diff options
| author | Johann150 <johann@qwertqwefsday.eu> | 2021-08-14 11:11:47 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-08-14 18:11:47 +0900 |
| commit | f05f7c920ecc5028d00737f2c789a80c90e66b0d (patch) | |
| tree | 52f546d0c15cce468a7a9e5ffb22d12398cd6071 /src/remote | |
| parent | Merge branch 'develop' of https://github.com/misskey-dev/misskey into develop (diff) | |
| download | sharkey-f05f7c920ecc5028d00737f2c789a80c90e66b0d.tar.gz sharkey-f05f7c920ecc5028d00737f2c789a80c90e66b0d.tar.bz2 sharkey-f05f7c920ecc5028d00737f2c789a80c90e66b0d.zip | |
fix: truncate user information if it is too long (#7629)
* truncate user information if it is too long
Some AP software allows for user names or summaries to be very long.
Misskey can not handle this and the profile page can not be opened and
no activities from such users can be seen.
Instead, the user name and summary are cut off after the maximum length
so misskey can still process the activities of the profile.
Co-authored-by: Toast <toast@toast.cafe>
* fix code style
Co-authored-by: Toast <toast@toast.cafe>
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
Diffstat (limited to 'src/remote')
| -rw-r--r-- | src/remote/activitypub/models/person.ts | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/src/remote/activitypub/models/person.ts b/src/remote/activitypub/models/person.ts index 829b4878f8..2270e05e3b 100644 --- a/src/remote/activitypub/models/person.ts +++ b/src/remote/activitypub/models/person.ts @@ -31,6 +31,9 @@ import { normalizeForSearch } from '@/misc/normalize-for-search'; const logger = apLogger; +const nameLength = 128; +const summaryLength = 2048; + /** * Validate and convert to actor object * @param x Fetched object @@ -52,11 +55,23 @@ function validateActor(x: IObject, uri: string): IActor { if (e) throw new Error(`invalid Actor: ${name} ${e.message}`); }; + const truncate = (input: string | undefined, size: number) => { + if (!input || input.length <= size) { + return input; + } else { + return input.substring(0, size); + } + }; + validate('id', x.id, $.str.min(1)); validate('inbox', x.inbox, $.str.min(1)); validate('preferredUsername', x.preferredUsername, $.str.min(1).max(128).match(/^\w([\w-.]*\w)?$/)); - validate('name', x.name, $.optional.nullable.str.max(128)); - validate('summary', x.summary, $.optional.nullable.str.max(2048)); + + // These fields are only informational, and some AP software allows these + // fields to be very long. If they are too long, we cut them off. This way + // we can at least see these users and their activities. + validate('name', truncate(x.name, nameLength), $.optional.nullable.str); + validate('summary', truncate(x.summary, summaryLength), $.optional.nullable.str); const idHost = toPuny(new URL(x.id!).hostname); if (idHost !== expectHost) { |