From dd56a3f0d502212b5b0b72e003d87cea017085f4 Mon Sep 17 00:00:00 2001
From: Felix Ableitner <me@nutomic.com>
Date: Tue, 27 Feb 2024 16:21:30 +0100
Subject: [PATCH] Add domain checks for federation

---
 src/backend/federation/objects/articles_collection.rs | 6 ++++--
 src/backend/federation/objects/edit.rs                | 6 ++++--
 src/backend/federation/objects/edits_collection.rs    | 6 ++++--
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/backend/federation/objects/articles_collection.rs b/src/backend/federation/objects/articles_collection.rs
index 5463eb2..7d330b2 100644
--- a/src/backend/federation/objects/articles_collection.rs
+++ b/src/backend/federation/objects/articles_collection.rs
@@ -5,6 +5,7 @@ use crate::common::DbInstance;
 
 use crate::common::DbArticle;
 use activitypub_federation::kinds::collection::CollectionType;
+use activitypub_federation::protocol::verification::verify_domains_match;
 use activitypub_federation::{
     config::Data,
     traits::{Collection, Object},
@@ -55,10 +56,11 @@ impl Collection for DbArticleCollection {
     }
 
     async fn verify(
-        _apub: &Self::Kind,
-        _expected_domain: &Url,
+        json: &Self::Kind,
+        expected_domain: &Url,
         _data: &Data<Self::DataType>,
     ) -> Result<(), Self::Error> {
+        verify_domains_match(&json.id, expected_domain)?;
         Ok(())
     }
 
diff --git a/src/backend/federation/objects/edit.rs b/src/backend/federation/objects/edit.rs
index 6b8f3fa..f0f21fd 100644
--- a/src/backend/federation/objects/edit.rs
+++ b/src/backend/federation/objects/edit.rs
@@ -6,6 +6,7 @@ use crate::common::EditVersion;
 use crate::common::{DbArticle, DbEdit};
 use activitypub_federation::config::Data;
 use activitypub_federation::fetch::object_id::ObjectId;
+use activitypub_federation::protocol::verification::verify_domains_match;
 use activitypub_federation::traits::Object;
 use chrono::{DateTime, Utc};
 use serde::{Deserialize, Serialize};
@@ -63,10 +64,11 @@ impl Object for DbEdit {
     }
 
     async fn verify(
-        _json: &Self::Kind,
-        _expected_domain: &Url,
+        json: &Self::Kind,
+        expected_domain: &Url,
         _data: &Data<Self::DataType>,
     ) -> Result<(), Self::Error> {
+        verify_domains_match(json.id.inner(), expected_domain)?;
         Ok(())
     }
 
diff --git a/src/backend/federation/objects/edits_collection.rs b/src/backend/federation/objects/edits_collection.rs
index 13845a5..6c84462 100644
--- a/src/backend/federation/objects/edits_collection.rs
+++ b/src/backend/federation/objects/edits_collection.rs
@@ -6,6 +6,7 @@ use crate::common::DbArticle;
 use crate::common::DbEdit;
 use crate::common::DbInstance;
 use activitypub_federation::kinds::collection::OrderedCollectionType;
+use activitypub_federation::protocol::verification::verify_domains_match;
 use activitypub_federation::{
     config::Data,
     traits::{Collection, Object},
@@ -59,10 +60,11 @@ impl Collection for DbEditCollection {
     }
 
     async fn verify(
-        _apub: &Self::Kind,
-        _expected_domain: &Url,
+        json: &Self::Kind,
+        expected_domain: &Url,
         _data: &Data<Self::DataType>,
     ) -> Result<(), Self::Error> {
+        verify_domains_match(&json.id, expected_domain)?;
         Ok(())
     }