Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Add CLI task for rotating keys (#8466)

Browse source 
* If an Update is signed with known key, skip re-following procedure

Because it means the remote actor did *not* lose their database

* Add CLI method for rotating keys

    bin/tootctl accounts rotate [USERNAME]

Generates a new RSA key per account and sends out an Update activity
signed with the old key.

* Key rotation: Space out Update fan-outs every 5 minutes per 1000 accounts

* Skip suspended accounts in key rotation
This commit is contained in:
Eugen Rochko 2018-08-26 20:21:03 +02:00 committed by GitHub
parent 8adf485c0f
commit cabdbb7f9c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 79 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

5
app/services/activitypub/process_account_service.rb
View file

@ -5,9 +5,10 @@ class ActivityPub::ProcessAccountService < BaseService
# Should be called with confirmed valid JSON
# and WebFinger-resolved username and domain
def call(username, domain, json)
def call(username, domain, json, options = {})
return if json['inbox'].blank? || unsupported_uri_scheme?(json['id'])
@options = options
@json = json
@uri = @json['id']
@username = username
@ -31,7 +32,7 @@ class ActivityPub::ProcessAccountService < BaseService
return if @account.nil?
after_protocol_change! if protocol_changed?
after_key_change! if key_changed?
after_key_change! if key_changed? && !@options[:signed_with_known_key]
check_featured_collection! if @account.featured_collection_url.present?
@account