Merge branch 'develop' into future

packages/backend/src/config.ts

@@ -327,11 +327,11 @@ function applyEnvOverrides(config: Source) {
 	// these inner functions recurse through the config structure, using
 	// the given steps, building the env variable name
 
-	function _apply_top(steps: (string | number)[]) {
+	function _apply_top(steps: (string | string[] | number | number[])[]) {
 		_walk('', [], steps);
 	}
 
-	function _walk(name: string, path: (string | number)[], steps: (string | number)[]) {
+	function _walk(name: string, path: (string | number)[], steps: (string | string[] | number | number[])[]) {
 		// are there more steps after this one? recurse
 		if (steps.length > 1) {
 			const thisStep = steps.shift();
@@ -368,7 +368,7 @@ function applyEnvOverrides(config: Source) {
 	}
 
 	// this recurses down, bailing out if there's no config to override
-	function _descend(name: string, path: (string | number)[], thisStep: string | number, steps: (string | number)[]) {
+	function _descend(name: string, path: (string | number)[], thisStep: string | number, steps: (string | string[] | number | number[])[]) {
 		name = `${name}${_step2name(thisStep)}_`;
 		path = [ ...path, thisStep ];
 		_walk(name, path, steps);
@@ -390,10 +390,10 @@ function applyEnvOverrides(config: Source) {
 		}
 	}
 
-	const alwaysStrings = { 'chmodSocket': 1 };
+	const alwaysStrings = { 'chmodSocket': true } as { [key: string]: boolean };
 
 	function _assign(path: (string | number)[], lastStep: string | number, value: string) {
-		let thisConfig = config;
+		let thisConfig = config as any;
 		for (const step of path) {
 			if (!thisConfig[step]) {
 				thisConfig[step] = {};
@@ -403,9 +403,11 @@ function applyEnvOverrides(config: Source) {
 
 		if (!alwaysStrings[lastStep]) {
 			if (value.match(/^[0-9]+$/)) {
-				value = parseInt(value);
+				thisConfig[lastStep] = parseInt(value);
+				return;
 			} else if (value.match(/^(true|false)$/i)) {
-				value = !!value.match(/^true$/i);
+				thisConfig[lastStep] = !!value.match(/^true$/i);
+				return;
 			}
 		}
 
@@ -416,7 +418,7 @@ function applyEnvOverrides(config: Source) {
 
 	_apply_top([['url', 'port', 'socket', 'chmodSocket', 'disableHsts']]);
 	_apply_top(['db', ['host', 'port', 'db', 'user', 'pass']]);
-	_apply_top(['dbSlaves', config.dbSlaves?.keys(), ['host', 'port', 'db', 'user', 'pass']]);
+	_apply_top(['dbSlaves', Array.from((config.dbSlaves ?? []).keys()), ['host', 'port', 'db', 'user', 'pass']]);
 	_apply_top([
 		['redis', 'redisForPubsub', 'redisForJobQueue', 'redisForTimelines'],
 		['host','port','username','pass','db','prefix'],

packages/backend/src/core/activitypub/misc/check-against-url.ts

@@ -4,16 +4,24 @@
  */
 import type { IObject } from '../type.js';
 
+function getHrefFrom(one: IObject|string): string | undefined {
+	if (typeof(one) === 'string') return one;
+	return one.href;
+}
+
 export function assertActivityMatchesUrls(activity: IObject, urls: string[]) {
 	const idOk = activity.id !== undefined && urls.includes(activity.id);
+	if (idOk) return;
 
-	// technically `activity.url` could be an `ApObject = IObject |
-	// string | (IObject | string)[]`, but if it's a complicated thing
-	// and the `activity.id` doesn't match, I think we're fine
-	// rejecting the activity
-	const urlOk = typeof(activity.url) === 'string' && urls.includes(activity.url);
+	const url = activity.url;
+	if (url) {
+		// `activity.url` can be an `ApObject = IObject | string | (IObject
+		// | string)[]`, we have to look inside it
+		const activityUrls = Array.isArray(url) ? url.map(getHrefFrom) : [getHrefFrom(url)];
+		const goodUrl = activityUrls.find(u => u && urls.includes(u));
 
-	if (!idOk && !urlOk) {
-		throw new Error(`bad Activity: neither id(${activity?.id}) nor url(${activity?.url}) match location(${urls})`);
+		if (goodUrl) return;
 	}
+
+	throw new Error(`bad Activity: neither id(${activity?.id}) nor url(${JSON.stringify(activity?.url)}) match location(${urls})`);
 }

packages/backend/test/unit/misc/check-against-url.ts

@@ -0,0 +1,51 @@
+/*
+ * SPDX-FileCopyrightText: dakkar and sharkey-project
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+import type { IObject } from '@/core/activitypub/type.js';
+import { describe, expect, test } from '@jest/globals';
+import { assertActivityMatchesUrls } from '@/core/activitypub/misc/check-against-url.js';
+
+function assertOne(activity: IObject) {
+	// return a function so we can use `.toThrow`
+	return () => assertActivityMatchesUrls(activity, ['good']);
+}
+
+describe('assertActivityMatchesUrls', () => {
+	test('id', () => {
+		expect(assertOne({ id: 'bad' })).toThrow(/bad Activity/);
+		expect(assertOne({ id: 'good' })).not.toThrow();
+	});
+
+	test('simple url', () => {
+		expect(assertOne({ url: 'bad' })).toThrow(/bad Activity/);
+		expect(assertOne({ url: 'good' })).not.toThrow();
+	});
+
+	test('array of urls', () => {
+		expect(assertOne({ url: ['bad'] })).toThrow(/bad Activity/);
+		expect(assertOne({ url: ['bad', 'other'] })).toThrow(/bad Activity/);
+		expect(assertOne({ url: ['good'] })).not.toThrow();
+		expect(assertOne({ url: ['bad', 'good'] })).not.toThrow();
+	});
+
+	test('array of objects', () => {
+		expect(assertOne({ url: [{ href: 'bad' }] })).toThrow(/bad Activity/);
+		expect(assertOne({ url: [{ href: 'bad' }, { href: 'other' }] })).toThrow(/bad Activity/);
+		expect(assertOne({ url: [{ href: 'good' }] })).not.toThrow();
+		expect(assertOne({ url: [{ href: 'bad' }, { href: 'good' }] })).not.toThrow();
+	});
+
+	test('mixed array', () => {
+		expect(assertOne({ url: [{ href: 'bad' }, 'other'] })).toThrow(/bad Activity/);
+		expect(assertOne({ url: [{ href: 'bad' }, 'good'] })).not.toThrow();
+		expect(assertOne({ url: ['bad', { href: 'good' }] })).not.toThrow();
+	});
+
+	test('id and url', () => {
+		expect(assertOne({ id: 'other', url: 'bad' })).toThrow(/bad Activity/);
+		expect(assertOne({ id: 'bad', url: 'good' })).not.toThrow();
+		expect(assertOne({ id: 'good', url: 'bad' })).not.toThrow();
+	});
+});