mirror of
https://activitypub.software/TransFem-org/Sharkey.git
synced 2024-12-29 13:59:26 +01:00
normalize AP IDs during verification
This commit is contained in:
parent
b0420c948c
commit
1fb1875ac3
2 changed files with 42 additions and 35 deletions
|
@ -2,26 +2,29 @@
|
||||||
* SPDX-FileCopyrightText: dakkar and sharkey-project
|
* SPDX-FileCopyrightText: dakkar and sharkey-project
|
||||||
* SPDX-License-Identifier: AGPL-3.0-only
|
* SPDX-License-Identifier: AGPL-3.0-only
|
||||||
*/
|
*/
|
||||||
|
|
||||||
import type { IObject } from '../type.js';
|
import type { IObject } from '../type.js';
|
||||||
|
|
||||||
function getHrefFrom(one: IObject|string): string | undefined {
|
function getHrefsFrom(one: IObject | string | undefined | (IObject | string | undefined)[]): (string | undefined)[] {
|
||||||
if (typeof(one) === 'string') return one;
|
if (Array.isArray(one)) {
|
||||||
return one.href;
|
return one.flatMap(h => getHrefsFrom(h));
|
||||||
|
}
|
||||||
|
return [
|
||||||
|
typeof(one) === 'object' ? one.href : one,
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
export function assertActivityMatchesUrls(activity: IObject, urls: string[]) {
|
export function assertActivityMatchesUrls(activity: IObject, urls: string[]) {
|
||||||
const idOk = activity.id !== undefined && urls.includes(activity.id);
|
const expectedUrls = new Set(urls
|
||||||
if (idOk) return;
|
.filter(u => URL.canParse(u))
|
||||||
|
.map(u => new URL(u).href),
|
||||||
|
);
|
||||||
|
|
||||||
const url = activity.url;
|
const actualUrls = [activity.id, ...getHrefsFrom(activity.url)]
|
||||||
if (url) {
|
.filter(u => u && URL.canParse(u))
|
||||||
// `activity.url` can be an `ApObject = IObject | string | (IObject
|
.map(u => new URL(u as string).href);
|
||||||
// | string)[]`, we have to look inside it
|
|
||||||
const activityUrls = Array.isArray(url) ? url.map(getHrefFrom) : [getHrefFrom(url)];
|
|
||||||
const goodUrl = activityUrls.find(u => u && urls.includes(u));
|
|
||||||
|
|
||||||
if (goodUrl) return;
|
if (!actualUrls.some(u => expectedUrls.has(u))) {
|
||||||
|
throw new Error(`bad Activity: neither id(${activity.id}) nor url(${JSON.stringify(activity.url)}) match location(${urls})`);
|
||||||
}
|
}
|
||||||
|
|
||||||
throw new Error(`bad Activity: neither id(${activity?.id}) nor url(${JSON.stringify(activity?.url)}) match location(${urls})`);
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,49 +3,53 @@
|
||||||
* SPDX-License-Identifier: AGPL-3.0-only
|
* SPDX-License-Identifier: AGPL-3.0-only
|
||||||
*/
|
*/
|
||||||
|
|
||||||
import type { IObject } from '@/core/activitypub/type.js';
|
|
||||||
import { describe, expect, test } from '@jest/globals';
|
import { describe, expect, test } from '@jest/globals';
|
||||||
|
import type { IObject } from '@/core/activitypub/type.js';
|
||||||
import { assertActivityMatchesUrls } from '@/core/activitypub/misc/check-against-url.js';
|
import { assertActivityMatchesUrls } from '@/core/activitypub/misc/check-against-url.js';
|
||||||
|
|
||||||
function assertOne(activity: IObject) {
|
function assertOne(activity: IObject, good = 'http://good') {
|
||||||
// return a function so we can use `.toThrow`
|
// return a function so we can use `.toThrow`
|
||||||
return () => assertActivityMatchesUrls(activity, ['good']);
|
return () => assertActivityMatchesUrls(activity, [good]);
|
||||||
}
|
}
|
||||||
|
|
||||||
describe('assertActivityMatchesUrls', () => {
|
describe('assertActivityMatchesUrls', () => {
|
||||||
|
it('should throw when no ids are URLs', () => {
|
||||||
|
expect(assertOne({ type: 'Test', id: 'bad' }, 'bad')).toThrow(/bad Activity/);
|
||||||
|
});
|
||||||
|
|
||||||
test('id', () => {
|
test('id', () => {
|
||||||
expect(assertOne({ type: 'Test', id: 'bad' })).toThrow(/bad Activity/);
|
expect(assertOne({ type: 'Test', id: 'http://bad' })).toThrow(/bad Activity/);
|
||||||
