diff options
author | Anthony Wang | 2022-06-16 14:54:16 -0500 |
---|---|---|
committer | Anthony Wang | 2022-06-16 14:54:16 -0500 |
commit | af2419c5d767c45d58ab7066ef57cd6d80a369fc (patch) | |
tree | 201bb319378ae32b6094a95321123ae08c525a05 | |
parent | 202303e8883e92a6e54ea0f55243185346504b93 (diff) |
Rate limit federation requests/responses and add better comments
-rw-r--r-- | modules/activitypub/send.go | 2 | ||||
-rw-r--r-- | routers/api/v1/activitypub/person.go | 18 |
2 files changed, 12 insertions, 8 deletions
diff --git a/modules/activitypub/send.go b/modules/activitypub/send.go index e0266c488..4b8e580bf 100644 --- a/modules/activitypub/send.go +++ b/modules/activitypub/send.go @@ -54,7 +54,7 @@ func Send(user *user_model.User, activity *ap.Activity) { for _, to := range activity.To { client, _ := NewClient(user, setting.AppURL+"api/v1/activitypub/user/"+user.Name+"#main-key") resp, _ := client.Post(body, to.GetID().String()) - respBody, _ := io.ReadAll(resp.Body) + respBody, _ := io.ReadAll(io.LimitReader(resp.Body, setting.Federation.MaxSize)) log.Debug(string(respBody)) } } diff --git a/routers/api/v1/activitypub/person.go b/routers/api/v1/activitypub/person.go index a27bbc33a..8202ee15e 100644 --- a/routers/api/v1/activitypub/person.go +++ b/routers/api/v1/activitypub/person.go @@ -68,6 +68,8 @@ func Person(ctx *context.APIContext) { person.Following = ap.IRI(link + "/following") person.Followers = ap.IRI(link + "/followers") + person.Liked = ap.IRI(link + "/liked") + person.PublicKey.ID = ap.IRI(link + "#main-key") person.PublicKey.Owner = ap.IRI(link) @@ -103,7 +105,7 @@ func PersonInbox(ctx *context.APIContext) { // "204": // "$ref": "#/responses/empty" - body, err := io.ReadAll(ctx.Req.Body) + body, err := io.ReadAll(io.LimitReader(ctx.Req.Body, setting.Federation.MaxSize)) if err != nil { ctx.Error(http.StatusInternalServerError, "Error reading request body", err) } @@ -114,16 +116,18 @@ func PersonInbox(ctx *context.APIContext) { activitypub.Follow(ctx, activity) } else { log.Warn("ActivityStreams type not supported", activity) + ctx.PlainText(http.StatusNotImplemented, "ActivityStreams type not supported") + return } ctx.Status(http.StatusNoContent) } -// PersonOutbox function +// PersonOutbox function returns the user's Outbox OrderedCollection func PersonOutbox(ctx *context.APIContext) { // swagger:operation GET /activitypub/user/{username}/outbox activitypub activitypubPersonOutbox // --- - // summary: Returns the outbox + // summary: Returns the Outbox OrderedCollection // produces: // - application/activity+json // parameters: @@ -167,11 +171,11 @@ func PersonOutbox(ctx *context.APIContext) { response(ctx, binary) } -// PersonFollowing function +// PersonFollowing function returns the user's Following Collection func PersonFollowing(ctx *context.APIContext) { // swagger:operation GET /activitypub/user/{username}/following activitypub activitypubPersonFollowing // --- - // summary: Returns the following collection + // summary: Returns the Following Collection // produces: // - application/activity+json // parameters: @@ -208,11 +212,11 @@ func PersonFollowing(ctx *context.APIContext) { response(ctx, binary) } -// PersonFollowers function +// PersonFollowers function returns the user's Followers Collection func PersonFollowers(ctx *context.APIContext) { // swagger:operation GET /activitypub/user/{username}/followers activitypub activitypubPersonFollowers // --- - // summary: Returns the followers collection + // summary: Returns the Followers Collection // produces: // - application/activity+json // parameters: |