Detect posting request in our own inbox
This commit is contained in:
parent
1ee48d1903
commit
285fe7c930
3 changed files with 21 additions and 3 deletions
|
@ -12,7 +12,7 @@ const inboxRouter = express.Router()
|
|||
inboxRouter.post('/inbox',
|
||||
signatureValidator,
|
||||
asyncMiddleware(checkSignature),
|
||||
activityPubValidator,
|
||||
asyncMiddleware(activityPubValidator),
|
||||
asyncMiddleware(inboxController)
|
||||
)
|
||||
|
||||
|
@ -20,7 +20,7 @@ inboxRouter.post('/accounts/:name/inbox',
|
|||
signatureValidator,
|
||||
asyncMiddleware(checkSignature),
|
||||
localAccountValidator,
|
||||
activityPubValidator,
|
||||
asyncMiddleware(activityPubValidator),
|
||||
asyncMiddleware(inboxController)
|
||||
)
|
||||
|
||||
|
|
|
@ -1,7 +1,16 @@
|
|||
import { logger } from '../../helpers/logger'
|
||||
import { getServerActor } from '../../helpers/utils'
|
||||
import { ActorModel } from '../../models/activitypub/actor'
|
||||
import { JobQueue } from '../job-queue'
|
||||
|
||||
async function addFetchOutboxJob (actor: ActorModel) {
|
||||
// Don't fetch ourselves
|
||||
const serverActor = await getServerActor()
|
||||
if (serverActor.id === actor.id) {
|
||||
logger.error('Cannot fetch our own outbox!')
|
||||
return
|
||||
}
|
||||
|
||||
const payload = {
|
||||
uris: [ actor.outboxUrl ]
|
||||
}
|
||||
|
|
|
@ -2,16 +2,25 @@ import * as express from 'express'
|
|||
import { body } from 'express-validator/check'
|
||||
import { isRootActivityValid } from '../../../helpers/custom-validators/activitypub/activity'
|
||||
import { logger } from '../../../helpers/logger'
|
||||
import { getServerActor } from '../../../helpers/utils'
|
||||
import { ActorModel } from '../../../models/activitypub/actor'
|
||||
import { areValidationErrors } from '../utils'
|
||||
|
||||
const activityPubValidator = [
|
||||
body('').custom((value, { req }) => isRootActivityValid(req.body)),
|
||||
|
||||
(req: express.Request, res: express.Response, next: express.NextFunction) => {
|
||||
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
||||
logger.debug('Checking activity pub parameters')
|
||||
|
||||
if (areValidationErrors(req, res)) return
|
||||
|
||||
const serverActor = await getServerActor()
|
||||
const remoteActor = res.locals.signature.actor as ActorModel
|
||||
if (serverActor.id === remoteActor.id) {
|
||||
logger.error('Receiving request in INBOX by ourselves!', req.body)
|
||||
return res.sendStatus(409)
|
||||
}
|
||||
|
||||
return next()
|
||||
}
|
||||
]
|
||||
|
|
Loading…
Reference in a new issue