Don't distribute unsigned remote activities

This commit is contained in:
Michael 2023-01-01 23:37:17 +00:00
parent fde223327f
commit 78c3c56ca5

View file

@ -42,6 +42,7 @@ use Friendica\Protocol\Diaspora;
use Friendica\Protocol\Delivery; use Friendica\Protocol\Delivery;
use Friendica\Protocol\OStatus; use Friendica\Protocol\OStatus;
use Friendica\Protocol\Salmon; use Friendica\Protocol\Salmon;
use Friendica\Util\LDSignature;
use Friendica\Util\Network; use Friendica\Util\Network;
use Friendica\Util\Strings; use Friendica\Util\Strings;
@ -794,6 +795,7 @@ class Notifier
} }
Logger::info('Origin item will be distributed', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]); Logger::info('Origin item will be distributed', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]);
$check_signature = false;
} elseif (!Post\Activity::exists($target_item['uri-id'])) { } elseif (!Post\Activity::exists($target_item['uri-id'])) {
Logger::info('Remote item is no AP post. It will not be distributed.', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]); Logger::info('Remote item is no AP post. It will not be distributed.', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]);
return ['count' => 0, 'contacts' => []]; return ['count' => 0, 'contacts' => []];
@ -805,6 +807,7 @@ class Notifier
} }
Logger::info('Remote item will be distributed', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]); Logger::info('Remote item will be distributed', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]);
$check_signature = ($target_item['gravity'] == Item::GRAVITY_ACTIVITY);
} else { } else {
Logger::info('Remote activity will not be distributed', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]); Logger::info('Remote activity will not be distributed', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]);
return ['count' => 0, 'contacts' => []]; return ['count' => 0, 'contacts' => []];
@ -816,12 +819,17 @@ class Notifier
} }
// Fill the item cache // Fill the item cache
$cache = ActivityPub\Transmitter::createCachedActivityFromItem($target_item['id'], true); $activity = ActivityPub\Transmitter::createCachedActivityFromItem($target_item['id'], true);
if (empty($cache)) { if (empty($activity)) {
Logger::info('Item cache was not created. The post will not be distributed.', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]); Logger::info('Item cache was not created. The post will not be distributed.', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]);
return ['count' => 0, 'contacts' => []]; return ['count' => 0, 'contacts' => []];
} }
if ($check_signature && !LDSignature::isSigned($activity)) {
Logger::info('Unsigned remote activity will not be distributed', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]);
return ['count' => 0, 'contacts' => []];
}
$delivery_queue_count = 0; $delivery_queue_count = 0;
$contacts = []; $contacts = [];