Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: origin checking on received Update activities

Browse Source
This commit is contained in:
Julian Lam
2024-01-30 12:11:10 -05:00
parent 0e59f3124e
commit 6930973d7a
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
public/language/en-GB/error.json
View File

@@ -281,5 +281,6 @@
"activitypub.invalid-id": "Unable to resolve the input id, likely as it is malformed.", "activitypub.invalid-id": "Unable to resolve the input id, likely as it is malformed.",
"activitypub.get-failed": "Unable to retrieve the specified resource.", "activitypub.get-failed": "Unable to retrieve the specified resource.",
"activitypub.pubKey-not-found": "Unable to resolve public key, so payload verification cannot take place." "activitypub.pubKey-not-found": "Unable to resolve public key, so payload verification cannot take place.",
"activitypub.origin-mismatch": "The received object's origin does not match the sender's origin"
} }

9
src/activitypub/inbox.js
View File

@@ -24,7 +24,14 @@ inbox.create = async (req) => {
}; };
inbox.update = async (req) => { inbox.update = async (req) => {
const { object } = req.body; const { actor, object } = req.body;
// Origin checking
const actorHostname = new URL(actor).hostname;
const objectHostname = new URL(object.id).hostname;
if (actorHostname !== objectHostname) {
throw new Error('[[error:activitypub.origin-mismatch]]');
}
switch (object.type) { switch (object.type) {
case 'Note': { case 'Note': {