Allow fetching from local domain in case it redirects to remote (#104)

* Allow fetching from local domain in case it redirects to remote

* clippy

* fix lemmy tests
This commit is contained in:
Nutomic 2024-04-09 11:28:22 +02:00 committed by GitHub
parent 5402bc9c19
commit a2ac97db98
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 12 additions and 12 deletions

View file

@ -28,6 +28,7 @@ pub async fn new_instance(
.domain(hostname) .domain(hostname)
.signed_fetch_actor(&system_user) .signed_fetch_actor(&system_user)
.app_data(database) .app_data(database)
.url_verifier(Box::new(MyUrlVerifier()))
.debug(true) .debug(true)
.build() .build()
.await?; .await?;

View file

@ -69,10 +69,17 @@ pub async fn fetch_object_http<T: Clone, Kind: DeserializeOwned>(
return Err(Error::FetchInvalidContentType(res.url)); return Err(Error::FetchInvalidContentType(res.url));
} }
// Ensure id field matches final url // Ensure id field matches final url after redirect
if res.object_id.as_ref() != Some(&res.url) { if res.object_id.as_ref() != Some(&res.url) {
return Err(Error::FetchWrongId(res.url)); return Err(Error::FetchWrongId(res.url));
} }
// Dont allow fetching local object. Only check this after the request as a local url
// may redirect to a remote object.
if data.config.is_local_url(&res.url) {
return Err(Error::NotFound);
}
Ok(res) Ok(res)
} }
@ -84,8 +91,6 @@ async fn fetch_object_http_with_accept<T: Clone, Kind: DeserializeOwned>(
content_type: &HeaderValue, content_type: &HeaderValue,
) -> Result<FetchObjectResponse<Kind>, Error> { ) -> Result<FetchObjectResponse<Kind>, Error> {
let config = &data.config; let config = &data.config;
// dont fetch local objects this way
debug_assert!(url.domain() != Some(&config.domain));
config.verify_url_valid(url).await?; config.verify_url_valid(url).await?;
info!("Fetching remote object {}", url.to_string()); info!("Fetching remote object {}", url.to_string());

View file

@ -88,19 +88,13 @@ where
<Kind as Object>::Error: From<Error>, <Kind as Object>::Error: From<Error>,
{ {
let db_object = self.dereference_from_db(data).await?; let db_object = self.dereference_from_db(data).await?;
// if its a local object, only fetch it from the database and not over http
if data.config.is_local_url(&self.0) {
return match db_object {
None => Err(Error::NotFound.into()),
Some(o) => Ok(o),
};
}
// object found in database // object found in database
if let Some(object) = db_object { if let Some(object) = db_object {
// object is old and should be refetched
if let Some(last_refreshed_at) = object.last_refreshed_at() { if let Some(last_refreshed_at) = object.last_refreshed_at() {
if should_refetch_object(last_refreshed_at) { let is_local = data.config.is_local_url(&self.0);
if !is_local && should_refetch_object(last_refreshed_at) {
// object is outdated and should be refetched
return self.dereference_from_http(data, Some(object)).await; return self.dereference_from_http(data, Some(object)).await;
} }
} }