Check that incoming local only posts are local

main
Bob Mottram 2023-01-08 15:05:45 +00:00
parent 36fc32a064
commit f94b97f9cd
1 changed files with 31 additions and 0 deletions

View File

@ -2034,6 +2034,37 @@ class PubServer(BaseHTTPRequestHandler):
self._400() self._400()
self.server.postreq_busy = False self.server.postreq_busy = False
return 3 return 3
# if this is a local only post, is it really local?
if 'localOnly' in message_json['object'] and \
message_json['object'].get('to') and \
message_json['object'].get('attributedTo'):
if message_json['object']['localOnly'] is True:
# check that the to addresses are local
if isinstance(message_json['object']['to'], list):
for to_actor in message_json['object']['to']:
to_domain, to_port = \
get_domain_from_actor(to_actor)
to_domain_full = \
get_full_domain(to_domain, to_port)
if self.server.domain_full != to_domain_full:
print("REJECT: inbox " +
"local only post isn't local " +
str(message_json))
self._400()
self.server.postreq_busy = False
return 3
# check that the sender is local
local_actor = message_json['object']['attributedTo']
local_domain, local_port = \
get_domain_from_actor(local_actor)
local_domain_full = \
get_full_domain(local_domain, local_port)
if self.server.domain_full != local_domain_full:
print("REJECT: inbox local only post isn't local " +
str(message_json))
self._400()
self.server.postreq_busy = False
return 3
# actor should look like a url # actor should look like a url
if debug: if debug: