From: Felix Ableitner Date: Tue, 2 Nov 2021 13:18:12 +0000 (+0100) Subject: Correctly use and document check_is_apub_id_valid() param use_strict_allowlist X-Git-Url: http://these/git/%22https:/nerdica.net/README.md?a=commitdiff_plain;h=41f7bcc0d24739c210ec389d6c6759761bec56ae;p=lemmy.git Correctly use and document check_is_apub_id_valid() param use_strict_allowlist --- diff --git a/crates/apub/src/lib.rs b/crates/apub/src/lib.rs index f38a9f86..75d7a62f 100644 --- a/crates/apub/src/lib.rs +++ b/crates/apub/src/lib.rs @@ -30,6 +30,8 @@ use url::{ParseError, Url}; /// - URL being in the allowlist (if it is active) /// - URL not being in the blocklist (if it is active) /// +/// `use_strict_allowlist` should be true only when parsing a remote community, or when parsing a +/// post/comment in a local community. pub(crate) fn check_is_apub_id_valid( apub_id: &Url, use_strict_allowlist: bool, diff --git a/crates/apub/src/objects/comment.rs b/crates/apub/src/objects/comment.rs index 3e3d10df..e5ffb7ca 100644 --- a/crates/apub/src/objects/comment.rs +++ b/crates/apub/src/objects/comment.rs @@ -28,6 +28,7 @@ use lemmy_websocket::LemmyContext; use crate::{ activities::verify_person_in_community, + check_is_apub_id_valid, fetcher::object_id::ObjectId, protocol::{ objects::{ @@ -149,6 +150,7 @@ impl ApubObject for ApubComment { Community::read(conn, community_id) }) .await??; + check_is_apub_id_valid(¬e.id, community.local, &context.settings())?; verify_person_in_community( ¬e.attributed_to, &community.into(), diff --git a/crates/apub/src/objects/post.rs b/crates/apub/src/objects/post.rs index 7f142be5..c19c6277 100644 --- a/crates/apub/src/objects/post.rs +++ b/crates/apub/src/objects/post.rs @@ -1,5 +1,6 @@ use crate::{ activities::verify_person_in_community, + check_is_apub_id_valid, fetcher::object_id::ObjectId, protocol::{ objects::{page::Page, tombstone::Tombstone}, @@ -148,6 +149,7 @@ impl ApubObject for ApubPost { .dereference(context, request_counter) .await?; let community = page.extract_community(context, request_counter).await?; + check_is_apub_id_valid(&page.id, community.local, &context.settings())?; verify_person_in_community(&page.attributed_to, &community, context, request_counter).await?; let thumbnail_url: Option = page.image.clone().map(|i| i.url); diff --git a/crates/apub/src/protocol/objects/group.rs b/crates/apub/src/protocol/objects/group.rs index 94587890..4da987a2 100644 --- a/crates/apub/src/protocol/objects/group.rs +++ b/crates/apub/src/protocol/objects/group.rs @@ -1,4 +1,5 @@ use crate::{ + check_is_apub_id_valid, collections::{ community_moderators::ApubCommunityModerators, community_outbox::ApubCommunityOutbox, @@ -60,6 +61,7 @@ impl Group { expected_domain: &Url, settings: &Settings, ) -> Result { + check_is_apub_id_valid(&group.id, true, settings)?; verify_domains_match(expected_domain, &group.id)?; let name = group.preferred_username.clone(); let title = group.name.clone();