfExists('login_links');
+    }
+}

database/migrations/2021_01_14_034521_add_cache_locks_table.php

@@ -0,0 +1,32 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AddCacheLocksTable extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::create('cache_locks', function ($table) {
+            $table->string('key')->primary();
+            $table->string('owner');
+            $table->integer('expiration');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::dropTable('cache_locks');
+    }
+}