Correctly use and document check_is_apub_id_valid() param use_strict_allowlist
authorFelix Ableitner <me@nutomic.com>
Tue, 2 Nov 2021 13:18:12 +0000 (14:18 +0100)
committerFelix Ableitner <me@nutomic.com>
Tue, 2 Nov 2021 20:39:06 +0000 (21:39 +0100)
crates/apub/src/lib.rs
crates/apub/src/objects/comment.rs
crates/apub/src/objects/post.rs
crates/apub/src/protocol/objects/group.rs

index f38a9f86d1485ea898f9c59f16837a63ba617acb..75d7a62fafd324a3fdba2d71e8f40f7e38b31198 100644 (file)
@@ -30,6 +30,8 @@ use url::{ParseError, Url};
 /// - URL being in the allowlist (if it is active)
 /// - URL not being in the blocklist (if it is active)
 ///
+/// `use_strict_allowlist` should be true only when parsing a remote community, or when parsing a
+/// post/comment in a local community.
 pub(crate) fn check_is_apub_id_valid(
   apub_id: &Url,
   use_strict_allowlist: bool,
index 3e3d10df30a18d8008dd57ef5d74679747499c05..e5ffb7ca2e8269012626a8962ab1150119d6075c 100644 (file)
@@ -28,6 +28,7 @@ use lemmy_websocket::LemmyContext;
 
 use crate::{
   activities::verify_person_in_community,
+  check_is_apub_id_valid,
   fetcher::object_id::ObjectId,
   protocol::{
     objects::{
@@ -149,6 +150,7 @@ impl ApubObject for ApubComment {
       Community::read(conn, community_id)
     })
     .await??;
+    check_is_apub_id_valid(&note.id, community.local, &context.settings())?;
     verify_person_in_community(
       &note.attributed_to,
       &community.into(),
index 7f142be535c9beb3a906b36ab123bf424b857466..c19c62779fa31a18d5a5d1c56167bb31724ddf4b 100644 (file)
@@ -1,5 +1,6 @@
 use crate::{
   activities::verify_person_in_community,
+  check_is_apub_id_valid,
   fetcher::object_id::ObjectId,
   protocol::{
     objects::{page::Page, tombstone::Tombstone},
@@ -148,6 +149,7 @@ impl ApubObject for ApubPost {
       .dereference(context, request_counter)
       .await?;
     let community = page.extract_community(context, request_counter).await?;
+    check_is_apub_id_valid(&page.id, community.local, &context.settings())?;
     verify_person_in_community(&page.attributed_to, &community, context, request_counter).await?;
 
     let thumbnail_url: Option<Url> = page.image.clone().map(|i| i.url);
index 945878904b39bc406d5af31916cdc24fa162e64d..4da987a25a3aa617514966a3f009390edd9254cc 100644 (file)
@@ -1,4 +1,5 @@
 use crate::{
+  check_is_apub_id_valid,
   collections::{
     community_moderators::ApubCommunityModerators,
     community_outbox::ApubCommunityOutbox,
@@ -60,6 +61,7 @@ impl Group {
     expected_domain: &Url,
     settings: &Settings,
   ) -> Result<CommunityForm, LemmyError> {
+    check_is_apub_id_valid(&group.id, true, settings)?;
     verify_domains_match(expected_domain, &group.id)?;
     let name = group.preferred_username.clone();
     let title = group.name.clone();