aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2018-02-23 15:09:12 +0100
committerChocobozzz <me@florianbigard.com>2018-02-23 15:09:12 +0100
commit285fe7c93072b2a8e6a9af6b7e8ffcdefcffbddf (patch)
tree198ee1eef4094abc4af73b3ff957c1d3b03210e3
parent1ee48d19036199169eca061f1ecccd2f2c8fd359 (diff)
downloadPeerTube-285fe7c93072b2a8e6a9af6b7e8ffcdefcffbddf.tar.gz
PeerTube-285fe7c93072b2a8e6a9af6b7e8ffcdefcffbddf.tar.zst
PeerTube-285fe7c93072b2a8e6a9af6b7e8ffcdefcffbddf.zip
Detect posting request in our own inbox
-rw-r--r--server/controllers/activitypub/inbox.ts4
-rw-r--r--server/lib/activitypub/fetch.ts9
-rw-r--r--server/middlewares/validators/activitypub/activity.ts11
3 files changed, 21 insertions, 3 deletions
diff --git a/server/controllers/activitypub/inbox.ts b/server/controllers/activitypub/inbox.ts
index 8d65639f8..bd0d7a9c8 100644
--- a/server/controllers/activitypub/inbox.ts
+++ b/server/controllers/activitypub/inbox.ts
@@ -12,7 +12,7 @@ const inboxRouter = express.Router()
12inboxRouter.post('/inbox', 12inboxRouter.post('/inbox',
13 signatureValidator, 13 signatureValidator,
14 asyncMiddleware(checkSignature), 14 asyncMiddleware(checkSignature),
15 activityPubValidator, 15 asyncMiddleware(activityPubValidator),
16 asyncMiddleware(inboxController) 16 asyncMiddleware(inboxController)
17) 17)
18 18
@@ -20,7 +20,7 @@ inboxRouter.post('/accounts/:name/inbox',
20 signatureValidator, 20 signatureValidator,
21 asyncMiddleware(checkSignature), 21 asyncMiddleware(checkSignature),
22 localAccountValidator, 22 localAccountValidator,
23 activityPubValidator, 23 asyncMiddleware(activityPubValidator),
24 asyncMiddleware(inboxController) 24 asyncMiddleware(inboxController)
25) 25)
26 26
diff --git a/server/lib/activitypub/fetch.ts b/server/lib/activitypub/fetch.ts
index b1b370a1a..549791f14 100644
--- a/server/lib/activitypub/fetch.ts
+++ b/server/lib/activitypub/fetch.ts
@@ -1,7 +1,16 @@
1import { logger } from '../../helpers/logger'
2import { getServerActor } from '../../helpers/utils'
1import { ActorModel } from '../../models/activitypub/actor' 3import { ActorModel } from '../../models/activitypub/actor'
2import { JobQueue } from '../job-queue' 4import { JobQueue } from '../job-queue'
3 5
4async function addFetchOutboxJob (actor: ActorModel) { 6async function addFetchOutboxJob (actor: ActorModel) {
7 // Don't fetch ourselves
8 const serverActor = await getServerActor()
9 if (serverActor.id === actor.id) {
10 logger.error('Cannot fetch our own outbox!')
11 return
12 }
13
5 const payload = { 14 const payload = {
6 uris: [ actor.outboxUrl ] 15 uris: [ actor.outboxUrl ]
7 } 16 }
diff --git a/server/middlewares/validators/activitypub/activity.ts b/server/middlewares/validators/activitypub/activity.ts
index 208e23f86..15e8bb079 100644
--- a/server/middlewares/validators/activitypub/activity.ts
+++ b/server/middlewares/validators/activitypub/activity.ts
@@ -2,16 +2,25 @@ import * as express from 'express'
2import { body } from 'express-validator/check' 2import { body } from 'express-validator/check'
3import { isRootActivityValid } from '../../../helpers/custom-validators/activitypub/activity' 3import { isRootActivityValid } from '../../../helpers/custom-validators/activitypub/activity'
4import { logger } from '../../../helpers/logger' 4import { logger } from '../../../helpers/logger'
5import { getServerActor } from '../../../helpers/utils'
6import { ActorModel } from '../../../models/activitypub/actor'
5import { areValidationErrors } from '../utils' 7import { areValidationErrors } from '../utils'
6 8
7const activityPubValidator = [ 9const activityPubValidator = [
8 body('').custom((value, { req }) => isRootActivityValid(req.body)), 10 body('').custom((value, { req }) => isRootActivityValid(req.body)),
9 11
10 (req: express.Request, res: express.Response, next: express.NextFunction) => { 12 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
11 logger.debug('Checking activity pub parameters') 13 logger.debug('Checking activity pub parameters')
12 14
13 if (areValidationErrors(req, res)) return 15 if (areValidationErrors(req, res)) return
14 16
17 const serverActor = await getServerActor()
18 const remoteActor = res.locals.signature.actor as ActorModel
19 if (serverActor.id === remoteActor.id) {
20 logger.error('Receiving request in INBOX by ourselves!', req.body)
21 return res.sendStatus(409)
22 }
23
15 return next() 24 return next()
16 } 25 }
17] 26]