Improved signature handling & instance actor (#8275)

This PR is part of https://codeberg.org/forgejo/forgejo/pulls/4767 It improves the signature handling: 1. move logic to a service (might be used from other services as well) 2. make a clear difference between ` ReqHTTPUserSignature` and `ReqHTTPUserOrInstanceSignature` 3. improve test ability (activitypub/client & distant_federation_server_mock Adjust instance actor 1. name & 2. webfinger ## Strategy for next PRs is Integration tests are in the driving seat. I will step by step add integration tests form original PR and add code required by the integration test changes. ## Meta Proposal howto process large PRs can be discussed here: https://codeberg.org/forgejo-contrib/federation/pulls/37 Current state with rendered diagrams can be found here: https://codeberg.org/meissa/federation/src/branch/merge-large-pr/doc/merge-large-pr.md Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8275 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de> Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
2025-08-05 01:45:22 +02:00 · 2025-07-01 19:49:00 +02:00 · 2025-07-01 19:49:00 +02:00 · 6f501b1fdf
commit 6f501b1fdf
parent 7a8ff20bf3
20 changed files with 726 additions and 443 deletions
--- a/tests/integration/api_activitypub_person_test.go
+++ b/tests/integration/api_activitypub_person_test.go
@ -26,28 +26,37 @@ import (
 func TestActivityPubPerson(t *testing.T) {
 	defer test.MockVariableValue(&setting.Federation.Enabled, true)()
 	defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
-		userID := 2
-		username := "user2"
-		userURL := fmt.Sprintf("%sapi/v1/activitypub/user-id/%d", u, userID)

-		user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+	mock := test.NewFederationServerMock()
+	federatedSrv := mock.DistantServer(t)
+	defer federatedSrv.Close()

-		clientFactory, err := activitypub.GetClientFactory(db.DefaultContext)
+	onGiteaRun(t, func(t *testing.T, localUrl *url.URL) {
+		defer test.MockVariableValue(&setting.AppURL, localUrl.String())()
+
+		localUserID := 2
+		localUserName := "user2"
+		localUserURL := fmt.Sprintf("%sapi/v1/activitypub/user-id/%d", localUrl, localUserID)
+
+		// distantURL := federatedSrv.URL
+		// distantUser15URL := fmt.Sprintf("%s/api/v1/activitypub/user-id/15", distantURL)
+
+		cf, err := activitypub.GetClientFactory(db.DefaultContext)
 		require.NoError(t, err)

-		apClient, err := clientFactory.WithKeys(db.DefaultContext, user1, user1.APActorKeyID())
+		c, err := cf.WithKeysDirect(db.DefaultContext, mock.Persons[0].PrivKey,
+			mock.Persons[0].KeyID(federatedSrv.URL))
 		require.NoError(t, err)

 		// Unsigned request
 		t.Run("UnsignedRequest", func(t *testing.T) {
-			req := NewRequest(t, "GET", userURL)
+			req := NewRequest(t, "GET", localUserURL)
 			MakeRequest(t, req, http.StatusBadRequest)
 		})

 		t.Run("SignedRequestValidation", func(t *testing.T) {
 			// Signed request
-			resp, err := apClient.GetBody(userURL)
+			resp, err := c.GetBody(localUserURL)
 			require.NoError(t, err)

 			var person ap.Person
@ -55,13 +64,12 @@ func TestActivityPubPerson(t *testing.T) {
 			require.NoError(t, err)

 			assert.Equal(t, ap.PersonType, person.Type)
-			assert.Equal(t, username, person.PreferredUsername.String())
-			assert.Regexp(t, fmt.Sprintf("activitypub/user-id/%d$", userID), person.GetID())
-			assert.Regexp(t, fmt.Sprintf("activitypub/user-id/%d/outbox$", userID), person.Outbox.GetID().String())
-			assert.Regexp(t, fmt.Sprintf("activitypub/user-id/%d/inbox$", userID), person.Inbox.GetID().String())
+			assert.Equal(t, localUserName, person.PreferredUsername.String())
+			assert.Regexp(t, fmt.Sprintf("activitypub/user-id/%d$", localUserID), person.GetID())
+			assert.Regexp(t, fmt.Sprintf("activitypub/user-id/%d/inbox$", localUserID), person.Inbox.GetID().String())

 			assert.NotNil(t, person.PublicKey)
-			assert.Regexp(t, fmt.Sprintf("activitypub/user-id/%d#main-key$", userID), person.PublicKey.ID)
+			assert.Regexp(t, fmt.Sprintf("activitypub/user-id/%d#main-key$", localUserID), person.PublicKey.ID)

 			assert.NotNil(t, person.PublicKey.PublicKeyPem)
 			assert.Regexp(t, "^-----BEGIN PUBLIC KEY-----", person.PublicKey.PublicKeyPem)