notfire/Iceshrimp.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[backend/federation] Verify actor publicKey host

Browse source
This commit is contained in:
Laura Hausmann 2024-02-16 03:43:35 +01:00
parent 9496d81abe
commit 2da0f95026
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Iceshrimp.Backend/Core/Federation/ActivityStreams/Types/ASActor.cs
View file

@ -128,7 +128,9 @@ public class ASActor : ASObject {
!Regex.IsMatch(Username, @"^\w([\w-.]*\w)?$"))
throw new Exception("Actor username is invalid");
//TODO: validate publicKey id host
var publicKeyId = PublicKey?.Id ?? throw new Exception("Invalid actor: missing PublicKey?.Id");
if (new Uri(publicKeyId).Host != new Uri(uri).Host)
throw new Exception("Invalid actor: public key id / actor id host mismatch");
DisplayName = DisplayName switch {
{ Length: > 0 } => DisplayName.Truncate(DisplayNameLength),