Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-02 03:55:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: restrict loopback calls

Browse Source
This commit is contained in:
Julian Lam
2024-02-26 16:12:40 -05:00
parent 5f85e70006
commit 77a3efb43c
4 changed files with 51 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/activitypub/index.js
View File

@@ -6,6 +6,7 @@ const { createHash, createSign, createVerify } = require('crypto');
const request = require('../request');
const db = require('../database');
const meta = require('../meta');
const user = require('../user');
const utils = require('../utils');
const ttl = require('../cache/ttl');
@@ -45,6 +46,13 @@ ActivityPub.resolveId = async (uid, id) => {
ActivityPub.resolveInboxes = async (ids) => {
const inboxes = new Set();
if (!meta.config.activitypubAllowLoopback) {
ids = ids.filter((id) => {
const { hostname } = new URL(id);
return hostname !== nconf.get('url_parsed').hostname;
});
}
await ActivityPub.actors.assert(ids);
await Promise.all(ids.map(async (id) => {
const { inbox, sharedInbox } = await user.getUserFields(id, ['inbox', 'sharedInbox']);