Closed yingziwu closed 3 years ago
Thanks for reporting. Are you familiar with the technical details of this mastodon feature? The docs aren't very clear - do they want us to start signing our GET requests?
On Thu, Oct 22, 2020, at 9:53 AM, yingziwu wrote:
If mastodon instance enable secure mode https://docs.joinmastodon.org/admin/config/#authorized_fetch, this instance can't follow the accouts of guppe https://gup.pe/ , can't post status to guppe, can't receive status from guppe.
Mastodon version: v3.2.0 master 4130aef29cb913cc33a1abaf997955fbbfdeb3b4 https://github.com/tootsuite/mastodon/commit/4130aef29cb913cc33a1abaf997955fbbfdeb3b4
Error log:
Recieve status
Caddy.service
{ "level": "error", "ts": 1603374123.2155101, "logger": "http.log.access.log0", "msg": "handled request", "request": { "remote_addr": "162.249.4.153:44200", "proto": "HTTP/1.1", "method": "POST", "host": "bgme.me", "uri": "/users/orz/inbox", "headers": { "Signature": [ "keyId=\"https://gup.pe/u/board\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date\",signature=\"P/BQNvcqfpddT3H0eXndXVF9IPytdqS0gcbyRkSmP/dSHllLEA82asM38/tKpI4Dn4vPWL0aSJpmbd/BLiNi/6nLiWy/9nkEAx2IzLFIarChWfmbTLiDt7FG7Fhmb6GFpdyODZtBdEyXrkMceF7i+DuOiHOor2cPN0Ts3B57SbownNE+BOlCSrDi7eC9v9Q9fc7kJezMIDn9VqHJiVTqWrl5GcsQswbbhP2gIkM7CtA52ip/2dju2RrACa0f9lIiDbTDfZbkvtfGch+8N0jH6ThMkCEEG93wjQXI8No/3rrxq1XAXSfZnUMczcVbiudulx5/BOVsv2WS1odJhd2BTG2g84TbXhNZd0v5d1LQN+5irD9FdFG9zNSWx42QikzbAecS5J3Yj/KKdosGbI4HcHFi6G8EU8yd+Xoqzx6YEV55C/r0GfPLiTeAB6MvnLhRaHtu9o3HZumrrhlP1/MMHpB5o4oCLXr5gXBNHKPKWK31BsTiZ6axBA9cEpJ9eeqR7FvW/8yx47HcMcQy/TBiF51YFg7sWPNY8Xm8++zIyzdXM/+oE4LFhm5AQ9BBMfYcAskvMv/XQVP+xT1/rGOMK73BvkhvJOcFXHl8eXo40NWvzNiRDJYOySgULSt76iDHH4yCt4A/BuW4dsTFHF24Nn3KbnCQQVY6qjZ2f9FVOVQ=\"" ], "Accept": [ "application/json" ], "Content-Length": [ "431" ], "Connection": [ "close" ], "Content-Type": [ "application/activity+json" ], "Date": [ "Thu, 22 Oct 2020 13:41:58 GMT" ] }, "tls": { "resumed": false, "version": 771, "cipher_suite": 49196, "proto": "", "proto_mutual": true, "server_name": "bgme.me" } }, "common_log": "162.249.4.153 - - [22/Oct/2020:13:42:03 +0000] \"POST /users/orz/inbox HTTP/1.1\" 401 74", "duration": 0.015769757, "size": 74, "status": 401, "resp_headers": { "Server": [ "Caddy" ], "Vary": [ "Signature,Accept-Encoding" ], "X-Frame-Options": [ "DENY" ], "Cache-Control": [ "no-cache" ], "X-Runtime": [ "0.014633" ], "X-Content-Type-Options": [ "nosniff" ], "X-Xss-Protection": [ "1; mode=block" ], "Content-Type": [ "text/plain; charset=utf-8" ], "X-Request-Id": [ "5ae5c1c8-2f65-4411-bb26-9d6074b4c324" ], "Strict-Transport-Security": [ "max-age=31536000;" ] } } mastodon-web.service
Oct 22 13:42:03 bgme.me bundle[5069]: [5ae5c1c8-2f65-4411-bb26-9d6074b4c324] method=POST path=/users/orz/inbox format=json controller=ActivityPub::InboxesController action=create status=401 duration=12.41 view=0.27 db=1.59 key=https://gup.pe/u/board
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/wmurphyrd/guppe/issues/28, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACMR5K6WNLLQT25RHRBFPU3SMBBNRANCNFSM4S3J7OYQ.
