Verify ID of received apub objects against domain allowlist etc
This commit is contained in:
parent
37b438a77f
commit
233aa34d54
5 changed files with 25 additions and 7 deletions
|
@ -1,6 +1,7 @@
|
||||||
use crate::{
|
use crate::{
|
||||||
apub::{
|
apub::{
|
||||||
activities::{generate_activity_id, send_activity_to_community},
|
activities::{generate_activity_id, send_activity_to_community},
|
||||||
|
check_is_apub_id_valid,
|
||||||
create_apub_response,
|
create_apub_response,
|
||||||
create_apub_tombstone_response,
|
create_apub_tombstone_response,
|
||||||
create_tombstone,
|
create_tombstone,
|
||||||
|
@ -166,6 +167,9 @@ impl FromApub for CommentForm {
|
||||||
None => None,
|
None => None,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
let ap_id = note.id_unchecked().unwrap().to_string();
|
||||||
|
check_is_apub_id_valid(&Url::parse(&ap_id)?)?;
|
||||||
|
|
||||||
Ok(CommentForm {
|
Ok(CommentForm {
|
||||||
creator_id: creator.id,
|
creator_id: creator.id,
|
||||||
post_id: post.id,
|
post_id: post.id,
|
||||||
|
@ -181,7 +185,7 @@ impl FromApub for CommentForm {
|
||||||
published: note.published().map(|u| u.to_owned().naive_local()),
|
published: note.published().map(|u| u.to_owned().naive_local()),
|
||||||
updated: note.updated().map(|u| u.to_owned().naive_local()),
|
updated: note.updated().map(|u| u.to_owned().naive_local()),
|
||||||
deleted: None,
|
deleted: None,
|
||||||
ap_id: note.id_unchecked().unwrap().to_string(),
|
ap_id,
|
||||||
local: false,
|
local: false,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
use crate::{
|
use crate::{
|
||||||
apub::{
|
apub::{
|
||||||
activities::{generate_activity_id, send_activity},
|
activities::{generate_activity_id, send_activity},
|
||||||
|
check_is_apub_id_valid,
|
||||||
create_apub_response,
|
create_apub_response,
|
||||||
create_apub_tombstone_response,
|
create_apub_tombstone_response,
|
||||||
create_tombstone,
|
create_tombstone,
|
||||||
|
@ -334,6 +335,8 @@ impl FromApub for CommunityForm {
|
||||||
.unwrap();
|
.unwrap();
|
||||||
|
|
||||||
let creator = get_or_fetch_and_upsert_user(creator_uri, client, pool).await?;
|
let creator = get_or_fetch_and_upsert_user(creator_uri, client, pool).await?;
|
||||||
|
let actor_id = group.inner.id_unchecked().unwrap().to_string();
|
||||||
|
check_is_apub_id_valid(&Url::parse(&actor_id)?)?;
|
||||||
|
|
||||||
Ok(CommunityForm {
|
Ok(CommunityForm {
|
||||||
name: group
|
name: group
|
||||||
|
@ -359,7 +362,7 @@ impl FromApub for CommunityForm {
|
||||||
updated: group.inner.updated().map(|u| u.to_owned().naive_local()),
|
updated: group.inner.updated().map(|u| u.to_owned().naive_local()),
|
||||||
deleted: None,
|
deleted: None,
|
||||||
nsfw: group.ext_one.sensitive,
|
nsfw: group.ext_one.sensitive,
|
||||||
actor_id: group.inner.id_unchecked().unwrap().to_string(),
|
actor_id,
|
||||||
local: false,
|
local: false,
|
||||||
private_key: None,
|
private_key: None,
|
||||||
public_key: Some(group.ext_two.to_owned().public_key.public_key_pem),
|
public_key: Some(group.ext_two.to_owned().public_key.public_key_pem),
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
use crate::{
|
use crate::{
|
||||||
apub::{
|
apub::{
|
||||||
activities::{generate_activity_id, send_activity_to_community},
|
activities::{generate_activity_id, send_activity_to_community},
|
||||||
|
check_is_apub_id_valid,
|
||||||
create_apub_response,
|
create_apub_response,
|
||||||
create_apub_tombstone_response,
|
create_apub_tombstone_response,
|
||||||
create_tombstone,
|
create_tombstone,
|
||||||
|
@ -203,6 +204,9 @@ impl FromApub for PostForm {
|
||||||
None => (None, None, None),
|
None => (None, None, None),
|
||||||
