notfire/Iceshrimp.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[backend/core] Validate actor public key host

Browse source
This commit is contained in:
Laura Hausmann 2024-03-24 19:17:33 +01:00
parent cabe5d52e7
commit 25a50ef9eb
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Iceshrimp.Backend/Core/Services/UserService.cs
View file

@ -113,9 +113,10 @@ public class UserService(
if (actor.Id != uri) if (actor.Id != uri)
throw GracefulException.UnprocessableEntity("Uri doesn't match id of fetched actor"); throw GracefulException.UnprocessableEntity("Uri doesn't match id of fetched actor");
if (actor.PublicKey?.Id == null || actor.PublicKey?.PublicKey == null) if (actor.PublicKey?.Id == null || actor.PublicKey?.PublicKey == null)
throw GracefulException.UnprocessableEntity("Actor has no valid public key"); throw GracefulException.UnprocessableEntity("Actor has no valid public key");
if (new Uri(actor.PublicKey.Id).Host != new Uri(actor.Id).Host)
throw GracefulException.UnprocessableEntity("Actor public key id host doesn't match actor id host");
var host = AcctToTuple(acct).Host ?? throw new Exception("Host must not be null at this stage"); var host = AcctToTuple(acct).Host ?? throw new Exception("Host must not be null at this stage");