dahlia / fedify

ActivityPub server framework in TypeScript
https://fedify.dev/
MIT License
538 stars 20 forks source link

More than one public key in actor harmful? #121

Closed mattes3 closed 2 months ago

mattes3 commented 2 months ago

Today, I tried to follow a group on Lemmy (the handle is typescript@programming.dev).

When my program sent the Follow activity via Fedify, I got this long error message:

'Error: Failed to send activity https://localtunnel.bohlenlabs.com/ap/actor/matthias#follows/https://programming.dev/c/typescript to https://programming.dev/c/typescript/inbox (400 Bad Request):\n' +
    '{"error":"unknown","message":"Failed to parse object https://localtunnel.bohlenlabs.com/ap/actor/matthias with content {\\"@context\\":[\\"https://www.w3.org/ns/activitystreams\\",\\"https://w3id.org/security/v1\\",\\"https://w3id.org/security/data-integrity/v1\\",\\"https://www.w3.org/ns/did/v1\\",\\"https://w3id.org/security/multikey/v1\\",{\\"manuallyApprovesFollowers\\":\\"as:manuallyApprovesFollowers\\",\\"toot\\":\\"http://joinmastodon.org/ns#\\",\\"featured\\":{\\"@id\\":\\"toot:featured\\",\\"@type\\":\\"@id\\"},\\"featuredTags\\":{\\"@id\\":\\"toot:featuredTags\\",\\"@type\\":\\"@id\\"},\\"discoverable\\":\\"toot:discoverable\\",\\"suspended\\":\\"toot:suspended\\",\\"memorial\\":\\"toot:memorial\\",\\"indexable\\":\\"toot:indexable\\",\\"schema\\":\\"http://schema.org#\\",\\"PropertyValue\\":\\"schema:PropertyValue\\",\\"value\\":\\"schema:value\\"}],\\"id\\":\\"https://localtunnel.bohlenlabs.com/ap/actor/matthias\\",\\"type\\":\\"Person\\",\\"inbox\\":\\"https://localtunnel.bohlenlabs.com/ap/members/matthias/inbox\\",\\"assertionMethod\\":[{\\"id\\":\\"https://localtunnel.bohlenlabs.com/ap/actor/matthias#main-key\\",\\"type\\":\\"Multikey\\",\\"controller\\":\\"https://localtunnel.bohlenlabs.com/ap/actor/matthias\\",\\"publicKeyMultibase\\":\\"zgghBUVkqmWS8e1iyLHYPhHCJScxLM3ncRRWscQAR3qKbTosCQrDUoKZBChE49qGBV4YsrQLU1qMuxuHCBoVNHfomLtu1dMM2YUpxSXm3dY179DdeKrqjvK24sPzcbfsnN2mHpZrxjSLg6TA4KNFG2e2wMfF88YRadaPNF6Y4EHU5RkV8xstfS2tVmGa6NtkJENbfWa7iJx4AGMj8m5gtUE8VXsn9CvNmCcGwbvEjMCYR8jaErdwubHeFrWUKHLNHUoo8AHH7DS3TJwAD1tLeDUzbgnbWprkW4zdpU6LaSobRkknPjyhry1qZe1XJQhn7rJMZAGup3EYc7WMNCDHd5R1d39C59oyq1nf3DN1dz1NEZUzsb3RveDEpSowYVLPnQFnukGoiT7rWVg3cNREWbpzbtCWtk5FAJmueDKXQ6YMLiw7jEzw29rBZaMnAFcW6y57EdNAmTbDPUVpDQmV498fRyeH7wBFGHmcB5ciKSoTmpkzqd8WNFfnC2rCiQq3rhcDmjTGYETMEXZJpmUdEm7RmkqnCwFnQmoWfeKFezrtMqpknkzQCzWdbqoZfn1PgiWmNowqrrRhQ7SFc2Y9f5HfWVdziSUgtcxdc7BeWNRDj9Vyh7ZT5UktWJYnVvinEnpNmDsiMWWJyQTPTybidzYe9ihqNoegtkPoaiNKi6DqUNxwiB2CdW7w6SMzbR9e9o3rRf4743z1e3qUNt\\"},{\\"id\\":\\"https://localtunnel.bohlenlabs.com/ap/actor/matthias#key-2\\",\\"type\\":\\"Multikey\\",\\"controller\\":\\"https://localtunnel.bohlenlabs.com/ap/actor/matthias\\",\\"publicKeyMultibase\\":\\"z6MkpENeAbAoHXgpj6d9zNtHoDJyyM8jFvhmJDrsXT5xrhr3\\"}],\\"publicKey\\":[{\\"id\\":\\"https://localtunnel.bohlenlabs.com/ap/actor/matthias#main-key\\",\\"type\\":\\"CryptographicKey\\",\\"owner\\":\\"https://localtunnel.bohlenlabs.com/ap/actor/matthias\\",\\"publicKeyPem\\":\\"-----BEGIN