HoovesSocial/hippofish
2
0
Fork 0
Code Issues 3 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix (backend): conditions for checking local uri's being inaccurate

Browse source 
ref: https://github.com/misskey-dev/misskey/issues/13540

Co-authored-by: mei23 <m@m544.net>
Co-authored-by: atsu1125 <atsuchan@atsuchan.page>
This commit is contained in:
naskya 2024-03-17 01:00:56 +09:00
parent 5e179b7721
commit 27be8e06cb
No known key found for this signature in database
GPG key ID: 712D413B3A9FED5C
4 changed files with 28 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
packages/backend/src/misc/convert-host.ts
View file

@ -1,6 +1,10 @@
import { URL } from "node:url"; import { URL } from "node:url";
import config from "@/config/index.js"; import config from "@/config/index.js";
import { toASCII } from "punycode"; import { toASCII } from "punycode";
import Logger from "@/services/logger.js";
import { inspect } from "node:util";
const logger = new Logger("convert-host");
export function getFullApAccount(username: string, host: string | null) { export function getFullApAccount(username: string, host: string | null) {
return host return host
@ -13,6 +17,20 @@ export function isSelfHost(host: string) {
return toPuny(config.host) === toPuny(host); return toPuny(config.host) === toPuny(host);
} }
export function isSameOrigin(src: unknown): boolean | null {
if (typeof src !== "string") {
logger.debug(`unknown origin: ${inspect(src)}`);
return null;
}
try {
const u = new URL(src);
return u.origin === config.url;
} catch (e) {
logger.debug(inspect(e));
return false;
}
}
export function extractDbHost(uri: string) { export function extractDbHost(uri: string) {
const url = new URL(uri); const url = new URL(uri);
return toPuny(url.hostname); return toPuny(url.hostname);

9
packages/backend/src/remote/activitypub/models/note.ts
View file

@ -1,6 +1,5 @@
import promiseLimit from "promise-limit"; import promiseLimit from "promise-limit";
import * as mfm from "mfm-js"; import * as mfm from "mfm-js";
import config from "@/config/index.js";
import Resolver from "../resolver.js"; import Resolver from "../resolver.js";
import post from "@/services/note/create.js"; import post from "@/services/note/create.js";
import { extractMentionedUsers } from "@/services/note/create.js"; import { extractMentionedUsers } from "@/services/note/create.js";
@ -14,7 +13,7 @@ import { extractPollFromQuestion } from "./question.js";
import vote from "@/services/note/polls/vote.js"; import vote from "@/services/note/polls/vote.js";
import { apLogger } from "../logger.js"; import { apLogger } from "../logger.js";
import { DriveFile } from "@/models/entities/drive-file.js"; import { DriveFile } from "@/models/entities/drive-file.js";
import { extractDbHost, toPuny } from "@/misc/convert-host.js"; import { extractDbHost, isSameOrigin, toPuny } from "@/misc/convert-host.js";
import { import {
Emojis, Emojis,
Polls, Polls,
@ -234,7 +233,7 @@ export async function createNote(
.catch(async (e) => { .catch(async (e) => {
// トークだったらinReplyToのエラーは無視 // トークだったらinReplyToのエラーは無視
const uri = getApId(note.inReplyTo); const uri = getApId(note.inReplyTo);
if (uri.startsWith(`${config.url}/`)) { if (isSameOrigin(uri)) {
const id = uri.split("/").pop(); const id = uri.split("/").pop();
const talk = await MessagingMessages.findOneBy({ id }); const talk = await MessagingMessages.findOneBy({ id });
if (talk) { if (talk) {
@ -439,7 +438,7 @@ export async function resolveNote(
} }
//#endregion //#endregion
if (uri.startsWith(config.url)) { if (isSameOrigin(uri)) {
throw new StatusError( throw new StatusError(
"cannot resolve local note", "cannot resolve local note",
400, 400,
@ -556,7 +555,7 @@ export async function updateNote(value: string | IObject, resolver?: Resolver) {
if (!uri) throw new Error("Missing note uri"); if (!uri) throw new Error("Missing note uri");
// Skip if URI points to this server // Skip if URI points to this server
if (uri.startsWith(`${config.url}/`)) throw new Error("uri points local"); if (isSameOrigin(uri)) throw new Error("uri points local");
// A new resolver is created if not specified // A new resolver is created if not specified
if (resolver == null) resolver = new Resolver(); if (resolver == null) resolver = new Resolver();

