search

jointakahe / takahe

An ActivityPub/Fediverse server
BSD 3-Clause "New" or "Revised" License
1.1k stars 84 forks source link

Cannot follow from GoToSocial #528

Open kvibber opened 1 year ago

kvibber commented 1 year ago

Possibly different from #223 , this doesn't seem to be namespace related.

Trying to follow a Takahe account from a GoToSocial account. Takahe doesn't register it, and GoToSocial considers the follow request pending until the user cancels it.

I have some debug info from the GoToSocial side, where it's trying to post the following JSON to https://takahe.social/inbox/ and getting a 400 "message processing error"

{
  "@context": "https://www.w3.org/ns/activitystreams",
  "actor": "https://gts.keysmash.xyz/users/kelsonv",
  "id": "https://gts.keysmash.xyz/users/kelsonv/follow/019WV3Y41NQFXNYN155YB3BKDA",
  "object": "https://takahe.social/@ktv@takahe.social/",
  "to": "https://takahe.social/@ktv@takahe.social/",
  "type": "Follow"
}
kvibber commented 1 year ago

Probably the same issue when trying to mention a Takahe account in a GoToSocial post. I'm not sure which of these two JSON objects is sent to the Takahe inbox, but the inbox is returning a 400 again.

{"@context":"https://www.w3.org/ns/activitystreams","actor":"https://gts.keysmash.xyz/users/kelsonv","cc":["https://gts.keysmash.xyz/users/kelsonv/followers","https://takahe.social/@ktv@takahe.social/"],"id":"https://gts.keysmash.xyz/users/kelsonv/statuses/01GTB62XFNQR7KSFNYYMEX1ERE/activity","object":{"attachment":[],"attributedTo":"https://gts.keysmash.xyz/users/kelsonv","cc":["https://gts.keysmash.xyz/users/kelsonv/followers","https://takahe.social/@ktv@takahe.social/"],"content":"\u003cp\u003eLet's see if GoToSocial can mention \u003cspan class=\"h-card\"\u003e\u003ca href=\"https://takahe.social/@ktv/\" class=\"u-url mention\" rel=\"nofollow noreferrer noopener\" target=\"_blank\"\u003e@\u003cspan\u003ektv\u003c/span\u003e\u003c/a\u003e\u003c/span\u003e\u003c/p\u003e","id":"https://gts.keysmash.xyz/users/kelsonv/statuses/01GTB62XFNQR7KSFNYYMEX1ERE","published":"2023-02-28T04:56:55Z","replies":{"first":{"id":"https://gts.keysmash.xyz/users/kelsonv/statuses/01GTB62XFNQR7KSFNYYMEX1ERE/replies?page=true","next":"https://gts.keysmash.xyz/users/kelsonv/statuses/01GTB62XFNQR7KSFNYYMEX1ERE/replies?only_other_accounts=false\u0026page=true","partOf":"https://gts.keysmash.xyz/users/kelsonv/statuses/01GTB62XFNQR7KSFNYYMEX1ERE/replies","type":"CollectionPage"},"id":"https://gts.keysmash.xyz/users/kelsonv/statuses/01GTB62XFNQR7KSFNYYMEX1ERE/replies","type":"Collection"},"sensitive":false,"summary":"","tag":{"href":"https://takahe.social/@ktv@takahe.social/","name":"@ktv@takahe.social","type":"Mention"},"to":"https://www.w3.org/ns/activitystreams#Public","type":"Note","url":"https://gts.keysmash.xyz/@kelsonv/statuses/01GTB62XFNQR7KSFNYYMEX1ERE"},"published":"2023-02-28T04:56:55Z","to":"https://www.w3.org/ns/activitystreams#Public","type":"Create"}
{"@context":"https://www.w3.org/ns/activitystreams","attachment":[],"attributedTo":"https://gts.keysmash.xyz/users/kelsonv","cc":["https://gts.keysmash.xyz/users/kelsonv/followers","https://takahe.social/@ktv@takahe.social/"],"content":"\u003cp\u003eLet's see if GoToSocial can mention \u003cspan class=\"h-card\"\u003e\u003ca href=\"https://takahe.social/@ktv/\" class=\"u-url mention\" rel=\"nofollow noreferrer noopener\" target=\"_blank\"\u003e@\u003cspan\u003ektv\u003c/span\u003e\u003c/a\u003e\u003c/span\u003e\u003c/p\u003e","id":"https://gts.keysmash.xyz/users/kelsonv/statuses/01GTB62XFNQR7KSFNYYMEX1ERE","published":"2023-02-28T04:56:55Z","replies":{"first":{"id":"https://gts.keysmash.xyz/users/kelsonv/statuses/01GTB62XFNQR7KSFNYYMEX1ERE/replies?page=true","next":"https://gts.keysmash.xyz/users/kelsonv/statuses/01GTB62XFNQR7KSFNYYMEX1ERE/replies?only_other_accounts=false\u0026page=true","partOf":"https://gts.keysmash.xyz/users/kelsonv/statuses/01GTB62XFNQR7KSFNYYMEX1ERE/replies","type":"CollectionPage"},"id":"https://gts.keysmash.xyz/users/kelsonv/statuses/01GTB62XFNQR7KSFNYYMEX1ERE/replies","type":"Collection"},"sensitive":false,"summary":"","tag":{"href":"https://takahe.social/@ktv@takahe.social/","name":"@ktv@takahe.social","type":"Mention"},"to":"https://www.w3.org/ns/activitystreams#Public","type":"Note","url":"https://gts.keysmash.xyz/@kelsonv/statuses/01GTB62XFNQR7KSFNYYMEX1ERE"}
andrewgodwin commented 1 year ago

