From dd2658be82b2ea7ac5582e375f930a7276a63f6a Mon Sep 17 00:00:00 2001
From: asonix <asonix@asonix.dog>
Date: Sat, 18 Apr 2020 14:45:03 -0500
Subject: [PATCH] Compare fetched actor's domain against requested actor's
 domain

---
 src/data/actor.rs | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/data/actor.rs b/src/data/actor.rs
index 5682115..23f6802 100644
--- a/src/data/actor.rs
+++ b/src/data/actor.rs
@@ -47,9 +47,17 @@ impl ActorCache {
 
         let accepted_actor = requests.fetch::<AcceptedActors>(id.as_str()).await?;
 
+        let input_host = id.as_url().host();
         let actor_host = accepted_actor.id.as_url().host();
         let inbox_host = accepted_actor.inbox().as_url().host();
 
+        if input_host != actor_host {
+            let input_host = input_host.map(|h| h.to_string()).unwrap_or(String::new());
+            let actor_host = actor_host.map(|h| h.to_string()).unwrap_or(String::new());
+
+            return Err(MyError::HostMismatch(input_host, actor_host));
+        }
+
         if actor_host != inbox_host {
             let actor_host = actor_host.map(|h| h.to_string()).unwrap_or(String::new());
             let inbox_host = inbox_host.map(|h| h.to_string()).unwrap_or(String::new());