FediMovies/fedimovies
1
1
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Activity

Validate actor aliases before saving into database

Browse source
This commit is contained in:
silverpill 2023-04-02 21:48:53 +00:00
parent ebbde534af
commit edebae0dc6
3 changed files with 20 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
### Changed ### Changed
- Increase maximum number of custom emojis per post to 50. - Increase maximum number of custom emojis per post to 50.
- Validate actor aliases before saving into database.
## [1.19.1] - 2023-03-31 ## [1.19.1] - 2023-03-31

13
src/activitypub/actors/helpers.rs
View file

@ -18,6 +18,7 @@ use crate::activitypub::{
actors::types::Actor, actors::types::Actor,
fetcher::fetchers::fetch_file, fetcher::fetchers::fetch_file,
handlers::create::handle_emoji, handlers::create::handle_emoji,
identifiers::validate_object_id,
receiver::{parse_array, HandlerError}, receiver::{parse_array, HandlerError},
vocabulary::{EMOJI, HASHTAG}, vocabulary::{EMOJI, HASHTAG},
}; };
@ -92,7 +93,17 @@ fn parse_aliases(actor: &Actor) -> Vec<String> {
actor.also_known_as.as_ref() actor.also_known_as.as_ref()
.and_then(|value| { .and_then(|value| {
match parse_array(value) { match parse_array(value) {
Ok(array) => Some(array), Ok(array) => {
let mut aliases = vec![];
for actor_id in array {
if validate_object_id(&actor_id).is_err() {
log::warn!("invalid alias: {}", actor_id);
continue;
};
aliases.push(actor_id);
};
Some(aliases)
},
Err(_) => { Err(_) => {
log::warn!("invalid alias list: {}", value); log::warn!("invalid alias list: {}", value);
None None

7
src/activitypub/identifiers.rs
View file

@ -5,6 +5,7 @@ use mitra_models::{
posts::types::Post, posts::types::Post,
profiles::types::DbActorProfile, profiles::types::DbActorProfile,
}; };
use mitra_utils::urls::get_hostname;
use crate::errors::ValidationError; use crate::errors::ValidationError;
@ -81,6 +82,12 @@ pub fn local_tag_collection(instance_url: &str, tag_name: &str) -> String {
format!("{}/collections/tags/{}", instance_url, tag_name) format!("{}/collections/tags/{}", instance_url, tag_name)
} }
pub fn validate_object_id(object_id: &str) -> Result<(), ValidationError> {
get_hostname(object_id)
.map_err(|_| ValidationError("invalid object ID"))?;
Ok(())
}
pub fn parse_local_actor_id( pub fn parse_local_actor_id(
instance_url: &str, instance_url: &str,
actor_id: &str, actor_id: &str,