From c30dac02108df2f84bfba8641cfd22b97b17d9ee Mon Sep 17 00:00:00 2001
From: Laura Hausmann <laura@hausmann.dev>
Date: Mon, 26 Feb 2024 22:34:55 +0100
Subject: [PATCH] [backend/federation] Reject activities with mismatching
 activity & actor id hosts

---
 .../Core/Federation/ActivityPub/ActivityHandlerService.cs      | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Iceshrimp.Backend/Core/Federation/ActivityPub/ActivityHandlerService.cs b/Iceshrimp.Backend/Core/Federation/ActivityPub/ActivityHandlerService.cs
index 8ee3a6f5..62fa9f08 100644
--- a/Iceshrimp.Backend/Core/Federation/ActivityPub/ActivityHandlerService.cs
+++ b/Iceshrimp.Backend/Core/Federation/ActivityPub/ActivityHandlerService.cs
@@ -50,6 +50,9 @@ public class ActivityHandlerService(
 		if (resolvedActor.Id != authFetchUserId && authFetchUserId != null)
 			throw GracefulException
 				.UnprocessableEntity($"Authorized fetch user id {authFetchUserId} doesn't match resolved actor id {resolvedActor.Id}");
+		if (new Uri(activity.Actor.Id).Host != new Uri(activity.Id).Host)
+			throw GracefulException
+				.UnprocessableEntity($"Activity identifier ({activity.Actor.Id}) host doesn't match actor identifier ({activity.Id}) host");
 		if (resolvedActor.Host == null || resolvedActor.Uri == null)
 			throw new Exception("resolvedActor.Host and resolvedActor.Uri must not be null at this stage");