Skip fetching unknown actors when on some events

It may make sense for gup.pe to skip fetching unknown actors on certain events, such as:

a Delete where the actor and the object are one and the same: this is how Mastodon signals account deletions, so fetching the actor would not work (since it is deleted already), and since you don't know the actor, you have nothing to delete
an Update where the actor and the object are one and the same: if you don't know the actor already, you probably don't need to process their profile updates

A contribution for this change would be welcome. Or, we're available for hire if you prefer: consulting@immers.space

transferred to the underlying library where this would apply

The relevant code is here:

Lines 44 to 73 in 364d907

    
           async function verifySignature (req, res, next) { 
        
             const apex = req.app.locals.apex 
        
             try { 
        
               if (!req.get('authorization') && !req.get('signature')) { 
        
                 if (req.app.get('env') !== 'development') { 
        
                   apex.logger.warn('Request rejected: missing http signature') 
        
                   return res.status(401).send('Missing http signature') 
        
                 } 
        
                 const actor = await apex.resolveObject(apex.actorIdFromActivity(req.body)) 
        
                 res.locals.apex.sender = actor 
        
                 return next() 
        
               } 
        
               const sigHead = httpSignature.parse(req) 
        
               const signer = await apex.resolveObject(sigHead.keyId) 
        
               const valid = httpSignature.verifySignature(sigHead, signer.publicKey[0].publicKeyPem[0]) 
        
               if (!valid) { 
        
                 apex.logger.warn('Request rejected: invalid http signature') 
        
                 return res.status(403).send('Invalid http signature') 
        
               } 
        
               res.locals.apex.sender = signer 
        
               next() 
        
             } catch (err) { 
        
               if (req.body.type.toLowerCase() === 'delete' && /^(410|404)/.test(err.message)) { 
        
                 // user delete message that can't be verified because we don't have the user cached 
        
                 return res.status(200).send() 
        
               } 
        
               apex.logger.warn('error during signature verification', err.message) 
        
               return res.status(500).send() 
        
             } 
        
           }

Thank you for solving this issue!

	async function verifySignature (req, res, next) {
	const apex = req.app.locals.apex
	try {
	if (!req.get('authorization') && !req.get('signature')) {
	if (req.app.get('env') !== 'development') {
	apex.logger.warn('Request rejected: missing http signature')
	return res.status(401).send('Missing http signature')
	}
	const actor = await apex.resolveObject(apex.actorIdFromActivity(req.body))
	res.locals.apex.sender = actor
	return next()
	}
	const sigHead = httpSignature.parse(req)
	const signer = await apex.resolveObject(sigHead.keyId)
	const valid = httpSignature.verifySignature(sigHead, signer.publicKey[0].publicKeyPem[0])
	if (!valid) {
	apex.logger.warn('Request rejected: invalid http signature')
	return res.status(403).send('Invalid http signature')
	}
	res.locals.apex.sender = signer
	next()
	} catch (err) {
	if (req.body.type.toLowerCase() === 'delete' && /^(410\|404)/.test(err.message)) {
	// user delete message that can't be verified because we don't have the user cached
	return res.status(200).send()
	}
	apex.logger.warn('error during signature verification', err.message)
	return res.status(500).send()
	}
	}