ApPersonServiceとApNoteServiceのuri <-> url比較を緩和 (#15233)

* wip

* https://github.com/misskey-dev/misskey/issues/15039#issuecomment-2576411861 の反映

Co-authored-by: Kagami Sascha Rosylight <saschanaz@outlook.com>

* fix CHANGELOG.md

* remove inspection

---------

Co-authored-by: Kagami Sascha Rosylight <saschanaz@outlook.com>
This commit is contained in:
おさむのひと 2025-01-14 19:47:02 +09:00 committed by GitHub
parent dd6743dda4
commit 7fbfc2e046
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 16 additions and 21 deletions

View File

@ -36,6 +36,7 @@
(Cherry-picked from https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/737)
- Fix: ロックダウンされた期間指定のートがStreaming経由でLTLに出現するのを修正 ( #15200 )
- Fix: disableClustering設定時の初期化ロジックを調整( #15223 )
- Fix: URLとURIが異なるエンティティの照会に失敗する問題を修正( #15039 )
- Fix: ActivityPubリクエストかどうかの判定が正しくない問題を修正
(Cherry-picked from https://github.com/MisskeyIO/misskey/pull/869)
- Fix: AIセンシティブ判定が arm64 環境で動作しない問題を修正

View File

@ -5,13 +5,15 @@
import type { IObject } from '../type.js';
export function assertActivityMatchesUrls(activity: IObject, urls: string[]) {
const idOk = activity.id !== undefined && urls.includes(activity.id);
const hosts = urls.map(it => new URL(it).host);
const idOk = activity.id !== undefined && hosts.includes(new URL(activity.id).host);
// technically `activity.url` could be an `ApObject = IObject |
// string | (IObject | string)[]`, but if it's a complicated thing
// and the `activity.id` doesn't match, I think we're fine
// rejecting the activity
const urlOk = typeof(activity.url) === 'string' && urls.includes(activity.url);
const urlOk = typeof(activity.url) === 'string' && hosts.includes(new URL(activity.url).host);
if (!idOk && !urlOk) {
throw new Error(`bad Activity: neither id(${activity?.id}) nor url(${activity?.url}) match location(${urls})`);

View File

@ -154,14 +154,8 @@ export class ApNoteService {
const url = getOneApHrefNullable(note.url);
if (url != null) {
if (!checkHttps(url)) {
throw new Error('unexpected schema of note url: ' + url);
}
if (this.utilityService.punyHost(url) !== this.utilityService.punyHost(note.id)) {
throw new Error(`note url & uri host mismatch: note url: ${url}, note uri: ${note.id}`);
}
if (url && !checkHttps(url)) {
throw new Error('unexpected schema of note url: ' + url);
}
this.logger.info(`Creating the Note: ${note.id}`);

View File

@ -157,8 +157,12 @@ export class ApPersonService implements OnModuleInit {
const sharedInboxObject = x.sharedInbox ?? (x.endpoints ? x.endpoints.sharedInbox : undefined);
if (sharedInboxObject != null) {
const sharedInbox = getApId(sharedInboxObject);
if (!(typeof sharedInbox === 'string' && sharedInbox.length > 0 && this.utilityService.punyHost(sharedInbox) === expectHost)) {
throw new Error('invalid Actor: wrong shared inbox');
if (!(typeof sharedInbox === 'string' && sharedInbox.length > 0 && new URL(sharedInbox).host === expectHost)) {
this.logger.warn(`invalid Actor: skipping wrong shared inbox, expected host: ${expectHost}, actual URL: ${sharedInbox}`);
x.sharedInbox = undefined;
if (x.endpoints?.sharedInbox) {
x.endpoints.sharedInbox = undefined;
}
}
}
@ -257,7 +261,7 @@ export class ApPersonService implements OnModuleInit {
if (Array.isArray(img)) {
img = img.find(item => item && item.url) ?? null;
}
// if we have an explicitly missing image, return an
// explicitly-null set of values
if ((img == null) || (typeof img === 'object' && img.url == null)) {
@ -344,14 +348,8 @@ export class ApPersonService implements OnModuleInit {
throw new Error('Refusing to create person without id');
}
if (url != null) {
if (!checkHttps(url)) {
throw new Error('unexpected schema of person url: ' + url);
}
if (this.utilityService.punyHost(url) !== this.utilityService.punyHost(person.id)) {
throw new Error(`person url <> uri host mismatch: ${url} <> ${person.id}`);
}
if (url && !checkHttps(url)) {
throw new Error('unexpected schema of person url: ' + url);
}
// Create user