diff options
| author | syuilo <Syuilotan@yahoo.co.jp> | 2021-10-31 20:21:50 +0900 |
|---|---|---|
| committer | syuilo <Syuilotan@yahoo.co.jp> | 2021-10-31 20:21:50 +0900 |
| commit | 54631026de9edb28c842f612a37511f82f1f749e (patch) | |
| tree | 885c7f28b9756899faf3a99842d008be8953903e /src/remote/activitypub/models | |
| parent | Merge branch 'develop' (diff) | |
| parent | 12.95.0 (diff) | |
| download | misskey-54631026de9edb28c842f612a37511f82f1f749e.tar.gz misskey-54631026de9edb28c842f612a37511f82f1f749e.tar.bz2 misskey-54631026de9edb28c842f612a37511f82f1f749e.zip | |
Merge branch 'develop'
Diffstat (limited to 'src/remote/activitypub/models')
| -rw-r--r-- | src/remote/activitypub/models/note.ts | 4 | ||||
| -rw-r--r-- | src/remote/activitypub/models/person.ts | 5 |
2 files changed, 9 insertions, 0 deletions
diff --git a/src/remote/activitypub/models/note.ts b/src/remote/activitypub/models/note.ts index cf68f3005d..492dc05248 100644 --- a/src/remote/activitypub/models/note.ts +++ b/src/remote/activitypub/models/note.ts @@ -288,6 +288,10 @@ export async function resolveNote(value: string | IObject, resolver?: Resolver): } //#endregion + if (uri.startsWith(config.url)) { + throw new StatusError('cannot resolve local note', 400, 'cannot resolve local note'); + } + // リモートサーバーからフェッチしてきて登録 // ここでuriの代わりに添付されてきたNote Objectが指定されていると、サーバーフェッチを経ずにノートが生成されるが // 添付されてきたNote Objectは偽装されている可能性があるため、常にuriを指定してサーバーフェッチを行う。 diff --git a/src/remote/activitypub/models/person.ts b/src/remote/activitypub/models/person.ts index 84b2f0c51c..eb8c00a10b 100644 --- a/src/remote/activitypub/models/person.ts +++ b/src/remote/activitypub/models/person.ts @@ -29,6 +29,7 @@ import { toArray } from '@/prelude/array'; import { fetchInstanceMetadata } from '@/services/fetch-instance-metadata'; import { normalizeForSearch } from '@/misc/normalize-for-search'; import { truncate } from '@/misc/truncate'; +import { StatusError } from '@/misc/fetch'; const logger = apLogger; @@ -116,6 +117,10 @@ export async function fetchPerson(uri: string, resolver?: Resolver): Promise<Use export async function createPerson(uri: string, resolver?: Resolver): Promise<User> { if (typeof uri !== 'string') throw new Error('uri is not string'); + if (uri.startsWith(config.url)) { + throw new StatusError('cannot resolve local user', 400, 'cannot resolve local user'); + } + if (resolver == null) resolver = new Resolver(); const object = await resolver.resolve(uri) as any; |