From 285fe7c93072b2a8e6a9af6b7e8ffcdefcffbddf Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Fri, 23 Feb 2018 15:09:12 +0100 Subject: Detect posting request in our own inbox --- server/middlewares/validators/activitypub/activity.ts | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'server/middlewares') diff --git a/server/middlewares/validators/activitypub/activity.ts b/server/middlewares/validators/activitypub/activity.ts index 208e23f86..15e8bb079 100644 --- a/server/middlewares/validators/activitypub/activity.ts +++ b/server/middlewares/validators/activitypub/activity.ts @@ -2,16 +2,25 @@ import * as express from 'express' import { body } from 'express-validator/check' import { isRootActivityValid } from '../../../helpers/custom-validators/activitypub/activity' import { logger } from '../../../helpers/logger' +import { getServerActor } from '../../../helpers/utils' +import { ActorModel } from '../../../models/activitypub/actor' import { areValidationErrors } from '../utils' const activityPubValidator = [ body('').custom((value, { req }) => isRootActivityValid(req.body)), - (req: express.Request, res: express.Response, next: express.NextFunction) => { + async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking activity pub parameters') if (areValidationErrors(req, res)) return + const serverActor = await getServerActor() + const remoteActor = res.locals.signature.actor as ActorModel + if (serverActor.id === remoteActor.id) { + logger.error('Receiving request in INBOX by ourselves!', req.body) + return res.sendStatus(409) + } + return next() } ] -- cgit v1.2.3