From 376fef76bf92b2ab52bad272cb5a0dd8119c66ac Mon Sep 17 00:00:00 2001
From: Thomas Sileo <t@a4.io>
Date: Sun, 10 Jul 2022 12:53:45 +0200
Subject: [PATCH] Improve forwarded activity processing

---
 app/boxes.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/app/boxes.py b/app/boxes.py
index cfb39ce..706558c 100644
--- a/app/boxes.py
+++ b/app/boxes.py
@@ -806,9 +806,15 @@ async def save_to_inbox(
     if httpsig_info.signed_by_ap_actor_id != actor.ap_id:
         logger.info(f"Processing a forwarded activity {httpsig_info=}/{actor.ap_id}")
         if not (await ldsig.verify_signature(db_session, raw_object)):
-            logger.warning("Failed to verify LD sig")
-            # FIXME(ts): fetch the remote object
-            raise fastapi.HTTPException(status_code=401, detail="Invalid LD sig")
+            logger.warning(
+                f"Failed to verify LD sig, fetching remote object {raw_object_id}"
+            )
+
+            # Try to fetch the remote object since we failed to verify the LD sig
+            try:
+                raw_object = await ap.fetch(raw_object_id)
+            except Exception:
+                raise fastapi.HTTPException(status_code=401, detail="Invalid LD sig")
 
     if (
         await db_session.scalar(