From edfded7fb7e55a83b21256469fd3a58dec1bfe20 Mon Sep 17 00:00:00 2001 From: Johann150 Date: Thu, 19 May 2022 13:40:16 +0200 Subject: [PATCH] fix(activitypub): add authorization checks (#8534) * fix spelling * fix(activitypub): add authorization checks --- .../activitypub/kernel/announce/note.ts | 3 +++ .../remote/activitypub/kernel/delete/index.ts | 22 +++++++++---------- .../activitypub/kernel/undo/announce.ts | 1 + .../src/services/note/reaction/create.ts | 5 +++++ 4 files changed, 20 insertions(+), 11 deletions(-) diff --git a/packages/backend/src/remote/activitypub/kernel/announce/note.ts b/packages/backend/src/remote/activitypub/kernel/announce/note.ts index 680749f4d8..052751c654 100644 --- a/packages/backend/src/remote/activitypub/kernel/announce/note.ts +++ b/packages/backend/src/remote/activitypub/kernel/announce/note.ts @@ -9,6 +9,7 @@ import { fetchMeta } from '@/misc/fetch-meta.js'; import { getApLock } from '@/misc/app-lock.js'; import { parseAudience } from '../../audience.js'; import { StatusError } from '@/misc/fetch.js'; +import { Notes } from '@/models/index.js'; const logger = apLogger; @@ -52,6 +53,8 @@ export default async function(resolver: Resolver, actor: CacheableRemoteUser, ac throw e; } + if (!await Notes.isVisibleForMe(renote, actor)) return 'skip: invalid actor for this activity'; + logger.info(`Creating the (Re)Note: ${uri}`); const activityAudience = await parseAudience(actor, activity.to, activity.cc); diff --git a/packages/backend/src/remote/activitypub/kernel/delete/index.ts b/packages/backend/src/remote/activitypub/kernel/delete/index.ts index 4c06a9de0b..c7064f553b 100644 --- a/packages/backend/src/remote/activitypub/kernel/delete/index.ts +++ b/packages/backend/src/remote/activitypub/kernel/delete/index.ts @@ -13,37 +13,37 @@ export default async (actor: CacheableRemoteUser, activity: IDelete): Promise