};
|
};
|
||||||
|
|
||||||
|
let ap_id = page.inner.id_unchecked().unwrap().to_string();
|
||||||
|
check_is_apub_id_valid(&Url::parse(&ap_id)?)?;
|
||||||
|
|
||||||
let url = page
|
let url = page
|
||||||
.inner
|
.inner
|
||||||
.url()
|
.url()
|
||||||
|
@ -245,7 +249,7 @@ impl FromApub for PostForm {
|
||||||
embed_description,
|
embed_description,
|
||||||
embed_html,
|
embed_html,
|
||||||
thumbnail_url,
|
thumbnail_url,
|
||||||
ap_id: page.inner.id_unchecked().unwrap().to_string(),
|
ap_id,
|
||||||
local: false,
|
local: false,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
use crate::{
|
use crate::{
|
||||||
apub::{
|
apub::{
|
||||||
activities::{generate_activity_id, send_activity},
|
activities::{generate_activity_id, send_activity},
|
||||||
|
check_is_apub_id_valid,
|
||||||
create_tombstone,
|
create_tombstone,
|
||||||
fetcher::get_or_fetch_and_upsert_user,
|
fetcher::get_or_fetch_and_upsert_user,
|
||||||
insert_activity,
|
insert_activity,
|
||||||
|
@ -84,10 +85,10 @@ impl FromApub for PrivateMessageForm {
|
||||||
.unwrap();
|
.unwrap();
|
||||||
|
|
||||||
let creator = get_or_fetch_and_upsert_user(&creator_actor_id, client, pool).await?;
|
let creator = get_or_fetch_and_upsert_user(&creator_actor_id, client, pool).await?;
|
||||||
|
|
||||||
let recipient_actor_id = note.to().unwrap().clone().single_xsd_any_uri().unwrap();
|
let recipient_actor_id = note.to().unwrap().clone().single_xsd_any_uri().unwrap();
|
||||||
|
|
||||||
let recipient = get_or_fetch_and_upsert_user(&recipient_actor_id, client, pool).await?;
|
let recipient = get_or_fetch_and_upsert_user(&recipient_actor_id, client, pool).await?;
|
||||||
|
let ap_id = note.id_unchecked().unwrap().to_string();
|
||||||
|
check_is_apub_id_valid(&Url::parse(&ap_id)?)?;
|
||||||
|
|
||||||
Ok(PrivateMessageForm {
|
Ok(PrivateMessageForm {
|
||||||
creator_id: creator.id,
|
creator_id: creator.id,
|
||||||
|
@ -102,7 +103,7 @@ impl FromApub for PrivateMessageForm {
|
||||||
updated: note.updated().map(|u| u.to_owned().naive_local()),
|
updated: note.updated().map(|u| u.to_owned().naive_local()),
|
||||||
deleted: None,
|
deleted: None,
|
||||||
read: None,
|
read: None,
|
||||||
ap_id: note.id_unchecked().unwrap().to_string(),
|
ap_id,
|
||||||
local: false,
|
local: false,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
use crate::{
|
use crate::{
|
||||||
apub::{
|
apub::{
|
||||||
activities::{generate_activity_id, send_activity},
|
activities::{generate_activity_id, send_activity},
|
||||||
|
check_is_apub_id_valid,
|
||||||
create_apub_response,
|
create_apub_response,
|
||||||
insert_activity,
|
insert_activity,
|
||||||
ActorType,
|
ActorType,
|
||||||
|
@ -217,6 +218,11 @@ impl FromApub for UserForm {
|
||||||
None => None,
|
None => None,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// TODO: here and in community we could actually check against the exact domain where we fetched
|
||||||
|
// the actor from, if we can pass it in somehow
|
||||||
|
let actor_id = person.id_unchecked().unwrap().to_string();
|
||||||
|
check_is_apub_id_valid(&Url::parse(&actor_id)?)?;
|
||||||
|
|
||||||
Ok(UserForm {
|
Ok(UserForm {
|
||||||
name: person
|
name: person
|
||||||
.name()
|
.name()
|
||||||
|
@ -241,7 +247,7 @@ impl FromApub for UserForm {
|
||||||
show_avatars: false,
|
show_avatars: false,
|
||||||
send_notifications_to_email: false,
|
send_notifications_to_email: false,
|
||||||
matrix_user_id: None,
|
matrix_user_id: None,
|
||||||
actor_id: person.id_unchecked().unwrap().to_string(),
|
actor_id,
|
||||||
bio: person
|
bio: person
|
||||||
.inner
|
.inner
|
||||||
.summary()
|
.summary()
|
||||||
|
|
Loading…
Reference in a new issue