Remove check that avatars/banners are locally hosted (fixes #2254) (#2255)

This commit is contained in:
Nutomic 2022-05-10 17:08:13 +00:00 committed by GitHub
parent 99f3141841
commit f0ec3015cd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 11 additions and 75 deletions

View file

@ -2,12 +2,7 @@ use crate::Perform;
use actix_web::web::Data; use actix_web::web::Data;
use lemmy_api_common::{ use lemmy_api_common::{
person::{LoginResponse, SaveUserSettings}, person::{LoginResponse, SaveUserSettings},
utils::{ utils::{blocking, get_local_user_view_from_jwt, send_verification_email},
blocking,
check_image_has_local_domain,
get_local_user_view_from_jwt,
send_verification_email,
},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -49,9 +44,6 @@ impl Perform for SaveUserSettings {
let email_deref = data.email.as_deref().map(|e| e.to_owned()); let email_deref = data.email.as_deref().map(|e| e.to_owned());
let email = diesel_option_overwrite(&email_deref); let email = diesel_option_overwrite(&email_deref);
check_image_has_local_domain(avatar.as_ref().unwrap_or(&None))?;
check_image_has_local_domain(banner.as_ref().unwrap_or(&None))?;
if let Some(Some(email)) = &email { if let Some(Some(email)) = &email {
let previous_email = local_user_view.local_user.email.clone().unwrap_or_default(); let previous_email = local_user_view.local_user.email.clone().unwrap_or_default();
// Only send the verification email if there was an email change // Only send the verification email if there was an email change

View file

@ -1,6 +1,6 @@
use crate::{sensitive::Sensitive, site::FederatedInstances}; use crate::{sensitive::Sensitive, site::FederatedInstances};
use lemmy_db_schema::{ use lemmy_db_schema::{
newtypes::{CommunityId, DbUrl, LocalUserId, PersonId, PostId}, newtypes::{CommunityId, LocalUserId, PersonId, PostId},
source::{ source::{
comment::Comment, comment::Comment,
community::Community, community::Community,
@ -592,14 +592,3 @@ pub async fn delete_user_account(person_id: PersonId, pool: &DbPool) -> Result<(
Ok(()) Ok(())
} }
pub fn check_image_has_local_domain(url: &Option<DbUrl>) -> Result<(), LemmyError> {
if let Some(url) = url {
let settings = Settings::get();
let domain = url.domain().expect("url has domain");
if domain != settings.hostname {
return Err(LemmyError::from_message("image_not_local"));
}
}
Ok(())
}

View file

@ -2,7 +2,7 @@ use crate::PerformCrud;
use actix_web::web::Data; use actix_web::web::Data;
use lemmy_api_common::{ use lemmy_api_common::{
community::{CommunityResponse, CreateCommunity}, community::{CommunityResponse, CreateCommunity},
utils::{blocking, check_image_has_local_domain, get_local_user_view_from_jwt, is_admin}, utils::{blocking, get_local_user_view_from_jwt, is_admin},
}; };
use lemmy_apub::{ use lemmy_apub::{
generate_followers_url, generate_followers_url,
@ -65,8 +65,6 @@ impl PerformCrud for CreateCommunity {
check_slurs(&data.name, &context.settings().slur_regex())?; check_slurs(&data.name, &context.settings().slur_regex())?;
check_slurs(&data.title, &context.settings().slur_regex())?; check_slurs(&data.title, &context.settings().slur_regex())?;
check_slurs_opt(&data.description, &context.settings().slur_regex())?; check_slurs_opt(&data.description, &context.settings().slur_regex())?;
check_image_has_local_domain(icon.as_ref().unwrap_or(&None))?;
check_image_has_local_domain(banner.as_ref().unwrap_or(&None))?;
if !is_valid_actor_name(&data.name, context.settings().actor_name_max_length) { if !is_valid_actor_name(&data.name, context.settings().actor_name_max_length) {
return Err(LemmyError::from_message("invalid_community_name")); return Err(LemmyError::from_message("invalid_community_name"));

