notfire/Iceshrimp.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[backend/federation] Enforce federation control in ActivityFetcherService

Browse source 
With this there should be no remaining ways for new activities from blocked instances to make it into the database.
This commit is contained in:
Laura Hausmann 2024-04-28 18:51:37 +02:00
parent ead8e126f1
commit a7898e8aa9
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
Iceshrimp.Backend/Core/Federation/ActivityPub/ActivityFetcherService.cs
View file

@ -21,7 +21,8 @@ public class ActivityFetcherService(
HttpRequestService httpRqSvc,
SystemUserService systemUserSvc,
DatabaseContext db,
ILogger<ActivityFetcherService> logger
ILogger<ActivityFetcherService> logger,
FederationControlService fedCtrlSvc
)
{
private static readonly IReadOnlyCollection<string> AcceptableActivityTypes =
@ -77,6 +78,12 @@ public class ActivityFetcherService(
var requestHost = new Uri(url).Host;
if (requestHost == config.Value.WebDomain || requestHost == config.Value.AccountDomain)
throw GracefulException.UnprocessableEntity("Refusing to fetch activity from local domain");
if (await fedCtrlSvc.ShouldBlockAsync(requestHost))
{
logger.LogDebug("Refusing to fetch activity from blocked instance");
return (null, new Uri(url));
}
var request = httpRqSvc.GetSigned(url, AcceptableActivityTypes, actor, keypair);
var response = await client.SendAsync(request);