tinternet/mobilizon
5
1
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Prevent upserting local actor

Browse source 
By comparing it's URI

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2020-07-30 18:16:32 +02:00
parent 9fdf7bad0f
commit b9cdd2f02f
No known key found for this signature in database
GPG key ID: A061B9DDE0CA0773
2 changed files with 18 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/federation/activity_pub/activity_pub.ex
View file

@ -96,7 +96,7 @@ defmodule Mobilizon.Federation.ActivityPub do
Logger.debug("Entity is already existing") Logger.debug("Entity is already existing")
entity = entity =
if force_fetch and not compare_origins?(url, Endpoint.url()) do if force_fetch and not are_same_origin?(url, Endpoint.url()) do
Logger.debug("Entity is external and we want a force fetch") Logger.debug("Entity is external and we want a force fetch")
with {:ok, _activity, entity} <- Fetcher.fetch_and_update(url, options) do with {:ok, _activity, entity} <- Fetcher.fetch_and_update(url, options) do
@ -506,6 +506,9 @@ defmodule Mobilizon.Federation.ActivityPub do
""" """
@spec make_actor_from_url(String.t(), boolean()) :: {:ok, %Actor{}} | {:error, any()} @spec make_actor_from_url(String.t(), boolean()) :: {:ok, %Actor{}} | {:error, any()}
def make_actor_from_url(url, preload \\ false) do def make_actor_from_url(url, preload \\ false) do
if are_same_origin?(url, Endpoint.url()) do
{:error, "Can't make a local actor from URL"}
else
case fetch_and_prepare_actor_from_url(url) do case fetch_and_prepare_actor_from_url(url) do
{:ok, data} -> {:ok, data} ->
Actors.upsert_actor(data, preload) Actors.upsert_actor(data, preload)
@ -520,6 +523,7 @@ defmodule Mobilizon.Federation.ActivityPub do
{:error, e} {:error, e}
end end
end end
end
@doc """ @doc """
Find an actor in our local database or call WebFinger to find what's its AP ID is and then fetch it Find an actor in our local database or call WebFinger to find what's its AP ID is and then fetch it

6
lib/federation/activity_pub/utils.ex
View file

@ -248,7 +248,7 @@ defmodule Mobilizon.Federation.ActivityPub.Utils do
when not is_nil(actor) do when not is_nil(actor) do
actor = get_actor(params) actor = get_actor(params)
Logger.debug("Performing origin check on #{id} and #{actor} URIs") Logger.debug("Performing origin check on #{id} and #{actor} URIs")
compare_origins?(id, actor) are_same_origin?(id, actor)
end end
def origin_check?(_id, %{"type" => type} = _params) when type in ["Actor", "Group"], do: true def origin_check?(_id, %{"type" => type} = _params) when type in ["Actor", "Group"], do: true
@ -257,8 +257,8 @@ defmodule Mobilizon.Federation.ActivityPub.Utils do
def origin_check?(_id, _args), do: false def origin_check?(_id, _args), do: false
@spec compare_origins?(String.t(), String.t()) :: boolean() @spec are_same_origin?(String.t(), String.t()) :: boolean()
def compare_origins?(url_1, url_2) when is_binary(url_1) and is_binary(url_2) do def are_same_origin?(url_1, url_2) when is_binary(url_1) and is_binary(url_2) do
uri_1 = URI.parse(url_1) uri_1 = URI.parse(url_1)
uri_2 = URI.parse(url_2) uri_2 = URI.parse(url_2)