diff options
| author | おさむのひと <46447427+samunohito@users.noreply.github.com> | 2025-01-14 19:47:02 +0900 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-01-14 10:47:02 +0000 |
| commit | 7fbfc2e046c978c8d544b3e6e8c8e77fc7ba8da6 (patch) | |
| tree | 993b48bca96a7d9cde0ee42f363cb5deae0a5eb6 | |
| parent | Fix(frontend): 削除して編集で引用ありを消せない (#15249) (diff) | |
| download | sharkey-7fbfc2e046c978c8d544b3e6e8c8e77fc7ba8da6.tar.gz sharkey-7fbfc2e046c978c8d544b3e6e8c8e77fc7ba8da6.tar.bz2 sharkey-7fbfc2e046c978c8d544b3e6e8c8e77fc7ba8da6.zip | |
ApPersonServiceとApNoteServiceのuri <-> url比較を緩和 (#15233)
* wip
* https://github.com/misskey-dev/misskey/issues/15039#issuecomment-2576411861 の反映
Co-authored-by: Kagami Sascha Rosylight <saschanaz@outlook.com>
* fix CHANGELOG.md
* remove inspection
---------
Co-authored-by: Kagami Sascha Rosylight <saschanaz@outlook.com>
4 files changed, 16 insertions, 21 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index f5fd739232..eb9f9aaeeb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -36,6 +36,7 @@ (Cherry-picked from https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/737) - Fix: ロックダウンされた期間指定のノートがStreaming経由でLTLに出現するのを修正 ( #15200 ) - Fix: disableClustering設定時の初期化ロジックを調整( #15223 ) +- Fix: URLとURIが異なるエンティティの照会に失敗する問題を修正( #15039 ) - Fix: ActivityPubリクエストかどうかの判定が正しくない問題を修正 (Cherry-picked from https://github.com/MisskeyIO/misskey/pull/869) - Fix: AIセンシティブ判定が arm64 環境で動作しない問題を修正 diff --git a/packages/backend/src/core/activitypub/misc/check-against-url.ts b/packages/backend/src/core/activitypub/misc/check-against-url.ts index 78ba891a2e..d679bd8180 100644 --- a/packages/backend/src/core/activitypub/misc/check-against-url.ts +++ b/packages/backend/src/core/activitypub/misc/check-against-url.ts @@ -5,13 +5,15 @@ import type { IObject } from '../type.js'; export function assertActivityMatchesUrls(activity: IObject, urls: string[]) { - const idOk = activity.id !== undefined && urls.includes(activity.id); + const hosts = urls.map(it => new URL(it).host); + + const idOk = activity.id !== undefined && hosts.includes(new URL(activity.id).host); // technically `activity.url` could be an `ApObject = IObject | // string | (IObject | string)[]`, but if it's a complicated thing // and the `activity.id` doesn't match, I think we're fine // rejecting the activity - const urlOk = typeof(activity.url) === 'string' && urls.includes(activity.url); + const urlOk = typeof(activity.url) === 'string' && hosts.includes(new URL(activity.url).host); if (!idOk && !urlOk) { throw new Error(`bad Activity: neither id(${activity?.id}) nor url(${activity?.url}) match location(${urls})`); diff --git a/packages/backend/src/core/activitypub/models/ApNoteService.ts b/packages/backend/src/core/activitypub/models/ApNoteService.ts index eb2e771a38..cb25aa54b0 100644 --- a/packages/backend/src/core/activitypub/models/ApNoteService.ts +++ b/packages/backend/src/core/activitypub/models/ApNoteService.ts @@ -154,14 +154,8 @@ export class ApNoteService { const url = getOneApHrefNullable(note.url); - if (url != null) { - if (!checkHttps(url)) { - throw new Error('unexpected schema of note url: ' + url); - } - - if (this.utilityService.punyHost(url) !== this.utilityService.punyHost(note.id)) { - throw new Error(`note url & uri host mismatch: note url: ${url}, note uri: ${note.id}`); - } + if (url && !checkHttps(url)) { + throw new Error('unexpected schema of note url: ' + url); } this.logger.info(`Creating the Note: ${note.id}`); diff --git a/packages/backend/src/core/activitypub/models/ApPersonService.ts b/packages/backend/src/core/activitypub/models/ApPersonService.ts index 8590861ca0..6019906add 100644 --- a/packages/backend/src/core/activitypub/models/ApPersonService.ts +++ b/packages/backend/src/core/activitypub/models/ApPersonService.ts @@ -157,8 +157,12 @@ export class ApPersonService implements OnModuleInit { const sharedInboxObject = x.sharedInbox ?? (x.endpoints ? x.endpoints.sharedInbox : undefined); if (sharedInboxObject != null) { const sharedInbox = getApId(sharedInboxObject); - if (!(typeof sharedInbox === 'string' && sharedInbox.length > 0 && this.utilityService.punyHost(sharedInbox) === expectHost)) { - throw new Error('invalid Actor: wrong shared inbox'); + if (!(typeof sharedInbox === 'string' && sharedInbox.length > 0 && new URL(sharedInbox).host === expectHost)) { + this.logger.warn(`invalid Actor: skipping wrong shared inbox, expected host: ${expectHost}, actual URL: ${sharedInbox}`); + x.sharedInbox = undefined; + if (x.endpoints?.sharedInbox) { + x.endpoints.sharedInbox = undefined; + } } } @@ -257,7 +261,7 @@ export class ApPersonService implements OnModuleInit { if (Array.isArray(img)) { img = img.find(item => item && item.url) ?? null; } - + // if we have an explicitly missing image, return an // explicitly-null set of values if ((img == null) || (typeof img === 'object' && img.url == null)) { @@ -344,14 +348,8 @@ export class ApPersonService implements OnModuleInit { throw new Error('Refusing to create person without id'); } - if (url != null) { - if (!checkHttps(url)) { - throw new Error('unexpected schema of person url: ' + url); - } - - if (this.utilityService.punyHost(url) !== this.utilityService.punyHost(person.id)) { - throw new Error(`person url <> uri host mismatch: ${url} <> ${person.id}`); - } + if (url && !checkHttps(url)) { + throw new Error('unexpected schema of person url: ' + url); } // Create user |