continue patching transport layer security

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>

packages/backend/src/core/DownloadService.ts

@@ -44,6 +44,14 @@ export class DownloadService {
 		const maxSize = this.config.maxFileSize;
 
 		const urlObj = new URL(url);
+		if (urlObj.protocol && urlObj.protocol !== 'https:') {
+			throw new Error(`Unsupported protocol: ${urlObj.protocol}, only HTTPS is supported`);
+		}
+		urlObj.protocol = 'https:';
+		if (urlObj.port && urlObj.port !== '443') {
+			throw new Error(`Unsupported port: ${urlObj.port}, only 443 is supported`);
+		}
+
 		let filename = urlObj.pathname.split('/').pop() ?? 'untitled';
 
 		const req = got.stream(url, {

packages/backend/src/core/HttpRequestService.ts

@@ -171,9 +171,10 @@ export class HttpRequestService {
 	 */
 	@bindThis
 	public getAgentByUrl(url: URL, bypassProxy = false): https.Agent {
-		if (url.protocol !== 'https:') {
+		if (url.protocol && url.protocol !== 'https:') {
 			throw new Error('Invalid protocol');
 		}
+		url.protocol = 'https:';
 		if (url.port && url.port !== '443') {
 			throw new Error('Invalid port');
 		}

packages/backend/src/core/activitypub/ApResolverService.ts

@@ -64,7 +64,7 @@ export class Resolver {
 	public async resolveCollection(value: string | IObject): Promise<ICollection | IOrderedCollection> {
 		const collection = typeof value === 'string'
 			? await this.resolve(value)
-			: value;
+			: yumeNormalizeObject(value);
 
 		if (isCollectionOrOrderedCollection(collection)) {
 			return collection;
@@ -74,7 +74,7 @@ export class Resolver {
 	}
 
 	@bindThis
-	public async resolveNotNormalized(value: string | IObject): Promise<IUnsanitizedObject> {
+	private async resolveNotNormalized(value: string | IObject): Promise<IUnsanitizedObject> {
 		if (typeof value !== 'string') {
 			return value;
 		}

packages/backend/src/core/activitypub/models/ApNoteService.ts

@@ -3,6 +3,7 @@
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
+import * as Bull from 'bullmq';
 import { forwardRef, Inject, Injectable } from '@nestjs/common';
 import { In } from 'typeorm';
 import { DI } from '@/di-symbols.js';
@@ -164,7 +165,7 @@ export class ApNoteService {
 			const noteUrl = yumeAssertAcceptableURL(note.id);
 
 			if (noteUrl.host !== actUrl.host) {
-				throw new Error(`note url & uri host mismatch: note url: ${url}, note uri: ${note.id}`);
+				throw new Bull.UnrecoverableError(`note url & uri host mismatch: note url: ${url}, note uri: ${note.id}`);
 			}
 		}
 

packages/backend/src/core/activitypub/type.ts

@@ -103,26 +103,33 @@ export function yumeNormalizeRecursive<O extends IUnsanitizedObject | string | (
 		if (object.length > 64) {
 			throw new bull.UnrecoverableError('array length limit exceeded');
 		}
-		return object.flatMap(yumeNormalizeRecursive);
+		return object.flatMap((x) => yumeNormalizeRecursive(x, depth + (object.length + 3 / 4)));
 	}
 
-	return yumeNormalizeObject(object);
+	return yumeNormalizeObject(object, depth + 1);
 }
 
-export function yumeNormalizeObject(object: IUnsanitizedObject): IObject {
+export function yumeNormalizeObject(object: IUnsanitizedObject, depth = 0): IObject {
 	if (object.cc) {
-		object.cc = yumeNormalizeRecursive(object.cc);
+		object.cc = yumeNormalizeRecursive(object.cc, depth + 1);
 	}
 	if (object.id) {
 		object.id = yumeNormalizeURL(object.id);
 	}
 
 	if (object.url) {
-		object.url = yumeNormalizeRecursive(object.url);
+		object.url = yumeNormalizeRecursive(object.url, depth + 1);
+	}
+
+	if (object.replies) {
+		object.replies.first = object.replies.first ?
+			typeof object.replies.first === 'string' ? yumeNormalizeURL(object.replies.first) : yumeNormalizeObject(object.replies.first, depth + 1) : undefined;
+		object.replies.items = object.replies.items ? 
+			typeof object.replies.items === 'string' ? yumeNormalizeURL(object.replies.items) : yumeNormalizeRecursive(object.replies.items, depth + 1) : undefined;
 	}
 
 	if (object.inReplyTo) {
-		object.inReplyTo = yumeNormalizeRecursive(object.inReplyTo);
+		object.inReplyTo = yumeNormalizeRecursive(object.inReplyTo, depth + 1);
 	}
 
 	return object as IObject;