From 1be583a6223c0ec23ff8411e0d594d3a9138e3f2 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Tue, 30 Apr 2024 01:47:20 +0200 Subject: [PATCH] Add some extra checks --- crates/apub/src/activities/create_or_update/comment.rs | 3 ++- crates/apub/src/activities/create_or_update/private_message.rs | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/crates/apub/src/activities/create_or_update/comment.rs b/crates/apub/src/activities/create_or_update/comment.rs index 7f1532087..b86e32d49 100644 --- a/crates/apub/src/activities/create_or_update/comment.rs +++ b/crates/apub/src/activities/create_or_update/comment.rs @@ -19,7 +19,7 @@ use activitypub_federation::{ config::Data, fetch::object_id::ObjectId, kinds::public, - protocol::verification::verify_domains_match, + protocol::verification::{verify_domains_match, verify_urls_match}, traits::{ActivityHandler, Actor, Object}, }; use lemmy_api_common::{ @@ -133,6 +133,7 @@ impl ActivityHandler for CreateOrUpdateNote { verify_domains_match(self.actor.inner(), self.object.id.inner())?; check_community_deleted_or_removed(&community)?; check_post_deleted_or_removed(&post)?; + verify_urls_match(self.actor.inner(), self.object.attributed_to.inner())?; ApubComment::verify(&self.object, self.actor.inner(), context).await?; Ok(()) diff --git a/crates/apub/src/activities/create_or_update/private_message.rs b/crates/apub/src/activities/create_or_update/private_message.rs index 950f4ae99..6bba4e374 100644 --- a/crates/apub/src/activities/create_or_update/private_message.rs +++ b/crates/apub/src/activities/create_or_update/private_message.rs @@ -9,7 +9,7 @@ use crate::{ }; use activitypub_federation::{ config::Data, - protocol::verification::verify_domains_match, + protocol::verification::{verify_domains_match, verify_urls_match}, traits::{ActivityHandler, Actor, Object}, }; use lemmy_api_common::context::LemmyContext; @@ -61,6 +61,7 @@ impl ActivityHandler for CreateOrUpdateChatMessage { verify_person(&self.actor, context).await?; verify_domains_match(self.actor.inner(), self.object.id.inner())?; verify_domains_match(self.to[0].inner(), self.object.to[0].inner())?; + verify_urls_match(self.actor.inner(), self.object.attributed_to.inner())?; ApubPrivateMessage::verify(&self.object, self.actor.inner(), context).await?; Ok(()) }