The Follow not working is likely because GTS is just sending an Actor URI rather than the embedded object, and we haven't got the code to handle that yet (where it fetches the profile inline). Second one I know less about, but a debug server for Takahē would reveal more.

kvibber commented 1 year ago

Well, I found part of the problem. I set up a test Takahe server with docker, and every time GoToSocial hit the inbox, it logged this in the web container:

Inbox error: Bad HTTP signature format: Unknown signature algorithm

I modified the output to also print what algorithm it did find, and it printed "hs2019"

According to the docs, GoToSocial signs outgoing requests with RSA_SHA256, which should work here...but I looked up hs2019 and found it in the HTTP Signatures spec, which says the value should be used in place of the actual signature algorithm because "specifying signature algorithm enables attack vector"

I then modified signature.py to not bail on hs2019, and my GoToSocial instance was successfully able to send a mention to the Takahe instance.

kvibber commented 1 year ago

That pull request fixes the problem with mentions not federating from GTS to Takahe (but not the follows)

andrewgodwin commented 1 year ago

Thanks for working out what hs2019 actually is - we've had the error in our logs occasionally for a while, but I had not got around to researching it. Glad the solution is relatively simple!

andrewgodwin commented 1 year ago

https://github.com/jointakahe/takahe/commit/78eacf165e077d19439d8dcb2d9e2d359a64dd49 has now been landed, so this needs further investigation to see how close to fixed it is.

AstraLuma commented 7 months ago

@kvibber do you have new errors from Takahē, now that signature handling is fixed?

In particular, messages from the log would be useful.

kvibber commented 7 months ago

Yes, it looks like a content-type issue. Here's what I think is Takahe's response to GoToSocial's follow request:

timestamp="14/12/2023 19:52:56.091" func=server.glob..func1.Logger.func13.1 level=INFO latency="183.064µs" userAgent="python-httpx/0.25.1 (Takahe/0.10.1; +https://takahe.social/)" method=POST statusCode=406 path=/users/kelsonv/inbox clientIP=35.208.95.156 errors="Error #01: Content-Type application/json not acceptable, this endpoint accepts: [\"application/activity+json\" \"application/ld+json;profile=https://w3.org/ns/activitystreams\"]\n" requestID=3eke6tcc040016njwsm0 msg="Not Acceptable: wrote 50B"