diff --git a/app/Http/Controllers/FederationController.php b/app/Http/Controllers/FederationController.php index d5189081c..e78ac6287 100644 --- a/app/Http/Controllers/FederationController.php +++ b/app/Http/Controllers/FederationController.php @@ -29,6 +29,7 @@ use App\Util\ActivityPub\{ Outbox }; use Zttp\Zttp; +use App\Services\InstanceService; class FederationController extends Controller { @@ -142,13 +143,19 @@ class FederationController extends Controller $headers = $request->headers->all(); $payload = $request->getContent(); + if(!$payload || empty($payload)) { + return; + } $obj = json_decode($payload, true, 8); + if(!isset($obj['id'])) { + return; + } + $domain = parse_url($obj['id'], PHP_URL_HOST); + if(in_array($domain, InstanceService::getBannedDomains())) { + return; + } if(isset($obj['type']) && $obj['type'] === 'Delete') { - if(!isset($obj['id'])) { - return; - } - usleep(5000); $lockKey = 'pf:ap:del-lock:' . hash('sha256', $obj['id']); if( isset($obj['actor']) && isset($obj['object']) && @@ -160,20 +167,19 @@ class FederationController extends Controller ) { if(Cache::get($lockKey) !== null) { return; + } else { + Cache::put($lockKey, 1, 3600); + usleep(5000); } } - Cache::put($lockKey, 1, 3600); dispatch(new DeleteWorker($headers, $payload))->onQueue('delete'); } else { - if(!isset($obj['id'])) { - return; - } - usleep(5000); $lockKey = 'pf:ap:user-inbox:activity:' . hash('sha256', $obj['id']); if(Cache::get($lockKey) !== null) { return; } Cache::put($lockKey, 1, 3600); + usleep(5000); dispatch(new InboxValidator($username, $headers, $payload))->onQueue('high'); } return; @@ -186,12 +192,22 @@ class FederationController extends Controller $headers = $request->headers->all(); $payload = $request->getContent(); + + if(!$payload || empty($payload)) { + return; + } + $obj = json_decode($payload, true, 8); + if(!isset($obj['id'])) { + return; + } + + $domain = parse_url($obj['id'], PHP_URL_HOST); + if(in_array($domain, InstanceService::getBannedDomains())) { + return; + } if(isset($obj['type']) && $obj['type'] === 'Delete') { - if(!isset($obj['id'])) { - return; - } $lockKey = 'pf:ap:del-lock:' . hash('sha256', $obj['id']); if( isset($obj['actor']) && isset($obj['object']) && @@ -217,15 +233,6 @@ class FederationController extends Controller { abort_if(!config_cache('federation.activitypub.enabled'), 404); - $profile = Profile::whereNull('remote_url') - ->whereUsername($username) - ->whereIsPrivate(false) - ->firstOrFail(); - - if($profile->status != null) { - abort(404); - } - $obj = [ '@context' => 'https://www.w3.org/ns/activitystreams', 'id' => $request->getUri(), @@ -240,15 +247,6 @@ class FederationController extends Controller { abort_if(!config_cache('federation.activitypub.enabled'), 404); - $profile = Profile::whereNull('remote_url') - ->whereUsername($username) - ->whereIsPrivate(false) - ->firstOrFail(); - - if($profile->status != null) { - abort(404); - } - $obj = [ '@context' => 'https://www.w3.org/ns/activitystreams', 'id' => $request->getUri(), diff --git a/app/Jobs/InboxPipeline/InboxValidator.php b/app/Jobs/InboxPipeline/InboxValidator.php index 22a023304..366d81326 100644 --- a/app/Jobs/InboxPipeline/InboxValidator.php +++ b/app/Jobs/InboxPipeline/InboxValidator.php @@ -49,12 +49,15 @@ class InboxValidator implements ShouldQueue { $username = $this->username; $headers = $this->headers; + + if(empty($headers) || empty($this->payload) || !isset($headers['signature']) || !isset($headers['date'])) { + return; + } + $payload = json_decode($this->payload, true, 8); - $profile = Profile::whereNull('domain')->whereUsername($username)->first(); - if(isset($payload['id'])) { - $lockKey = hash('sha256', $payload['id']); + $lockKey = 'ap:icid:' . hash('sha256', $payload['id']); if(Cache::get($lockKey) !== null) { // Job processed already return 1; @@ -62,9 +65,7 @@ class InboxValidator implements ShouldQueue Cache::put($lockKey, 1, 3600); } - if(!isset($headers['signature']) || !isset($headers['date'])) { - return; - } + $profile = Profile::whereNull('domain')->whereUsername($username)->first(); if(empty($profile) || empty($headers) || empty($payload)) { return; diff --git a/app/Jobs/InboxPipeline/InboxWorker.php b/app/Jobs/InboxPipeline/InboxWorker.php index 23371c3ce..e3165666a 100644 --- a/app/Jobs/InboxPipeline/InboxWorker.php +++ b/app/Jobs/InboxPipeline/InboxWorker.php @@ -47,10 +47,15 @@ class InboxWorker implements ShouldQueue { $profile = null; $headers = $this->headers; + + if(empty($headers) || empty($this->payload) || !isset($headers['signature']) || !isset($headers['date'])) { + return; + } + $payload = json_decode($this->payload, true, 8); if(isset($payload['id'])) { - $lockKey = hash('sha256', $payload['id']); + $lockKey = 'ap:icid:' . hash('sha256', $payload['id']); if(Cache::get($lockKey) !== null) { // Job processed already return 1; @@ -58,14 +63,6 @@ class InboxWorker implements ShouldQueue Cache::put($lockKey, 1, 3600); } - if(!isset($headers['signature']) || !isset($headers['date'])) { - return; - } - - if(empty($headers) || empty($payload)) { - return; - } - if($this->verifySignature($headers, $payload) == true) { (new Inbox($headers, $profile, $payload))->handle(); return;