diff --git a/daemon.py b/daemon.py index 17e2a0fd..313f8a92 100644 --- a/daemon.py +++ b/daemon.py @@ -208,7 +208,9 @@ class PubServer(BaseHTTPRequestHandler): outboxUndoFollow(self.server.baseDir,messageJson,self.server.debug) if self.server.debug: print('DEBUG: handle delete requests') - outboxDelete(self.server.baseDir,self.server.httpPrefix,messageJson,self.server.debug) + outboxDelete(self.server.baseDir,self.server.httpPrefix, \ + self.postToNickname,self.server.domain, \ + messageJson,self.server.debug) if self.server.debug: print('DEBUG: sending c2s post to named addresses') print('c2s sender: '+self.postToNickname+'@'+self.server.domain+':'+str(self.server.port)) diff --git a/delete.py b/delete.py index 24fc6327..e10ff06d 100644 --- a/delete.py +++ b/delete.py @@ -193,8 +193,10 @@ def deletePostPub(session,baseDir: str,federationList: [], \ personCache,cachedWebfingers, \ debug) -def outboxDelete(baseDir: str,httpPrefix: str,messageJson: {},debug: bool) -> None: - """When a delete request is received by the outbox from c2s +def outboxDelete(baseDir: str,httpPrefix: str, \ + nickname: str,domain: str, \ + messageJson: {},debug: bool) -> None: + """ When a delete request is received by the outbox from c2s """ if not messageJson.get('type'): if debug: @@ -225,7 +227,17 @@ def outboxDelete(baseDir: str,httpPrefix: str,messageJson: {},debug: bool) -> No print('DEBUG: c2s delete object has no nickname') return deleteNickname=getNicknameFromActor(messageId) + if deleteNickname!=nickname: + if debug: + print("DEBUG: you can't delete a post which wasn't created by you (nickname does not match)") + return deleteDomain,deletePort=getDomainFromActor(messageId) + if ':' in domain: + domain=domain.split(':')[0] + if deleteDomain!=domain: + if debug: + print("DEBUG: you can't delete a post which wasn't created by you (domain does not match)") + return postFilename=locatePost(baseDir,deleteNickname,deleteDomain,messageId) if not postFilename: if debug: