aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2018-02-23 15:09:12 +0100
committerChocobozzz <me@florianbigard.com>2018-02-23 15:09:12 +0100
commit285fe7c93072b2a8e6a9af6b7e8ffcdefcffbddf (patch)
tree198ee1eef4094abc4af73b3ff957c1d3b03210e3 /server/middlewares
parent1ee48d19036199169eca061f1ecccd2f2c8fd359 (diff)
downloadPeerTube-285fe7c93072b2a8e6a9af6b7e8ffcdefcffbddf.tar.gz
PeerTube-285fe7c93072b2a8e6a9af6b7e8ffcdefcffbddf.tar.zst
PeerTube-285fe7c93072b2a8e6a9af6b7e8ffcdefcffbddf.zip
Detect posting request in our own inbox
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/validators/activitypub/activity.ts11
1 files changed, 10 insertions, 1 deletions
diff --git a/server/middlewares/validators/activitypub/activity.ts b/server/middlewares/validators/activitypub/activity.ts
index 208e23f86..15e8bb079 100644
--- a/server/middlewares/validators/activitypub/activity.ts
+++ b/server/middlewares/validators/activitypub/activity.ts
@@ -2,16 +2,25 @@ import * as express from 'express'
2import { body } from 'express-validator/check' 2import { body } from 'express-validator/check'
3import { isRootActivityValid } from '../../../helpers/custom-validators/activitypub/activity' 3import { isRootActivityValid } from '../../../helpers/custom-validators/activitypub/activity'
4import { logger } from '../../../helpers/logger' 4import { logger } from '../../../helpers/logger'
5import { getServerActor } from '../../../helpers/utils'
6import { ActorModel } from '../../../models/activitypub/actor'
5import { areValidationErrors } from '../utils' 7import { areValidationErrors } from '../utils'
6 8
7const activityPubValidator = [ 9const activityPubValidator = [
8 body('').custom((value, { req }) => isRootActivityValid(req.body)), 10 body('').custom((value, { req }) => isRootActivityValid(req.body)),
9 11
10 (req: express.Request, res: express.Response, next: express.NextFunction) => { 12 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
11 logger.debug('Checking activity pub parameters') 13 logger.debug('Checking activity pub parameters')
12 14
13 if (areValidationErrors(req, res)) return 15 if (areValidationErrors(req, res)) return
14 16
17 const serverActor = await getServerActor()
18 const remoteActor = res.locals.signature.actor as ActorModel
19 if (serverActor.id === remoteActor.id) {
20 logger.error('Receiving request in INBOX by ourselves!', req.body)
21 return res.sendStatus(409)
22 }
23
15 return next() 24 return next()
16 } 25 }
17] 26]