FoundKeyGang/FoundKey
FoundKeyGang
/
FoundKey
7
19
Fork 22
Code Issues 37 Pull Requests 4 Releases Activity

activitypub: also check incoming activity host for block
ci/woodpecker/push/lint-backend Pipeline was successful Details
ci/woodpecker/push/lint-client Pipeline was successful Details
ci/woodpecker/push/build Pipeline was successful Details
ci/woodpecker/push/lint-foundkey-js Pipeline was successful Details
ci/woodpecker/push/lint-sw Pipeline was successful Details
ci/woodpecker/push/test Pipeline was successful Details

This commit is contained in:
Johann150 2023-04-16 19:34:15 +02:00
parent 5f4aab6d46
commit 4fbbfff145
Signed by: Johann150
GPG Key ID: 9EE6577A2A06F8F1
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
packages/backend/src/queue/processors/inbox.ts
View File

@ -107,9 +107,14 @@ export default async (job: Bull.Job<InboxJobData>): Promise<string> => {
}
}
// Verify that the actor's host is not blocked
const signerHost = extractDbHost(authUser.user.uri!);
if (await shouldBlockInstance(signerHost)) {
return `Blocked request: ${signerHost}`;
}
if (typeof activity.id === 'string') {
// Verify that activity and actor are from the same host.
const signerHost = extractDbHost(authUser.user.uri!);
const activityIdHost = extractDbHost(activity.id);
if (signerHost !== activityIdHost) {
return `skip: signerHost(${signerHost}) !== activity.id host(${activityIdHost}`;