Skip to content

Commit

Permalink
apGetでcheckAllowedUrl
Browse files Browse the repository at this point in the history
  • Loading branch information
@mei23
mei23 committed Mar 22, 2024
1 parent bfd576b commit da12d5b
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion src/remote/activitypub/request.ts
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
import config from '../../config';
import { getResponse } from '../../misc/fetch';
import { StatusError, getResponse } from '../../misc/fetch';
import { createSignedPost, createSignedGet } from './ap-request';
import { ILocalUser } from '../../models/user';
import { ThinUserWithKey } from '../../queue/types';
import type { Response } from 'got';
import { checkAllowedUrl } from '../../misc/check-allowed-url';

export default async (user: ThinUserWithKey, url: string, object: any, digest?: string) => {
const body = typeof object === 'string' ? object : JSON.stringify(object);
Expand Down Expand Up @@ -40,6 +41,10 @@ export default async (user: ThinUserWithKey, url: string, object: any, digest?:
export async function apGet(url: string, user?: ILocalUser) {
let res: Response<string>;

if (!checkAllowedUrl(url)) {
throw new StatusError('Invalid URL', 400);
}

if (user) {
const req = createSignedGet({
key: {
Expand Down

0 comments on commit da12d5b

Please sign in to comment.