X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Factivitypub%2Factivity.ts;h=d24e4427b79cf5191ca4dd364fc72c004ed7e06a;hb=c4fa01f7c45b66b112ebd08abce744b7c4041feb;hp=78a6d144470df2db801e1d4e126a686a81fb6ca7;hpb=0d0e8dd0904b380b70e19ebcb4763d65601c4632;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/middlewares/validators/activitypub/activity.ts b/server/middlewares/validators/activitypub/activity.ts
index 78a6d1444..d24e4427b 100644
--- a/server/middlewares/validators/activitypub/activity.ts
+++ b/server/middlewares/validators/activitypub/activity.ts
@@ -1,18 +1,26 @@
-import { body } from 'express-validator/check'
 import * as express from 'express'
+import { getServerActor } from '@server/models/application/application'
+import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes'
+import { isRootActivityValid } from '../../../helpers/custom-validators/activitypub/activity'
+import { logger } from '../../../helpers/logger'
 
-import { logger, isRootActivityValid } from '../../../helpers'
-import { checkErrors } from '../utils'
+async function activityPubValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+  logger.debug('Checking activity pub parameters')
 
-const activityPubValidator = [
-  body('data').custom(isRootActivityValid),
-
-  (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking activity pub parameters', { parameters: req.body })
+  if (!isRootActivityValid(req.body)) {
+    logger.warn('Incorrect activity parameters.', { activity: req.body })
+    return res.fail({ message: 'Incorrect activity' })
+  }
 
-    checkErrors(req, res, next)
+  const serverActor = await getServerActor()
+  const remoteActor = res.locals.signature.actor
+  if (serverActor.id === remoteActor.id || remoteActor.serverId === null) {
+    logger.error('Receiving request in INBOX by ourselves!', req.body)
+    return res.status(HttpStatusCode.CONFLICT_409).end()
   }
-]
+
+  return next()
+}
 
 // ---------------------------------------------------------------------------