diff --git a/packages/backend/src/core/activitypub/models/ApPersonService.ts b/packages/backend/src/core/activitypub/models/ApPersonService.ts index 61d4ed8df9..e133ce5d70 100644 --- a/packages/backend/src/core/activitypub/models/ApPersonService.ts +++ b/packages/backend/src/core/activitypub/models/ApPersonService.ts @@ -153,6 +153,21 @@ export class ApPersonService implements OnModuleInit { throw new Error('invalid Actor: wrong inbox'); } + try { + new URL(x.inbox); + } catch { + throw new Error('invalid Actor: wrong inbox'); + } + + const sharedInbox = x.sharedInbox ?? x.endpoints?.sharedInbox; + if (typeof sharedInbox === 'string') { + try { + new URL(sharedInbox); + } catch { + throw new Error('invalid Actor: wrong sharedInbox'); + } + } + if (!(typeof x.preferredUsername === 'string' && x.preferredUsername.length > 0 && x.preferredUsername.length <= 128 && /^\w([\w-.]*\w)?$/.test(x.preferredUsername))) { throw new Error('invalid Actor: wrong username'); } diff --git a/packages/backend/src/server/api/endpoints/admin/queue/deliver-delayed.ts b/packages/backend/src/server/api/endpoints/admin/queue/deliver-delayed.ts index 771fca6ca0..cef6424b29 100644 --- a/packages/backend/src/server/api/endpoints/admin/queue/deliver-delayed.ts +++ b/packages/backend/src/server/api/endpoints/admin/queue/deliver-delayed.ts @@ -7,6 +7,7 @@ import { URL } from 'node:url'; import { Inject, Injectable } from '@nestjs/common'; import { Endpoint } from '@/server/api/endpoint-base.js'; import type { DeliverQueue } from '@/core/QueueModule.js'; +import { ApiLoggerService } from '@/server/api/ApiLoggerService.js'; export const meta = { tags: ['admin'], @@ -49,6 +50,8 @@ export const paramDef = { export default class extends Endpoint { constructor( @Inject('queue:deliver') public deliverQueue: DeliverQueue, + + private apiLoggerService: ApiLoggerService, ) { super(meta, paramDef, async (ps, me) => { const jobs = await this.deliverQueue.getJobs(['delayed']); @@ -56,9 +59,17 @@ export default class extends Endpoint { const res = [] as [string, number][]; for (const job of jobs) { - const host = new URL(job.data.to).host; - if (res.find(x => x[0] === host)) { - res.find(x => x[0] === host)![1]++; + let host: string; + try { + host = new URL(job.data.to).host; + } catch (e) { + this.apiLoggerService.logger.warn(`failed to parse url '${job.data.to}': ${e}`); + continue; + } + + const found = res.find(x => x[0] === host); + if (found) { + found[1]++; } else { res.push([host, 1]); } diff --git a/packages/backend/src/server/api/endpoints/admin/queue/inbox-delayed.ts b/packages/backend/src/server/api/endpoints/admin/queue/inbox-delayed.ts index 8e00aade3a..5413e215aa 100644 --- a/packages/backend/src/server/api/endpoints/admin/queue/inbox-delayed.ts +++ b/packages/backend/src/server/api/endpoints/admin/queue/inbox-delayed.ts @@ -7,6 +7,7 @@ import { URL } from 'node:url'; import { Inject, Injectable } from '@nestjs/common'; import { Endpoint } from '@/server/api/endpoint-base.js'; import type { InboxQueue } from '@/core/QueueModule.js'; +import { ApiLoggerService } from '@/server/api/ApiLoggerService.js'; export const meta = { tags: ['admin'], @@ -49,6 +50,8 @@ export const paramDef = { export default class extends Endpoint { constructor( @Inject('queue:inbox') public inboxQueue: InboxQueue, + + private apiLoggerService: ApiLoggerService, ) { super(meta, paramDef, async (ps, me) => { const jobs = await this.inboxQueue.getJobs(['delayed']); @@ -56,9 +59,17 @@ export default class extends Endpoint { const res = [] as [string, number][]; for (const job of jobs) { - const host = new URL(job.data.signature.keyId).host; - if (res.find(x => x[0] === host)) { - res.find(x => x[0] === host)![1]++; + let host: string; + try { + host = new URL(job.data.signature.keyId).host; + } catch (e) { + this.apiLoggerService.logger.warn(`failed to parse url '${job.data.signature.keyId}': ${e}`); + continue; + } + + const found = res.find(x => x[0] === host); + if (found) { + found[1]++; } else { res.push([host, 1]); }