allow redirects in API ap/* endpoints

This commit is contained in:
Johann150 2022-12-21 20:45:55 +01:00
parent aa33708b90
commit 275136cf8b
Signed by untrusted user: Johann150
GPG key ID: 9EE6577A2A06F8F1
3 changed files with 6 additions and 5 deletions

View file

@ -45,7 +45,7 @@ export class Resolver {
}
}
public async resolve(value: string | IObject): Promise<IObject> {
public async resolve(value: string | IObject, allowRedirect = false): Promise<IObject> {
if (value == null) {
throw new Error('resolvee is null (or undefined)');
}
@ -94,7 +94,7 @@ export class Resolver {
)
// Did we actually get the object that corresponds to the canonical URL?
// Does the host we requested stuff from actually correspond to the host that owns the activity?
|| !(getApId(object) == null || getApId(object) === value)
|| !(getApId(object) == null || getApId(object) === value || allowRedirect)
) {
throw new Error('invalid response');
}

View file

@ -29,6 +29,6 @@ export const paramDef = {
// eslint-disable-next-line import/no-default-export
export default define(meta, paramDef, async (ps) => {
const resolver = new Resolver();
const object = await resolver.resolve(ps.uri);
const object = await resolver.resolve(ps.uri, true);
return object;
});

View file

@ -98,9 +98,10 @@ async function fetchAny(uri: string, me: CacheableLocalUser | null | undefined):
]));
if (local != null) return local;
// リモートから一旦オブジェクトフェッチ
// fetch object from remote
const resolver = new Resolver();
const object = await resolver.resolve(uri) as any;
// allow redirect
const object = await resolver.resolve(uri, true) as any;
// /@user のような正規id以外で取得できるURIが指定されていた場合、ここで初めて正規URIが確定する
// これはDBに存在する可能性があるため再度DB検索