1
0
Fork 0

Merge pull request 'backend: increase requestId max size for GNU Social' () from fix/gnusocial-follow-request-ids into main

Reviewed-on: 
Fixes: 
Changelog: Fixed
This commit is contained in:
Norm 2022-09-12 17:48:37 +00:00
commit 193674ce03
3 changed files with 19 additions and 2 deletions
packages/backend

View file

@ -0,0 +1,12 @@
export class largerFollowRequestIds1662943835603 {
name = 'largerFollowRequestIds1662943835603';
async up(queryRunner) {
await queryRunner.query(`ALTER TABLE "follow_request" ALTER COLUMN "requestId" TYPE VARCHAR(2048)`);
}
async down(queryRunner) {
await queryRunner.query(`ALTER TABLE "follow_request" ALTER COLUMN "requestId" TYPE VARCHAR(128)`);
}
}

View file

@ -40,7 +40,7 @@ export class FollowRequest {
public follower: User | null;
@Column('varchar', {
length: 128, nullable: true,
length: 2048, nullable: true,
comment: 'id of Follow Activity.',
})
public requestId: string | null;

View file

@ -127,13 +127,18 @@ export default async (job: Bull.Job<InboxJobData>): Promise<string> => {
}
}
// activity.idがあればホストが署名者のホストであることを確認する
if (typeof activity.id === 'string') {
// Verify that activity and actor are from the same host.
const signerHost = extractDbHost(authUser.user.uri!);
const activityIdHost = extractDbHost(activity.id);
if (signerHost !== activityIdHost) {
return `skip: signerHost(${signerHost}) !== activity.id host(${activityIdHost}`;
}
// Verify that the id has a sane length
if (activity.id.length > 2048) {
return `skip: overly long id from ${signerHost}`;
}
}
// Update stats