diff --git a/packages/backend/migration/1662943835603-larger-follow-request-ids.js b/packages/backend/migration/1662943835603-larger-follow-request-ids.js new file mode 100644 index 000000000..f13401d51 --- /dev/null +++ b/packages/backend/migration/1662943835603-larger-follow-request-ids.js @@ -0,0 +1,12 @@ +export class largerFollowRequestIds1662943835603 { + name = 'largerFollowRequestIds1662943835603'; + + async up(queryRunner) { + await queryRunner.query(`ALTER TABLE "follow_request" ALTER COLUMN "requestId" TYPE VARCHAR(2048)`); + } + + async down(queryRunner) { + await queryRunner.query(`ALTER TABLE "follow_request" ALTER COLUMN "requestId" TYPE VARCHAR(128)`); + } + +} diff --git a/packages/backend/src/models/entities/follow-request.ts b/packages/backend/src/models/entities/follow-request.ts index 3a2e48ce9..cd0acc453 100644 --- a/packages/backend/src/models/entities/follow-request.ts +++ b/packages/backend/src/models/entities/follow-request.ts @@ -40,7 +40,7 @@ export class FollowRequest { public follower: User | null; @Column('varchar', { - length: 128, nullable: true, + length: 2048, nullable: true, comment: 'id of Follow Activity.', }) public requestId: string | null; diff --git a/packages/backend/src/queue/processors/inbox.ts b/packages/backend/src/queue/processors/inbox.ts index bf25aca20..167e5bc6b 100644 --- a/packages/backend/src/queue/processors/inbox.ts +++ b/packages/backend/src/queue/processors/inbox.ts @@ -127,13 +127,18 @@ export default async (job: Bull.Job): Promise => { } } - // activity.idがあればホストが署名者のホストであることを確認する if (typeof activity.id === 'string') { + // Verify that activity and actor are from the same host. const signerHost = extractDbHost(authUser.user.uri!); const activityIdHost = extractDbHost(activity.id); if (signerHost !== activityIdHost) { return `skip: signerHost(${signerHost}) !== activity.id host(${activityIdHost}`; } + + // Verify that the id has a sane length + if (activity.id.length > 2048) { + return `skip: overly long id from ${signerHost}`; + } } // Update stats