Handle unverified deletes from gone actors

Register an unverified activity hook for inbox deliveries and acknowledge
Delete activities whose signing key fetch fails with 410 Gone.

This prevents repeated delivery attempts from remote servers after an
actor has been deleted while keeping the default 401 behavior for other
unverified requests.

Author: dahlia

CHANGES.md

@@ -67,6 +67,12 @@ To be released.
         associated follows, mentions, likes, etc. via cascade) since the
         actor is explicitly marked as permanently gone.
 
+ -  Improved inbox handling for deleted remote actors using Fedify 2.1.0's
+    unverified activity hooks.  Hollo now acknowledges unverifiable `Delete`
+    activities with `202 Accepted` when the signing key fetch fails with
+    `410 Gone`, preventing repeated delivery retries for actors that have
+    already been permanently deleted.
+
  -  Added `FEDIFY_DEBUG` environment variable to enable the [Fedify debugger],
     an embedded real-time dashboard for inspecting ActivityPub traces and
     activities.  When enabled, the debug dashboard is accessible at
@@ -79,7 +85,7 @@ To be released.
     emoji reaction/unreaction, follow request lifecycle messages,
     block/unblock, and post updates triggered by replies and poll votes.
 
- -  Upgraded Fedify to 2.0.7.
+ -  Upgraded Fedify to 2.1.0.
 
 [#348]: https://github.com/fedify-dev/hollo/issues/348
 [#350]: https://github.com/fedify-dev/hollo/issues/350

src/federation/index.test.ts

@@ -1,11 +1,13 @@
+import type { UnverifiedActivityReason } from "@fedify/fedify";
+import { Delete, Follow } from "@fedify/vocab";
 import { eq } from "drizzle-orm";
 import { beforeEach, describe, expect, it } from "vitest";
 import { cleanDatabase } from "../../tests/helpers";
 import { createAccount } from "../../tests/helpers/oauth";
 import db from "../db";
 import * as Schema from "../schema";
 import type { Uuid } from "../uuid";
-import { onOutboxPermanentFailure } from "./index";
+import { onOutboxPermanentFailure, onUnverifiedActivity } from "./index";
 
 async function createRemoteAccount(
   username: string,
@@ -59,6 +61,17 @@ async function createFollow(
   });
 }
 
+function createKeyFetchErrorReason(status: number): UnverifiedActivityReason {
+  return {
+    type: "keyFetchError",
+    keyId: new URL("https://remote.test/@alice#main-key"),
+    result: {
+      status,
+      response: new Response(null, { status }),
+    },
+  };
+}
+
 describe("onOutboxPermanentFailure", () => {
   beforeEach(async () => {
     await cleanDatabase();
@@ -293,3 +306,83 @@ describe("onOutboxPermanentFailure", () => {
     });
   });
 });
+
+describe("onUnverifiedActivity", () => {
+  it("should acknowledge Delete activities whose actor key returns 410 Gone", async () => {
+    expect.assertions(1);
+
+    const response = await onUnverifiedActivity(
+      null as never,
+      new Delete({
+        actor: new URL("https://remote.test/@alice"),
+        object: new URL("https://remote.test/@alice"),
+      }),
+      createKeyFetchErrorReason(410),
+    );
+
+    expect(response?.status).toBe(202);
+  });
+
+  it("should ignore Delete activities whose actor key returns 404", async () => {
+    expect.assertions(1);
+
+    const response = await onUnverifiedActivity(
+      null as never,
+      new Delete({
+        actor: new URL("https://remote.test/@alice"),
+        object: new URL("https://remote.test/@alice"),
+      }),
+      createKeyFetchErrorReason(404),
+    );
+
+    expect(response).toBeUndefined();
+  });
+
+  it("should ignore non-Delete activities even if the key fetch returns 410", async () => {
+    expect.assertions(1);
+
+    const response = await onUnverifiedActivity(
+      null as never,
+      new Follow({
+        actor: new URL("https://remote.test/@alice"),
+        object: new URL("https://hollo.test/@owner"),
+      }),
+      createKeyFetchErrorReason(410),
+    );
+
+    expect(response).toBeUndefined();
+  });
+
+  it("should ignore invalid signatures", async () => {
+    expect.assertions(1);
+
+    const response = await onUnverifiedActivity(
+      null as never,
+      new Delete({
+        actor: new URL("https://remote.test/@alice"),
+        object: new URL("https://remote.test/@alice"),
+      }),
+      {
+        type: "invalidSignature",
+        keyId: new URL("https://remote.test/@alice#main-key"),
+      },
+    );
+
+    expect(response).toBeUndefined();
+  });
+
+  it("should ignore unsigned activities", async () => {
+    expect.assertions(1);
+
+    const response = await onUnverifiedActivity(
+      null as never,
+      new Delete({
+        actor: new URL("https://remote.test/@alice"),
+        object: new URL("https://remote.test/@alice"),
+      }),
+      { type: "noSignature" },
+    );
+
+    expect(response).toBeUndefined();
+  });
+});

src/federation/index.ts

@@ -1,3 +1,4 @@
+import type { UnverifiedActivityHandler } from "@fedify/fedify";
 import {
   Accept,
   Activity,
@@ -56,8 +57,24 @@ import { isPost } from "./post";
 
 const inboxLogger = getLogger(["hollo", "federation", "inbox"]);
 
+export const onUnverifiedActivity: UnverifiedActivityHandler<void> = (
+  _ctx,
+  activity,
+  reason,
+) => {
+  if (
+    activity instanceof Delete &&
+    reason.type === "keyFetchError" &&
+    "status" in reason.result &&
+    reason.result.status === 410
+  ) {
+    return new Response(null, { status: 202 });
+  }
+};
+
 federation
   .setInboxListeners("/@{identifier}/inbox", "/inbox")
+  .onUnverifiedActivity(onUnverifiedActivity)
   .setSharedKeyDispatcher(async (_) => {
     const anyOwner = await db.query.accountOwners.findFirst();
     return anyOwner == null ? null : { username: anyOwner.handle };