expect(assertOne({ type: 'Test', id: 'good' })).not.toThrow();
|
expect(assertOne({ type: 'Test', id: 'http://good' })).not.toThrow();
|
||||||
});
|
});
|
||||||
|
|
||||||
test('simple url', () => {
|
test('simple url', () => {
|
||||||
expect(assertOne({ type: 'Test', url: 'bad' })).toThrow(/bad Activity/);
|
expect(assertOne({ type: 'Test', url: 'http://bad' })).toThrow(/bad Activity/);
|
||||||
expect(assertOne({ type: 'Test', url: 'good' })).not.toThrow();
|
expect(assertOne({ type: 'Test', url: 'http://good' })).not.toThrow();
|
||||||
});
|
});
|
||||||
|
|
||||||
test('array of urls', () => {
|
test('array of urls', () => {
|
||||||
expect(assertOne({ type: 'Test', url: ['bad'] })).toThrow(/bad Activity/);
|
expect(assertOne({ type: 'Test', url: ['http://bad'] })).toThrow(/bad Activity/);
|
||||||
expect(assertOne({ type: 'Test', url: ['bad', 'other'] })).toThrow(/bad Activity/);
|
expect(assertOne({ type: 'Test', url: ['http://bad', 'http://other'] })).toThrow(/bad Activity/);
|
||||||
expect(assertOne({ type: 'Test', url: ['good'] })).not.toThrow();
|
expect(assertOne({ type: 'Test', url: ['http://good'] })).not.toThrow();
|
||||||
expect(assertOne({ type: 'Test', url: ['bad', 'good'] })).not.toThrow();
|
expect(assertOne({ type: 'Test', url: ['http://bad', 'http://good'] })).not.toThrow();
|
||||||
});
|
});
|
||||||
|
|
||||||
test('array of objects', () => {
|
test('array of objects', () => {
|
||||||
expect(assertOne({ type: 'Test', url: [{ type: 'Test', href: 'bad' }] })).toThrow(/bad Activity/);
|
expect(assertOne({ type: 'Test', url: [{ type: 'Test', href: 'http://bad' }] })).toThrow(/bad Activity/);
|
||||||
expect(assertOne({ type: 'Test', url: [{ type: 'Test', href: 'bad' }, { type: 'Test', href: 'other' }] })).toThrow(/bad Activity/);
|
expect(assertOne({ type: 'Test', url: [{ type: 'Test', href: 'http://bad' }, { type: 'Test', href: 'http://other' }] })).toThrow(/bad Activity/);
|
||||||
expect(assertOne({ type: 'Test', url: [{ type: 'Test', href: 'good' }] })).not.toThrow();
|
expect(assertOne({ type: 'Test', url: [{ type: 'Test', href: 'http://good' }] })).not.toThrow();
|
||||||
expect(assertOne({ type: 'Test', url: [{ type: 'Test', href: 'bad' }, { type: 'Test', href: 'good' }] })).not.toThrow();
|
expect(assertOne({ type: 'Test', url: [{ type: 'Test', href: 'http://bad' }, { type: 'Test', href: 'http://good' }] })).not.toThrow();
|
||||||
});
|
});
|
||||||
|
|
||||||
test('mixed array', () => {
|
test('mixed array', () => {
|
||||||
expect(assertOne({ type: 'Test', url: [{ type: 'Test', href: 'bad' }, 'other'] })).toThrow(/bad Activity/);
|
expect(assertOne({ type: 'Test', url: [{ type: 'Test', href: 'http://bad' }, 'http://other'] })).toThrow(/bad Activity/);
|
||||||
expect(assertOne({ type: 'Test', url: [{ type: 'Test', href: 'bad' }, 'good'] })).not.toThrow();
|
expect(assertOne({ type: 'Test', url: [{ type: 'Test', href: 'http://bad' }, 'http://good'] })).not.toThrow();
|
||||||
expect(assertOne({ type: 'Test', url: ['bad', { type: 'Test', href: 'good' }] })).not.toThrow();
|
expect(assertOne({ type: 'Test', url: ['http://bad', { type: 'Test', href: 'http://good' }] })).not.toThrow();
|
||||||
});
|
});
|
||||||
|
|
||||||
test('id and url', () => {
|
test('id and url', () => {
|
||||||
expect(assertOne({ type: 'Test', id: 'other', url: 'bad' })).toThrow(/bad Activity/);
|
expect(assertOne({ type: 'Test', id: 'http://other', url: 'http://bad' })).toThrow(/bad Activity/);
|
||||||
expect(assertOne({ type: 'Test', id: 'bad', url: 'good' })).not.toThrow();
|
expect(assertOne({ type: 'Test', id: 'http://bad', url: 'http://good' })).not.toThrow();
|
||||||
expect(assertOne({ type: 'Test', id: 'good', url: 'bad' })).not.toThrow();
|
expect(assertOne({ type: 'Test', id: 'http://good', url: 'http://bad' })).not.toThrow();
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
Loading…
Reference in a new issue