Correctly use and document check_is_apub_id_valid() param use_strict_allowlist

This commit is contained in:
Felix Ableitner 2021-11-02 14:18:12 +01:00
parent b396344eae
commit 41f7bcc0d2
4 changed files with 8 additions and 0 deletions

View file

@ -30,6 +30,8 @@ use url::{ParseError, Url};
/// - URL being in the allowlist (if it is active) /// - URL being in the allowlist (if it is active)
/// - URL not being in the blocklist (if it is active) /// - URL not being in the blocklist (if it is active)
/// ///
/// `use_strict_allowlist` should be true only when parsing a remote community, or when parsing a
/// post/comment in a local community.
pub(crate) fn check_is_apub_id_valid( pub(crate) fn check_is_apub_id_valid(
apub_id: &Url, apub_id: &Url,
use_strict_allowlist: bool, use_strict_allowlist: bool,

View file

@ -28,6 +28,7 @@ use lemmy_websocket::LemmyContext;
use crate::{ use crate::{
activities::verify_person_in_community, activities::verify_person_in_community,
check_is_apub_id_valid,
fetcher::object_id::ObjectId, fetcher::object_id::ObjectId,
protocol::{ protocol::{
objects::{ objects::{
@ -149,6 +150,7 @@ impl ApubObject for ApubComment {
Community::read(conn, community_id) Community::read(conn, community_id)
}) })
.await??; .await??;
check_is_apub_id_valid(&note.id, community.local, &context.settings())?;
verify_person_in_community( verify_person_in_community(
&note.attributed_to, &note.attributed_to,
&community.into(), &community.into(),

View file

@ -1,5 +1,6 @@
use crate::{ use crate::{
activities::verify_person_in_community, activities::verify_person_in_community,
check_is_apub_id_valid,
fetcher::object_id::ObjectId, fetcher::object_id::ObjectId,
protocol::{ protocol::{
objects::{page::Page, tombstone::Tombstone}, objects::{page::Page, tombstone::Tombstone},
@ -148,6 +149,7 @@ impl ApubObject for ApubPost {
.dereference(context, request_counter) .dereference(context, request_counter)
.await?; .await?;
let community = page.extract_community(context, request_counter).await?; let community = page.extract_community(context, request_counter).await?;
check_is_apub_id_valid(&page.id, community.local, &context.settings())?;
verify_person_in_community(&page.attributed_to, &community, context, request_counter).await?; verify_person_in_community(&page.attributed_to, &community, context, request_counter).await?;
let thumbnail_url: Option<Url> = page.image.clone().map(|i| i.url); let thumbnail_url: Option<Url> = page.image.clone().map(|i| i.url);

View file

@ -1,4 +1,5 @@
use crate::{ use crate::{
check_is_apub_id_valid,
collections::{ collections::{
community_moderators::ApubCommunityModerators, community_moderators::ApubCommunityModerators,
community_outbox::ApubCommunityOutbox, community_outbox::ApubCommunityOutbox,
@ -60,6 +61,7 @@ impl Group {
expected_domain: &Url, expected_domain: &Url,
settings: &Settings, settings: &Settings,
) -> Result<CommunityForm, LemmyError> { ) -> Result<CommunityForm, LemmyError> {
check_is_apub_id_valid(&group.id, true, settings)?;
verify_domains_match(expected_domain, &group.id)?; verify_domains_match(expected_domain, &group.id)?;
let name = group.preferred_username.clone(); let name = group.preferred_username.clone();
let title = group.name.clone(); let title = group.name.clone();