FediMovies/fedimovies
1
1
Fork 0
Code Issues 3 Pull requests Packages Projects Releases Activity

Validate actor aliases before saving into database

Browse source
This commit is contained in:
silverpill 2023-04-02 21:48:53 +00:00
parent ebbde534af
commit edebae0dc6
3 changed files with 20 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
### Changed
- Increase maximum number of custom emojis per post to 50.
- Validate actor aliases before saving into database.
## [1.19.1] - 2023-03-31

13
src/activitypub/actors/helpers.rs
View file

@ -18,6 +18,7 @@ use crate::activitypub::{
actors::types::Actor,
fetcher::fetchers::fetch_file,
handlers::create::handle_emoji,
identifiers::validate_object_id,
receiver::{parse_array, HandlerError},
vocabulary::{EMOJI, HASHTAG},
};
@ -92,7 +93,17 @@ fn parse_aliases(actor: &Actor) -> Vec<String> {
actor.also_known_as.as_ref()
.and_then(|value| {
match parse_array(value) {
Ok(array) => Some(array),
Ok(array) => {
let mut aliases = vec![];
for actor_id in array {
if validate_object_id(&actor_id).is_err() {
log::warn!("invalid alias: {}", actor_id);
continue;
};
aliases.push(actor_id);
};
Some(aliases)
},
Err(_) => {
log::warn!("invalid alias list: {}", value);
None

7
src/activitypub/identifiers.rs
View file

@ -5,6 +5,7 @@ use mitra_models::{
posts::types::Post,
profiles::types::DbActorProfile,
};
use mitra_utils::urls::get_hostname;
use crate::errors::ValidationError;
@ -81,6 +82,12 @@ pub fn local_tag_collection(instance_url: &str, tag_name: &str) -> String {
format!("{}/collections/tags/{}", instance_url, tag_name)
}
pub fn validate_object_id(object_id: &str) -> Result<(), ValidationError> {
get_hostname(object_id)
.map_err(|_| ValidationError("invalid object ID"))?;
Ok(())
}
pub fn parse_local_actor_id(
instance_url: &str,
actor_id: &str,