Add check to make sure that inbox doesnt receive local activities (ref #1283)

This commit is contained in:
Felix Ableitner 2020-11-30 22:04:12 +01:00
parent 9435994405
commit 2df0008902
4 changed files with 26 additions and 1 deletions

View file

@ -1,6 +1,7 @@
use crate::{ use crate::{
activities::receive::verify_activity_domains_valid, activities::receive::verify_activity_domains_valid,
inbox::{ inbox::{
assert_activity_not_local,
get_activity_id, get_activity_id,
get_activity_to_and_cc, get_activity_to_and_cc,
inbox_verify_http_signature, inbox_verify_http_signature,
@ -85,6 +86,7 @@ pub async fn community_inbox(
return Err(anyhow!("Activity delivered to wrong community").into()); return Err(anyhow!("Activity delivered to wrong community").into());
} }
assert_activity_not_local(&activity)?;
insert_activity(&activity_id, activity.clone(), false, true, context.pool()).await?; insert_activity(&activity_id, activity.clone(), false, true, context.pool()).await?;
info!( info!(

View file

@ -14,7 +14,7 @@ use actix_web::HttpRequest;
use anyhow::{anyhow, Context}; use anyhow::{anyhow, Context};
use lemmy_db::{activity::Activity, community::Community, user::User_, DbPool}; use lemmy_db::{activity::Activity, community::Community, user::User_, DbPool};
use lemmy_structs::blocking; use lemmy_structs::blocking;
use lemmy_utils::{location_info, LemmyError}; use lemmy_utils::{location_info, settings::Settings, LemmyError};
use lemmy_websocket::LemmyContext; use lemmy_websocket::LemmyContext;
use serde::{export::fmt::Debug, Serialize}; use serde::{export::fmt::Debug, Serialize};
use url::Url; use url::Url;
@ -151,3 +151,22 @@ pub(crate) async fn is_addressed_to_community_followers(
} }
Ok(None) Ok(None)
} }
pub(in crate::inbox) fn assert_activity_not_local<T, Kind>(activity: &T) -> Result<(), LemmyError>
where
T: BaseExt<Kind> + Debug,
{
let id = activity.id_unchecked().context(location_info!())?;
let activity_domain = id.domain().context(location_info!())?;
if activity_domain != Settings::get().hostname {
return Err(
anyhow!(
"Error: received activity which was sent by local instance: {:?}",
activity
)
.into(),
);
}
Ok(())
}

View file

@ -1,5 +1,6 @@
use crate::{ use crate::{
inbox::{ inbox::{
assert_activity_not_local,
community_inbox::{community_receive_message, CommunityAcceptedActivities}, community_inbox::{community_receive_message, CommunityAcceptedActivities},
get_activity_id, get_activity_id,
get_activity_to_and_cc, get_activity_to_and_cc,
@ -58,6 +59,7 @@ pub async fn shared_inbox(
return Ok(HttpResponse::Ok().finish()); return Ok(HttpResponse::Ok().finish());
} }
assert_activity_not_local(&activity)?;
// Log the activity, so we avoid receiving and parsing it twice. Note that this could still happen // Log the activity, so we avoid receiving and parsing it twice. Note that this could still happen
// if we receive the same activity twice in very quick succession. // if we receive the same activity twice in very quick succession.
insert_activity(&activity_id, activity.clone(), false, true, context.pool()).await?; insert_activity(&activity_id, activity.clone(), false, true, context.pool()).await?;

View file

@ -19,6 +19,7 @@ use crate::{
check_is_apub_id_valid, check_is_apub_id_valid,
fetcher::get_or_fetch_and_upsert_community, fetcher::get_or_fetch_and_upsert_community,
inbox::{ inbox::{
assert_activity_not_local,
get_activity_id, get_activity_id,
get_activity_to_and_cc, get_activity_to_and_cc,
inbox_verify_http_signature, inbox_verify_http_signature,
@ -106,6 +107,7 @@ pub async fn user_inbox(
return Err(anyhow!("Activity delivered to wrong user").into()); return Err(anyhow!("Activity delivered to wrong user").into());
} }
assert_activity_not_local(&activity)?;
insert_activity(&activity_id, activity.clone(), false, true, context.pool()).await?; insert_activity(&activity_id, activity.clone(), false, true, context.pool()).await?;
debug!( debug!(