From dceebaed419ca894c70141d20fe1a38c1b52d831 Mon Sep 17 00:00:00 2001
From: Mint <>
Date: Tue, 31 Jan 2023 01:36:25 +0300
Subject: [PATCH] Do not hardcode path to the user used for signed fetches
 spoofing

---
 config/config.exs             | 2 +-
 lib/pleroma/object/fetcher.ex | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/config.exs b/config/config.exs
index 4ee3a705f..ee56d63fb 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -370,7 +370,7 @@
 overwrite this with your internal.fetch key rippen from donor instance DB
 yes, just like that, newlines are important
 -----END RSA PRIVATE KEY-----",
-  spoofed_instance: "https://funnydomain.example",
+  spoofed_user: "https://funnydomain.example/internal/fetch",
   max_collection_objects: 50
 
 config :pleroma, :streamer,
diff --git a/lib/pleroma/object/fetcher.ex b/lib/pleroma/object/fetcher.ex
index 4defce664..2cdf1074c 100644
--- a/lib/pleroma/object/fetcher.ex
+++ b/lib/pleroma/object/fetcher.ex
@@ -215,10 +215,10 @@ defp make_signature(id, date) do
     else
       ""
     end
-    spoofed_instance = Pleroma.Config.get([:activitypub, :spoofed_instance])
+    spoofed_user = Pleroma.Config.get([:activitypub, :spoofed_user])
 
     signature = if Pleroma.Config.get([:activitypub, :spoof_object_fetch_signatures]) do
-      HTTPSignatures.sign(spoofed_key, spoofed_instance <> "/internal/fetch#main-key", %{
+      HTTPSignatures.sign(spoofed_key, spoofed_user <> "#main-key", %{
         "(request-target)": "get #{uri.path}",
         host: uri.host,
         date: date