notfire/Iceshrimp.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[backend/federation] Validate activity id host in ActivityFetcherService

Browse source
This commit is contained in:
Laura Hausmann 2024-02-15 20:55:08 +01:00
parent 71d8b28d28
commit 3da162e302
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
1 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
Iceshrimp.Backend/Core/Federation/ActivityPub/ActivityFetcherService.cs
View file

@ -29,12 +29,22 @@ public class ActivityFetcherService(HttpClient client, HttpRequestService httpRq
and not "application/json")
return [];
var finalUri = response.RequestMessage?.RequestUri ??
throw new Exception("RequestMessage must not be null at this stage");
var input = await response.Content.ReadAsStringAsync();
var json = JsonConvert.DeserializeObject<JObject?>(input, JsonSerializerSettings);
var res = LdHelpers.Expand(json) ?? throw new GracefulException("Failed to expand JSON-LD object");
return res.Select(p => p.ToObject<ASObject>(new JsonSerializer { Converters = { new ASObjectConverter() } }) ??
throw new GracefulException("Failed to deserialize activity"));
var activities =
res.Select(p => p.ToObject<ASObject>(new JsonSerializer { Converters = { new ASObjectConverter() } }) ??
throw new GracefulException("Failed to deserialize activity"))
.ToList();
if (activities.Any(p => new Uri(p.Id).Host != finalUri.Host))
throw new GracefulException("Activity identifier doesn't match final host");
return activities;
}
public async Task<ASActor> FetchActorAsync(string uri, User actor, UserKeypair keypair) {