From 285fe7c93072b2a8e6a9af6b7e8ffcdefcffbddf Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Fri, 23 Feb 2018 15:09:12 +0100
Subject: Detect posting request in our own inbox

---
 server/middlewares/validators/activitypub/activity.ts | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'server/middlewares/validators/activitypub')

diff --git a/server/middlewares/validators/activitypub/activity.ts b/server/middlewares/validators/activitypub/activity.ts
index 208e23f86..15e8bb079 100644
--- a/server/middlewares/validators/activitypub/activity.ts
+++ b/server/middlewares/validators/activitypub/activity.ts
@@ -2,16 +2,25 @@ import * as express from 'express'
 import { body } from 'express-validator/check'
 import { isRootActivityValid } from '../../../helpers/custom-validators/activitypub/activity'
 import { logger } from '../../../helpers/logger'
+import { getServerActor } from '../../../helpers/utils'
+import { ActorModel } from '../../../models/activitypub/actor'
 import { areValidationErrors } from '../utils'
 
 const activityPubValidator = [
   body('').custom((value, { req }) => isRootActivityValid(req.body)),
 
-  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     logger.debug('Checking activity pub parameters')
 
     if (areValidationErrors(req, res)) return
 
+    const serverActor = await getServerActor()
+    const remoteActor = res.locals.signature.actor as ActorModel
+    if (serverActor.id === remoteActor.id) {
+      logger.error('Receiving request in INBOX by ourselves!', req.body)
+      return res.sendStatus(409)
+    }
+
     return next()
   }
 ]
-- 
cgit v1.2.3