mirror of
https://iceshrimp.dev/crimekillz/trashposs
synced 2024-11-22 00:43:49 +01:00
[backend] Verify response content type when fetching remote activities
This commit is contained in:
parent
4cd9c002e6
commit
9fc45f166c
@ -28,6 +28,32 @@ export async function getJson(
|
|||||||
return await res.json();
|
return await res.json();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export async function getJsonActivity(
|
||||||
|
url: string,
|
||||||
|
accept = "application/activity+json, application/ld+json",
|
||||||
|
timeout = 10000,
|
||||||
|
headers?: Record<string, string>,
|
||||||
|
) {
|
||||||
|
const res = await getResponse({
|
||||||
|
url,
|
||||||
|
method: "GET",
|
||||||
|
headers: Object.assign(
|
||||||
|
{
|
||||||
|
"User-Agent": config.userAgent,
|
||||||
|
Accept: accept,
|
||||||
|
},
|
||||||
|
headers || {},
|
||||||
|
),
|
||||||
|
timeout,
|
||||||
|
});
|
||||||
|
|
||||||
|
const contentType = res.headers.get('content-type');
|
||||||
|
if (contentType == null || (contentType !== 'application/activity+json' && !contentType.startsWith('application/activity+json;') && contentType !== 'application/ld+json' && !contentType.startsWith('application/ld+json;')))
|
||||||
|
throw new Error(`getJsonActivity response had unexpected content-type: ${contentType}`);
|
||||||
|
|
||||||
|
return await res.json();
|
||||||
|
}
|
||||||
|
|
||||||
export async function getHtml(
|
export async function getHtml(
|
||||||
url: string,
|
url: string,
|
||||||
accept = "text/html, */*",
|
accept = "text/html, */*",
|
||||||
|
@ -65,5 +65,9 @@ export async function signedGet(url: string, user: { id: User["id"] }, redirects
|
|||||||
return signedGet(newUrl, user, false);
|
return signedGet(newUrl, user, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const contentType = res.headers.get('content-type');
|
||||||
|
if (contentType == null || (contentType !== 'application/activity+json' && !contentType.startsWith('application/activity+json;') && contentType !== 'application/ld+json' && !contentType.startsWith('application/ld+json;')))
|
||||||
|
throw new Error(`signedGet response had unexpected content-type: ${contentType}`);
|
||||||
|
|
||||||
return await res.json();
|
return await res.json();
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
import config from "@/config/index.js";
|
import config from "@/config/index.js";
|
||||||
import { getJson } from "@/misc/fetch.js";
|
import { getJsonActivity } from "@/misc/fetch.js";
|
||||||
import type { ILocalUser } from "@/models/entities/user.js";
|
import type { ILocalUser } from "@/models/entities/user.js";
|
||||||
import { getInstanceActor } from "@/services/instance-actor.js";
|
import { getInstanceActor } from "@/services/instance-actor.js";
|
||||||
import { fetchMeta } from "@/misc/fetch-meta.js";
|
import { fetchMeta } from "@/misc/fetch-meta.js";
|
||||||
@ -124,7 +124,7 @@ export default class Resolver {
|
|||||||
const object = (
|
const object = (
|
||||||
this.user
|
this.user
|
||||||
? await signedGet(value, this.user)
|
? await signedGet(value, this.user)
|
||||||
: await getJson(value, "application/activity+json, application/ld+json")
|
: await getJsonActivity(value)
|
||||||
) as IObject;
|
) as IObject;
|
||||||
|
|
||||||
if (
|
if (
|
||||||
|
Loading…
Reference in New Issue
Block a user