HoovesSocial/hippofish
2
0
Fork 0
Code Issues 3 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix (backend): limit node-fetch responses to a reasonable length in all places

Browse source 
Co-authored-by: naskya <m@naskya.net>
This commit is contained in:
Laura Hausmann 2024-07-28 16:17:13 +02:00 committed by naskya
parent d3d4688790
commit 354208b49f
No known key found for this signature in database
GPG key ID: 712D413B3A9FED5C
4 changed files with 17 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
packages/backend/src/misc/fetch.ts
View file

@ -57,7 +57,6 @@ export async function getResponse(args: {
body?: string; body?: string;
headers: Record<string, string>; headers: Record<string, string>;
timeout?: number; timeout?: number;
size?: number;
redirect?: RequestRedirect; redirect?: RequestRedirect;
}) { }) {
if (!isSafeUrl(args.url)) { if (!isSafeUrl(args.url)) {
@ -76,7 +75,7 @@ export async function getResponse(args: {
headers: args.headers, headers: args.headers,
body: args.body, body: args.body,
timeout, timeout,
size: args.size || 10 * 1024 * 1024, size: 10 * 1024 * 1024,
agent: getAgentByUrl, agent: getAgentByUrl,
signal: controller.signal, signal: controller.signal,
redirect: args.redirect, redirect: args.redirect,

1
packages/backend/src/remote/activitypub/misc/ld-signature.ts
View file

@ -126,6 +126,7 @@ export class LdSignature {
headers: { headers: {
Accept: "application/ld+json, application/json", Accept: "application/ld+json, application/json",
}, },
size: 1024 * 1024, // 1MiB
// TODO // TODO
//timeout: this.loderTimeout, //timeout: this.loderTimeout,
agent: (u) => (u.protocol === "http:" ? httpAgent : httpsAgent), agent: (u) => (u.protocol === "http:" ? httpAgent : httpsAgent),

23
packages/backend/src/remote/activitypub/models/person.ts
View file

@ -17,7 +17,6 @@ import { User } from "@/models/entities/user.js";
import type { Emoji } from "@/models/entities/emoji.js"; import type { Emoji } from "@/models/entities/emoji.js";
import { UserNotePining } from "@/models/entities/user-note-pining.js"; import { UserNotePining } from "@/models/entities/user-note-pining.js";
import { import {
genId,
genIdAt, genIdAt,
InternalEvent, InternalEvent,
isSameOrigin, isSameOrigin,
@ -52,6 +51,7 @@ import { extractApHashtags } from "./tag.js";
import { resolveNote, extractEmojis } from "./note.js"; import { resolveNote, extractEmojis } from "./note.js";
import { resolveImage } from "./image.js"; import { resolveImage } from "./image.js";
import { inspect } from "node:util"; import { inspect } from "node:util";
import fetch from "node-fetch";
const nameLength = 128; const nameLength = 128;
const summaryLength = 2048; const summaryLength = 2048;
@ -207,6 +207,7 @@ export async function createPerson(
try { try {
const data = await fetch(person.followers, { const data = await fetch(person.followers, {
headers: { Accept: "application/json" }, headers: { Accept: "application/json" },
size: 1024 * 1024
}); });
const json_data = JSON.parse(await data.text()); const json_data = JSON.parse(await data.text());
@ -222,6 +223,7 @@ export async function createPerson(
try { try {
const data = await fetch(person.following, { const data = await fetch(person.following, {
headers: { Accept: "application/json" }, headers: { Accept: "application/json" },
size: 1024 * 1024
}); });
const json_data = JSON.parse(await data.text()); const json_data = JSON.parse(await data.text());
@ -488,10 +490,11 @@ export async function updatePerson(
if (typeof person.followers === "string") { if (typeof person.followers === "string") {
try { try {
let data = await fetch(person.followers, { const data = await fetch(person.followers, {
headers: { Accept: "application/json" }, headers: { Accept: "application/json" },
size: 1024 * 1024
}); });
let json_data = JSON.parse(await data.text()); const json_data = JSON.parse(await data.text());
followersCount = json_data.totalItems; followersCount = json_data.totalItems;
} catch { } catch {
@ -503,10 +506,11 @@ export async function updatePerson(
if (typeof person.following === "string") { if (typeof person.following === "string") {
try { try {
let data = await fetch(person.following, { const data = await fetch(person.following, {
headers: { Accept: "application/json" }, headers: { Accept: "application/json" },
size: 1024 * 1024
}); });
let json_data = JSON.parse(await data.text()); const json_data = JSON.parse(await data.text());
followingCount = json_data.totalItems; followingCount = json_data.totalItems;
} catch { } catch {
@ -518,10 +522,10 @@ export async function updatePerson(
if (typeof person.outbox === "string") { if (typeof person.outbox === "string") {
try { try {
let data = await fetch(person.outbox, { const data = await fetch(person.outbox, {
headers: { Accept: "application/json" }, headers: { Accept: "application/json" },
}); });
let json_data = JSON.parse(await data.text()); const json_data = JSON.parse(await data.text());
notesCount = json_data.totalItems; notesCount = json_data.totalItems;
} catch (e) { } catch (e) {
@ -725,9 +729,10 @@ export async function updateFeatured(userId: User["id"], resolver?: Resolver) {
let td = 0; let td = 0;
for (const note of featuredNotes.filter((note) => note != null)) { for (const note of featuredNotes.filter((note) => note != null)) {
td -= 1000; td -= 1000;
const createdAt = new Date(Date.now() + td);
transactionalEntityManager.insert(UserNotePining, { transactionalEntityManager.insert(UserNotePining, {
id: genId(new Date(Date.now() + td)), id: genIdAt(createdAt),
createdAt: new Date(), createdAt,
userId: user.id, userId: user.id,
noteId: note!.id, noteId: note!.id,
}); });

1
packages/backend/src/services/fetch-instance-metadata.ts
View file

@ -156,6 +156,7 @@ async function fetchFaviconUrl(
// TODO // TODO
//timeout: 10000, //timeout: 10000,
agent: getAgentByUrl, agent: getAgentByUrl,
size: 1024 * 1024
}); });
if (favicon.ok) { if (favicon.ok) {