View file

@ -2,7 +2,7 @@ use crate::PerformCrud;
use actix_web::web::Data; use actix_web::web::Data;
use lemmy_api_common::{ use lemmy_api_common::{
community::{CommunityResponse, EditCommunity}, community::{CommunityResponse, EditCommunity},
utils::{blocking, check_image_has_local_domain, get_local_user_view_from_jwt}, utils::{blocking, get_local_user_view_from_jwt},
}; };
use lemmy_apub::protocol::activities::community::update::UpdateCommunity; use lemmy_apub::protocol::activities::community::update::UpdateCommunity;
use lemmy_db_schema::{ use lemmy_db_schema::{
@ -34,8 +34,6 @@ impl PerformCrud for EditCommunity {
check_slurs_opt(&data.title, &context.settings().slur_regex())?; check_slurs_opt(&data.title, &context.settings().slur_regex())?;
check_slurs_opt(&data.description, &context.settings().slur_regex())?; check_slurs_opt(&data.description, &context.settings().slur_regex())?;
check_image_has_local_domain(icon.as_ref().unwrap_or(&None))?;
check_image_has_local_domain(banner.as_ref().unwrap_or(&None))?;
// Verify its a mod (only mods can edit it) // Verify its a mod (only mods can edit it)
let community_id = data.community_id; let community_id = data.community_id;

View file

@ -2,13 +2,7 @@ use crate::PerformCrud;
use actix_web::web::Data; use actix_web::web::Data;
use lemmy_api_common::{ use lemmy_api_common::{
site::{CreateSite, SiteResponse}, site::{CreateSite, SiteResponse},
utils::{ utils::{blocking, get_local_user_view_from_jwt, is_admin, site_description_length_check},
blocking,
check_image_has_local_domain,
get_local_user_view_from_jwt,
is_admin,
site_description_length_check,
},
}; };
use lemmy_apub::generate_site_inbox_url; use lemmy_apub::generate_site_inbox_url;
use lemmy_db_schema::{ use lemmy_db_schema::{
@ -55,8 +49,6 @@ impl PerformCrud for CreateSite {
check_slurs(&data.name, &context.settings().slur_regex())?; check_slurs(&data.name, &context.settings().slur_regex())?;
check_slurs_opt(&data.description, &context.settings().slur_regex())?; check_slurs_opt(&data.description, &context.settings().slur_regex())?;
check_image_has_local_domain(icon.as_ref().unwrap_or(&None))?;
check_image_has_local_domain(banner.as_ref().unwrap_or(&None))?;
// Make sure user is an admin // Make sure user is an admin
is_admin(&local_user_view)?; is_admin(&local_user_view)?;

View file

@ -2,13 +2,7 @@ use crate::PerformCrud;
use actix_web::web::Data; use actix_web::web::Data;
use lemmy_api_common::{ use lemmy_api_common::{
site::{EditSite, SiteResponse}, site::{EditSite, SiteResponse},
utils::{ utils::{blocking, get_local_user_view_from_jwt, is_admin, site_description_length_check},
blocking,
check_image_has_local_domain,
get_local_user_view_from_jwt,
is_admin,
site_description_length_check,
},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -51,8 +45,6 @@ impl PerformCrud for EditSite {
check_slurs_opt(&data.name, &context.settings().slur_regex())?; check_slurs_opt(&data.name, &context.settings().slur_regex())?;
check_slurs_opt(&data.description, &context.settings().slur_regex())?; check_slurs_opt(&data.description, &context.settings().slur_regex())?;
check_image_has_local_domain(icon.as_ref().unwrap_or(&None))?;
check_image_has_local_domain(banner.as_ref().unwrap_or(&None))?;
if let Some(Some(desc)) = &description { if let Some(Some(desc)) = &description {
site_description_length_check(desc)?; site_description_length_check(desc)?;

View file

@ -1,6 +1,6 @@
use crate::{ use crate::{
check_is_apub_id_valid, check_is_apub_id_valid,
objects::{read_from_string_or_source_opt, verify_image_domain_matches}, objects::read_from_string_or_source_opt,
protocol::{ protocol::{
objects::instance::{Instance, InstanceType}, objects::instance::{Instance, InstanceType},
ImageObject, ImageObject,
@ -107,8 +107,6 @@ impl ApubObject for ApubSite {
) -> Result<(), LemmyError> { ) -> Result<(), LemmyError> {
check_is_apub_id_valid(apub.id.inner(), true, &data.settings())?; check_is_apub_id_valid(apub.id.inner(), true, &data.settings())?;
verify_domains_match(expected_domain, apub.id.inner())?; verify_domains_match(expected_domain, apub.id.inner())?;
verify_image_domain_matches(expected_domain, &apub.icon)?;
verify_image_domain_matches(expected_domain, &apub.image)?;
let slur_regex = &data.settings().slur_regex(); let slur_regex = &data.settings().slur_regex();
check_slurs(&apub.name, slur_regex)?; check_slurs(&apub.name, slur_regex)?;