8
packages/backend/src/remote/activitypub/models/person.ts
View file

@ -19,7 +19,7 @@ import { UserNotePining } from "@/models/entities/user-note-pining.js";
import { genId } from "@/misc/gen-id.js"; import { genId } from "@/misc/gen-id.js";
import { UserPublickey } from "@/models/entities/user-publickey.js"; import { UserPublickey } from "@/models/entities/user-publickey.js";
import { isDuplicateKeyValueError } from "@/misc/is-duplicate-key-value-error.js"; import { isDuplicateKeyValueError } from "@/misc/is-duplicate-key-value-error.js";
import { toPuny } from "@/misc/convert-host.js"; import { isSameOrigin, toPuny } from "@/misc/convert-host.js";
import { UserProfile } from "@/models/entities/user-profile.js"; import { UserProfile } from "@/models/entities/user-profile.js";
import { toArray } from "@/prelude/array.js"; import { toArray } from "@/prelude/array.js";
import { fetchInstanceMetadata } from "@/services/fetch-instance-metadata.js"; import { fetchInstanceMetadata } from "@/services/fetch-instance-metadata.js";
@ -138,7 +138,7 @@ export async function fetchPerson(
if (cached) return cached; if (cached) return cached;
// Fetch from the database if the URI points to this server // Fetch from the database if the URI points to this server
if (uri.startsWith(`${config.url}/`)) { if (isSameOrigin(uri)) {
const id = uri.split("/").pop(); const id = uri.split("/").pop();
const u = await Users.findOneBy({ id }); const u = await Users.findOneBy({ id });
if (u) await uriPersonCache.set(uri, u); if (u) await uriPersonCache.set(uri, u);
@ -166,7 +166,7 @@ export async function createPerson(
): Promise<User> { ): Promise<User> {
if (typeof uri !== "string") throw new Error("uri is not string"); if (typeof uri !== "string") throw new Error("uri is not string");
if (uri.startsWith(config.url)) { if (isSameOrigin(uri)) {
throw new StatusError( throw new StatusError(
"cannot resolve local user", "cannot resolve local user",
400, 400,
@ -419,7 +419,7 @@ export async function updatePerson(
if (typeof uri !== "string") throw new Error("uri is not string"); if (typeof uri !== "string") throw new Error("uri is not string");
// Skip if the URI points to this server // Skip if the URI points to this server
if (uri.startsWith(`${config.url}/`)) { if (isSameOrigin(uri)) {
return; return;
} }

4
packages/backend/src/remote/activitypub/models/question.ts
View file

@ -1,10 +1,10 @@
import config from "@/config/index.js";
import Resolver from "../resolver.js"; import Resolver from "../resolver.js";
import type { IObject, IQuestion } from "../type.js"; import type { IObject, IQuestion } from "../type.js";
import { getApId, isQuestion } from "../type.js"; import { getApId, isQuestion } from "../type.js";
import { apLogger } from "../logger.js"; import { apLogger } from "../logger.js";
import { Notes, Polls } from "@/models/index.js"; import { Notes, Polls } from "@/models/index.js";
import type { IPoll } from "@/models/entities/poll.js"; import type { IPoll } from "@/models/entities/poll.js";
import { isSameOrigin } from "@/misc/convert-host.js";
export async function extractPollFromQuestion( export async function extractPollFromQuestion(
source: string | IObject, source: string | IObject,
@ -57,7 +57,7 @@ export async function updateQuestion(
const uri = typeof value === "string" ? value : getApId(value); const uri = typeof value === "string" ? value : getApId(value);
// Skip if URI points to this server // Skip if URI points to this server
if (uri.startsWith(`${config.url}/`)) throw new Error("uri points local"); if (isSameOrigin(uri)) throw new Error("uri points local");
//#region Already registered with this server? //#region Already registered with this server?
const note = await Notes.findOneBy({ uri }); const note = await Notes.findOneBy({ uri });