From 41f7bcc0d24739c210ec389d6c6759761bec56ae Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Tue, 2 Nov 2021 14:18:12 +0100 Subject: [PATCH] Correctly use and document check_is_apub_id_valid() param use_strict_allowlist --- crates/apub/src/lib.rs | 2 ++ crates/apub/src/objects/comment.rs | 2 ++ crates/apub/src/objects/post.rs | 2 ++ crates/apub/src/protocol/objects/group.rs | 2 ++ 4 files changed, 8 insertions(+) diff --git a/crates/apub/src/lib.rs b/crates/apub/src/lib.rs index f38a9f86d..75d7a62fa 100644 --- a/crates/apub/src/lib.rs +++ b/crates/apub/src/lib.rs @@ -30,6 +30,8 @@ use url::{ParseError, Url}; /// - URL being in the allowlist (if it is active) /// - URL not being in the blocklist (if it is active) /// +/// `use_strict_allowlist` should be true only when parsing a remote community, or when parsing a +/// post/comment in a local community. pub(crate) fn check_is_apub_id_valid( apub_id: &Url, use_strict_allowlist: bool, diff --git a/crates/apub/src/objects/comment.rs b/crates/apub/src/objects/comment.rs index 3e3d10df3..e5ffb7ca2 100644 --- a/crates/apub/src/objects/comment.rs +++ b/crates/apub/src/objects/comment.rs @@ -28,6 +28,7 @@ use lemmy_websocket::LemmyContext; use crate::{ activities::verify_person_in_community, + check_is_apub_id_valid, fetcher::object_id::ObjectId, protocol::{ objects::{ @@ -149,6 +150,7 @@ impl ApubObject for ApubComment { Community::read(conn, community_id) }) .await??; + check_is_apub_id_valid(¬e.id, community.local, &context.settings())?; verify_person_in_community( ¬e.attributed_to, &community.into(), diff --git a/crates/apub/src/objects/post.rs b/crates/apub/src/objects/post.rs index 7f142be53..c19c62779 100644 --- a/crates/apub/src/objects/post.rs +++ b/crates/apub/src/objects/post.rs @@ -1,5 +1,6 @@ use crate::{ activities::verify_person_in_community, + check_is_apub_id_valid, fetcher::object_id::ObjectId, protocol::{ objects::{page::Page, tombstone::Tombstone}, @@ -148,6 +149,7 @@ impl ApubObject for ApubPost { .dereference(context, request_counter) .await?; let community = page.extract_community(context, request_counter).await?; + check_is_apub_id_valid(&page.id, community.local, &context.settings())?; verify_person_in_community(&page.attributed_to, &community, context, request_counter).await?; let thumbnail_url: Option = page.image.clone().map(|i| i.url); diff --git a/crates/apub/src/protocol/objects/group.rs b/crates/apub/src/protocol/objects/group.rs index 945878904..4da987a25 100644 --- a/crates/apub/src/protocol/objects/group.rs +++ b/crates/apub/src/protocol/objects/group.rs @@ -1,4 +1,5 @@ use crate::{ + check_is_apub_id_valid, collections::{ community_moderators::ApubCommunityModerators, community_outbox::ApubCommunityOutbox, @@ -60,6 +61,7 @@ impl Group { expected_domain: &Url, settings: &Settings, ) -> Result { + check_is_apub_id_valid(&group.id, true, settings)?; verify_domains_match(expected_domain, &group.id)?; let name = group.preferred_username.clone(); let title = group.name.clone();