use verify_is_remote_object()

no-overwrite-local
Felix Ableitner 2024-04-11 11:05:32 +02:00
parent 8e20dab661
commit c6378fe0c5
7 changed files with 10 additions and 30 deletions

View File

@ -158,11 +158,6 @@ impl Object for ApubComment {
/// If the parent community, post and comment(s) are not known locally, these are also fetched. /// If the parent community, post and comment(s) are not known locally, these are also fetched.
#[tracing::instrument(skip_all)] #[tracing::instrument(skip_all)]
async fn from_json(note: Note, context: &Data<LemmyContext>) -> Result<ApubComment, LemmyError> { async fn from_json(note: Note, context: &Data<LemmyContext>) -> Result<ApubComment, LemmyError> {
// Avoid overwriting local object
if note.id.is_local(context) {
return note.id.dereference_local(context).await;
}
let creator = note.attributed_to.dereference(context).await?; let creator = note.attributed_to.dereference(context).await?;
let (post, parent_comment) = note.get_parents(context).await?; let (post, parent_comment) = note.get_parents(context).await?;

View File

@ -138,11 +138,6 @@ impl Object for ApubCommunity {
group: Group, group: Group,
context: &Data<Self::DataType>, context: &Data<Self::DataType>,
) -> Result<ApubCommunity, LemmyError> { ) -> Result<ApubCommunity, LemmyError> {
// Avoid overwriting local object
if group.id.is_local(context) {
return group.id.dereference_local(context).await;
}
let instance_id = fetch_instance_actor_for_object(&group.id, context).await?; let instance_id = fetch_instance_actor_for_object(&group.id, context).await?;
let local_site = LocalSite::read(&mut context.pool()).await.ok(); let local_site = LocalSite::read(&mut context.pool()).await.ok();

View File

@ -1,3 +1,4 @@
use super::verify_is_remote_object;
use crate::{ use crate::{
activities::GetActorType, activities::GetActorType,
check_apub_id_valid_with_strictness, check_apub_id_valid_with_strictness,
@ -127,6 +128,7 @@ impl Object for ApubSite {
) -> Result<(), LemmyError> { ) -> Result<(), LemmyError> {
check_apub_id_valid_with_strictness(apub.id.inner(), true, data).await?; check_apub_id_valid_with_strictness(apub.id.inner(), true, data).await?;
verify_domains_match(expected_domain, apub.id.inner())?; verify_domains_match(expected_domain, apub.id.inner())?;
verify_is_remote_object(&apub.id, data)?;
let local_site_data = local_site_data_cached(&mut data.pool()).await?; let local_site_data = local_site_data_cached(&mut data.pool()).await?;
let slur_regex = &local_site_opt_to_slur_regex(&local_site_data.local_site); let slur_regex = &local_site_opt_to_slur_regex(&local_site_data.local_site);
@ -138,10 +140,6 @@ impl Object for ApubSite {
#[tracing::instrument(skip_all)] #[tracing::instrument(skip_all)]
async fn from_json(apub: Self::Kind, context: &Data<Self::DataType>) -> Result<Self, LemmyError> { async fn from_json(apub: Self::Kind, context: &Data<Self::DataType>) -> Result<Self, LemmyError> {
// Avoid overwriting local object
if apub.id.is_local(context) {
return apub.id.dereference_local(context).await;
}
let domain = apub.id.inner().domain().expect("group id has domain"); let domain = apub.id.inner().domain().expect("group id has domain");
let instance = DbInstance::read_or_create(&mut context.pool(), domain.to_string()).await?; let instance = DbInstance::read_or_create(&mut context.pool(), domain.to_string()).await?;

View File

@ -1,3 +1,4 @@
use super::verify_is_remote_object;
use crate::{ use crate::{
activities::GetActorType, activities::GetActorType,
check_apub_id_valid_with_strictness, check_apub_id_valid_with_strictness,
@ -137,6 +138,7 @@ impl Object for ApubPerson {
check_slurs_opt(&person.name, slur_regex)?; check_slurs_opt(&person.name, slur_regex)?;
verify_domains_match(person.id.inner(), expected_domain)?; verify_domains_match(person.id.inner(), expected_domain)?;
verify_is_remote_object(&person.id, context)?;
check_apub_id_valid_with_strictness(person.id.inner(), false, context).await?; check_apub_id_valid_with_strictness(person.id.inner(), false, context).await?;
let bio = read_from_string_or_source_opt(&person.summary, &None, &person.source); let bio = read_from_string_or_source_opt(&person.summary, &None, &person.source);
@ -149,10 +151,6 @@ impl Object for ApubPerson {
person: Person, person: Person,
context: &Data<Self::DataType>, context: &Data<Self::DataType>,
) -> Result<ApubPerson, LemmyError> { ) -> Result<ApubPerson, LemmyError> {
// Avoid overwriting local object
if person.id.is_local(context) {
return person.id.dereference_local(context).await;
}
let instance_id = fetch_instance_actor_for_object(&person.id, context).await?; let instance_id = fetch_instance_actor_for_object(&person.id, context).await?;
let local_site = LocalSite::read(&mut context.pool()).await.ok(); let local_site = LocalSite::read(&mut context.pool()).await.ok();

