aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony Wang2022-06-16 14:54:16 -0500
committerAnthony Wang2022-06-16 14:54:16 -0500
commitaf2419c5d767c45d58ab7066ef57cd6d80a369fc (patch)
tree201bb319378ae32b6094a95321123ae08c525a05
parent202303e8883e92a6e54ea0f55243185346504b93 (diff)
Rate limit federation requests/responses and add better comments
-rw-r--r--modules/activitypub/send.go2
-rw-r--r--routers/api/v1/activitypub/person.go18
2 files changed, 12 insertions, 8 deletions
diff --git a/modules/activitypub/send.go b/modules/activitypub/send.go
index e0266c488..4b8e580bf 100644
--- a/modules/activitypub/send.go
+++ b/modules/activitypub/send.go
@@ -54,7 +54,7 @@ func Send(user *user_model.User, activity *ap.Activity) {
for _, to := range activity.To {
client, _ := NewClient(user, setting.AppURL+"api/v1/activitypub/user/"+user.Name+"#main-key")
resp, _ := client.Post(body, to.GetID().String())
- respBody, _ := io.ReadAll(resp.Body)
+ respBody, _ := io.ReadAll(io.LimitReader(resp.Body, setting.Federation.MaxSize))
log.Debug(string(respBody))
}
}
diff --git a/routers/api/v1/activitypub/person.go b/routers/api/v1/activitypub/person.go
index a27bbc33a..8202ee15e 100644
--- a/routers/api/v1/activitypub/person.go
+++ b/routers/api/v1/activitypub/person.go
@@ -68,6 +68,8 @@ func Person(ctx *context.APIContext) {
person.Following = ap.IRI(link + "/following")
person.Followers = ap.IRI(link + "/followers")
+ person.Liked = ap.IRI(link + "/liked")
+
person.PublicKey.ID = ap.IRI(link + "#main-key")
person.PublicKey.Owner = ap.IRI(link)
@@ -103,7 +105,7 @@ func PersonInbox(ctx *context.APIContext) {
// "204":
// "$ref": "#/responses/empty"
- body, err := io.ReadAll(ctx.Req.Body)
+ body, err := io.ReadAll(io.LimitReader(ctx.Req.Body, setting.Federation.MaxSize))
if err != nil {
ctx.Error(http.StatusInternalServerError, "Error reading request body", err)
}
@@ -114,16 +116,18 @@ func PersonInbox(ctx *context.APIContext) {
activitypub.Follow(ctx, activity)
} else {
log.Warn("ActivityStreams type not supported", activity)
+ ctx.PlainText(http.StatusNotImplemented, "ActivityStreams type not supported")
+ return
}
ctx.Status(http.StatusNoContent)
}
-// PersonOutbox function
+// PersonOutbox function returns the user's Outbox OrderedCollection
func PersonOutbox(ctx *context.APIContext) {
// swagger:operation GET /activitypub/user/{username}/outbox activitypub activitypubPersonOutbox
// ---
- // summary: Returns the outbox
+ // summary: Returns the Outbox OrderedCollection
// produces:
// - application/activity+json
// parameters:
@@ -167,11 +171,11 @@ func PersonOutbox(ctx *context.APIContext) {
response(ctx, binary)
}
-// PersonFollowing function
+// PersonFollowing function returns the user's Following Collection
func PersonFollowing(ctx *context.APIContext) {
// swagger:operation GET /activitypub/user/{username}/following activitypub activitypubPersonFollowing
// ---
- // summary: Returns the following collection
+ // summary: Returns the Following Collection
// produces:
// - application/activity+json
// parameters:
@@ -208,11 +212,11 @@ func PersonFollowing(ctx *context.APIContext) {
response(ctx, binary)
}
-// PersonFollowers function
+// PersonFollowers function returns the user's Followers Collection
func PersonFollowers(ctx *context.APIContext) {
// swagger:operation GET /activitypub/user/{username}/followers activitypub activitypubPersonFollowers
// ---
- // summary: Returns the followers collection
+ // summary: Returns the Followers Collection
// produces:
// - application/activity+json
// parameters: