diff options
| author | MeiMei <30769358+mei23@users.noreply.github.com> | 2019-04-18 00:53:00 +0900 |
|---|---|---|
| committer | syuilo <Syuilotan@yahoo.co.jp> | 2019-04-18 00:53:00 +0900 |
| commit | 55e97864bd86eaec56b43eff238a40f684dcc109 (patch) | |
| tree | 5cee0e5583723c1d2cd39bcc024ba7e7dda3942d /src/queue | |
| parent | [MFM] Better hashtag parsing (diff) | |
| download | sharkey-55e97864bd86eaec56b43eff238a40f684dcc109.tar.gz sharkey-55e97864bd86eaec56b43eff238a40f684dcc109.tar.bz2 sharkey-55e97864bd86eaec56b43eff238a40f684dcc109.zip | |
Fix: v11で未認知ユーザーからActivityが飛んできた場合に処理できない (#4733)
* Fix: inboxに未知のユーザーが来ると処理できない
* こうかな
Diffstat (limited to 'src/queue')
| -rw-r--r-- | src/queue/processors/inbox.ts | 64 |
1 files changed, 18 insertions, 46 deletions
diff --git a/src/queue/processors/inbox.ts b/src/queue/processors/inbox.ts index 05fed0566d..9b28f93a3c 100644 --- a/src/queue/processors/inbox.ts +++ b/src/queue/processors/inbox.ts @@ -35,37 +35,8 @@ export default async (job: Bull.Job): Promise<void> => { let key: UserPublickey; if (keyIdLower.startsWith('acct:')) { - const acct = parseAcct(keyIdLower.slice('acct:'.length)); - const host = toPunyNullable(acct.host); - const username = toPuny(acct.username); - - if (host === null) { - logger.warn(`request was made by local user: @${username}`); - return; - } - - // アクティビティ内のホストの検証 - try { - ValidateActivity(activity, host); - } catch (e) { - logger.warn(e.message); - return; - } - - // ブロックしてたら中断 - // TODO: いちいちデータベースにアクセスするのはコスト高そうなのでどっかにキャッシュしておく - const meta = await fetchMeta(); - if (meta.blockedHosts.includes(host)) { - logger.info(`Blocked request: ${host}`); - return; - } - - user = await Users.findOne({ - usernameLower: username.toLowerCase(), - host: host - }) as IRemoteUser; - - key = await UserPublickeys.findOne(user.id).then(ensure); + logger.warn(`Old keyId is no longer supported. ${keyIdLower}`); + return; } else { // アクティビティ内のホストの検証 const host = toPuny(new URL(signature.keyId).hostname); @@ -84,19 +55,29 @@ export default async (job: Bull.Job): Promise<void> => { return; } - key = await UserPublickeys.findOne({ + const _key = await UserPublickeys.findOne({ keyId: signature.keyId - }).then(ensure); + }); + + if (_key) { + // 登録済みユーザー + user = await Users.findOne(_key.userId) as IRemoteUser; + key = _key; + } else { + // 未登録ユーザーの場合はリモート解決 + user = await resolvePerson(activity.actor) as IRemoteUser; + if (user == null) { + throw new Error('failed to resolve user'); + } - user = await Users.findOne(key.userId) as IRemoteUser; + key = await UserPublickeys.findOne(user.id).then(ensure); + } } // Update Person activityの場合は、ここで署名検証/更新処理まで実施して終了 if (activity.type === 'Update') { if (activity.object && validActor.includes(activity.object.type)) { - if (user == null) { - logger.warn('Update activity received, but user not registed.'); - } else if (!httpSignature.verifySignature(signature, key.keyPem)) { + if (!httpSignature.verifySignature(signature, key.keyPem)) { logger.warn('Update activity received, but signature verification failed.'); } else { updatePerson(activity.actor, null, activity.object); @@ -105,15 +86,6 @@ export default async (job: Bull.Job): Promise<void> => { } } - // アクティビティを送信してきたユーザーがまだMisskeyサーバーに登録されていなかったら登録する - if (user == null) { - user = await resolvePerson(activity.actor) as IRemoteUser; - } - - if (user == null) { - throw new Error('failed to resolve user'); - } - if (!httpSignature.verifySignature(signature, key.keyPem)) { logger.error('signature verification failed'); return; |