Validate host in activity

48223c1c · mei23 · dddf7834 · 48223c1c
Commit 48223c1c authored 6 years ago by mei23
--- a/src/queue/processors/http/process-inbox.ts
+++ b/src/queue/processors/http/process-inbox.ts
@@ -6,6 +6,8 @@ import parseAcct from '../../../misc/acct/parse';
 import User, { IRemoteUser } from '../../../models/user';
 import perform from '../../../remote/activitypub/perform';
 import { resolvePerson } from '../../../remote/activitypub/models/person';
+import { toUnicode } from 'punycode';
+import { URL } from 'url';

 const log = debug('misskey:queue:inbox');

@@ -32,6 +34,15 @@ export default async (job: bq.Job, done: any): Promise<void> => {
 			return;
 		}

+		// アクティビティ内のホストの検証
+		try {
+			ValidateActivity(activity, host);
+		} catch (e) {
+			console.warn(e);
+			done();
+			return;
+		}
+
 		user = await User.findOne({ usernameLower: username, host: host.toLowerCase() }) as IRemoteUser;

 		// アクティビティを送信してきたユーザーがまだMisskeyサーバーに登録されていなかったら登録する
@@ -39,6 +50,16 @@ export default async (job: bq.Job, done: any): Promise<void> => {
 			user = await resolvePerson(activity.actor) as IRemoteUser;
 		}
 	} else {
+		// アクティビティ内のホストの検証
+		const host = toUnicode(new URL(signature.keyId).hostname.toLowerCase());
+		try {
+			ValidateActivity(activity, host);
+		} catch (e) {
+			console.warn(e);
+			done();
+			return;
+		}
+
 		user = await User.findOne({
 			host: { $ne: null },
 			'publicKey.id': signature.keyId
@@ -69,3 +90,37 @@ export default async (job: bq.Job, done: any): Promise<void> => {
 		done(e);
 	}
 };
+
+/**
+ * Validate host in activity
+ * @param activity Activity
+ * @param host Expect host
+ */
+function ValidateActivity(activity: any, host: string) {
+	// id (if exists)
+	if (typeof activity.id === 'string') {
+		const uriHost = toUnicode(new URL(activity.id).hostname.toLowerCase());
+		if (host !== uriHost) throw new Error('activity.id has different host');
+	}
+
+	// actor (if exists)
+	if (typeof activity.actor === 'string') {
+		const uriHost = toUnicode(new URL(activity.actor).hostname.toLowerCase());
+		if (host !== uriHost) throw new Error('activity.actor has different host');
+	}
+
+	// For Create activity
+	if (activity.type === 'Create' && activity.object) {
+		// object.id (if exists)
+		if (typeof activity.object.id === 'string') {
+			const uriHost = toUnicode(new URL(activity.object.id).hostname.toLowerCase());
+			if (host !== uriHost) throw new Error('activity.object.id has different host');
+		}
+
+		// object.attributedTo (if exists)
+		if (typeof activity.object.attributedTo === 'string') {
+			const uriHost = toUnicode(new URL(activity.object.attributedTo).hostname.toLowerCase());
+			if (host !== uriHost) throw new Error('activity.object.attributedTo has different host');
+		}
+	}
+}