fix(federation): prevent fetching own relay actor

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2023-06-06 09:52:46 +02:00
parent 99db295310
commit b981f91cf7
2 changed files with 52 additions and 30 deletions
--- a/lib/federation/activity_pub/fetcher.ex
+++ b/lib/federation/activity_pub/fetcher.ex
@@ -22,7 +22,9 @@ defmodule Mobilizon.Federation.ActivityPub.Fetcher do
          | {:error,
             :invalid_url | :http_gone | :http_error | :http_not_found | :content_not_json}
  def fetch(url, options \\ []) do
-    on_behalf_of = Keyword.get(options, :on_behalf_of, Relay.get_actor())
+    Logger.debug("Fetching #{url} with AP Fetcher")
+    on_behalf_of = Keyword.get(options, :on_behalf_of, actor_relay())
+    Logger.debug("Fetching on behalf of #{inspect(on_behalf_of.url)}")
    date = Signature.generate_date_header()

    headers =
@@ -32,29 +34,8 @@ defmodule Mobilizon.Federation.ActivityPub.Fetcher do

    client = ActivityPubClient.client(headers: headers)

-    if address_valid?(url) do
-      case ActivityPubClient.get(client, url) do
-        {:ok, %Tesla.Env{body: data, status: code}} when code in 200..299 and is_map(data) ->
-          {:ok, data}
-
-        {:ok, %Tesla.Env{status: 410}} ->
-          Logger.debug("Resource at #{url} is 410 Gone")
-          {:error, :http_gone}
-
-        {:ok, %Tesla.Env{status: 404}} ->
-          Logger.debug("Resource at #{url} is 404 Gone")
-          {:error, :http_not_found}
-
-        {:ok, %Tesla.Env{body: data}} when is_binary(data) ->
-          {:error, :content_not_json}
-
-        {:ok, %Tesla.Env{} = res} ->
-          Logger.debug("Resource returned bad HTTP code #{inspect(res)}")
-          {:error, :http_error}
-
-        {:error, err} ->
-          {:error, err}
-      end
+    if address_valid?(url) and url != on_behalf_of.url do
+      do_fetch(url, client)
    else
      {:error, :invalid_url}
    end
@@ -169,4 +150,38 @@ defmodule Mobilizon.Federation.ActivityPub.Fetcher do
    %URI{host: host, scheme: scheme} = URI.parse(address)
    is_valid_string(host) and is_valid_string(scheme)
  end
+
+  defp actor_relay do
+    Relay.get_actor()
+  end
+
+  @spec do_fetch(String.t(), Tesla.Client.t()) ::
+          {:ok, map()}
+          | {:error,
+             :invalid_url | :http_gone | :http_error | :http_not_found | :content_not_json}
+  defp do_fetch(url, client) do
+    case ActivityPubClient.get(client, url) do
+      {:ok, %Tesla.Env{body: data, status: code}} when code in 200..299 and is_map(data) ->
+        Logger.debug("Found the following from ActivityPubClient fetch: #{inspect(data)}")
+        {:ok, data}
+
+      {:ok, %Tesla.Env{status: 410}} ->
+        Logger.debug("Resource at #{url} is 410 Gone")
+        {:error, :http_gone}
+
+      {:ok, %Tesla.Env{status: 404}} ->
+        Logger.debug("Resource at #{url} is 404 Gone")
+        {:error, :http_not_found}
+
+      {:ok, %Tesla.Env{body: data}} when is_binary(data) ->
+        {:error, :content_not_json}
+
+      {:ok, %Tesla.Env{} = res} ->
+        Logger.debug("Resource returned bad HTTP code #{inspect(res)}")
+        {:error, :http_error}
+
+      {:error, err} ->
+        {:error, err}
+    end
+  end
 end