Merge pull request #80 from yukimochi/fix/unwrap-inner

fix: unwrap inner activity safer
yukimochi · Apr 5, 2023 · 9d50fa4 · 9d50fa4
2 parents c4522d5 + 43c21b1
commit 9d50fa4
Show file tree

Hide file tree

Showing 3 changed files with 69 additions and 26 deletions.
diff --git a/api/handle.go b/api/handle.go
@@ -135,7 +135,13 @@ func handleInbox(writer http.ResponseWriter, request *http.Request, activityDeco
 					writer.WriteHeader(202)
 					writer.Write(nil)
 				case "Undo":
-					innerActivity, _ := activity.UnwrapInnerActivity()
+					innerActivity, err := activity.UnwrapInnerActivity()
+					if err != nil {
+						writer.WriteHeader(202)
+						writer.Write(nil)
+
+						return
+					}
 					switch innerActivity.Type {
 					case "Follow":
 						err = executeUnfollowing(innerActivity, actor)
@@ -149,7 +155,13 @@ func handleInbox(writer http.ResponseWriter, request *http.Request, activityDeco
 						writer.Write(nil)
 					}
 				case "Accept":
-					innerActivity, _ := activity.UnwrapInnerActivity()
+					innerActivity, err := activity.UnwrapInnerActivity()
+					if err != nil {
+						writer.WriteHeader(202)
+						writer.Write(nil)
+
+						return
+					}
 					switch innerActivity.Type {
 					case "Follow":
 						finalizeMutuallyFollow(innerActivity, actor, activity.Type)
@@ -160,7 +172,13 @@ func handleInbox(writer http.ResponseWriter, request *http.Request, activityDeco
 						writer.Write(nil)
 					}
 				case "Reject":
-					innerActivity, _ := activity.UnwrapInnerActivity()
+					innerActivity, err := activity.UnwrapInnerActivity()
+					if err != nil {
+						writer.WriteHeader(202)
+						writer.Write(nil)
+
+						return
+					}
 					switch innerActivity.Type {
 					case "Follow":
 						finalizeMutuallyFollow(innerActivity, actor, activity.Type)
@@ -209,7 +227,13 @@ func handleInbox(writer http.ResponseWriter, request *http.Request, activityDeco
 					writer.WriteHeader(202)
 					writer.Write(nil)
 				case "Undo":
-					innerActivity, _ := activity.UnwrapInnerActivity()
+					innerActivity, err := activity.UnwrapInnerActivity()
+					if err != nil {
+						writer.WriteHeader(202)
+						writer.Write(nil)
+
+						return
+					}
 					switch innerActivity.Type {
 					case "Follow":
 						err = executeUnfollowing(innerActivity, actor)

diff --git a/api/resolver.go b/api/resolver.go
@@ -331,11 +331,16 @@ func executeRelayActivity(activity *models.Activity, actor *models.Actor, body [
 	}
 	if isActorAbleToRelay(actor) {
 		go enqueueActivityForSubscriber(actorID.Host, body)
-		innerActivity, _ := activity.UnwrapInnerActivity()
-		announce := models.NewActivityPubActivity(RelayActor, []string{RelayActor.Followers()}, innerActivity.ID, "Announce")
-		jsonData, _ := json.Marshal(&announce)
-		go enqueueActivityForFollower(actorID.Host, jsonData)
-		logrus.Debug("Accepted Relay Activity : ", activity.Actor)
+
+		var innnerObjectId, err = activity.UnwrapInnerObjectId()
+		if err != nil {
+			logrus.Debug("Accepted Relay Activity (Announce Failed) : ", activity.Actor)
+		} else {
+			announce := models.NewActivityPubActivity(RelayActor, []string{RelayActor.Followers()}, innnerObjectId, "Announce")
+			jsonData, _ := json.Marshal(&announce)
+			go enqueueActivityForFollower(actorID.Host, jsonData)
+			logrus.Debug("Accepted Relay Activity : ", activity.Actor)
+		}
 	} else {
 		logrus.Debug("Skipped Relay Activity : ", activity.Actor)
 	}

diff --git a/models/models.go b/models/models.go
@@ -146,33 +146,47 @@ func (activity *Activity) GenerateReply(actor Actor, object interface{}, activit
 
 // UnwrapInnerActivity : Unwrap inner activity.
 func (activity *Activity) UnwrapInnerActivity() (*Activity, error) {
-	mappedObject := activity.Object.(map[string]interface{})
-	if id, ok := mappedObject["id"].(string); ok {
-		if nestedType, ok := mappedObject["type"].(string); ok {
-			actor, ok := mappedObject["actor"].(string)
-			if !ok {
-				actor = ""
-			}
-			switch object := mappedObject["object"].(type) {
+	switch innerActivity := activity.Object.(type) {
+	case map[string]interface{}:
+		innerId, IdOk := innerActivity["id"].(string)
+		innerType, TypeOk := innerActivity["type"].(string)
+		innerActor, ActorOk := innerActivity["actor"].(string)
+		innerObject, ActivityOk := innerActivity["object"]
+
+		if IdOk && TypeOk && ActorOk && ActivityOk {
+			switch object := innerActivity["object"].(type) {
 			case string:
 				return &Activity{
-					ID:     id,
-					Type:   nestedType,
-					Actor:  actor,
+					ID:     innerId,
+					Type:   innerType,
+					Actor:  innerActor,
 					Object: object,
 				}, nil
 			default:
 				return &Activity{
-					ID:     id,
-					Type:   nestedType,
-					Actor:  actor,
-					Object: mappedObject["object"],
+					ID:     innerId,
+					Type:   innerType,
+					Actor:  innerActor,
+					Object: innerObject,
 				}, nil
 			}
 		}
-		return nil, errors.New("unwrap type failed")
 	}
-	return nil, errors.New("unwrap id failed")
+	return nil, errors.New("object is not Activity")
+}
+
+// UnwrapInnerObjectId : Unwrap inner object id.
+func (activity *Activity) UnwrapInnerObjectId() (string, error) {
+	switch innerObject := activity.Object.(type) {
+	case string:
+		return innerObject, nil
+	case map[string]interface{}:
+		innerId, IdOk := innerObject["id"].(string)
+		if IdOk {
+			return innerId, nil
+		}
+	}
+	return "", errors.New("object not has id")
 }
 
 // NewActivityPubActivity : Generate activity.