Merge branch 'prevent-upserting-local-actor' into 'master'
Prevent upserting local actor See merge request framasoft/mobilizon!519
This commit is contained in:
commit
5559df5402
@ -96,7 +96,7 @@ defmodule Mobilizon.Federation.ActivityPub do
|
|||||||
Logger.debug("Entity is already existing")
|
Logger.debug("Entity is already existing")
|
||||||
|
|
||||||
entity =
|
entity =
|
||||||
if force_fetch and not compare_origins?(url, Endpoint.url()) do
|
if force_fetch and not are_same_origin?(url, Endpoint.url()) do
|
||||||
Logger.debug("Entity is external and we want a force fetch")
|
Logger.debug("Entity is external and we want a force fetch")
|
||||||
|
|
||||||
with {:ok, _activity, entity} <- Fetcher.fetch_and_update(url, options) do
|
with {:ok, _activity, entity} <- Fetcher.fetch_and_update(url, options) do
|
||||||
@ -506,6 +506,9 @@ defmodule Mobilizon.Federation.ActivityPub do
|
|||||||
"""
|
"""
|
||||||
@spec make_actor_from_url(String.t(), boolean()) :: {:ok, %Actor{}} | {:error, any()}
|
@spec make_actor_from_url(String.t(), boolean()) :: {:ok, %Actor{}} | {:error, any()}
|
||||||
def make_actor_from_url(url, preload \\ false) do
|
def make_actor_from_url(url, preload \\ false) do
|
||||||
|
if are_same_origin?(url, Endpoint.url()) do
|
||||||
|
{:error, "Can't make a local actor from URL"}
|
||||||
|
else
|
||||||
case fetch_and_prepare_actor_from_url(url) do
|
case fetch_and_prepare_actor_from_url(url) do
|
||||||
{:ok, data} ->
|
{:ok, data} ->
|
||||||
Actors.upsert_actor(data, preload)
|
Actors.upsert_actor(data, preload)
|
||||||
@ -520,6 +523,7 @@ defmodule Mobilizon.Federation.ActivityPub do
|
|||||||
{:error, e}
|
{:error, e}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
end
|
||||||
|
|
||||||
@doc """
|
@doc """
|
||||||
Find an actor in our local database or call WebFinger to find what's its AP ID is and then fetch it
|
Find an actor in our local database or call WebFinger to find what's its AP ID is and then fetch it
|
||||||
|
@ -248,7 +248,7 @@ defmodule Mobilizon.Federation.ActivityPub.Utils do
|
|||||||
when not is_nil(actor) do
|
when not is_nil(actor) do
|
||||||
actor = get_actor(params)
|
actor = get_actor(params)
|
||||||
Logger.debug("Performing origin check on #{id} and #{actor} URIs")
|
Logger.debug("Performing origin check on #{id} and #{actor} URIs")
|
||||||
compare_origins?(id, actor)
|
are_same_origin?(id, actor)
|
||||||
end
|
end
|
||||||
|
|
||||||
def origin_check?(_id, %{"type" => type} = _params) when type in ["Actor", "Group"], do: true
|
def origin_check?(_id, %{"type" => type} = _params) when type in ["Actor", "Group"], do: true
|
||||||
@ -257,8 +257,8 @@ defmodule Mobilizon.Federation.ActivityPub.Utils do
|
|||||||
|
|
||||||
def origin_check?(_id, _args), do: false
|
def origin_check?(_id, _args), do: false
|
||||||
|
|
||||||
@spec compare_origins?(String.t(), String.t()) :: boolean()
|
@spec are_same_origin?(String.t(), String.t()) :: boolean()
|
||||||
def compare_origins?(url_1, url_2) when is_binary(url_1) and is_binary(url_2) do
|
def are_same_origin?(url_1, url_2) when is_binary(url_1) and is_binary(url_2) do
|
||||||
uri_1 = URI.parse(url_1)
|
uri_1 = URI.parse(url_1)
|
||||||
uri_2 = URI.parse(url_2)
|
uri_2 = URI.parse(url_2)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user