security: check URL schema of AP URIs

Changelog: Fixed
This commit is contained in:
Johann150 2023-02-10 19:59:03 +01:00
parent af272ce358
commit 48fd543d0f
Signed by: Johann150
GPG key ID: 9EE6577A2A06F8F1

View file

@ -34,21 +34,38 @@ export function getApIds(value: ApObject | undefined): string[] {
return array.map(x => getApId(x)); return array.map(x => getApId(x));
} }
/**
* Get first ActivityStreams Object id
*/
export function getOneApId(value: ApObject): string {
const firstOne = Array.isArray(value) ? value[0] : value;
return getApId(firstOne);
}
/** /**
* Get ActivityStreams Object id * Get ActivityStreams Object id
*/ */
export function getApId(value: string | Object): string { export function getApId(value: string | Object): string {
if (typeof value === 'string') return value; let url = null;
if (typeof value.id === 'string') return value.id; if (typeof value === 'string') url = value;
throw new Error('cannot detemine id'); else if (typeof value.id === 'string') url = value.id;
if (!url || !['https:', 'http:'].includes(new URL(url).protocol)) {
throw new Error('cannot determine id');
} else {
return url;
}
}
/**
* Get first (valid) ActivityStreams Object id
*/
export function getOneApId(value: ApObject): string {
if (Array.isArray(value)) {
// find the first valid ID
for (const id of value) {
try {
return getApId(x);
} catch {
continue;
}
}
throw new Error('cannot determine id');
} else {
return getApId(value);
}
} }
/** /**
@ -60,15 +77,34 @@ export function getApType(value: Object): string {
throw new Error('cannot detect type'); throw new Error('cannot detect type');
} }
export function getOneApHrefNullable(value: ApObject | undefined): string | undefined { export function getApHrefNullable(value: string | IObject | undefined): string | undefined {
const firstOne = Array.isArray(value) ? value[0] : value; let url = null;
return getApHrefNullable(firstOne); if (typeof value === 'string') url = value;
else if (typeof value?.href === 'string') url = value.href;
if (!url || !['https:', 'http:'].includes(new URL(url).protocol)) {
return undefined;
} else {
return url;
}
} }
export function getApHrefNullable(value: string | IObject | undefined): string | undefined { export function getOneApHrefNullable(value: ApObject | undefined): string | undefined {
if (typeof value === 'string') return value; if (!value) {
if (typeof value?.href === 'string') return value.href; return;
} else if (Array.isArray(value)) {
// find the first valid href
for (const href of value) {
try {
return getApHrefNullable(href);
} catch {
continue;
}
}
return undefined; return undefined;
} else {
return getApHrefNullable(value);
}
} }
export interface IActivity extends IObject { export interface IActivity extends IObject {