Add check to make sure that inbox doesnt receive local activities (ref #1283)
This commit is contained in:
parent
9435994405
commit
2df0008902
4 changed files with 26 additions and 1 deletions
|
@ -1,6 +1,7 @@
|
||||||
use crate::{
|
use crate::{
|
||||||
activities::receive::verify_activity_domains_valid,
|
activities::receive::verify_activity_domains_valid,
|
||||||
inbox::{
|
inbox::{
|
||||||
|
assert_activity_not_local,
|
||||||
get_activity_id,
|
get_activity_id,
|
||||||
get_activity_to_and_cc,
|
get_activity_to_and_cc,
|
||||||
inbox_verify_http_signature,
|
inbox_verify_http_signature,
|
||||||
|
@ -85,6 +86,7 @@ pub async fn community_inbox(
|
||||||
return Err(anyhow!("Activity delivered to wrong community").into());
|
return Err(anyhow!("Activity delivered to wrong community").into());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
assert_activity_not_local(&activity)?;
|
||||||
insert_activity(&activity_id, activity.clone(), false, true, context.pool()).await?;
|
insert_activity(&activity_id, activity.clone(), false, true, context.pool()).await?;
|
||||||
|
|
||||||
info!(
|
info!(
|
||||||
|
|
|
@ -14,7 +14,7 @@ use actix_web::HttpRequest;
|
||||||
use anyhow::{anyhow, Context};
|
use anyhow::{anyhow, Context};
|
||||||
use lemmy_db::{activity::Activity, community::Community, user::User_, DbPool};
|
use lemmy_db::{activity::Activity, community::Community, user::User_, DbPool};
|
||||||
use lemmy_structs::blocking;
|
use lemmy_structs::blocking;
|
||||||
use lemmy_utils::{location_info, LemmyError};
|
use lemmy_utils::{location_info, settings::Settings, LemmyError};
|
||||||
use lemmy_websocket::LemmyContext;
|
use lemmy_websocket::LemmyContext;
|
||||||
use serde::{export::fmt::Debug, Serialize};
|
use serde::{export::fmt::Debug, Serialize};
|
||||||
use url::Url;
|
use url::Url;
|
||||||
|
@ -151,3 +151,22 @@ pub(crate) async fn is_addressed_to_community_followers(
|
||||||
}
|
}
|
||||||
Ok(None)
|
Ok(None)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub(in crate::inbox) fn assert_activity_not_local<T, Kind>(activity: &T) -> Result<(), LemmyError>
|
||||||
|
where
|
||||||
|
T: BaseExt<Kind> + Debug,
|
||||||
|
{
|
||||||
|
let id = activity.id_unchecked().context(location_info!())?;
|
||||||
|
let activity_domain = id.domain().context(location_info!())?;
|
||||||
|
|
||||||
|
if activity_domain != Settings::get().hostname {
|
||||||
|
return Err(
|
||||||
|
anyhow!(
|
||||||
|
"Error: received activity which was sent by local instance: {:?}",
|
||||||
|
activity
|
||||||
|
)
|
||||||
|
.into(),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
use crate::{
|
use crate::{
|
||||||
inbox::{
|
inbox::{
|
||||||
|
assert_activity_not_local,
|
||||||
community_inbox::{community_receive_message, CommunityAcceptedActivities},
|
community_inbox::{community_receive_message, CommunityAcceptedActivities},
|
||||||
get_activity_id,
|
get_activity_id,
|
||||||
get_activity_to_and_cc,
|
get_activity_to_and_cc,
|
||||||
|
@ -58,6 +59,7 @@ pub async fn shared_inbox(
|
||||||
return Ok(HttpResponse::Ok().finish());
|
return Ok(HttpResponse::Ok().finish());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
assert_activity_not_local(&activity)?;
|
||||||
// Log the activity, so we avoid receiving and parsing it twice. Note that this could still happen
|
// Log the activity, so we avoid receiving and parsing it twice. Note that this could still happen
|
||||||
// if we receive the same activity twice in very quick succession.
|
// if we receive the same activity twice in very quick succession.
|
||||||
insert_activity(&activity_id, activity.clone(), false, true, context.pool()).await?;
|
insert_activity(&activity_id, activity.clone(), false, true, context.pool()).await?;
|
||||||
|
|
|
@ -19,6 +19,7 @@ use crate::{
|
||||||
check_is_apub_id_valid,
|
check_is_apub_id_valid,
|
||||||
fetcher::get_or_fetch_and_upsert_community,
|
fetcher::get_or_fetch_and_upsert_community,
|
||||||
inbox::{
|
inbox::{
|
||||||
|
assert_activity_not_local,
|
||||||
get_activity_id,
|
get_activity_id,
|
||||||
get_activity_to_and_cc,
|
get_activity_to_and_cc,
|
||||||
inbox_verify_http_signature,
|
inbox_verify_http_signature,
|
||||||
|
@ -106,6 +107,7 @@ pub async fn user_inbox(
|
||||||
return Err(anyhow!("Activity delivered to wrong user").into());
|
return Err(anyhow!("Activity delivered to wrong user").into());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
assert_activity_not_local(&activity)?;
|
||||||
insert_activity(&activity_id, activity.clone(), false, true, context.pool()).await?;
|
insert_activity(&activity_id, activity.clone(), false, true, context.pool()).await?;
|
||||||
|
|
||||||
debug!(
|
debug!(
|
||||||
|
|
Loading…
Reference in a new issue