Prevent upserting local actor

By comparing it's URI

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2020-07-30 18:16:32 +02:00
parent 9fdf7bad0f
commit b9cdd2f02f
No known key found for this signature in database
GPG key ID: A061B9DDE0CA0773
2 changed files with 18 additions and 14 deletions

View file

@ -96,7 +96,7 @@ defmodule Mobilizon.Federation.ActivityPub do
Logger.debug("Entity is already existing")
entity =
if force_fetch and not compare_origins?(url, Endpoint.url()) do
if force_fetch and not are_same_origin?(url, Endpoint.url()) do
Logger.debug("Entity is external and we want a force fetch")
with {:ok, _activity, entity} <- Fetcher.fetch_and_update(url, options) do
@ -506,18 +506,22 @@ defmodule Mobilizon.Federation.ActivityPub do
"""
@spec make_actor_from_url(String.t(), boolean()) :: {:ok, %Actor{}} | {:error, any()}
def make_actor_from_url(url, preload \\ false) do
case fetch_and_prepare_actor_from_url(url) do
{:ok, data} ->
Actors.upsert_actor(data, preload)
if are_same_origin?(url, Endpoint.url()) do
{:error, "Can't make a local actor from URL"}
else
case fetch_and_prepare_actor_from_url(url) do
{:ok, data} ->
Actors.upsert_actor(data, preload)
# Request returned 410
{:error, :actor_deleted} ->
Logger.info("Actor was deleted")
{:error, :actor_deleted}
# Request returned 410
{:error, :actor_deleted} ->
Logger.info("Actor was deleted")
{:error, :actor_deleted}
e ->
Logger.warn("Failed to make actor from url")
{:error, e}
e ->
Logger.warn("Failed to make actor from url")
{:error, e}
end
end
end

View file

@ -248,7 +248,7 @@ defmodule Mobilizon.Federation.ActivityPub.Utils do
when not is_nil(actor) do
actor = get_actor(params)
Logger.debug("Performing origin check on #{id} and #{actor} URIs")
compare_origins?(id, actor)
are_same_origin?(id, actor)
end
def origin_check?(_id, %{"type" => type} = _params) when type in ["Actor", "Group"], do: true
@ -257,8 +257,8 @@ defmodule Mobilizon.Federation.ActivityPub.Utils do
def origin_check?(_id, _args), do: false
@spec compare_origins?(String.t(), String.t()) :: boolean()
def compare_origins?(url_1, url_2) when is_binary(url_1) and is_binary(url_2) do
@spec are_same_origin?(String.t(), String.t()) :: boolean()
def are_same_origin?(url_1, url_2) when is_binary(url_1) and is_binary(url_2) do
uri_1 = URI.parse(url_1)
uri_2 = URI.parse(url_2)