Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: noremalize actor property in middleware

Browse Source
This commit is contained in:
Opliko
2024-04-12 16:42:54 +02:00
parent 52271caec2
commit 18ba2e38ec
1 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/middleware/activitypub.js
View File

@@ -50,11 +50,20 @@ middleware.validate = async function (req, res, next) {
const { actor, object } = req.body;
// Actor normalization
if (typeof actor === 'object' && actor.hasOwnProperty('id')) {
req.body.actor = actor.id;
}
if (Array.isArray(actor)) {
req.body.actor = actor.map(a => (typeof a === 'string' ? a : a.id));
}
// Origin checking
if (typeof object !== 'string' && object.hasOwnProperty('id')) {
const actorHostname = new URL(actor).hostname;
const actorHostnames = Array.isArray(actor) ? actor.map(a => new URL(a).hostname) : [new URL(actor).hostname];
const objectHostname = new URL(object.id).hostname;
if (actorHostname !== objectHostname) {
// require that all actors have the same hostname as the object for now
if (!actorHostnames.every(actorHostname => actorHostname === objectHostname)) {
winston.verbose('[middleware/activitypub] Origin check failed, stripping object down to id.');
req.body.object = [object.id];
}