From ad5143e3669ba4aee09a50002f6697f2901f491e Mon Sep 17 00:00:00 2001 From: Naoki Kosaka Date: Tue, 28 Mar 2023 01:04:04 +0900 Subject: [PATCH 1/3] fix: unwrap inner activity safer --- api/resolver.go | 19 +++++++++++++++---- models/models.go | 37 ++++++++++++++++++++----------------- 2 files changed, 35 insertions(+), 21 deletions(-) diff --git a/api/resolver.go b/api/resolver.go index ade6495..886607c 100644 --- a/api/resolver.go +++ b/api/resolver.go @@ -331,10 +331,21 @@ func executeRelayActivity(activity *models.Activity, actor *models.Actor, body [ } if isActorAbleToRelay(actor) { go enqueueActivityForSubscriber(actorID.Host, body) - innerActivity, _ := activity.UnwrapInnerActivity() - announce := models.NewActivityPubActivity(RelayActor, []string{RelayActor.Followers()}, innerActivity.ID, "Announce") - jsonData, _ := json.Marshal(&announce) - go enqueueActivityForFollower(actorID.Host, jsonData) + + var innerActivityId = "" + switch innerObject := activity.Object.(type) { + case string: + innerActivityId = innerObject + case map[string]interface{}: + innerActivity, _ := activity.UnwrapInnerActivity() + innerActivityId = innerActivity.ID + } + if innerActivityId != "" { + announce := models.NewActivityPubActivity(RelayActor, []string{RelayActor.Followers()}, innerActivityId, "Announce") + jsonData, _ := json.Marshal(&announce) + go enqueueActivityForFollower(actorID.Host, jsonData) + } + logrus.Debug("Accepted Relay Activity : ", activity.Actor) } else { logrus.Debug("Skipped Relay Activity : ", activity.Actor) diff --git a/models/models.go b/models/models.go index 01b7afa..be621a4 100644 --- a/models/models.go +++ b/models/models.go @@ -146,33 +146,36 @@ func (activity *Activity) GenerateReply(actor Actor, object interface{}, activit // UnwrapInnerActivity : Unwrap inner activity. func (activity *Activity) UnwrapInnerActivity() (*Activity, error) { - mappedObject := activity.Object.(map[string]interface{}) - if id, ok := mappedObject["id"].(string); ok { - if nestedType, ok := mappedObject["type"].(string); ok { - actor, ok := mappedObject["actor"].(string) - if !ok { - actor = "" - } - switch object := mappedObject["object"].(type) { + switch innerActivity := activity.Object.(type) { + case map[string]interface{}: + innerId, IdOk := innerActivity["id"].(string) + innerType, TypeOk := innerActivity["type"].(string) + innerActor, ActorOk := innerActivity["actor"].(string) + nestedObject, ActivityOk := innerActivity["object"].(interface{}) + + if IdOk && TypeOk && ActorOk && ActivityOk { + switch object := innerActivity["object"].(type) { case string: return &Activity{ - ID: id, - Type: nestedType, - Actor: actor, + ID: innerId, + Type: innerType, + Actor: innerActor, Object: object, }, nil default: return &Activity{ - ID: id, - Type: nestedType, - Actor: actor, - Object: mappedObject["object"], + ID: innerId, + Type: innerType, + Actor: innerActor, + Object: nestedObject, }, nil } + } else { + return nil, errors.New("innerActivity couldn't unwrap") } - return nil, errors.New("unwrap type failed") + default: + return nil, errors.New("object is not Activity") } - return nil, errors.New("unwrap id failed") } // NewActivityPubActivity : Generate activity. From bb8a72bf37bd92895590c0785a37735744f7cad6 Mon Sep 17 00:00:00 2001 From: Naoki Kosaka Date: Tue, 28 Mar 2023 01:09:50 +0900 Subject: [PATCH 2/3] fix: innerObject type check --- models/models.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/models/models.go b/models/models.go index be621a4..09a48b2 100644 --- a/models/models.go +++ b/models/models.go @@ -151,7 +151,7 @@ func (activity *Activity) UnwrapInnerActivity() (*Activity, error) { innerId, IdOk := innerActivity["id"].(string) innerType, TypeOk := innerActivity["type"].(string) innerActor, ActorOk := innerActivity["actor"].(string) - nestedObject, ActivityOk := innerActivity["object"].(interface{}) + innerObject, ActivityOk := innerActivity["object"] if IdOk && TypeOk && ActorOk && ActivityOk { switch object := innerActivity["object"].