DatseMultimediaSites
/
Sharkey
mirror of https://activitypub.software/TransFem-org/Sharkey.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

merge: Don't preview URLs to blocked hosts (!751) 

View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/751

Approved-by: Tess K <me@thvxl.se>
Approved-by: dakkar <dakkar@thenautilus.net>
This commit is contained in:
Hazelnoot 2024-11-22 10:37:29 +00:00
parent 2ac36e4a5c 2a4c432f41
commit fadcabeaa6
1 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
packages/backend/src/server/web/UrlPreviewService.ts
View File

@ -6,6 +6,7 @@
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import { summaly } from '@misskey-dev/summaly'; import { summaly } from '@misskey-dev/summaly';
import { SummalyResult } from '@misskey-dev/summaly/built/summary.js'; import { SummalyResult } from '@misskey-dev/summaly/built/summary.js';
import * as Redis from 'ioredis';
import { DI } from '@/di-symbols.js'; import { DI } from '@/di-symbols.js';
import type { Config } from '@/config.js'; import type { Config } from '@/config.js';
import { HttpRequestService } from '@/core/HttpRequestService.js'; import { HttpRequestService } from '@/core/HttpRequestService.js';
@ -15,9 +16,9 @@ import { LoggerService } from '@/core/LoggerService.js';
import { bindThis } from '@/decorators.js'; import { bindThis } from '@/decorators.js';
import { ApiError } from '@/server/api/error.js'; import { ApiError } from '@/server/api/error.js';
import { MiMeta } from '@/models/Meta.js'; import { MiMeta } from '@/models/Meta.js';
import type { FastifyRequest, FastifyReply } from 'fastify';
import * as Redis from 'ioredis';
import { RedisKVCache } from '@/misc/cache.js'; import { RedisKVCache } from '@/misc/cache.js';
import { UtilityService } from '@/core/UtilityService.js';
import type { FastifyRequest, FastifyReply } from 'fastify';
@Injectable() @Injectable()
export class UrlPreviewService { export class UrlPreviewService {
@ -36,12 +37,13 @@ export class UrlPreviewService {
private httpRequestService: HttpRequestService, private httpRequestService: HttpRequestService,
private loggerService: LoggerService, private loggerService: LoggerService,
private utilityService: UtilityService,
) { ) {
this.logger = this.loggerService.getLogger('url-preview'); this.logger = this.loggerService.getLogger('url-preview');
this.previewCache = new RedisKVCache<SummalyResult>(this.redisClient, 'summaly', { this.previewCache = new RedisKVCache<SummalyResult>(this.redisClient, 'summaly', {
lifetime: 1000 * 60 * 60 * 24, // 1d lifetime: 1000 * 60 * 60 * 24, // 1d
memoryCacheLifetime: 1000 * 60 * 10, // 10m memoryCacheLifetime: 1000 * 60 * 10, // 10m
fetcher: (key: string) => { throw new Error('the UrlPreview cache should never fetch'); }, fetcher: () => { throw new Error('the UrlPreview cache should never fetch'); },
toRedisConverter: (value) => JSON.stringify(value), toRedisConverter: (value) => JSON.stringify(value),
fromRedisConverter: (value) => JSON.parse(value), fromRedisConverter: (value) => JSON.parse(value),
}); });
@ -65,7 +67,7 @@ export class UrlPreviewService {
reply: FastifyReply, reply: FastifyReply,
): Promise<object | undefined> { ): Promise<object | undefined> {
const url = request.query.url; const url = request.query.url;
if (typeof url !== 'string') { if (typeof url !== 'string' || !URL.canParse(url)) {
reply.code(400); reply.code(400);
return; return;
} }
@ -87,6 +89,18 @@ export class UrlPreviewService {
}; };
} }
const host = new URL(url).host;
if (this.utilityService.isBlockedHost(this.meta.blockedHosts, host)) {
reply.code(403);
return {
error: new ApiError({
message: 'URL is blocked',
code: 'URL_PREVIEW_BLOCKED',
id: '50294652-857b-4b13-9700-8e5c7a8deae8',
}),
};
}
const key = `${url}@${lang}`; const key = `${url}@${lang}`;
const cached = await this.previewCache.get(key); const cached = await this.previewCache.get(key);
if (cached !== undefined) { if (cached !== undefined) {