From 537bc230a54ceae5cff4417f7b6032345d01c302 Mon Sep 17 00:00:00 2001
From: Andy Neillans <andy@neillans.co.uk>
Date: Wed, 27 Aug 2025 17:56:16 +0100
Subject: [PATCH] Updated the actor verifier for IceShrimp.net

---
 src/middleware/verifier.rs | 29 +++++++++++++++++++++++++----
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/src/middleware/verifier.rs b/src/middleware/verifier.rs
index 91debe5..78d6d04 100644
--- a/src/middleware/verifier.rs
+++ b/src/middleware/verifier.rs
@@ -28,7 +28,7 @@ impl MyVerify {
         // receiving an activity from a domain indicates it is probably online
         self.0.reset_breaker(&public_key_id);
 
-        let actor_id = if let Some(mut actor_id) = self
+        let actor_id = if let Some(actor_id) = self
             .2
             .db
             .actor_id_from_public_key_id(public_key_id.clone())
@@ -38,8 +38,18 @@ impl MyVerify {
                 return Err(ErrorKind::NotAllowed(key_id).into());
             }
 
-            actor_id.set_fragment(None);
-            let actor = self.1.get(&actor_id, &self.0).await?;
+            // Try with fully qualified URI first (including fragment), then fallback to fragment-stripped URI
+            let actor_with_fragment = actor_id.clone();
+            let mut actor_without_fragment = actor_id.clone();
+            actor_without_fragment.set_fragment(None);
+
+            let actor = match self.1.get(&actor_with_fragment, &self.0).await {
+                Ok(actor) => actor,
+                Err(_) => {
+                    // Fallback to fragment-stripped URI for backward compatibility
+                    self.1.get(&actor_without_fragment, &self.0).await?
+                }
+            };
             let was_cached = actor.is_cached();
             let actor = actor.into_inner();
 
@@ -90,7 +100,18 @@ impl MyVerify {
         // Previously we verified the sig from an actor's local cache
         //
         // Now we make sure we fetch an updated actor
-        let actor = self.1.get_no_cache(&actor_id, &self.0).await?;
+        // Try with fully qualified URI first (including fragment), then fallback to fragment-stripped URI
+        let actor_with_fragment = actor_id.clone();
+        let mut actor_without_fragment = actor_id.clone();
+        actor_without_fragment.set_fragment(None);
+
+        let actor = match self.1.get_no_cache(&actor_with_fragment, &self.0).await {
+            Ok(actor) => actor,
+            Err(_) => {
+                // Fallback to fragment-stripped URI for backward compatibility
+                self.1.get_no_cache(&actor_without_fragment, &self.0).await?
+            }
+        };
 
         do_verify(&self.3, &actor.public_key, signature, signing_string).await?;