From b518c35e0021ed25f152477924ec9fd092e23f25 Mon Sep 17 00:00:00 2001
From: syuilo <Syuilotan@yahoo.co.jp>
Date: Sun, 25 Dec 2022 14:52:42 +0900
Subject: [PATCH] =?UTF-8?q?fix(server):=20Ap=20inbox=E3=81=AE=E6=9C=80?=
 =?UTF-8?q?=E5=A4=A7=E3=83=9A=E3=82=A4=E3=83=AD=E3=83=BC=E3=83=89=E3=82=B5?=
 =?UTF-8?q?=E3=82=A4=E3=82=BA=E3=82=92256kb=E3=81=AB=E5=88=B6=E9=99=90?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md                                            | 1 +
 packages/backend/src/server/ActivityPubServerService.ts | 7 +++----
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 64b47883d4..df9c47df9b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -42,6 +42,7 @@ You should also include the user name that made the change.
 - Server: Bug fix for Pinned Users lookup on instance @squidicuzz
 - Server: Fix peers API returning suspended instances @ineffyble
 - Server: trim long text of note from ap @syuilo
+- Server: Ap inboxの最大ペイロードサイズを256kbに制限 @syuilo
 - Client: case insensitive emoji search @saschanaz
 - Client: InAppウィンドウが操作できなくなることがあるのを修正 @tamaina
 - Client: use proxied image for instance icon @syuilo
diff --git a/packages/backend/src/server/ActivityPubServerService.ts b/packages/backend/src/server/ActivityPubServerService.ts
index 0c3da39dbb..e76a8ef541 100644
--- a/packages/backend/src/server/ActivityPubServerService.ts
+++ b/packages/backend/src/server/ActivityPubServerService.ts
@@ -88,7 +88,6 @@ export class ActivityPubServerService {
 
 	@bindThis
 	private inbox(request: FastifyRequest, reply: FastifyReply) {
-		let signature;
 
 		try {
 			signature = httpSignature.parseRequest(request.raw, { 'headers': [] });
@@ -438,9 +437,9 @@ export class ActivityPubServerService {
 		fastify.addContentTypeParser('application/ld+json', { parseAs: 'string' }, fastify.getDefaultJsonParser('ignore', 'ignore'));
 
 		//#region Routing
-		// inbox
-		fastify.post('/inbox', async (request, reply) => await this.inbox(request, reply));
-		fastify.post('/users/:user/inbox', async (request, reply) => await this.inbox(request, reply));
+		// inbox (limit: 256kb)
+		fastify.post('/inbox', { bodyLimit: 1024 * 256 }, async (request, reply) => await this.inbox(request, reply));
+		fastify.post('/users/:user/inbox', { bodyLimit: 1024 * 256 }, async (request, reply) => await this.inbox(request, reply));
 
 		// note
 		fastify.get<{ Params: { note: string; } }>('/notes/:note', { constraints: { apOrHtml: 'ap' } }, async (request, reply) => {