profxadke/misskey
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Return 404 for invalid Object ID (#3627)

Browse source 
* Update activitypub.ts

* Update activitypub.ts

* Update featured.ts

* Update followers.ts

* Update following.ts

* Update outbox.ts

* Fix following, outbox
This commit is contained in:
MeiMei 2018-12-16 01:44:59 +09:00 committed by syuilo
parent 6f959218ef
commit ffb80efe21
5 changed files with 58 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

30
src/server/activitypub.ts
View file

@ -1,4 +1,4 @@
import * as mongo from 'mongodb';
import { ObjectID } from 'mongodb';
import * as Router from 'koa-router';
const json = require('koa-json-body');
const httpSignature = require('http-signature');
@ -64,8 +64,13 @@ router.post('/users/:user/inbox', json(), inbox);
router.get('/notes/:note', async (ctx, next) => {
if (!isActivityPubReq(ctx)) return await next();
if (!ObjectID.isValid(ctx.params.note)) {
ctx.status = 404;
return;
}
const note = await Note.findOne({
_id: new mongo.ObjectID(ctx.params.note),
_id: new ObjectID(ctx.params.note),
visibility: { $in: ['public', 'home'] },
localOnly: { $ne: true }
});
@ -82,8 +87,13 @@ router.get('/notes/:note', async (ctx, next) => {
// note activity
router.get('/notes/:note/activity', async ctx => {
if (!ObjectID.isValid(ctx.params.note)) {
ctx.status = 404;
return;
}
const note = await Note.findOne({
_id: new mongo.ObjectID(ctx.params.note),
_id: new ObjectID(ctx.params.note),
visibility: { $in: ['public', 'home'] },
localOnly: { $ne: true }
});
@ -112,7 +122,12 @@ router.get('/users/:user/collections/featured', Featured);
// publickey
router.get('/users/:user/publickey', async ctx => {
const userId = new mongo.ObjectID(ctx.params.user);
if (!ObjectID.isValid(ctx.params.user)) {
ctx.status = 404;
return;
}
const userId = new ObjectID(ctx.params.user);
const user = await User.findOne({
_id: userId,
@ -146,7 +161,12 @@ async function userInfo(ctx: Router.IRouterContext, user: IUser) {
}
router.get('/users/:user', async ctx => {
const userId = new mongo.ObjectID(ctx.params.user);
if (!ObjectID.isValid(ctx.params.user)) {
ctx.status = 404;
return;
}
const userId = new ObjectID(ctx.params.user);
const user = await User.findOne({
_id: userId,

11
src/server/activitypub/featured.ts
View file

@ -1,4 +1,4 @@
import * as mongo from 'mongodb';
import { ObjectID } from 'mongodb';
import * as Router from 'koa-router';
import config from '../../config';
import User from '../../models/user';
@ -9,7 +9,12 @@ import Note from '../../models/note';
import renderNote from '../../remote/activitypub/renderer/note';
export default async (ctx: Router.IRouterContext) => {
const userId = new mongo.ObjectID(ctx.params.user);
if (!ObjectID.isValid(ctx.params.user)) {
ctx.status = 404;
return;
}
const userId = new ObjectID(ctx.params.user);
// Verify user
const user = await User.findOne({
@ -24,7 +29,7 @@ export default async (ctx: Router.IRouterContext) => {
const pinnedNoteIds = user.pinnedNoteIds || [];
const pinnedNotes = await Promise.all(pinnedNoteIds.map(id => Note.findOne({ _id: id })));
const pinnedNotes = await Promise.all(pinnedNoteIds.filter(ObjectID.isValid).map(id => Note.findOne({ _id: id })));
const renderedNotes = await Promise.all(pinnedNotes.map(note => renderNote(note)));

9
src/server/activitypub/followers.ts
View file

@ -1,4 +1,4 @@
import * as mongo from 'mongodb';
import { ObjectID } from 'mongodb';
import * as Router from 'koa-router';
import config from '../../config';
import $ from 'cafy'; import ID, { transform } from '../../misc/cafy-id';
@ -11,7 +11,12 @@ import renderFollowUser from '../../remote/activitypub/renderer/follow-user';
import { setResponseType } from '../activitypub';
export default async (ctx: Router.IRouterContext) => {
const userId = new mongo.ObjectID(ctx.params.user);
if (!ObjectID.isValid(ctx.params.user)) {
ctx.status = 404;
return;
}
const userId = new ObjectID(ctx.params.user);
// Get 'cursor' parameter
const [cursor = null, cursorErr] = $.type(ID).optional.get(ctx.request.query.cursor);

12
src/server/activitypub/following.ts
View file

@ -1,7 +1,8 @@
import * as mongo from 'mongodb';
import { ObjectID } from 'mongodb';
import * as Router from 'koa-router';
import config from '../../config';
import $ from 'cafy'; import ID, { transform } from '../../misc/cafy-id';
import $ from 'cafy';
import ID, { transform } from '../../misc/cafy-id';
import User from '../../models/user';
import Following from '../../models/following';
import pack from '../../remote/activitypub/renderer';
@ -11,7 +12,12 @@ import renderFollowUser from '../../remote/activitypub/renderer/follow-user';
import { setResponseType } from '../activitypub';
export default async (ctx: Router.IRouterContext) => {
const userId = new mongo.ObjectID(ctx.params.user);
if (!ObjectID.isValid(ctx.params.user)) {
ctx.status = 404;
return;
}
const userId = new ObjectID(ctx.params.user);
// Get 'cursor' parameter
const [cursor = null, cursorErr] = $.type(ID).optional.get(ctx.request.query.cursor);

12
src/server/activitypub/outbox.ts
View file

@ -1,7 +1,8 @@
import * as mongo from 'mongodb';
import { ObjectID } from 'mongodb';
import * as Router from 'koa-router';
import config from '../../config';
import $ from 'cafy'; import ID, { transform } from '../../misc/cafy-id';
import $ from 'cafy';
import ID, { transform } from '../../misc/cafy-id';
import User from '../../models/user';
import pack from '../../remote/activitypub/renderer';
import renderOrderedCollection from '../../remote/activitypub/renderer/ordered-collection';
@ -15,7 +16,12 @@ import renderAnnounce from '../../remote/activitypub/renderer/announce';
import { countIf } from '../../prelude/array';
export default async (ctx: Router.IRouterContext) => {
const userId = new mongo.ObjectID(ctx.params.user);
if (!ObjectID.isValid(ctx.params.user)) {
ctx.status = 404;
return;
}
const userId = new ObjectID(ctx.params.user);
// Get 'sinceId' parameter
const [sinceId, sinceIdErr] = $.type(ID).optional.get(ctx.request.query.since_id);