backend: check AP fetch URL
All checks were successful
Lint / pnpm_install (pull_request) Successful in 2m4s
Publish Docker image / Build (pull_request) Successful in 5m45s
Test (production install and build) / production (22.11.0) (pull_request) Successful in 1m6s
Test (backend) / unit (22.11.0) (pull_request) Successful in 9m5s
Lint / pnpm_install (push) Successful in 1m28s
Publish Docker image / Build (push) Successful in 4m56s
Test (backend) / e2e (22.11.0) (pull_request) Successful in 12m34s
Test (production install and build) / production (22.11.0) (push) Successful in 1m6s
Lint / lint (backend) (pull_request) Successful in 2m18s
Test (backend) / unit (22.11.0) (push) Successful in 8m20s
Lint / lint (frontend) (pull_request) Successful in 2m26s
Lint / lint (frontend-embed) (pull_request) Successful in 2m26s
Lint / lint (frontend-shared) (pull_request) Successful in 2m32s
Test (backend) / e2e (22.11.0) (push) Successful in 12m9s
Lint / lint (misskey-bubble-game) (pull_request) Successful in 2m46s
Lint / lint (misskey-js) (pull_request) Successful in 2m39s
Lint / lint (misskey-reversi) (pull_request) Successful in 2m30s
Lint / lint (sw) (pull_request) Successful in 2m33s
Lint / typecheck (misskey-js) (pull_request) Successful in 1m42s
Lint / typecheck (backend) (pull_request) Successful in 2m43s
Lint / typecheck (sw) (pull_request) Successful in 1m45s
Lint / lint (backend) (push) Successful in 2m44s
Lint / lint (frontend) (push) Successful in 2m43s
Lint / lint (frontend-embed) (push) Successful in 2m36s
Lint / lint (frontend-shared) (push) Successful in 3m2s
Lint / lint (misskey-bubble-game) (push) Successful in 2m49s
Lint / lint (misskey-js) (push) Successful in 2m48s
Lint / lint (misskey-reversi) (push) Successful in 2m51s
Lint / lint (sw) (push) Successful in 2m50s
Lint / typecheck (backend) (push) Successful in 2m50s
Lint / typecheck (misskey-js) (push) Successful in 2m7s
Lint / typecheck (sw) (push) Successful in 2m22s
All checks were successful
Lint / pnpm_install (pull_request) Successful in 2m4s
Publish Docker image / Build (pull_request) Successful in 5m45s
Test (production install and build) / production (22.11.0) (pull_request) Successful in 1m6s
Test (backend) / unit (22.11.0) (pull_request) Successful in 9m5s
Lint / pnpm_install (push) Successful in 1m28s
Publish Docker image / Build (push) Successful in 4m56s
Test (backend) / e2e (22.11.0) (pull_request) Successful in 12m34s
Test (production install and build) / production (22.11.0) (push) Successful in 1m6s
Lint / lint (backend) (pull_request) Successful in 2m18s
Test (backend) / unit (22.11.0) (push) Successful in 8m20s
Lint / lint (frontend) (pull_request) Successful in 2m26s
Lint / lint (frontend-embed) (pull_request) Successful in 2m26s
Lint / lint (frontend-shared) (pull_request) Successful in 2m32s
Test (backend) / e2e (22.11.0) (push) Successful in 12m9s
Lint / lint (misskey-bubble-game) (pull_request) Successful in 2m46s
Lint / lint (misskey-js) (pull_request) Successful in 2m39s
Lint / lint (misskey-reversi) (pull_request) Successful in 2m30s
Lint / lint (sw) (pull_request) Successful in 2m33s
Lint / typecheck (misskey-js) (pull_request) Successful in 1m42s
Lint / typecheck (backend) (pull_request) Successful in 2m43s
Lint / typecheck (sw) (pull_request) Successful in 1m45s
Lint / lint (backend) (push) Successful in 2m44s
Lint / lint (frontend) (push) Successful in 2m43s
Lint / lint (frontend-embed) (push) Successful in 2m36s
Lint / lint (frontend-shared) (push) Successful in 3m2s
Lint / lint (misskey-bubble-game) (push) Successful in 2m49s
Lint / lint (misskey-js) (push) Successful in 2m48s
Lint / lint (misskey-reversi) (push) Successful in 2m51s
Lint / lint (sw) (push) Successful in 2m50s
Lint / typecheck (backend) (push) Successful in 2m50s
