mirrors/barkey
1
0
Fork 0
mirror of https://codeberg.org/yeentown/barkey.git synced 2025-10-26 19:14:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Validate host in activity

Browse source
This commit is contained in:
mei23 2018-08-30 20:53:41 +09:00
parent dddf7834cc
commit 48223c1c76
1 changed files with 55 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
src/queue/processors/http/process-inbox.ts
View file

@ -6,6 +6,8 @@ import parseAcct from '../../../misc/acct/parse';
import User, { IRemoteUser } from '../../../models/user'; import User, { IRemoteUser } from '../../../models/user';
import perform from '../../../remote/activitypub/perform'; import perform from '../../../remote/activitypub/perform';
import { resolvePerson } from '../../../remote/activitypub/models/person'; import { resolvePerson } from '../../../remote/activitypub/models/person';
import { toUnicode } from 'punycode';
import { URL } from 'url';
const log = debug('misskey:queue:inbox'); const log = debug('misskey:queue:inbox');
@ -32,6 +34,15 @@ export default async (job: bq.Job, done: any): Promise<void> => {
return; return;
} }
// アクティビティ内のホストの検証
try {
ValidateActivity(activity, host);
} catch (e) {
console.warn(e);
done();
return;
}
user = await User.findOne({ usernameLower: username, host: host.toLowerCase() }) as IRemoteUser; user = await User.findOne({ usernameLower: username, host: host.toLowerCase() }) as IRemoteUser;
// アクティビティを送信してきたユーザーがまだMisskeyサーバーに登録されていなかったら登録する // アクティビティを送信してきたユーザーがまだMisskeyサーバーに登録されていなかったら登録する
@ -39,6 +50,16 @@ export default async (job: bq.Job, done: any): Promise<void> => {
user = await resolvePerson(activity.actor) as IRemoteUser; user = await resolvePerson(activity.actor) as IRemoteUser;
} }
} else { } else {
// アクティビティ内のホストの検証
const host = toUnicode(new URL(signature.keyId).hostname.toLowerCase());
try {
ValidateActivity(activity, host);
} catch (e) {
console.warn(e);
done();
return;
}
user = await User.findOne({ user = await User.findOne({
host: { $ne: null }, host: { $ne: null },
'publicKey.id': signature.keyId 'publicKey.id': signature.keyId
@ -69,3 +90,37 @@ export default async (job: bq.Job, done: any): Promise<void> => {
done(e); done(e);
} }
}; };
/**
* Validate host in activity
* @param activity Activity
* @param host Expect host
*/
function ValidateActivity(activity: any, host: string) {
// id (if exists)
if (typeof activity.id === 'string') {
const uriHost = toUnicode(new URL(activity.id).hostname.toLowerCase());
if (host !== uriHost) throw new Error('activity.id has different host');
}
// actor (if exists)
if (typeof activity.actor === 'string') {
const uriHost = toUnicode(new URL(activity.actor).hostname.toLowerCase());
if (host !== uriHost) throw new Error('activity.actor has different host');
}
// For Create activity
if (activity.type === 'Create' && activity.object) {
// object.id (if exists)
if (typeof activity.object.id === 'string') {
const uriHost = toUnicode(new URL(activity.object.id).hostname.toLowerCase());
if (host !== uriHost) throw new Error('activity.object.id has different host');
}
// object.attributedTo (if exists)
if (typeof activity.object.attributedTo === 'string') {
const uriHost = toUnicode(new URL(activity.object.attributedTo).hostname.toLowerCase());
if (host !== uriHost) throw new Error('activity.object.attributedTo has different host');
}
}
}