View File

@ -182,11 +182,6 @@ impl Object for ApubPost {
#[tracing::instrument(skip_all)] #[tracing::instrument(skip_all)]
async fn from_json(page: Page, context: &Data<Self::DataType>) -> Result<ApubPost, LemmyError> { async fn from_json(page: Page, context: &Data<Self::DataType>) -> Result<ApubPost, LemmyError> {
// Avoid overwriting local object
if page.id.is_local(context) {
return page.id.dereference_local(context).await;
}
let creator = page.creator()?.dereference(context).await?; let creator = page.creator()?.dereference(context).await?;
let community = page.community(context).await?; let community = page.community(context).await?;
if community.posting_restricted_to_mods { if community.posting_restricted_to_mods {

View File

@ -1,3 +1,4 @@
use super::verify_is_remote_object;
use crate::{ use crate::{
check_apub_id_valid_with_strictness, check_apub_id_valid_with_strictness,
objects::read_from_string_or_source, objects::read_from_string_or_source,
@ -104,6 +105,7 @@ impl Object for ApubPrivateMessage {
) -> Result<(), LemmyError> { ) -> Result<(), LemmyError> {
verify_domains_match(note.id.inner(), expected_domain)?; verify_domains_match(note.id.inner(), expected_domain)?;
verify_domains_match(note.attributed_to.inner(), note.id.inner())?; verify_domains_match(note.attributed_to.inner(), note.id.inner())?;
verify_is_remote_object(&note.id, context)?;
check_apub_id_valid_with_strictness(note.id.inner(), false, context).await?; check_apub_id_valid_with_strictness(note.id.inner(), false, context).await?;
let person = note.attributed_to.dereference(context).await?; let person = note.attributed_to.dereference(context).await?;
@ -121,11 +123,6 @@ impl Object for ApubPrivateMessage {
note: ChatMessage, note: ChatMessage,
context: &Data<Self::DataType>, context: &Data<Self::DataType>,
) -> Result<ApubPrivateMessage, LemmyError> { ) -> Result<ApubPrivateMessage, LemmyError> {
// Avoid overwriting local object
if note.id.is_local(context) {
return note.id.dereference_local(context).await;
}
let creator = note.attributed_to.dereference(context).await?; let creator = note.attributed_to.dereference(context).await?;
let recipient = note.to[0].dereference(context).await?; let recipient = note.to[0].dereference(context).await?;
check_person_block(creator.id, recipient.id, &mut context.pool()).await?; check_person_block(creator.id, recipient.id, &mut context.pool()).await?;

View File

@ -7,7 +7,7 @@ use crate::{
community_outbox::ApubCommunityOutbox, community_outbox::ApubCommunityOutbox,
}, },
local_site_data_cached, local_site_data_cached,
objects::{community::ApubCommunity, read_from_string_or_source_opt}, objects::{community::ApubCommunity, read_from_string_or_source_opt, verify_is_remote_object},
protocol::{ protocol::{
objects::{Endpoints, LanguageTag}, objects::{Endpoints, LanguageTag},
ImageObject, ImageObject,
@ -15,6 +15,7 @@ use crate::{
}, },
}; };
use activitypub_federation::{ use activitypub_federation::{
config::Data,
fetch::{collection_id::CollectionId, object_id::ObjectId}, fetch::{collection_id::CollectionId, object_id::ObjectId},
kinds::actor::GroupType, kinds::actor::GroupType,
protocol::{ protocol::{
@ -75,10 +76,11 @@ impl Group {
pub(crate) async fn verify( pub(crate) async fn verify(
&self, &self,
expected_domain: &Url, expected_domain: &Url,
context: &LemmyContext, context: &Data<LemmyContext>,
) -> Result<(), LemmyError> { ) -> Result<(), LemmyError> {
check_apub_id_valid_with_strictness(self.id.inner(), true, context).await?; check_apub_id_valid_with_strictness(self.id.inner(), true, context).await?;
verify_domains_match(expected_domain, self.id.inner())?; verify_domains_match(expected_domain, self.id.inner())?;
verify_is_remote_object(&self.id, context)?;
let local_site_data = local_site_data_cached(&mut context.pool()).await?; let local_site_data = local_site_data_cached(&mut context.pool()).await?;
let slur_regex = &local_site_opt_to_slur_regex(&local_site_data.local_site); let slur_regex = &local_site_opt_to_slur_regex(&local_site_data.local_site);