puniko/FoundKey
1
0
Fork 0
forked from FoundKeyGang/FoundKey
Code Issues Pull requests Projects Releases Packages Wiki Activity

server: check for valid keyId URL before parse

Browse source
This commit is contained in:
Johann150 2023-04-16 19:33:28 +02:00
parent f7bd210316
commit 75fd42b070
Signed by untrusted user: Johann150
GPG key ID: 9EE6577A2A06F8F1
1 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
packages/backend/src/queue/processors/inbox.ts
View file

@ -29,18 +29,18 @@ export default async (job: Bull.Job<InboxJobData>): Promise<string> => {
logger.debug(JSON.stringify(info, null, 2)); logger.debug(JSON.stringify(info, null, 2));
//#endregion //#endregion
const host = toPuny(new URL(signature.keyId).hostname); const keyIdLower = signature.keyId.toLowerCase();
if (keyIdLower.startsWith('acct:')) {
return `Old keyId is no longer supported. ${keyIdLower}`;
}
const host = toPuny(new URL(keyIdLower).hostname);
// Stop if the host is blocked. // Stop if the host is blocked.
if (await shouldBlockInstance(host)) { if (await shouldBlockInstance(host)) {
return `Blocked request: ${host}`; return `Blocked request: ${host}`;
} }
const keyIdLower = signature.keyId.toLowerCase();
if (keyIdLower.startsWith('acct:')) {
return `Old keyId is no longer supported. ${keyIdLower}`;
}
const resolver = new Resolver(); const resolver = new Resolver();
let authUser; let authUser;