live example (actix-web) cant receive activities from mastodon with Error(Incoming activity has invalid signature)

Question

live example (actix-web) cant receive activities from mastodon with Error(Incoming activity has invalid signature)

Closed this issue 2 months ago · 5 comments

Hi, I played a bit with the example code and replaced axum with actix-web in the live example. The user can be fetched but no matter what fediverse software I try federating with (mastodon, glitch, firefish, akkoma) it all fails at verification of the incoming activity. The culprit code is here

Answer 1 · 2024-04-10T00:51:00.000Z

There might be a bug in my code, but I am not 100%-ly sure and being at this stuck for at least two hours now makes me wonder if this is related to Mastodon having a bug in its signing code. And this check being bug-free ;')

Link to my version of the example code: https://github.com/lysand-org/lysand-ap-layer

Answer 2 · 2024-04-10T08:45:19.000Z

Lemmy uses the same code and can federate with Mastodon just fine. So I doubt that there is a bug in the library or in Mastodon. Is it possible that its verifying with the wrong public key for some reason?

Answer 3 · 2024-04-10T10:06:56.000Z

Lemmy uses the same code and can federate with Mastodon just fine. So I doubt that there is a bug in the library or in Mastodon. Is it possible that its verifying with the wrong public key for some reason?

I mean, im not even sure about how the lib even gets any public key. Afaik thats not clearly documented in the example. I guess you mean, that the local instance is started with the wrong public key?

Answer 4 · 2024-04-11T09:24:33.000Z

The incoming activity is handled here and here. So the actor is retrieved with ActivityHandler.actor(), that gets dereference()d and then it calls actor.public_key_pem().

Stepping through with a debugger is not really practical with a web server, instead you can clone this library and pull it in as a path dependency. That way you can add debug statements in the code to see what exactly it is doing, and if the values are as expected.

Another problem I had recently with receiving activities was that the nginx config didnt set the Host header. Its important that this matches the federation domain as its part of the signature. Also its best to ensure that your project can federate with itself before federating with another platform. That way problems are much easier to debug.

Answer 5 · 2024-04-12T15:58:33.000Z

Another problem I had recently with receiving activities was that the nginx config didnt set the Host header. Its important that this matches the federation domain as its part of the signature

that was the call I needed! Thanks!