From 25a50ef9eba48551d40abd95caf23bcccff31053 Mon Sep 17 00:00:00 2001
From: Laura Hausmann <laura@hausmann.dev>
Date: Sun, 24 Mar 2024 19:17:33 +0100
Subject: [PATCH] [backend/core] Validate actor public key host

---
 Iceshrimp.Backend/Core/Services/UserService.cs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Iceshrimp.Backend/Core/Services/UserService.cs b/Iceshrimp.Backend/Core/Services/UserService.cs
index 0a4875dc..4e0e1ef9 100644
--- a/Iceshrimp.Backend/Core/Services/UserService.cs
+++ b/Iceshrimp.Backend/Core/Services/UserService.cs
@@ -113,9 +113,10 @@ public class UserService(
 
 		if (actor.Id != uri)
 			throw GracefulException.UnprocessableEntity("Uri doesn't match id of fetched actor");
-
 		if (actor.PublicKey?.Id == null || actor.PublicKey?.PublicKey == null)
 			throw GracefulException.UnprocessableEntity("Actor has no valid public key");
+		if (new Uri(actor.PublicKey.Id).Host != new Uri(actor.Id).Host)
+			throw GracefulException.UnprocessableEntity("Actor public key id host doesn't match actor id host");
 
 		var host = AcctToTuple(acct).Host ?? throw new Exception("Host must not be null at this stage");