mirror of
https://github.com/LemmyNet/activitypub-federation-rust.git
synced 2025-03-13 18:52:39 +00:00
Merge branch 'main' into upgrade-deps6
This commit is contained in:
Felix Ableitner
commit
596f71860e
2 changed files with 39 additions and 2 deletions
|
|
@ -1,5 +1,6 @@
|
|||
variables:
|
||||
- &rust_image "rust:1.84-bullseye"
|
||||
- &install_binstall "wget -O- https://github.com/cargo-bins/cargo-binstall/releases/latest/download/cargo-binstall-x86_64-unknown-linux-musl.tgz | tar -xvz -C /usr/local/cargo/bin"
|
||||
|
||||
steps:
|
||||
cargo_fmt:
|
||||
|
|
@ -10,7 +11,7 @@ steps:
|
|||
- event: pull_request
|
||||
|
||||
cargo_shear:
|
||||
image: *rust_nightly_image
|
||||
image: *rust_image
|
||||
commands:
|
||||
- *install_binstall
|
||||
- cargo binstall -y cargo-shear
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
//! Verify that received data is valid
|
||||
|
||||
use crate::error::Error;
|
||||
use crate::{config::Data, error::Error, fetch::object_id::ObjectId, traits::Object};
|
||||
use serde::Deserialize;
|
||||
use url::Url;
|
||||
|
||||
/// Check that both urls have the same domain. If not, return UrlVerificationError.
|
||||
|
|
@ -36,3 +37,38 @@ pub fn verify_urls_match(a: &Url, b: &Url) -> Result<(), Error> {
|
|||
}
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Check that the given ID doesn't match the local domain.
|
||||
///
|
||||
/// It is important to verify this to avoid local objects from being overwritten. In general
|
||||
/// locally created objects should be considered authorative, while incoming federated data
|
||||
/// is untrusted. Lack of such a check could allow an attacker to rewrite local posts. It could
|
||||
/// also result in an `object.local` field being overwritten with `false` for local objects, resulting in invalid data.
|
||||
///
|
||||
/// ```
|
||||
/// # use activitypub_federation::fetch::object_id::ObjectId;
|
||||
/// # use activitypub_federation::config::FederationConfig;
|
||||
/// # use activitypub_federation::protocol::verification::verify_is_remote_object;
|
||||
/// # use activitypub_federation::traits::tests::{DbConnection, DbUser};
|
||||
/// # tokio::runtime::Runtime::new().unwrap().block_on(async {
|
||||
/// # let config = FederationConfig::builder().domain("example.com").app_data(DbConnection).build().await?;
|
||||
/// # let data = config.to_request_data();
|
||||
/// let id = ObjectId::<DbUser>::parse("https://remote.com/u/name")?;
|
||||
/// assert!(verify_is_remote_object(&id, &data).is_ok());
|
||||
/// # Ok::<(), anyhow::Error>(())
|
||||
/// # }).unwrap();
|
||||
/// ```
|
||||
pub fn verify_is_remote_object<Kind, R: Clone>(
|
||||
id: &ObjectId<Kind>,
|
||||
data: &Data<<Kind as Object>::DataType>,
|
||||
) -> Result<(), Error>
|
||||
where
|
||||
Kind: Object<DataType = R> + Send + 'static,
|
||||
for<'de2> <Kind as Object>::Kind: Deserialize<'de2>,
|
||||
{
|
||||
if id.is_local(data) {
|
||||
Err(Error::UrlVerificationError("Object is not remote"))
|
||||
} else {
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue