diff options
| author | Hazelnoot <acomputerdog@gmail.com> | 2025-07-04 10:00:40 -0400 |
|---|---|---|
| committer | dakkar <dakkar@thenautilus.net> | 2025-07-27 18:03:35 +0100 |
| commit | 2c8c422cb6d27515fdebf42f19f1d85a7fdac3fe (patch) | |
| tree | e367d5135eb4dcd75008d297190b7934dbee467b /packages/backend/src | |
| parent | merge: disable outgoing mastodon quotes *FOR STABLE* (!1169) (diff) | |
| download | sharkey-2c8c422cb6d27515fdebf42f19f1d85a7fdac3fe.tar.gz sharkey-2c8c422cb6d27515fdebf42f19f1d85a7fdac3fe.tar.bz2 sharkey-2c8c422cb6d27515fdebf42f19f1d85a7fdac3fe.zip | |
include profile URI for link verification
Diffstat (limited to 'packages/backend/src')
| -rw-r--r-- | packages/backend/src/core/activitypub/models/ApPersonService.ts | 6 | ||||
| -rw-r--r-- | packages/backend/src/misc/verify-field-link.ts | 4 | ||||
| -rw-r--r-- | packages/backend/src/server/api/endpoints/i/update.ts | 8 |
3 files changed, 12 insertions, 6 deletions
diff --git a/packages/backend/src/core/activitypub/models/ApPersonService.ts b/packages/backend/src/core/activitypub/models/ApPersonService.ts index 29f7459219..bc602bbd5b 100644 --- a/packages/backend/src/core/activitypub/models/ApPersonService.ts +++ b/packages/backend/src/core/activitypub/models/ApPersonService.ts @@ -377,7 +377,8 @@ export class ApPersonService implements OnModuleInit, OnApplicationShutdown { const url = this.apUtilityService.findBestObjectUrl(person); - const verifiedLinks = url ? await verifyFieldLinks(fields, url, this.httpRequestService) : []; + const profileUrls = url ? [url, person.id] : [person.id]; + const verifiedLinks = await verifyFieldLinks(fields, profileUrls, this.httpRequestService); // Create user let user: MiRemoteUser | null = null; @@ -626,7 +627,8 @@ export class ApPersonService implements OnModuleInit, OnApplicationShutdown { const url = this.apUtilityService.findBestObjectUrl(person); - const verifiedLinks = url ? await verifyFieldLinks(fields, url, this.httpRequestService) : []; + const profileUrls = url ? [url, person.id] : [person.id]; + const verifiedLinks = await verifyFieldLinks(fields, profileUrls, this.httpRequestService); const updates = { lastFetchedAt: new Date(), diff --git a/packages/backend/src/misc/verify-field-link.ts b/packages/backend/src/misc/verify-field-link.ts index f9fc352806..6a3c950059 100644 --- a/packages/backend/src/misc/verify-field-link.ts +++ b/packages/backend/src/misc/verify-field-link.ts @@ -8,7 +8,7 @@ import type { HttpRequestService } from '@/core/HttpRequestService.js'; type Field = { name: string, value: string }; -export async function verifyFieldLinks(fields: Field[], profile_url: string, httpRequestService: HttpRequestService): Promise<string[]> { +export async function verifyFieldLinks(fields: Field[], profileUrls: string[], httpRequestService: HttpRequestService): Promise<string[]> { const verified_links = []; for (const field_url of fields.filter(x => URL.canParse(x.value) && ['http:', 'https:'].includes((new URL(x.value).protocol)))) { try { @@ -18,7 +18,7 @@ export async function verifyFieldLinks(fields: Field[], profile_url: string, htt const links = doc('a[rel~="me"][href], link[rel~="me"][href]').toArray(); - const includesProfileLinks = links.some(link => link.attribs.href === profile_url); + const includesProfileLinks = links.some(link => profileUrls.includes(link.attribs.href)); if (includesProfileLinks) { verified_links.push(field_url.value); } diff --git a/packages/backend/src/server/api/endpoints/i/update.ts b/packages/backend/src/server/api/endpoints/i/update.ts index 5767880531..65dcf6301f 100644 --- a/packages/backend/src/server/api/endpoints/i/update.ts +++ b/packages/backend/src/server/api/endpoints/i/update.ts @@ -603,11 +603,15 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint- this.globalEventService.publishInternalEvent('localUserUpdated', { id: user.id }); } - const verified_links = await verifyFieldLinks(newFields, `${this.config.url}/@${user.username}`, this.httpRequestService); + const profileUrls = [ + this.userEntityService.genLocalUserUri(user.id), + `${this.config.url}/@${user.username}`, + ]; + const verifiedLinks = await verifyFieldLinks(newFields, profileUrls, this.httpRequestService); await this.userProfilesRepository.update(user.id, { ...profileUpdates, - verifiedLinks: verified_links, + verifiedLinks, }); const iObj = await this.userEntityService.pack(user.id, user, { |