Validate Note on createNote for v10 (#4757)
* Validate Note on createNote * Add extractApHost
This commit is contained in:
MeiMei
syuilo
parent
828a2a73c9
commit
7d31bd97ff
2 changed files with 32 additions and 3 deletions
|
|
@ -16,6 +16,11 @@ export function extractDbHost(uri: string) {
|
|||
return toDbHost(url.hostname);
|
||||
}
|
||||
|
||||
export function extractApHost(uri: string) {
|
||||
const url = new URL(uri);
|
||||
return toApHost(url.hostname);
|
||||
}
|
||||
|
||||
export function toDbHost(host: string) {
|
||||
if (host == null) return null;
|
||||
return toUnicode(host.toLowerCase());
|
||||
|
|
|
|||
|
|
@ -20,10 +20,32 @@ import { apLogger } from '../logger';
|
|||
import { IDriveFile } from '../../../models/drive-file';
|
||||
import { deliverQuestionUpdate } from '../../../services/note/polls/update';
|
||||
import Instance from '../../../models/instance';
|
||||
import { extractDbHost } from '../../../misc/convert-host';
|
||||
import { extractDbHost, extractApHost } from '../../../misc/convert-host';
|
||||
|
||||
const logger = apLogger;
|
||||
|
||||
export function validateNote(object: any, uri: string) {
|
||||
const expectHost = extractApHost(uri);
|
||||
|
||||
if (object == null) {
|
||||
return new Error('invalid Note: object is null');
|
||||
}
|
||||
|
||||
if (!['Note', 'Question', 'Article'].includes(object.type)) {
|
||||
return new Error(`invalid Note: invalied object type ${object.type}`);
|
||||
}
|
||||
|
||||
if (object.id && extractApHost(object.id) !== expectHost) {
|
||||
return new Error(`invalid Note: id has different host. expected: ${expectHost}, actual: ${extractApHost(object.id)}`);
|
||||
}
|
||||
|
||||
if (object.attributedTo && extractApHost(object.attributedTo) !== expectHost) {
|
||||
return new Error(`invalid Note: attributedTo has different host. expected: ${expectHost}, actual: ${extractApHost(object.attributedTo)}`);
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Noteをフェッチします。
|
||||
*
|
||||
|
|
@ -57,8 +79,10 @@ export async function createNote(value: any, resolver?: Resolver, silent = false
|
|||
|
||||
const object: any = await resolver.resolve(value);
|
||||
|
||||
if (!object || !['Note', 'Question', 'Article'].includes(object.type)) {
|
||||
logger.error(`invalid note: ${value}`, {
|
||||
const entryUri = value.id || value;
|
||||
const err = validateNote(object, entryUri);
|
||||
if (err) {
|
||||
logger.error(`${err.message}`, {
|
||||
resolver: {
|
||||
history: resolver.getHistory()
|
||||
},
|
||||
|
|
|
|||
Loading…
Reference in a new issue