Merge pull request 'backend: increase requestId max size for GNU Social' (#147) from fix/gnusocial-follow-request-ids into main
All checks were successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
All checks were successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
Reviewed-on: #147 Fixes: #146 Changelog: Fixed
This commit is contained in:
commit
193674ce03
3 changed files with 19 additions and 2 deletions
|
@ -0,0 +1,12 @@
|
||||||
|
export class largerFollowRequestIds1662943835603 {
|
||||||
|
name = 'largerFollowRequestIds1662943835603';
|
||||||
|
|
||||||
|
async up(queryRunner) {
|
||||||
|
await queryRunner.query(`ALTER TABLE "follow_request" ALTER COLUMN "requestId" TYPE VARCHAR(2048)`);
|
||||||
|
}
|
||||||
|
|
||||||
|
async down(queryRunner) {
|
||||||
|
await queryRunner.query(`ALTER TABLE "follow_request" ALTER COLUMN "requestId" TYPE VARCHAR(128)`);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -40,7 +40,7 @@ export class FollowRequest {
|
||||||
public follower: User | null;
|
public follower: User | null;
|
||||||
|
|
||||||
@Column('varchar', {
|
@Column('varchar', {
|
||||||
length: 128, nullable: true,
|
length: 2048, nullable: true,
|
||||||
comment: 'id of Follow Activity.',
|
comment: 'id of Follow Activity.',
|
||||||
})
|
})
|
||||||
public requestId: string | null;
|
public requestId: string | null;
|
||||||
|
|
|
@ -127,13 +127,18 @@ export default async (job: Bull.Job<InboxJobData>): Promise<string> => {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// activity.idがあればホストが署名者のホストであることを確認する
|
|
||||||
if (typeof activity.id === 'string') {
|
if (typeof activity.id === 'string') {
|
||||||
|
// Verify that activity and actor are from the same host.
|
||||||
const signerHost = extractDbHost(authUser.user.uri!);
|
const signerHost = extractDbHost(authUser.user.uri!);
|
||||||
const activityIdHost = extractDbHost(activity.id);
|
const activityIdHost = extractDbHost(activity.id);
|
||||||
if (signerHost !== activityIdHost) {
|
if (signerHost !== activityIdHost) {
|
||||||
return `skip: signerHost(${signerHost}) !== activity.id host(${activityIdHost}`;
|
return `skip: signerHost(${signerHost}) !== activity.id host(${activityIdHost}`;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Verify that the id has a sane length
|
||||||
|
if (activity.id.length > 2048) {
|
||||||
|
return `skip: overly long id from ${signerHost}`;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Update stats
|
// Update stats
|
||||||
|
|
Loading…
Reference in a new issue