+ defp maybe_require_signature(
+ %{assigns: %{valid_signature: true, signature_actor_id: actor_id}} = conn
+ ) do
+ # inboxes implicitly need http signatures for authentication
+ # so we don't really know if the instance will have broken federation after
+ # we turn on authorized_fetch_mode.
+ #
+ # to "check" this is a signed fetch, verify if method is GET
+ if conn.method == "GET" do
+ actor_host = URI.parse(actor_id).host
+
+ case @cachex.get(:request_signatures_cache, actor_host) do
+ {:ok, nil} ->
+ Logger.debug("Successful signature from #{actor_host}")
+ Instances.set_request_signatures(actor_host)
+ @cachex.put(:request_signatures_cache, actor_host, true)
+
+ {:ok, true} ->
+ :noop
+
+ any ->
+ Logger.warn(
+ "expected request signature cache to return a boolean, instead got #{inspect(any)}"
+ )
+ end
+ end