deliver-delayed で URL のパースに失敗した際に全てがコケる問題を修正 (#164)

* deliver-delayed で URL のパースに失敗した際に全てがコケる問題を修正

* validateActor に inbox / sharedInbox のバリデーションを追加

* fix quote

* 念のため inbox-delayed も
This commit is contained in:
riku6460 2023-09-12 02:56:51 +09:00 committed by GitHub
parent be20d064ca
commit b2bd042b4e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 43 additions and 6 deletions

View file

@ -153,6 +153,21 @@ export class ApPersonService implements OnModuleInit {
throw new Error('invalid Actor: wrong inbox'); throw new Error('invalid Actor: wrong inbox');
} }
try {
new URL(x.inbox);
} catch {
throw new Error('invalid Actor: wrong inbox');
}
const sharedInbox = x.sharedInbox ?? x.endpoints?.sharedInbox;
if (typeof sharedInbox === 'string') {
try {
new URL(sharedInbox);
} catch {
throw new Error('invalid Actor: wrong sharedInbox');
}
}
if (!(typeof x.preferredUsername === 'string' && x.preferredUsername.length > 0 && x.preferredUsername.length <= 128 && /^\w([\w-.]*\w)?$/.test(x.preferredUsername))) { if (!(typeof x.preferredUsername === 'string' && x.preferredUsername.length > 0 && x.preferredUsername.length <= 128 && /^\w([\w-.]*\w)?$/.test(x.preferredUsername))) {
throw new Error('invalid Actor: wrong username'); throw new Error('invalid Actor: wrong username');
} }

View file

@ -7,6 +7,7 @@ import { URL } from 'node:url';
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js'; import { Endpoint } from '@/server/api/endpoint-base.js';
import type { DeliverQueue } from '@/core/QueueModule.js'; import type { DeliverQueue } from '@/core/QueueModule.js';
import { ApiLoggerService } from '@/server/api/ApiLoggerService.js';
export const meta = { export const meta = {
tags: ['admin'], tags: ['admin'],
@ -49,6 +50,8 @@ export const paramDef = {
export default class extends Endpoint<typeof meta, typeof paramDef> { export default class extends Endpoint<typeof meta, typeof paramDef> {
constructor( constructor(
@Inject('queue:deliver') public deliverQueue: DeliverQueue, @Inject('queue:deliver') public deliverQueue: DeliverQueue,
private apiLoggerService: ApiLoggerService,
) { ) {
super(meta, paramDef, async (ps, me) => { super(meta, paramDef, async (ps, me) => {
const jobs = await this.deliverQueue.getJobs(['delayed']); const jobs = await this.deliverQueue.getJobs(['delayed']);
@ -56,9 +59,17 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
const res = [] as [string, number][]; const res = [] as [string, number][];
for (const job of jobs) { for (const job of jobs) {
const host = new URL(job.data.to).host; let host: string;
if (res.find(x => x[0] === host)) { try {
res.find(x => x[0] === host)![1]++; host = new URL(job.data.to).host;
} catch (e) {
this.apiLoggerService.logger.warn(`failed to parse url '${job.data.to}': ${e}`);
continue;
}
const found = res.find(x => x[0] === host);
if (found) {
found[1]++;
} else { } else {
res.push([host, 1]); res.push([host, 1]);
} }

View file

@ -7,6 +7,7 @@ import { URL } from 'node:url';
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js'; import { Endpoint } from '@/server/api/endpoint-base.js';
import type { InboxQueue } from '@/core/QueueModule.js'; import type { InboxQueue } from '@/core/QueueModule.js';
import { ApiLoggerService } from '@/server/api/ApiLoggerService.js';
export const meta = { export const meta = {
tags: ['admin'], tags: ['admin'],
@ -49,6 +50,8 @@ export const paramDef = {
export default class extends Endpoint<typeof meta, typeof paramDef> { export default class extends Endpoint<typeof meta, typeof paramDef> {
constructor( constructor(
@Inject('queue:inbox') public inboxQueue: InboxQueue, @Inject('queue:inbox') public inboxQueue: InboxQueue,
private apiLoggerService: ApiLoggerService,
) { ) {
super(meta, paramDef, async (ps, me) => { super(meta, paramDef, async (ps, me) => {
const jobs = await this.inboxQueue.getJobs(['delayed']); const jobs = await this.inboxQueue.getJobs(['delayed']);
@ -56,9 +59,17 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
const res = [] as [string, number][]; const res = [] as [string, number][];
for (const job of jobs) { for (const job of jobs) {
const host = new URL(job.data.signature.keyId).host; let host: string;
if (res.find(x => x[0] === host)) { try {
res.find(x => x[0] === host)![1]++; host = new URL(job.data.signature.keyId).host;
} catch (e) {
this.apiLoggerService.logger.warn(`failed to parse url '${job.data.signature.keyId}': ${e}`);
continue;
}
const found = res.find(x => x[0] === host);
if (found) {
found[1]++;
} else { } else {
res.push([host, 1]); res.push([host, 1]);
} }