(type) { @@ -167,7 +167,7 @@ func (activity *Activity) UnwrapInnerActivity() (*Activity, error) { ID: innerId, Type: innerType, Actor: innerActor, - Object: nestedObject, + Object: innerObject, }, nil } } else { From 43c21b14a093a9fc041db50ad33b32cc78e36f08 Mon Sep 17 00:00:00 2001 From: Naoki Kosaka Date: Thu, 6 Apr 2023 01:27:46 +0900 Subject: [PATCH 3/3] fix: divide innerObject from innerActivity --- api/handle.go | 32 ++++++++++++++++++++++++++++---- api/resolver.go | 18 ++++++------------ models/models.go | 19 +++++++++++++++---- 3 files changed, 49 insertions(+), 20 deletions(-) diff --git a/api/handle.go b/api/handle.go index 1e53a2e..2e9b3ec 100644 --- a/api/handle.go +++ b/api/handle.go @@ -135,7 +135,13 @@ func handleInbox(writer http.ResponseWriter, request *http.Request, activityDeco writer.WriteHeader(202) writer.Write(nil) case "Undo": - innerActivity, _ := activity.UnwrapInnerActivity() + innerActivity, err := activity.UnwrapInnerActivity() + if err != nil { + writer.WriteHeader(202) + writer.Write(nil) + + return + } switch innerActivity.Type { case "Follow": err = executeUnfollowing(innerActivity, actor) @@ -149,7 +155,13 @@ func handleInbox(writer http.ResponseWriter, request *http.Request, activityDeco writer.Write(nil) } case "Accept": - innerActivity, _ := activity.UnwrapInnerActivity() + innerActivity, err := activity.UnwrapInnerActivity() + if err != nil { + writer.WriteHeader(202) + writer.Write(nil) + + return + } switch innerActivity.Type { case "Follow": finalizeMutuallyFollow(innerActivity, actor, activity.Type) @@ -160,7 +172,13 @@ func handleInbox(writer http.ResponseWriter, request *http.Request, activityDeco writer.Write(nil) } case "Reject": - innerActivity, _ := activity.UnwrapInnerActivity() + innerActivity, err := activity.UnwrapInnerActivity() + if err != nil { + writer.WriteHeader(202) + writer.Write(nil) + + return + } switch innerActivity.Type { case "Follow": finalizeMutuallyFollow(innerActivity, actor, activity.Type) @@ -209,7 +227,13 @@ func handleInbox(writer http.ResponseWriter, request *http.Request, activityDeco writer.WriteHeader(202) writer.Write(nil) case "Undo": - innerActivity, _ := activity.UnwrapInnerActivity() + innerActivity, err := activity.UnwrapInnerActivity() + if err != nil { + writer.WriteHeader(202) + writer.Write(nil) + + return + } switch innerActivity.Type { case "Follow": err = executeUnfollowing(innerActivity, actor) diff --git a/api/resolver.go b/api/resolver.go index 886607c..4636010 100644 --- a/api/resolver.go +++ b/api/resolver.go @@ -332,21 +332,15 @@ func executeRelayActivity(activity *models.Activity, actor *models.Actor, body [ if isActorAbleToRelay(actor) { go enqueueActivityForSubscriber(actorID.Host, body) - var innerActivityId = "" - switch innerObject := activity.Object.(type) { - case string: - innerActivityId = innerObject - case map[string]interface{}: - innerActivity, _ := activity.UnwrapInnerActivity() - innerActivityId = innerActivity.ID - } - if innerActivityId != "" { - announce := models.NewActivityPubActivity(RelayActor, []string{RelayActor.Followers()}, innerActivityId, "Announce") + var innnerObjectId, err = activity.UnwrapInnerObjectId() + if err != nil { + logrus.Debug("Accepted Relay Activity (Announce Failed) : ", activity.Actor) + } else { + announce := models.NewActivityPubActivity(RelayActor, []string{RelayActor.Followers()}, innnerObjectId, "Announce") jsonData, _ := json.Marshal(&announce) go enqueueActivityForFollower(actorID.Host, jsonData) + logrus.Debug("Accepted Relay Activity : ", activity.Actor) } - - logrus.Debug("Accepted Relay Activity : ", activity.Actor) } else { logrus.Debug("Skipped Relay Activity : ", activity.Actor) } diff --git a/models/models.go b/models/models.go index 09a48b2..830b24f 100644 --- a/models/models.go +++ b/models/models.go @@ -170,12 +170,23 @@ func (activity *Activity) UnwrapInnerActivity() (*Activity, error) { Object: innerObject, }, nil } - } else { - return nil, errors.New("innerActivity couldn't unwrap") } - default: - return nil, errors.New("object is not Activity") } + return nil, errors.New("object is not Activity") +} + +// UnwrapInnerObjectId : Unwrap inner object id. +func (activity *Activity) UnwrapInnerObjectId() (string, error) { + switch innerObject := activity.Object.(type) { + case string: + return innerObject, nil + case map[string]interface{}: + innerId, IdOk := innerObject["id"].(string) + if IdOk { + return innerId, nil + } + } + return "", errors.New("object not has id") } // NewActivityPubActivity : Generate activity.