ltlapy/iceshrimp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
26614 commits 1 branch 0 tags 1.2 GiB
Commit graph

19 commits

Author SHA1 Message Date
Laura Hausmann
cf506d3bd9
[backend] Reject anonymous objects in the AP resolver 2024-03-30 13:11:09 +01:00
Laura Hausmann
ac57c58ecf
[backend] Stricter validation of activity identifiers 
This resolves a security issue that was disclosed on 2024-03-24 & patched in coordination with other affected software on 2024-03-30.
Huge thanks to Oneric for the detailed security disclosure.
 2024-03-30 13:11:03 +01:00
老周部落
3824767cc9 [backend] Fix resolver cannot parse some follows and notes request 2024-02-26 08:49:45 +01:00
Laura Hausmann
5f6096c1b7
[backend] Verify object id host matches final URL when fetching remote activities 2024-02-16 18:42:23 +01:00
Laura Hausmann
9fc45f166c
[backend] Verify response content type when fetching remote activities 2024-02-16 18:42:22 +01:00
Laura Hausmann
84867f1c13
Finish up support for local split domain configurations 2023-09-06 19:13:57 +02:00
Laura Hausmann
748c20474b
Fix AP resolver history on reuse for authorized fetch 2023-06-28 02:30:00 +02:00
Laura Hausmann
25fc7c7e0e Add signature to remote note lookup 2023-06-28 01:05:25 +02:00
ThatOneCalculator
2aab2de38d refactor: 🎨 rome 2023-01-12 20:40:33 -08:00
Johann150
6bd46b077c activitypub: block check for resolving collections 2022-12-25 15:10:44 -05:00
Francis Dinh
48f0a83016 add checks to resolver and performOneActivity 2022-12-25 15:10:33 -05:00
Francis Dinh
8ff259f573 Block subdomains of blocked hosts 2022-12-24 14:46:09 -05:00
skeh
0ad0ddfee9 Merge pull request 'hotfix/misskey-forkbomb' (#8) from hotfix/misskey-forkbomb into stage 
Reviewed-on: https://code.vtopia.live/Vtopia/MissV/pulls/8
 2022-12-01 00:30:55 -08:00
ThatOneCalculator
0e173ac498 change to click.self 2022-10-28 10:52:13 -07:00
nullobsi
1fc7ad48e3 Add Secure Mode and Private Mode 
- Add instance actor
- Add private mode, which uses an allowlist
- Add Secure Mode, restricts access to blocked instances
 2022-09-06 20:46:41 -07:00
Johann150
86c04c4489 fix: ensure resolver does not fetch local resources via HTTP(S) (#8733) 
* refactor: parseUri types and checks

The type has been refined to better represent what it actually is. Uses of
parseUri are now also checking the parsed object type before resolving.

* cannot resolve URLs with fragments

* also take remaining part of URL into account

Needed for parsing the follows URIs.

* Resolver uses DbResolver for local

* remove unnecessary use of DbResolver

Using DbResolver would mean that the URL is parsed and handled again.
This duplicated processing can be avoided by querying the database directly.

* fix missing property name
 2022-06-04 11:29:20 +09:00
syuilo
c905bb6cbf refactor: fix type 2022-04-17 13:26:31 +09:00
syuilo
94228778c9 refactor: Use ESM (#8358) 
* wip

* wip

* fix

* clean up

* Update tsconfig.json

* Update activitypub.ts

* wip
 2022-02-27 11:07:39 +09:00
syuilo
14148f6c4a refactoring 
Resolve #7779
 2021-11-12 02:02:25 +09:00
Renamed from src/remote/activitypub/resolver.ts (Browse further)