mirror of
https://codeberg.org/rimu/pyfedi
synced 2025-01-23 19:36:56 -08:00
Ensure domains of 'id' and 'actor'/'attributedTo' match
This commit is contained in:
parent
5c1da0a0be
commit
3cddfd86e8
3 changed files with 46 additions and 3 deletions
|
@ -21,7 +21,7 @@ from app.activitypub.util import public_key, users_total, active_half_year, acti
|
|||
upvote_post, delete_post_or_comment, community_members, \
|
||||
user_removed_from_remote_server, create_post, create_post_reply, update_post_reply_from_activity, \
|
||||
update_post_from_activity, undo_vote, undo_downvote, post_to_page, get_redis_connection, find_reported_object, \
|
||||
process_report
|
||||
process_report, ensure_domains_match
|
||||
from app.utils import gibberish, get_setting, is_image_url, allowlist_html, render_template, \
|
||||
domain_from_url, markdown_to_html, community_membership, ap_datetime, ip_address, can_downvote, \
|
||||
can_upvote, can_create_post, awaken_dormant_instance, shorten_string, can_create_post_reply, sha256_digest, \
|
||||
|
@ -513,6 +513,12 @@ def process_inbox_request(request_json, activitypublog_id, ip_address):
|
|||
activity_log.activity_type = 'exception'
|
||||
db.session.commit()
|
||||
return
|
||||
if 'object' in request_json:
|
||||
if not ensure_domains_match(request_json['object']):
|
||||
activity_log.result = 'failure'
|
||||
activity_log.exception_message = 'Domains do not match'
|
||||
db.session.commit()
|
||||
return
|
||||
community = find_actor_or_create(community_ap_id, community_only=True)
|
||||
if community and community.local_only:
|
||||
activity_log.exception_message = 'Remote Create in local_only community'
|
||||
|
@ -567,6 +573,12 @@ def process_inbox_request(request_json, activitypublog_id, ip_address):
|
|||
activity_log.exception_message = 'invalid json?'
|
||||
elif request_json['object']['type'] == 'Create':
|
||||
activity_log.activity_type = request_json['object']['type']
|
||||
if 'object' in request_json and 'object' in request_json['object']:
|
||||
if not ensure_domains_match(request_json['object']['object']):
|
||||
activity_log.exception_message = 'Domains do not match'
|
||||
activity_log.result = 'failure'
|
||||
db.session.commit()
|
||||
return
|
||||
user_ap_id = request_json['object']['object']['attributedTo']
|
||||
try:
|
||||
community_ap_id = request_json['object']['audience'] if 'audience' in request_json['object'] else request_json['actor']
|
||||
|
|
|
@ -2013,3 +2013,29 @@ def lemmy_site_data():
|
|||
}
|
||||
data['admins'].append({'person': person, 'counts': counts})
|
||||
return data
|
||||
|
||||
|
||||
def ensure_domains_match(activity: dict) -> bool:
|
||||
if 'id' in activity:
|
||||
note_id = activity['id']
|
||||
else:
|
||||
note_id = None
|
||||
|
||||
if 'actor' in activity:
|
||||
note_actor = activity['actor']
|
||||
elif 'attributedTo' in activity:
|
||||
note_actor = activity['attributedTo']
|
||||
else:
|
||||
note_actor = None
|
||||
|
||||
if note_id and note_actor:
|
||||
parsed_url = urlparse(note_id)
|
||||
id_domain = parsed_url.netloc
|
||||
parsed_url = urlparse(note_actor)
|
||||
actor_domain = parsed_url.netloc
|
||||
|
||||
if id_domain == actor_domain:
|
||||
return True
|
||||
|
||||
return False
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ from pillow_heif import register_heif_opener
|
|||
|
||||
from app import db, cache, celery
|
||||
from app.activitypub.signature import post_request
|
||||
from app.activitypub.util import find_actor_or_create, actor_json_to_model, post_json_to_model, default_context
|
||||
from app.activitypub.util import find_actor_or_create, actor_json_to_model, post_json_to_model, default_context, ensure_domains_match
|
||||
from app.constants import POST_TYPE_ARTICLE, POST_TYPE_LINK, POST_TYPE_IMAGE, POST_TYPE_VIDEO
|
||||
from app.models import Community, File, BannedInstances, PostReply, PostVote, Post, utcnow, CommunityMember, Site, \
|
||||
Instance, Notification, User, ActivityPubLog
|
||||
|
@ -99,11 +99,16 @@ def retrieve_mods_and_backfill(community_id: int):
|
|||
if 'type' in outbox_data and outbox_data['type'] == 'OrderedCollection' and 'orderedItems' in outbox_data:
|
||||
activities_processed = 0
|
||||
for activity in outbox_data['orderedItems']:
|
||||
user = find_actor_or_create(activity['object']['actor'])
|
||||
activity_log = ActivityPubLog(direction='in', activity_id=activity['id'], activity_type='Announce', result='failure')
|
||||
if site.log_activitypub_json:
|
||||
activity_log.activity_json = json.dumps(activity)
|
||||
db.session.add(activity_log)
|
||||
if 'object' in activity and 'object' in activity['object']:
|
||||
if not ensure_domains_match(activity['object']['object']):
|
||||
activity_log.exception_message = 'Domains do not match'
|
||||
db.session.commit()
|
||||
continue
|
||||
user = find_actor_or_create(activity['object']['actor'])
|
||||
if user:
|
||||
post = post_json_to_model(activity_log, activity['object']['object'], user, community)
|
||||
if post:
|
||||
|
|
Loading…
Add table
Reference in a new issue