diff --git a/packages/backend/src/remote/activitypub/check-fetch.ts b/packages/backend/src/remote/activitypub/check-fetch.ts
index 3e52575a9..a3e241c25 100644
--- a/packages/backend/src/remote/activitypub/check-fetch.ts
+++ b/packages/backend/src/remote/activitypub/check-fetch.ts
@@ -7,6 +7,8 @@ import DbResolver from "@/remote/activitypub/db-resolver.js";
 import { getApId } from "@/remote/activitypub/type.js";
 import { shouldBlockInstance } from "@/misc/should-block-instance.js";
 import type { IncomingMessage } from "http";
+import type { CacheableRemoteUser } from "@/models/entities/user.js";
+import type { UserPublickey } from "@/models/entities/user-publickey.js";
 
 export async function hasSignature(req: IncomingMessage): Promise<string> {
 	const meta = await fetchMeta();
@@ -98,7 +100,10 @@ export async function checkFetch(req: IncomingMessage): Promise<number> {
 
 export async function getSignatureUser(
 	req: IncomingMessage,
-): Promise<CacheableRemoteUser> {
+): Promise<{
+	user: CacheableRemoteUser;
+	key: UserPublickey | null;
+} | null> {
 	let authUser;
 	const meta = await fetchMeta();
 	if (meta.secureMode || meta.privateMode) {
@@ -114,7 +119,7 @@ export async function getSignatureUser(
 		const host = toPuny(keyId.hostname);
 
 		if (await shouldBlockInstance(host, meta)) {
-			return 403;
+			return null;
 		}
 
 		if (
@@ -137,20 +142,20 @@ export async function getSignatureUser(
 		authUser = await dbResolver.getAuthUserFromKeyId(signature.keyId);
 
 		// keyIdでわからなければ、resolveしてみる
-		if (authUser == null) {
+		if (!authUser) {
 			try {
 				keyId.hash = "";
 				authUser = await dbResolver.getAuthUserFromApId(
 					getApId(keyId.toString()),
 				);
-			} catch (e) {
+			} catch {
 				// できなければ駄目
 				return null;
 			}
 		}
 
 		// publicKey がなくても終了
-		if (authUser?.key == null) {
+		if (!authUser?.key) {
 			return null;
 		}
 
diff --git a/packages/backend/src/server/activitypub.ts b/packages/backend/src/server/activitypub.ts
index 548aafdd2..f9d5eb99c 100644
--- a/packages/backend/src/server/activitypub.ts
+++ b/packages/backend/src/server/activitypub.ts
@@ -108,17 +108,23 @@ router.get("/notes/:note", async (ctx, next) => {
 		return;
 	}
 
-	if (note.visibility == "followers") {
+	if (note.visibility === "followers") {
 		serverLogger.debug(
 			"Responding to request for follower-only note, validating access...",
 		);
-		let remoteUser = await getSignatureUser(ctx.req);
+		const remoteUser = await getSignatureUser(ctx.req);
 		serverLogger.debug("Local note author user:");
 		serverLogger.debug(JSON.stringify(note, null, 2));
 		serverLogger.debug("Authenticated remote user:");
 		serverLogger.debug(JSON.stringify(remoteUser, null, 2));
 
-		let relation = await Users.getRelation(remoteUser.user.id, note.userId);
+		if (remoteUser == null) {
+			serverLogger.debug("Rejecting: no user");
+			ctx.status = 401;
+			return;
+		}
+
+		const relation = await Users.getRelation(remoteUser.user.id, note.userId);
 		serverLogger.debug("Relation:");
 		serverLogger.debug(JSON.stringify(relation, null, 2));