interesting
/
PeerTube
mirror of https://github.com/Chocobozzz/PeerTube.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Detect posting request in our own inbox

This commit is contained in:
Chocobozzz 2018-02-23 15:09:12 +01:00
parent 1ee48d1903
commit 285fe7c930
No known key found for this signature in database
GPG Key ID: 583A612D890159BE
3 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server/controllers/activitypub/inbox.ts
View File

@ -12,7 +12,7 @@ const inboxRouter = express.Router()
inboxRouter.post('/inbox', inboxRouter.post('/inbox',
signatureValidator, signatureValidator,
asyncMiddleware(checkSignature), asyncMiddleware(checkSignature),
activityPubValidator, asyncMiddleware(activityPubValidator),
asyncMiddleware(inboxController) asyncMiddleware(inboxController)
) )
@ -20,7 +20,7 @@ inboxRouter.post('/accounts/:name/inbox',
signatureValidator, signatureValidator,
asyncMiddleware(checkSignature), asyncMiddleware(checkSignature),
localAccountValidator, localAccountValidator,
activityPubValidator, asyncMiddleware(activityPubValidator),
asyncMiddleware(inboxController) asyncMiddleware(inboxController)
) )

9
server/lib/activitypub/fetch.ts
View File

@ -1,7 +1,16 @@
import { logger } from '../../helpers/logger'
import { getServerActor } from '../../helpers/utils'
import { ActorModel } from '../../models/activitypub/actor' import { ActorModel } from '../../models/activitypub/actor'
import { JobQueue } from '../job-queue' import { JobQueue } from '../job-queue'
async function addFetchOutboxJob (actor: ActorModel) { async function addFetchOutboxJob (actor: ActorModel) {
// Don't fetch ourselves
const serverActor = await getServerActor()
if (serverActor.id === actor.id) {
logger.error('Cannot fetch our own outbox!')
return
}
const payload = { const payload = {
uris: [ actor.outboxUrl ] uris: [ actor.outboxUrl ]
} }

11
server/middlewares/validators/activitypub/activity.ts
View File

@ -2,16 +2,25 @@ import * as express from 'express'
import { body } from 'express-validator/check' import { body } from 'express-validator/check'
import { isRootActivityValid } from '../../../helpers/custom-validators/activitypub/activity' import { isRootActivityValid } from '../../../helpers/custom-validators/activitypub/activity'
import { logger } from '../../../helpers/logger' import { logger } from '../../../helpers/logger'
import { getServerActor } from '../../../helpers/utils'
import { ActorModel } from '../../../models/activitypub/actor'
import { areValidationErrors } from '../utils' import { areValidationErrors } from '../utils'
const activityPubValidator = [ const activityPubValidator = [
body('').custom((value, { req }) => isRootActivityValid(req.body)), body('').custom((value, { req }) => isRootActivityValid(req.body)),
(req: express.Request, res: express.Response, next: express.NextFunction) => { async (req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.debug('Checking activity pub parameters') logger.debug('Checking activity pub parameters')
if (areValidationErrors(req, res)) return if (areValidationErrors(req, res)) return
const serverActor = await getServerActor()
const remoteActor = res.locals.signature.actor as ActorModel
if (serverActor.id === remoteActor.id) {
logger.error('Receiving request in INBOX by ourselves!', req.body)
return res.sendStatus(409)
}
return next() return next()
} }
] ]