PUBLIC KEY-----\\\\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzSS5cM8nXubWxUVRA/ha\\\\nienlzWEik5zRNlg4ht0zjB21ClnwoH/x64Eu53fKCyH2nJ9T0BdBkLSchtBuEAJ6\\\\n6ph4Seo0OqEhoJ0w5qkc+TTp7SI+wj4B+3lz1u1iwEpNKQG/aqoz4WseS3H5gBYP\\\\n5+ivxOppMI2xA/ioz/Maj0TIxeswdKmctBENP6beCVZgJoWxcVp0aw7aOKb0EUE2\\\\nB34SXdGjoEleBQohAh0eThKmFWylb7e1BcfgXavlADdSkmFg8I+hQAiFoWqWeU0T\\\\nei5xpYiAashwoY/YScaXH73BKfk9Q7eLqyyqiyjmaIEsX4bPTAxjVgTdJ3FGqIQ6\\\\n+ENJeQIfC/PRq62UvsVoIR2yeD6hMpHo3g958ZxlhoNltfPZ76qGWkx/4gI1kkov\\\\n9cFWiyLRT2CUeODNalzMJpyc46jLt1Mc9N6WrZpM6vB1B3LGXdQmRmlkn8PDVZMt\\\\niujJ6u2gR+GHMS9MBtm9CMR2frHhjL6Q1bZp7aw4724LGYngqWbM8fes3YC/NmEg\\\\nXyeoyuZlpA4X8LeyZBV7pWYARzG5pAYp65vS8clQkd+JE1e23ts462cw8HJnzfVe\\\\ngrd2LbOmDL9cZx1mK/GKAG04E6obW1Ed168JPzeeEAEHMxUY+SRIQ1o2AtxqqPFR\\\\nT+cASNHnb2XTN8zSVMXSYu0CAwEAAQ==\\\\n-----END PUBLIC KEY-----\\\\n\\"},{\\"id\\":\\"https://localtunnel.bohlenlabs.com/ap/actor/matthias#key-2\\",\\"type\\":\\"CryptographicKey\\",\\"owner\\":\\"https://localtunnel.bohlenlabs.com/ap/actor/matthias\\",\\"publicKeyPem\\":\\"-----BEGIN PUBLIC KEY-----\\\\nMCowBQYDK2VwAyEAkUfG6YYKZDUwPzMC91Eygguu5cFMfceMusP2ErtwANQ=\\\\n-----END PUBLIC KEY-----\\\\n\\"}],\\"endpoints\\":{\\"type\\":\\"as:Endpoints\\",\\"sharedInbox\\":\\"https://localtunnel.bohlenlabs.com/ap/inbox\\"},\\"followers\\":\\"https://localtunnel.bohlenlabs.com/ap/members/matthias/followers\\",\\"following\\":\\"https://localtunnel.bohlenlabs.com/ap/members/matthias/following\\",\\"icon\\":{\\"type\\":\\"Image\\",\\"url\\":\\"https://www.gravatar.com/avatar/395361e06b0f555381e19a8abba7acb5?s=200&d=identicon\\"},\\"name\\":\\"Matthias Bohlen\\",\\"outbox\\":\\"https://localtunnel.bohlenlabs.com/ap/members/matthias/outbox\\",\\"preferredUsername\\":\\"matthias\\",\\"summary\\":\\"A new member of eliza.money.\\",\\"url\\":\\"https://localtunnel.bohlenlabs.com/member/matthias\\"}: invalid type: map, expected a string at line 1 column 1927"}\n'

Do I understand correctly that it has something to do with the fact that Fedify uses more than one public key? I am not sure whether I really looked at column 1927 in the long line of JSON text.

If I follow the Lemmy account from Mastodon, it works O.K.

What can I do now?

dahlia commented 2 months ago

Could you show me your actor dispatcher and key pairs dispatcher? In theory, publicKey can contain multiple items, but in practice, many implementations assume it contains only one. That's why FEP-521a was introduced.

mattes3 commented 2 months ago

Ah, I see! I looked at my actor dispatcher and (after comparing it to the microblog example), I found that the problem was here:

-  publicKeys: (await ctx.getActorKeyPairs(handle)).map(
-    (keyPair) => keyPair.cryptographicKey,
-  ),
+  publicKey: (await ctx.getActorKeyPairs(handle))[0]?.cryptographicKey ?? null,

Further down, there is:

assertionMethods: (await ctx.getActorKeyPairs(handle)).map(
                          (pair) => pair.multikey,
                  ),

Now it works. Thank you!