fix: assorted ActivityPub code only refactors (#8274)

Fix parts of issue https://codeberg.org/forgejo/forgejo/issues/8221 and PR https://codeberg.org/forgejo/forgejo/pulls/4767 - PostgreSQL - TestActivityPubPerson/SignedRequestValidation ``` --- FAIL: TestActivityPubPerson/SignedRequestValidation (5.01s) api_activitypub_person_test.go:51: Error Trace: /workspace/forgejo/forgejo/tests/integration/api_activitypub_person_test.go:51 Error: Received unexpected error: Get "http://127.0.0.1:3002/api/v1/activitypub/user-id/2": context deadline exceeded (Client.Timeout exceeded while awaiting headers) Test: TestActivityPubPerson/SignedRequestValidation testlogger.go:411: 2025/06/24 00:12:27 ...eb/routing/logger.go:102:func1() [I] router: completed GET /api/v1/activitypub/user-id/2 for 127.0.0.1:50456, 200 OK in 5032.2ms @ activitypub/person.go:21(activitypub.Person) ``` Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8274 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de> Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
2025-08-09 04:36:43 +02:00 · 2025-07-25 18:01:43 +02:00 · 2025-07-25 18:01:43 +02:00 · e271c24100
commit e271c24100
parent fe22e2397c
20 changed files with 741 additions and 69 deletions
--- a/tests/integration/api_federation_httpsig_test.go
+++ b/tests/integration/api_federation_httpsig_test.go
@ -0,0 +1,82 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"testing"
+
+	"forgejo.org/models/db"
+	"forgejo.org/models/forgefed"
+	"forgejo.org/models/unittest"
+	"forgejo.org/models/user"
+	"forgejo.org/modules/activitypub"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/test"
+	"forgejo.org/routers"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestFederationHttpSigValidation(t *testing.T) {
+	defer test.MockVariableValue(&setting.Federation.Enabled, true)()
+	defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
+
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		userID := 2
+		userURL := fmt.Sprintf("%sapi/v1/activitypub/user-id/%d", u, userID)
+
+		user1 := unittest.AssertExistsAndLoadBean(t, &user.User{ID: 1})
+
+		clientFactory, err := activitypub.GetClientFactory(db.DefaultContext)
+		require.NoError(t, err)
+
+		apClient, err := clientFactory.WithKeys(db.DefaultContext, user1, user1.KeyID())
+		require.NoError(t, err)
+
+		// Unsigned request
+		t.Run("UnsignedRequest", func(t *testing.T) {
+			req := NewRequest(t, "GET", userURL)
+			MakeRequest(t, req, http.StatusBadRequest)
+		})
+
+		// Signed request
+		t.Run("SignedRequest", func(t *testing.T) {
+			resp, err := apClient.Get(userURL)
+			require.NoError(t, err)
+			assert.Equal(t, http.StatusOK, resp.StatusCode)
+		})
+
+		// HACK HACK HACK: the host part of the URL gets set to which IP forgejo is
+		// listening on, NOT localhost, which is the Domain given to forgejo which
+		// is then used for eg. the keyID all requests
+		applicationKeyID := fmt.Sprintf("%sapi/v1/activitypub/actor#main-key", setting.AppURL)
+		actorKeyID := fmt.Sprintf("%sapi/v1/activitypub/user-id/1#main-key", setting.AppURL)
+
+		// Check for cached public keys
+		t.Run("ValidateCaches", func(t *testing.T) {
+			host, err := forgefed.FindFederationHostByKeyID(db.DefaultContext, applicationKeyID)
+			require.NoError(t, err)
+			assert.NotNil(t, host)
+			assert.True(t, host.PublicKey.Valid)
+
+			_, user, err := user.FindFederatedUserByKeyID(db.DefaultContext, actorKeyID)
+			require.NoError(t, err)
+			assert.NotNil(t, user)
+			assert.True(t, user.PublicKey.Valid)
+		})
+
+		// Disable signature validation
+		defer test.MockVariableValue(&setting.Federation.SignatureEnforced, false)()
+
+		// Unsigned request
+		t.Run("SignatureValidationDisabled", func(t *testing.T) {
+			req := NewRequest(t, "GET", userURL)
+			MakeRequest(t, req, http.StatusOK)
+		})
+	})
+}