From 1120b6959db6d4e64217e91001b61a310605afdb Mon Sep 17 00:00:00 2001 From: Francis Dinh Date: Sun, 11 Sep 2022 21:04:20 -0400 Subject: [PATCH 1/2] backend: increase requestId max size for GNU Social GNU Social's follow request IDs are larger than the 128 character limit of the follow_request.requestId column. This prevents follow requests from GNU Social instances from being handled by Foundkey instances. The solution is to make the requestId column larger. Fixes https://akkoma.dev/FoundKeyGang/FoundKey/issues/146 --- .../1662943835603-larger-follow-request-ids.js | 12 ++++++++++++ .../backend/src/models/entities/follow-request.ts | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 packages/backend/migration/1662943835603-larger-follow-request-ids.js diff --git a/packages/backend/migration/1662943835603-larger-follow-request-ids.js b/packages/backend/migration/1662943835603-larger-follow-request-ids.js new file mode 100644 index 000000000..f13401d51 --- /dev/null +++ b/packages/backend/migration/1662943835603-larger-follow-request-ids.js @@ -0,0 +1,12 @@ +export class largerFollowRequestIds1662943835603 { + name = 'largerFollowRequestIds1662943835603'; + + async up(queryRunner) { + await queryRunner.query(`ALTER TABLE "follow_request" ALTER COLUMN "requestId" TYPE VARCHAR(2048)`); + } + + async down(queryRunner) { + await queryRunner.query(`ALTER TABLE "follow_request" ALTER COLUMN "requestId" TYPE VARCHAR(128)`); + } + +} diff --git a/packages/backend/src/models/entities/follow-request.ts b/packages/backend/src/models/entities/follow-request.ts index 3a2e48ce9..cd0acc453 100644 --- a/packages/backend/src/models/entities/follow-request.ts +++ b/packages/backend/src/models/entities/follow-request.ts @@ -40,7 +40,7 @@ export class FollowRequest { public follower: User | null; @Column('varchar', { - length: 128, nullable: true, + length: 2048, nullable: true, comment: 'id of Follow Activity.', }) public requestId: string | null; From 7ceb96b148fd3d93fbfc8bedb87aa5724805386e Mon Sep 17 00:00:00 2001 From: Johann150 Date: Mon, 12 Sep 2022 18:30:53 +0200 Subject: [PATCH 2/2] limit id length of all incoming activities --- packages/backend/src/queue/processors/inbox.ts | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/packages/backend/src/queue/processors/inbox.ts b/packages/backend/src/queue/processors/inbox.ts index bf25aca20..167e5bc6b 100644 --- a/packages/backend/src/queue/processors/inbox.ts +++ b/packages/backend/src/queue/processors/inbox.ts @@ -127,13 +127,18 @@ export default async (job: Bull.Job): Promise => { } } - // activity.idがあればホストが署名者のホストであることを確認する if (typeof activity.id === 'string') { + // Verify that activity and actor are from the same host. const signerHost = extractDbHost(authUser.user.uri!); const activityIdHost = extractDbHost(activity.id); if (signerHost !== activityIdHost) { return `skip: signerHost(${signerHost}) !== activity.id host(${activityIdHost}`; } + + // Verify that the id has a sane length + if (activity.id.length > 2048) { + return `skip: overly long id from ${signerHost}`; + } } // Update stats