Issue 9303: Detect AP accesses as backend, prevent ping pong

This commit is contained in:
Michael 2020-10-02 09:31:39 +00:00
parent 97f07b7518
commit 73a7df85f7
3 changed files with 25 additions and 5 deletions

View file

@ -448,7 +448,7 @@ class App
Core\Worker::executeIfIdle(); Core\Worker::executeIfIdle();
} }
if ($this->mode->isNormal()) { if ($this->mode->isNormal() && !$this->mode->isBackend()) {
$requester = HTTPSignature::getSigner('', $_SERVER); $requester = HTTPSignature::getSigner('', $_SERVER);
if (!empty($requester)) { if (!empty($requester)) {
Profile::addVisitorCookieForHandle($requester); Profile::addVisitorCookieForHandle($requester);
@ -456,7 +456,7 @@ class App
} }
// ZRL // ZRL
if (!empty($_GET['zrl']) && $this->mode->isNormal()) { if (!empty($_GET['zrl']) && $this->mode->isNormal() && !$this->mode->isBackend()) {
if (!local_user()) { if (!local_user()) {
// Only continue when the given profile link seems valid // Only continue when the given profile link seems valid
// Valid profile links contain a path with "/profile/" and no query parameters // Valid profile links contain a path with "/profile/" and no query parameters

View file

@ -134,8 +134,15 @@ class Mode
*/ */
public function determineRunMode(bool $isBackend, Module $module, array $server, MobileDetect $mobileDetect) public function determineRunMode(bool $isBackend, Module $module, array $server, MobileDetect $mobileDetect)
{ {
$isBackend = $isBackend || $contenttypes = ['application/jrd+json', 'application/xrd+xml', 'text/xml',
$module->isBackend(); 'application/rss+xml', 'application/atom+xml', 'application/activity+json'];
foreach ($contenttypes as $type) {
if (strpos(strtolower($server['HTTP_ACCEPT'] ?? ''), $type) !== false) {
$isBackend = true;
}
}
$isBackend = $isBackend || $module->isBackend();
$isMobile = $mobileDetect->isMobile(); $isMobile = $mobileDetect->isMobile();
$isTablet = $mobileDetect->isTablet(); $isTablet = $mobileDetect->isTablet();
$isAjax = strtolower($server['HTTP_X_REQUESTED_WITH'] ?? '') == 'xmlhttprequest'; $isAjax = strtolower($server['HTTP_X_REQUESTED_WITH'] ?? '') == 'xmlhttprequest';

View file

@ -22,8 +22,11 @@
namespace Friendica\Model; namespace Friendica\Model;
use Friendica\Content\Text\HTML; use Friendica\Content\Text\HTML;
use Friendica\Core\Cache\Duration;
use Friendica\Core\Logger; use Friendica\Core\Logger;
use Friendica\Core\System;
use Friendica\Database\DBA; use Friendica\Database\DBA;
use Friendica\DI;
use Friendica\Network\Probe; use Friendica\Network\Probe;
use Friendica\Protocol\ActivityNamespace; use Friendica\Protocol\ActivityNamespace;
use Friendica\Protocol\ActivityPub; use Friendica\Protocol\ActivityPub;
@ -40,7 +43,7 @@ class APContact
* @param string $addr Address * @param string $addr Address
* @return array webfinger data * @return array webfinger data
*/ */
public static function fetchWebfingerData(string $addr) private static function fetchWebfingerData(string $addr)
{ {
$addr_parts = explode('@', $addr); $addr_parts = explode('@', $addr);
if (count($addr_parts) != 2) { if (count($addr_parts) != 2) {
@ -154,6 +157,16 @@ class APContact
return $fetched_contact; return $fetched_contact;
} }
// Detect multiple fast repeating request to the same address
// See https://github.com/friendica/friendica/issues/9303
$cachekey = 'apcontact:getByURL:' . $url;
$result = DI::cache()->get($cachekey);
if (!is_null($result)) {
Logger::notice('Multiple requests for the address', ['url' => $url, 'update' => $update, 'callstack' => System::callstack(20), 'result' => $result]);
} else {
DI::cache()->set($cachekey, System::callstack(20), Duration::FIVE_MINUTES);
}
$apcontact['url'] = $compacted['@id']; $apcontact['url'] = $compacted['@id'];
$apcontact['uuid'] = JsonLD::fetchElement($compacted, 'diaspora:guid', '@value'); $apcontact['uuid'] = JsonLD::fetchElement($compacted, 'diaspora:guid', '@value');
$apcontact['type'] = str_replace('as:', '', JsonLD::fetchElement($compacted, '@type')); $apcontact['type'] = str_replace('as:', '', JsonLD::fetchElement($compacted, '@type'));