From 3363b3bf0c374d04e3f8317bebd52fb80374be14 Mon Sep 17 00:00:00 2001
From: erik <erik.seiert@meissa-gmbh.de>
Date: Wed, 20 Dec 2023 12:22:03 +0100
Subject: [PATCH] Validate response before further processing

---
 routers/api/v1/activitypub/repository.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/routers/api/v1/activitypub/repository.go b/routers/api/v1/activitypub/repository.go
index 5e7d2cc437..24eaf7b18a 100644
--- a/routers/api/v1/activitypub/repository.go
+++ b/routers/api/v1/activitypub/repository.go
@@ -188,10 +188,19 @@ func createUserFromAP(ctx *context.APIContext, personId forgefed.PersonId) (*use
 	if err != nil {
 		return &user_model.User{}, err
 	}
+
 	response, err := client.Get(personId.AsUri())
 	if err != nil {
 		return &user_model.User{}, err
 	}
+
+	// validate response; ToDo: Should we widen the restrictions here?
+	if response.StatusCode != 200 {
+		err = fmt.Errorf("got non 200 status code for id: %v", personId.Id)
+		return &user_model.User{}, err
+	}
+	log.Info("RepositoryInbox: got status: %v", response.Status)
+
 	defer response.Body.Close()
 	body, err := io.ReadAll(response.Body)
 	if err != nil {