1 files changed, 63 insertions, 2 deletions
diff --git a/packages/backend/src/server/api/endpoints/ap/show.ts b/packages/backend/src/server/api/endpoints/ap/show.ts
index 4904e3cb87..fc19e18e59 100644
--- a/packages/backend/src/server/api/endpoints/ap/show.ts
+++ b/packages/backend/src/server/api/endpoints/ap/show.ts
@@ -20,6 +20,7 @@ import { bindThis } from '@/decorators.js';
 import { ApRequestService } from '@/core/activitypub/ApRequestService.js';
 import { InstanceActorService } from '@/core/InstanceActorService.js';
 import { ApiError } from '../../error.js';
+import { IdentifiableError } from '@/misc/identifiable-error.js';
 
 export const meta = {
 	tags: ['federation'],
@@ -34,6 +35,31 @@ export const meta = {
 	},
 
 	errors: {
+		federationNotAllowed: {
+			message: 'Federation for this host is not allowed.',
+			code: 'FEDERATION_NOT_ALLOWED',
+			id: '974b799e-1a29-4889-b706-18d4dd93e266',
+		},
+		uriInvalid: {
+			message: 'URI is invalid.',
+			code: 'URI_INVALID',
+			id: '1a5eab56-e47b-48c2-8d5e-217b897d70db',
+		},
+		requestFailed: {
+			message: 'Request failed.',
+			code: 'REQUEST_FAILED',
+			id: '81b539cf-4f57-4b29-bc98-032c33c0792e',
+		},
+		responseInvalid: {
+			message: 'Response from remote server is invalid.',
+			code: 'RESPONSE_INVALID',
+			id: '70193c39-54f3-4813-82f0-70a680f7495b',
+		},
+		responseInvalidIdHostNotMatch: {
+			message: 'Requested URI and response URI host does not match.',
+			code: 'RESPONSE_INVALID_ID_HOST_NOT_MATCH',
+			id: 'a2c9c61a-cb72-43ab-a964-3ca5fddb410a',
+		},
 		noSuchObject: {
 			message: 'No such object.',
 			code: 'NO_SUCH_OBJECT',
@@ -114,7 +140,9 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 	 */
 	@bindThis
 	private async fetchAny(uri: string, me: MiLocalUser | null | undefined): Promise<SchemaType<typeof meta['res']> | null> {
-		if (!this.utilityService.isFederationAllowedUri(uri)) return null;
+		if (!this.utilityService.isFederationAllowedUri(uri)) {
+			throw new ApiError(meta.errors.federationNotAllowed);
+		}
 
 		let local = await this.mergePack(me, ...await Promise.all([
 			this.apDbResolverService.getUserFromApId(uri),
@@ -135,7 +163,40 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 
 		// リモートから一旦オブジェクトフェッチ
 		const resolver = this.apResolverService.createResolver();
-		const object = await resolver.resolve(uri) as any;
+		const object = await resolver.resolve(uri).catch((err) => {
+			if (err instanceof IdentifiableError) {
+				switch (err.id) {
+					// resolve
+					case 'b94fd5b1-0e3b-4678-9df2-dad4cd515ab2':
+						throw new ApiError(meta.errors.uriInvalid);
+					case '0dc86cf6-7cd6-4e56-b1e6-5903d62d7ea5':
+					case 'd592da9f-822f-4d91-83d7-4ceefabcf3d2':
+						throw new ApiError(meta.errors.requestFailed);
+					case '09d79f9e-64f1-4316-9cfa-e75c4d091574':
+						throw new ApiError(meta.errors.federationNotAllowed);
+					case '72180409-793c-4973-868e-5a118eb5519b':
+					case 'ad2dc287-75c1-44c4-839d-3d2e64576675':
+						throw new ApiError(meta.errors.responseInvalid);
+					case 'fd93c2fa-69a8-440f-880b-bf178e0ec877':
+						throw new ApiError(meta.errors.responseInvalidIdHostNotMatch);
+
+					// resolveLocal
+					case '02b40cd0-fa92-4b0c-acc9-fb2ada952ab8':
+						throw new ApiError(meta.errors.uriInvalid);
+					case 'a9d946e5-d276-47f8-95fb-f04230289bb0':
+					case '06ae3170-1796-4d93-a697-2611ea6d83b6':
+						throw new ApiError(meta.errors.noSuchObject);
+					case '7a5d2fc0-94bc-4db6-b8b8-1bf24a2e23d0':
+						throw new ApiError(meta.errors.responseInvalid);
+				}
+			}
+
+			throw new ApiError(meta.errors.requestFailed);
+		});
+
+		if (object.id == null) {
+			throw new ApiError(meta.errors.responseInvalid);
+		}
 
 		// /@user のような正規id以外で取得できるURIが指定されていた場合、ここで初めて正規URIが確定する
 		// これはDBに存在する可能性があるため再度DB検索