X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Flib%2Factivitypub%2Fprocess%2Fprocess.ts;h=b9b255ddfcba2e95128d83b667921f873ea73be0;hb=a8a63227781c6815532cb7a68699b08fdb0368be;hp=b263f1ea22c91007d02ee70cba861790b8fd3457;hpb=12ba460e9ebf4951f9c1caee8822a8ca1523563f;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/lib/activitypub/process/process.ts b/server/lib/activitypub/process/process.ts
index b263f1ea2..b9b255ddf 100644
--- a/server/lib/activitypub/process/process.ts
+++ b/server/lib/activitypub/process/process.ts
@@ -1,5 +1,5 @@
 import { Activity, ActivityType } from '../../../../shared/models/activitypub'
-import { getActorUrl } from '../../../helpers/activitypub'
+import { checkUrlsSameHost, getActorUrl } from '../../../helpers/activitypub'
 import { logger } from '../../../helpers/logger'
 import { ActorModel } from '../../../models/activitypub/actor'
 import { processAcceptActivity } from './process-accept'
@@ -25,11 +25,17 @@ const processActivity: { [ P in ActivityType ]: (activity: Activity, byActor: Ac
   Like: processLikeActivity
 }
 
-async function processActivities (activities: Activity[], signatureActor?: ActorModel, inboxActor?: ActorModel) {
+async function processActivities (
+  activities: Activity[],
+  options: {
+    signatureActor?: ActorModel
+    inboxActor?: ActorModel
+    outboxUrl?: string
+  } = {}) {
   const actorsCache: { [ url: string ]: ActorModel } = {}
 
   for (const activity of activities) {
-    if (!signatureActor && [ 'Create', 'Announce', 'Like' ].indexOf(activity.type) === -1) {
+    if (!options.signatureActor && [ 'Create', 'Announce', 'Like' ].indexOf(activity.type) === -1) {
       logger.error('Cannot process activity %s (type: %s) without the actor signature.', activity.id, activity.type)
       continue
     }
@@ -37,12 +43,17 @@ async function processActivities (activities: Activity[], signatureActor?: Actor
     const actorUrl = getActorUrl(activity.actor)
 
     // When we fetch remote data, we don't have signature
-    if (signatureActor && actorUrl !== signatureActor.url) {
-      logger.warn('Signature mismatch between %s and %s.', actorUrl, signatureActor.url)
+    if (options.signatureActor && actorUrl !== options.signatureActor.url) {
+      logger.warn('Signature mismatch between %s and %s, skipping.', actorUrl, options.signatureActor.url)
       continue
     }
 
-    const byActor = signatureActor || actorsCache[actorUrl] || await getOrCreateActorAndServerAndModel(actorUrl)
+    if (options.outboxUrl && checkUrlsSameHost(options.outboxUrl, actorUrl) !== true) {
+      logger.warn('Host mismatch between outbox URL %s and actor URL %s, skipping.', options.outboxUrl, actorUrl)
+      continue
+    }
+
+    const byActor = options.signatureActor || actorsCache[actorUrl] || await getOrCreateActorAndServerAndModel(actorUrl)
     actorsCache[actorUrl] = byActor
 
     const activityProcessor = processActivity[activity.type]
@@ -52,7 +63,7 @@ async function processActivities (activities: Activity[], signatureActor?: Actor
     }
 
     try {
-      await activityProcessor(activity, byActor, inboxActor)
+      await activityProcessor(activity, byActor, options.inboxActor)
     } catch (err) {
       logger.warn('Cannot process activity %s.', activity.type, { err })
     }