Fix #4486 (#4487)

4 files changed, 35 insertions, 1 deletions

diff --git a/src/misc/convert-host.ts b/src/misc/convert-host.ts
index d4478bd85b..8f2f1c7aba 100644
--- a/src/misc/convert-host.ts
+++ b/src/misc/convert-host.ts
@@ -1,5 +1,6 @@
 import config from '../config';
 import { toUnicode, toASCII } from 'punycode';
+import { URL } from 'url';
 
 export function getFullApAccount(username: string, host: string) {
 	return host ? `${username}@${toApHost(host)}` : `${username}@${toApHost(config.host)}`;
@@ -10,6 +11,11 @@ export function isSelfHost(host: string) {
 	return toApHost(config.host) === toApHost(host);
 }
 
+export function extractDbHost(uri: string) {
+	const url = new URL(uri);
+	return toDbHost(url.hostname);
+}
+
 export function toDbHost(host: string) {
 	if (host == null) return null;
 	return toUnicode(host.toLowerCase());
diff --git a/src/remote/activitypub/kernel/announce/note.ts b/src/remote/activitypub/kernel/announce/note.ts
index 8d090902c0..912936bef8 100644
--- a/src/remote/activitypub/kernel/announce/note.ts
+++ b/src/remote/activitypub/kernel/announce/note.ts
@@ -5,6 +5,8 @@ import { IAnnounce, INote } from '../../type';
 import { fetchNote, resolveNote } from '../../models/note';
 import { resolvePerson } from '../../models/person';
 import { apLogger } from '../../logger';
+import { extractDbHost } from '../../../../misc/convert-host';
+import Instance from '../../../../models/instance';
 
 const logger = apLogger;
 
@@ -23,6 +25,11 @@ export default async function(resolver: Resolver, actor: IRemoteUser, activity:
 		throw new Error('invalid announce');
 	}
 
+	// アナウンス先をブロックしてたら中断
+	// TODO: いちいちデータベースにアクセスするのはコスト高そうなのでどっかにキャッシュしておく
+	const instance = await Instance.findOne({ host: extractDbHost(uri) });
+	if (instance && instance.isBlocked) return;
+
 	// 既に同じURIを持つものが登録されていないかチェック
 	const exist = await fetchNote(uri);
 	if (exist) {
diff --git a/src/remote/activitypub/models/note.ts b/src/remote/activitypub/models/note.ts
index bd43aa8902..c8939279eb 100644
--- a/src/remote/activitypub/models/note.ts
+++ b/src/remote/activitypub/models/note.ts
@@ -19,6 +19,8 @@ import vote from '../../../services/note/polls/vote';
 import { apLogger } from '../logger';
 import { IDriveFile } from '../../../models/drive-file';
 import { deliverQuestionUpdate } from '../../../services/note/polls/update';
+import Instance from '../../../models/instance';
+import { extractDbHost } from '../../../misc/convert-host';
 
 const logger = apLogger;
 
@@ -132,7 +134,15 @@ export async function createNote(value: any, resolver?: Resolver, silent = false
 	let quote: INote;
 
 	if (note._misskey_quote && typeof note._misskey_quote == 'string') {
-		quote = await resolveNote(note._misskey_quote).catch(() => null);
+		quote = await resolveNote(note._misskey_quote).catch(e => {
+			// 4xxの場合は引用してないことにする
+			if (e.statusCode >= 400 && e.statusCode < 500) {
+				logger.warn(`Ignored quote target ${note.inReplyTo} - ${e.statusCode} `);
+				return null;
+			}
+			logger.warn(`Error in quote target ${note.inReplyTo} - ${e.statusCode || e}`);
+			throw e;
+		});
 	}
 
 	const cw = note.summary === '' ? null : note.summary;
@@ -214,6 +224,11 @@ export async function createNote(value: any, resolver?: Resolver, silent = false
 export async function resolveNote(value: string | IObject, resolver?: Resolver): Promise<INote> {
 	const uri = typeof value == 'string' ? value : value.id;
 
+	// ブロックしてたら中断
+	// TODO: いちいちデータベースにアクセスするのはコスト高そうなのでどっかにキャッシュしておく
+	const instance = await Instance.findOne({ host: extractDbHost(uri) });
+	if (instance && instance.isBlocked) throw { statusCode: 451 };
+
 	//#region このサーバーに既に登録されていたらそれを返す
 	const exist = await fetchNote(uri);
 
diff --git a/src/server/api/endpoints/ap/show.ts b/src/server/api/endpoints/ap/show.ts
index db02ecb8ea..861c8bce2e 100644
--- a/src/server/api/endpoints/ap/show.ts
+++ b/src/server/api/endpoints/ap/show.ts
@@ -8,6 +8,8 @@ import Note, { pack as packNote, INote } from '../../../../models/note';
 import { createNote } from '../../../../remote/activitypub/models/note';
 import Resolver from '../../../../remote/activitypub/resolver';
 import { ApiError } from '../../error';
+import Instance from '../../../../models/instance';
+import { extractDbHost } from '../../../../misc/convert-host';
 
 export const meta = {
 	tags: ['federation'],
@@ -61,6 +63,10 @@ async function fetchAny(uri: string) {
 		if (packed !== null) return packed;
 	}
 
+	// ブロックしてたら中断
+	const instance = await Instance.findOne({ host: extractDbHost(uri) });
+	if (instance && instance.isBlocked) return null;
+
 	// URI(AP Object id)としてDB検索
 	{
 		const [user, note] = await Promise.all([