From e384b1762b7f9cdda0931d46552e5b0398aeee8f Mon Sep 17 00:00:00 2001
From: Johann150 <johann.galle@protonmail.com>
Date: Thu, 21 Nov 2024 19:55:52 +0100
Subject: [PATCH] activitypub: disallow transitive activities

This might be able to circumvent the ID host equality check, which
doesn't seem like a good idea.

Probably better since most likely the following code is not properly
equipped to handle null values anyway.
---
 packages/backend/src/queue/processors/inbox.ts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/packages/backend/src/queue/processors/inbox.ts b/packages/backend/src/queue/processors/inbox.ts
index 8e3574608..e0ad22e01 100644
--- a/packages/backend/src/queue/processors/inbox.ts
+++ b/packages/backend/src/queue/processors/inbox.ts
@@ -59,6 +59,11 @@ export default async (job: Bull.Job<InboxJobData>): Promise<string> => {
 		if (activity.id.length > 2048) {
 			return `skip: overly long id from ${signerHost}`;
 		}
+	} else {
+		// might want to allow null id's for transitive activites, but currently
+		// there are no known sensible such transitive activities that we could
+		// process
+		return "skip: non-string id";
 	}
 
 	// Update stats