View file

@ -1,7 +1,7 @@
use crate::protocol::{ImageObject, Source}; use crate::protocol::Source;
use anyhow::anyhow; use anyhow::anyhow;
use html2md::parse_html; use html2md::parse_html;
use lemmy_apub_lib::{values::MediaTypeMarkdownOrHtml, verify::verify_domains_match}; use lemmy_apub_lib::values::MediaTypeMarkdownOrHtml;
use lemmy_utils::{settings::structs::Settings, LemmyError}; use lemmy_utils::{settings::structs::Settings, LemmyError};
use url::Url; use url::Url;
@ -39,17 +39,6 @@ pub(crate) fn read_from_string_or_source_opt(
.map(|content| read_from_string_or_source(content, media_type, source)) .map(|content| read_from_string_or_source(content, media_type, source))
} }
pub(crate) fn verify_image_domain_matches(
a: &Url,
b: &Option<ImageObject>,
) -> Result<(), LemmyError> {
if let Some(b) = b {
verify_domains_match(a, &b.url)
} else {
Ok(())
}
}
/// When for example a Post is made in a remote community, the community will send it back, /// When for example a Post is made in a remote community, the community will send it back,
/// wrapped in Announce. If we simply receive this like any other federated object, overwrite the /// wrapped in Announce. If we simply receive this like any other federated object, overwrite the
/// existing, local Post. In particular, it will set the field local = false, so that the object /// existing, local Post. In particular, it will set the field local = false, so that the object

View file

@ -1,11 +1,7 @@
use crate::{ use crate::{
check_is_apub_id_valid, check_is_apub_id_valid,
generate_outbox_url, generate_outbox_url,
objects::{ objects::{instance::fetch_instance_actor_for_object, read_from_string_or_source_opt},
instance::fetch_instance_actor_for_object,
read_from_string_or_source_opt,
verify_image_domain_matches,
},
protocol::{ protocol::{
objects::{ objects::{
person::{Person, UserTypes}, person::{Person, UserTypes},
@ -128,8 +124,6 @@ impl ApubObject for ApubPerson {
) -> Result<(), LemmyError> { ) -> Result<(), LemmyError> {
verify_domains_match(person.id.inner(), expected_domain)?; verify_domains_match(person.id.inner(), expected_domain)?;
check_is_apub_id_valid(person.id.inner(), false, &context.settings())?; check_is_apub_id_valid(person.id.inner(), false, &context.settings())?;
verify_image_domain_matches(expected_domain, &person.icon)?;
verify_image_domain_matches(expected_domain, &person.image)?;
let slur_regex = &context.settings().slur_regex(); let slur_regex = &context.settings().slur_regex();
check_slurs(&person.preferred_username, slur_regex)?; check_slurs(&person.preferred_username, slur_regex)?;

View file

@ -4,11 +4,7 @@ use crate::{
community_moderators::ApubCommunityModerators, community_moderators::ApubCommunityModerators,
community_outbox::ApubCommunityOutbox, community_outbox::ApubCommunityOutbox,
}, },
objects::{ objects::{community::ApubCommunity, read_from_string_or_source_opt},
community::ApubCommunity,
read_from_string_or_source_opt,
verify_image_domain_matches,
},
protocol::{objects::Endpoints, ImageObject, Source}, protocol::{objects::Endpoints, ImageObject, Source},
}; };
use activitystreams_kinds::actor::GroupType; use activitystreams_kinds::actor::GroupType;
@ -65,8 +61,6 @@ impl Group {
) -> Result<(), LemmyError> { ) -> Result<(), LemmyError> {
check_is_apub_id_valid(self.id.inner(), true, &context.settings())?; check_is_apub_id_valid(self.id.inner(), true, &context.settings())?;
verify_domains_match(expected_domain, self.id.inner())?; verify_domains_match(expected_domain, self.id.inner())?;
verify_image_domain_matches(expected_domain, &self.icon)?;
verify_image_domain_matches(expected_domain, &self.image)?;
let slur_regex = &context.settings().slur_regex(); let slur_regex = &context.settings().slur_regex();
check_slurs(&self.preferred_username, slur_regex)?; check_slurs(&self.preferred_username, slur_regex)?;