Lint / typecheck (misskey-js) (push) Successful in 2m7s
Lint / typecheck (sw) (push) Successful in 2m22s
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
This commit is contained in:
parent
677a2f0770
commit
4b6ec86a00
2 changed files with 53 additions and 1 deletions
|
@ -15,6 +15,7 @@ import type { Config } from '@/config.js';
|
||||||
import { StatusError } from '@/misc/status-error.js';
|
import { StatusError } from '@/misc/status-error.js';
|
||||||
import { bindThis } from '@/decorators.js';
|
import { bindThis } from '@/decorators.js';
|
||||||
import { validateContentTypeSetAsActivityPub } from '@/core/activitypub/misc/validator.js';
|
import { validateContentTypeSetAsActivityPub } from '@/core/activitypub/misc/validator.js';
|
||||||
|
import { assertActivityMatchesUrls } from '@/core/activitypub/misc/check-against-url.js';
|
||||||
import type { IObject } from '@/core/activitypub/type.js';
|
import type { IObject } from '@/core/activitypub/type.js';
|
||||||
import type { Response } from 'node-fetch';
|
import type { Response } from 'node-fetch';
|
||||||
import type { URL } from 'node:url';
|
import type { URL } from 'node:url';
|
||||||
|
@ -125,7 +126,12 @@ export class HttpRequestService {
|
||||||
validators: [validateContentTypeSetAsActivityPub],
|
validators: [validateContentTypeSetAsActivityPub],
|
||||||
});
|
});
|
||||||
|
|
||||||
return await res.json() as IObject;
|
const finalUrl = res.url; // redirects may have been involved
|
||||||
|
const activity = await res.json() as IObject;
|
||||||
|
|
||||||
|
assertActivityMatchesUrls(activity, [url, finalUrl]);
|
||||||
|
|
||||||
|
return activity;
|
||||||
}
|
}
|
||||||
|
|
||||||
@bindThis
|
@bindThis
|
||||||
|
|
|
@ -0,0 +1,46 @@
|
||||||
|
/*
|
||||||
|
* SPDX-FileCopyrightText: dakkar and sharkey-project and yumechi
|
||||||
|
* SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
*/
|
||||||
|
import { metricCounter } from '@/server/api/MetricsService.js';
|
||||||
|
import type { IObject } from '../type.js';
|
||||||
|
|
||||||
|
const mFetchBadActivityUrl = metricCounter({
|
||||||
|
name: 'misskey_ap_fetch_bad_activity_url',
|
||||||
|
help: 'Fetches that failed because the activity URL did not match the expected Host',
|
||||||
|
labelNames: ['host_received', 'host_expected'],
|
||||||
|
});
|
||||||
|
|
||||||
|
function getHrefFrom(one: IObject|string): string | undefined {
|
||||||
|
if (typeof(one) === 'string') return one;
|
||||||
|
return one.href;
|
||||||
|
}
|
||||||
|
|
||||||
|
export function assertActivityMatchesUrls(activity: IObject, urls: string[]) {
|
||||||
|
const idOk = activity.id !== undefined && urls.includes(activity.id);
|
||||||
|
if (idOk) return;
|
||||||
|
|
||||||
|
const url = activity.url;
|
||||||
|
if (url) {
|
||||||
|
// `activity.url` can be an `ApObject = IObject | string | (IObject
|
||||||
|
// | string)[]`, we have to look inside it
|
||||||
|
const activityUrls = Array.isArray(url) ? url.map(getHrefFrom) : [getHrefFrom(url)];
|
||||||
|
const goodUrl = activityUrls.find(u => u && urls.includes(u));
|
||||||
|
|
||||||
|
if (goodUrl) return;
|
||||||
|
}
|
||||||
|
|
||||||
|
const hosts = urls.map(u => {
|
||||||
|
try {
|
||||||
|
return new URL(u).host;
|
||||||
|
} catch (e) {
|
||||||
|
return '[invalid]';
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
const sortDedup = (arr: string[]) => Array.from(new Set(arr)).sort();
|
||||||
|
|
||||||
|
mFetchBadActivityUrl?.inc({ host_received: sortDedup(hosts).join('|'), host_expected: sortDedup(urls).join('|') });
|
||||||
|
|
||||||
|
throw new Error(`bad Activity: neither id(${activity?.id}) nor url(${JSON.stringify(activity?.url)}) match location(${urls})`);
|
||||||
|
}
|
Loading…
Reference in a new issue