fix: primitive 14: improper validation of outbox, followers, following & shared inbox collections
This commit is contained in:
parent
1c7e05ce9e
commit
322b3b677f
|
@ -154,13 +154,24 @@ export class ApPersonService implements OnModuleInit {
|
||||||
throw new Error('invalid Actor: inbox has different host');
|
throw new Error('invalid Actor: inbox has different host');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const sharedInboxObject = x.sharedInbox ?? (x.endpoints ? x.endpoints.sharedInbox : undefined);
|
||||||
|
if (sharedInboxObject != null) {
|
||||||
|
const sharedInbox = getApId(sharedInboxObject);
|
||||||
|
if (!(typeof sharedInbox === "string" && sharedInbox.length > 0 && this.utilityService.punyHost(sharedInbox) === expectHost)) {
|
||||||
|
throw new Error("invalid Actor: wrong shared inbox");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
for (const collection of ['outbox', 'followers', 'following'] as (keyof IActor)[]) {
|
for (const collection of ['outbox', 'followers', 'following'] as (keyof IActor)[]) {
|
||||||
const collectionUri = (x as IActor)[collection];
|
const collectionUri = getApId((x as IActor)[collection]);
|
||||||
if (typeof collectionUri === 'string' && collectionUri.length > 0) {
|
if (typeof collectionUri === 'string' && collectionUri.length > 0) {
|
||||||
if (this.utilityService.punyHost(collectionUri) !== expectHost) {
|
if (this.utilityService.punyHost(collectionUri) !== expectHost) {
|
||||||
throw new Error(`invalid Actor: ${collection} has different host`);
|
throw new Error(`invalid Actor: ${collection} has different host`);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else if (collectionUri != null) {
|
||||||
|
throw new Error(`invalid Actor: wrong ${collection}`);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!(typeof x.preferredUsername === 'string' && x.preferredUsername.length > 0 && x.preferredUsername.length <= 128 && /^\w([\w-.]*\w)?$/.test(x.preferredUsername))) {
|
if (!(typeof x.preferredUsername === 'string' && x.preferredUsername.length > 0 && x.preferredUsername.length <= 128 && /^\w([\w-.]*\w)?$/.test(x.preferredUsername))) {
|
||||||
|
|
Loading…
Reference in New Issue