atproto: update authed_as, actor authz checks in poll_*

2024-03-13 15:41:03 -07:00 · 2024-03-13 15:41:03 -07:00 · 69e4b039e9
commit 69e4b039e9
--- a/atproto.py
+++ b/atproto.py
@ -518,20 +518,22 @@ def poll_notifications():
                                                  privkey=repo.signing_key)
        resp = client.app.bsky.notification.listNotifications()
        for notif in resp['notifications']:
+            actor_did = notif['author']['did']
            logger.debug(f'Got {notif["reason"]} from {notif["author"]["handle"]} {notif["uri"]} {notif["cid"]} : {json_dumps(notif, indent=2)}')

            # TODO: verify sig. skipping this for now because we're getting
            # these from the AppView, which is trusted, specifically we expect
            # the BGS and/or the AppView already checked sigs.
            obj = Object.get_or_create(id=notif['uri'], bsky=notif['record'],
-                                       source_protocol=ATProto.ABBREV)
+                                       source_protocol=ATProto.ABBREV,
+                                       actor=actor_did)
            if not obj.status:
                obj.status = 'new'
            obj.add('notify', user.key)
            obj.put()

            common.create_task(queue='receive', obj=obj.key.urlsafe(),
-                               authed_as=notif['author']['did'])
+                               authed_as=actor_did)

    return 'OK'

@ -585,13 +587,16 @@ def poll_posts():
            # TODO: verify sig. skipping this for now because we're getting
            # these from the AppView, which is trusted, specifically we expect
            # the BGS and/or the AppView already checked sigs.
+            author_did = post['author']['did']
            obj = Object.get_or_create(id=post['uri'], bsky=post['record'],
-                                       source_protocol=ATProto.ABBREV)
+                                       source_protocol=ATProto.ABBREV,
+                                       actor=author_did)
            if not obj.status:
                obj.status = 'new'
            obj.add('feed', user.key)
            obj.put()

-            common.create_task(queue='receive', obj=obj.key.urlsafe(), authed_as=did)
+            common.create_task(queue='receive', obj=obj.key.urlsafe(),
+                               authed_as=author_did)

    return 'OK'
--- a/tests/test_atproto.py
+++ b/tests/test_atproto.py
@ -1188,7 +1188,7 @@ class ATProtoTest(TestCase):
        post_obj = Object.get_by_id('at://did:web:alice.com/app.bsky.feed.post/123')
        self.assertEqual(post, post_obj.bsky)
        self.assert_task(mock_create_task, 'receive', '/queue/receive',
-                         obj=post_obj.key.urlsafe(), authed_as='did:plc:a')
+                         obj=post_obj.key.urlsafe(), authed_as='did:web:alice.com')

        # TODO: https://github.com/snarfed/bridgy-fed/issues/728
        # repost_obj = Object.get_by_id('at://did:plc:d/app.bsky.feed.post/456')