From 1bb199bf590accf73f3a5966d2efc83d8a8a34c8 Mon Sep 17 00:00:00 2001 From: Laura Hausmann Date: Sun, 19 Jan 2025 09:59:43 +0100 Subject: [PATCH] [backend/federation] Make publish/update date checks stricter (ISH-687) --- Iceshrimp.Backend/Core/Services/NoteService.cs | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/Iceshrimp.Backend/Core/Services/NoteService.cs b/Iceshrimp.Backend/Core/Services/NoteService.cs index 3190df3f..7a55be2e 100644 --- a/Iceshrimp.Backend/Core/Services/NoteService.cs +++ b/Iceshrimp.Backend/Core/Services/NoteService.cs @@ -964,9 +964,12 @@ public class NoteService( return null; } - if (note.PublishedAt is null or { Year: < 2007 } || note.PublishedAt > DateTime.Now + TimeSpan.FromDays(3)) + if (note.PublishedAt is null or { Year: < 2007 } || note.PublishedAt > DateTime.Now + TimeSpan.FromMinutes(5)) throw GracefulException.UnprocessableEntity("Note.PublishedAt is nonsensical"); + if (note.PublishedAt > DateTime.Now) + note.PublishedAt = DateTime.Now; + if (replyUri != null) { if (reply == null && note.Name != null) @@ -1084,11 +1087,14 @@ public class NoteService( throw GracefulException.Forbidden("User is suspended"); if (dbNote.UpdatedAt != null && dbNote.UpdatedAt > updatedAt) throw GracefulException.UnprocessableEntity("Note update is older than last known version"); - if (updatedAt.Year < 2007 || updatedAt > DateTime.Now + TimeSpan.FromDays(3)) + if (updatedAt.Year < 2007 || updatedAt > DateTime.Now + TimeSpan.FromMinutes(5)) throw GracefulException.UnprocessableEntity("updatedAt is nonsensical"); if (actor.Host == null) throw GracefulException.UnprocessableEntity("User.Host is null"); + if (note.UpdatedAt > DateTime.Now) + note.UpdatedAt = DateTime.Now; + var mentionData = await ResolveNoteMentionsAsync(note); var text = note.MkContent;