From 43bd6235b3401fcaf1e5bf7092f8a89cd86097a1 Mon Sep 17 00:00:00 2001 From: Will Murphy Date: Fri, 23 Jun 2023 16:20:05 -0500 Subject: [PATCH] fixup inboxFilter and bump apex --- CHANGELOG.md | 6 ++++++ index.js | 27 +++++++++++++++++++++------ package-lock.json | 14 +++++++------- package.json | 2 +- 4 files changed, 35 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a741fb5..3cb817f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## Unreleased + +### Fixed +* Fix irrelevant activities filter and allow deletes and updates through +* Fixed unverifiable delete detection for duplicate deliveries + ## v1.5.1 (2023-06-23) Efficiency and compatibility updates ### Fixed diff --git a/index.js b/index.js index 9587f23..3adfc73 100644 --- a/index.js +++ b/index.js @@ -92,16 +92,31 @@ async function actorOnDemand (req, res, next) { } catch (err) { return next(err) } next() } -// Lots of servers are delivering inappropriate activities to Guppe, move the filtering up earlier in the process to save work -apex.net.inbox.post.slice( +const acceptablePublicActivities = ['delete', 'update'] +apex.net.inbox.post.splice( // just after standardizing the jsonld apex.net.inbox.post.indexOf(apex.net.validators.jsonld) + 1, 0, - function (req, res, next) { + function inboxLogger (req, res, next) { try { - const groupIRI = apex.utils.usernameToIRI(apex.actorParam) - if (!apex.audienceFromActivity(req.body).includes(groupIRI) && !req.body.object?.[0] === groupIRI) { - console.log('Ignoring irrelevant activity', req.body) + console.log('%s from %s to %s', req.body.type, req.body.actor?.[0], req.params[apex.actorParam]) + } finally { + next() + } + }, + // Lots of servers are delivering inappropriate activities to Guppe, move the filtering up earlier in the process to save work + function inboxFilter (req, res, next) { + try { + const groupIRI = apex.utils.usernameToIRI(req.params[apex.actorParam]) + const activityAudience = apex.audienceFromActivity(req.body) + const activityType = req.body.type?.toLowerCase() + const activityObject = req.body.object?.[0] + if ( + !activityAudience.includes(groupIRI) && + activityObject !== groupIRI && + !acceptablePublicActivities.includes(activityType) + ) { + console.log('Ignoring irrelevant activity sent to %s: %j', groupIRI, req.body) return res.status(202).send('Irrelevant activity ignored') } } catch (err) { diff --git a/package-lock.json b/package-lock.json index 811dadc..37b3856 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,7 +10,7 @@ "license": "AGPL-3.0-or-later", "dependencies": { "@small-tech/auto-encrypt": "^3.1.0", - "activitypub-express": "^4.4.0", + "activitypub-express": "^4.4.1", "connect-history-api-fallback": "^2.0.0", "cors": "^2.8.4", "dotenv": "^16.0.3", @@ -1450,9 +1450,9 @@ } }, "node_modules/activitypub-express": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/activitypub-express/-/activitypub-express-4.4.0.tgz", - "integrity": "sha512-viVA1g8FIEKM+f8nN5ow7MFJsevlu2j3HvCV91oDWWlLGR0JdW6uX30q46eZFiycJzAH3oMrTqPZTBjkjMfMbQ==", + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/activitypub-express/-/activitypub-express-4.4.1.tgz", + "integrity": "sha512-pMh3ylzYFn/psSojmCCcpwV9Tqu2JIPGAVJu6o2M4nGyA1OXpSsaF67EVn2+r4tU1mqGsQWHWTWSqCn1KuzLkg==", "dependencies": { "deepmerge": "^4.2.2", "express": "^4.18.0", @@ -7084,9 +7084,9 @@ "requires": {} }, "activitypub-express": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/activitypub-express/-/activitypub-express-4.4.0.tgz", - "integrity": "sha512-viVA1g8FIEKM+f8nN5ow7MFJsevlu2j3HvCV91oDWWlLGR0JdW6uX30q46eZFiycJzAH3oMrTqPZTBjkjMfMbQ==", + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/activitypub-express/-/activitypub-express-4.4.1.tgz", + "integrity": "sha512-pMh3ylzYFn/psSojmCCcpwV9Tqu2JIPGAVJu6o2M4nGyA1OXpSsaF67EVn2+r4tU1mqGsQWHWTWSqCn1KuzLkg==", "requires": { "deepmerge": "^4.2.2", "express": "^4.18.0", diff --git a/package.json b/package.json index 9b56bd1..03ce33c 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "main": "index.js", "dependencies": { "@small-tech/auto-encrypt": "^3.1.0", - "activitypub-express": "^4.4.0", + "activitypub-express": "^4.4.1", "connect-history-api-fallback": "^2.0.0", "cors": "^2.8.4", "dotenv": "^16.0.3",