indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Improve checking of the sending actor when validating inbox posts

merge-requests/30/head
Bob Mottram 2023-03-01 15:44:32 +00:00
parent 0bcba49d0e
commit ef3e03093a
1 changed files with 22 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
inbox.py
View File

@ -641,16 +641,29 @@ def save_post_to_inbox_queue(base_dir: str, http_prefix: str,
post_nickname = None post_nickname = None
post_domain = None post_domain = None
actor = None actor = None
if post_json_object.get('actor'): obj_dict_exists = False
if not isinstance(post_json_object['actor'], str):
# who is sending the post?
sending_actor = None
if has_object_dict(post_json_object):
obj_dict_exists = True
if post_json_object['object'].get('attributedTo'):
sending_actor = post_json_object['object']['attributedTo']
if not sending_actor:
if post_json_object.get('actor'):
sending_actor = post_json_object['actor']
# check that the sender is valid
if sending_actor:
if not isinstance(sending_actor, str):
return None return None
actor = post_json_object['actor'] actor = sending_actor
post_nickname = get_nickname_from_actor(post_json_object['actor']) post_nickname = get_nickname_from_actor(sending_actor)
if not post_nickname: if not post_nickname:
print('No post Nickname in actor ' + post_json_object['actor']) print('No post Nickname in actor ' + sending_actor)
return None return None
post_domain, post_port = \ post_domain, post_port = \
get_domain_from_actor(post_json_object['actor']) get_domain_from_actor(sending_actor)
if not post_domain: if not post_domain:
if debug: if debug:
pprint(post_json_object) pprint(post_json_object)
@ -663,14 +676,16 @@ def save_post_to_inbox_queue(base_dir: str, http_prefix: str,
return None return None
post_domain = get_full_domain(post_domain, post_port) post_domain = get_full_domain(post_domain, post_port)
# get the content of the post
content_str = \ content_str = \
get_base_content_from_post(post_json_object, system_language) get_base_content_from_post(post_json_object, system_language)
if has_object_dict(post_json_object): if obj_dict_exists:
if is_quote_toot(post_json_object, content_str): if is_quote_toot(post_json_object, content_str):
print('REJECT: inbox quote toot ' + str(post_json_object)) print('REJECT: inbox quote toot ' + str(post_json_object))
return None return None
# is this a reply to a blocked domain or account?
if post_json_object['object'].get('inReplyTo'): if post_json_object['object'].get('inReplyTo'):
if isinstance(post_json_object['object']['inReplyTo'], str): if isinstance(post_json_object['object']['inReplyTo'], str):
in_reply_to = \ in_reply_to = \