Thanks for reporting. Are you familiar with the technical details of this mastodon feature? The docs aren't very clear - do they want us to start signing our GET requests? On Thu, Oct 22, 2020, at 9:53 AM, yingziwu wrote: If mastodon instance enable secure mode https://docs.joinmastodon.org/admin/config/#authorized_fetch, this instance can't follow the accouts of guppe https://gup.pe/ , can't post status to guppe, can't receive status from guppe. Mastodon version: v3.2.0 master 4130aef29cb913cc33a1abaf997955fbbfdeb3b4 [tootsuite/mastodon@4130aef](https://github.com/tootsuite/mastodon/commit/4130aef29cb913cc33a1abaf997955fbbfdeb3b4) Error log: Recieve status Caddy.service { "level": "error", "ts": 1603374123.2155101, "logger": "http.log.access.log0", "msg": "handled request", "request": { "remote_addr": "162.249.4.153:44200", "proto": "HTTP/1.1", "method": "POST", "host": "bgme.me", "uri": "/users/orz/inbox", "headers": { "Signature": [ "keyId=\"https://gup.pe/u/board\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date\",signature=\"P/BQNvcqfpddT3H0eXndXVF9IPytdqS0gcbyRkSmP/dSHllLEA82asM38/tKpI4Dn4vPWL0aSJpmbd/BLiNi/6nLiWy/9nkEAx2IzLFIarChWfmbTLiDt7FG7Fhmb6GFpdyODZtBdEyXrkMceF7i+DuOiHOor2cPN0Ts3B57SbownNE+BOlCSrDi7eC9v9Q9fc7kJezMIDn9VqHJiVTqWrl5GcsQswbbhP2gIkM7CtA52ip/2dju2RrACa0f9lIiDbTDfZbkvtfGch+8N0jH6ThMkCEEG93wjQXI8No/3rrxq1XAXSfZnUMczcVbiudulx5/BOVsv2WS1odJhd2BTG2g84TbXhNZd0v5d1LQN+5irD9FdFG9zNSWx42QikzbAecS5J3Yj/KKdosGbI4HcHFi6G8EU8yd+Xoqzx6YEV55C/r0GfPLiTeAB6MvnLhRaHtu9o3HZumrrhlP1/MMHpB5o4oCLXr5gXBNHKPKWK31BsTiZ6axBA9cEpJ9eeqR7FvW/8yx47HcMcQy/TBiF51YFg7sWPNY8Xm8++zIyzdXM/+oE4LFhm5AQ9BBMfYcAskvMv/XQVP+xT1/rGOMK73BvkhvJOcFXHl8eXo40NWvzNiRDJYOySgULSt76iDHH4yCt4A/BuW4dsTFHF24Nn3KbnCQQVY6qjZ2f9FVOVQ=\"" ], "Accept": [ "application/json" ], "Content-Length": [ "431" ], "Connection": [ "close" ], "Content-Type": [ "application/activity+json" ], "Date": [ "Thu, 22 Oct 2020 13:41:58 GMT" ] }, "tls": { "resumed": false, "version": 771, "cipher_suite": 49196, "proto": "", "proto_mutual": true, "server_name": "bgme.me" } }, "common_log": "162.249.4.153 - - [22/Oct/2020:13:42:03 +0000] \"POST /users/orz/inbox HTTP/1.1\" 401 74", "duration": 0.015769757, "size": 74, "status": 401, "resp_headers": { "Server": [ "Caddy" ], "Vary": [ "Signature,Accept-Encoding" ], "X-Frame-Options": [ "DENY" ], "Cache-Control": [ "no-cache" ], "X-Runtime": [ "0.014633" ], "X-Content-Type-Options": [ "nosniff" ], "X-Xss-Protection": [ "1; mode=block" ], "Content-Type": [ "text/plain; charset=utf-8" ], "X-Request-Id": [ "5ae5c1c8-2f65-4411-bb26-9d6074b4c324" ], "Strict-Transport-Security": [ "max-age=31536000;" ] } } mastodon-web.service
Oct 22 13:42:03 bgme.me bundle[5069]: [5ae5c1c8-2f65-4411-bb26-9d6074b4c324] method=POST path=/users/orz/inbox format=json controller=ActivityPub::InboxesController action=create status=401 duration=12.41 view=0.27 db=1.59 key=https://gup.pe/u/board
… — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#28>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACMR5K6WNLLQT25RHRBFPU3SMBBNRANCNFSM4S3J7OYQ.
AUTHORIZED_FETCH=true
.@umonaca
So neither of those changes should affect gup.pe function
@wmurphyrd
I notice that guppe work well befort Sep 6 for my instace, bgme.me. After Sep 6, guppe could't relay status to my instace.
@yingziwu I don't doubt this secure mode has impacted your usage; I just cannot decipher why from the mastodon documentation. I've submitted an issue to their docs repo.
@wmurphyrd
I notice that guppe work well befort Sep 6 for my instace, bgme.me. After Sep 6, guppe could't relay status to my instace.
May related commits: https://github.com/yingziwu/mastodon/compare/3843d6fe55fadbb4433b71e47663b84b170d6943...790c0364c43cdf8a8b6f8f495369696c06030035
@wmurphyrd
I notice that guppe work well befort Sep 6 for my instace, bgme.me. After Sep 6, guppe could't relay status to my instace.
May related commits: https://github.com/yingziwu/mastodon/compare/4dcc600448bdf076c10c4b704d6da20c621d4d1e...790c0364c43cdf8a8b6f8f495369696c06030035
After view the comits list above, I found this commit: https://github.com/tootsuite/mastodon/commit/b241f20bd2387244c14fa5de70bd7c928b599a8b
Besides, after upgrade to v3.2.1, slashine.onl reported that they meet the same problem even if slashine.onl don't enable secure mode.
https://slashine.onl/@slashine/105079011698940129
I can't find any log errors for follow of @gup.pe or , meaning Mastodon doesn't return an error at least not in normal mode.
Still, if the error happened after the upgrade yesterday to v3.2.1 of Mastodon there are two changes that I would say could be causing some problems: https://github.com/tootsuite/mastodon/pull/14919 https://github.com/tootsuite/mastodon/pull/14556
Looking at guppe's github I only find one issue https://github.com/wmurphyrd/guppe/issues/26 I am guessing this is an old problem and not related to these changes.
@yingziwu thanks for digging in - yeah the change in http-signature implementation looks like a likely culprit. I'll look into it
Ok found it is returning this message to my server Mastodon requires the Digest header to be signed when doing a POST request
- Mastodon has changed their requirements for http signaure construction. Hoping they'll clarify all requirements in https://github.com/tootsuite/documentation/issues/822, but I should be able to work on this soon
Looks like I've resolved this via 5208b67df5f8ed6851c0d65e512880792794f9a6 - please file another issue if you still have problems
If mastodon instance enable secure mode, this instance can't follow the accouts of guppe , can't post status to guppe, can't receive status from guppe.
Mastodon version: v3.2.0 master 4130aef29cb913cc33a1abaf997955fbbfdeb3b4
Error log:
Recieve status
Caddy.service
mastodon-web.service