refactor(federation): ♻️ Correctly handle bridge requests and instance signatures in user inboxes

2026-03-13 05:49:16 +01:00 · 2024-11-23 23:02:18 +01:00 · 2024-11-23 23:02:18 +01:00 · ace6921447
commit ace6921447
parent afc5a74a40
8 changed files with 2310 additions and 36 deletions
--- a/api/users/:uuid/inbox/index.ts
+++ b/api/users/:uuid/inbox/index.ts
@ -2,7 +2,7 @@ import { apiRoute, applyConfig } from "@/api";
 import { createRoute } from "@hono/zod-openapi";
 import { getLogger } from "@logtape/logtape";
 import type { Entity } from "@versia/federation/types";
-import { User } from "@versia/kit/db";
+import { Instance, User } from "@versia/kit/db";
 import { z } from "zod";
 import { InboxProcessor } from "~/classes/inbox/processor";
 import { ErrorSchema } from "~/types/api";
@ -23,9 +23,9 @@ export const schemas = {
        uuid: z.string().uuid(),
    }),
    header: z.object({
-        "x-signature": z.string(),
-        "x-nonce": z.string(),
-        "x-signed-by": z.string().url().or(z.literal("instance")),
+        "x-signature": z.string().optional(),
+        "x-nonce": z.string().optional(),
+        "x-signed-by": z.string().url().or(z.string().startsWith("instance ")),
        authorization: z.string().optional(),
    }),
    body: z.any(),
@ -113,24 +113,37 @@ export default apiRoute((app) =>

        const sender = await User.resolve(signedBy);

-        if (!sender) {
+        if (!(sender || signedBy.startsWith("instance "))) {
            return context.json(
-                { error: `Couldn't resolve sender ${signedBy}` },
+                { error: `Couldn't resolve sender URI ${signedBy}` },
                404,
            );
        }

        if (sender?.isLocal()) {
            return context.json(
-                { error: "Cannot send federation requests to local users" },
+                {
+                    error: "Cannot process federation requests from local users",
+                },
                400,
            );
        }

+        const remoteInstance = sender
+            ? await Instance.fromUser(sender)
+            : await Instance.resolveFromHost(signedBy.split(" ")[1]);
+
+        if (!remoteInstance) {
+            return context.json(
+                { error: "Could not resolve the remote instance." },
+                500,
+            );
+        }
+
        const processor = new InboxProcessor(
            context,
            body,
-            sender,
+            remoteInstance,
            {
                signature,
                nonce,