Home Explore Help
Register Sign In
oleg
/
pixelfed
mirror of https://github.com/pixelfed/pixelfed.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Update ActivityPubFetchService, enforce stricter Content-Type validation

Daniel Supernault 1 year ago
parent
4c6ec20e36
commit
1232cfc86a
1 changed files with 54 additions and 31 deletions
Split View Show Diff Stats
  1. 54 31
      app/Services/ActivityPubFetchService.php

+ 54 - 31
app/Services/ActivityPubFetchService.php
View File 

@@ -11,38 +11,61 @@ use Illuminate\Http\Client\RequestException;
 
 
 class ActivityPubFetchService
 
 {
 
-	public static function get($url, $validateUrl = true)
 
-	{
 
+    public static function get($url, $validateUrl = true)
 
+    {
 
         if($validateUrl === true) {
 
-    		if(!Helpers::validateUrl($url)) {
 
-    			return 0;
 
-    		}
 
+            if(!Helpers::validateUrl($url)) {
 
+                return 0;
 
+            }
 
         }
 
 
-		$baseHeaders = [
 
-			'Accept' => 'application/activity+json, application/ld+json',
 
-		];
 
-
 
-		$headers = HttpSignature::instanceActorSign($url, false, $baseHeaders, 'get');
 
-		$headers['Accept'] = 'application/activity+json, application/ld+json';
 
-		$headers['User-Agent'] = 'PixelFedBot/1.0.0 (Pixelfed/'.config('pixelfed.version').'; +'.config('app.url').')';
 
-
 
-		try {
 
-			$res = Http::withOptions(['allow_redirects' => false])->withHeaders($headers)
 
-				->timeout(30)
 
-				->connectTimeout(5)
 
-				->retry(3, 500)
 
-				->get($url);
 
-		} catch (RequestException $e) {
 
-			return;
 
-		} catch (ConnectionException $e) {
 
-			return;
 
-		} catch (Exception $e) {
 
-			return;
 
-		}
 
-		if(!$res->ok()) {
 
-			return;
 
-		}
 
-		return $res->body();
 
-	}
 
+        $baseHeaders = [
 
+            'Accept' => 'application/activity+json, application/ld+json',
 
+        ];
 
+
 
+        $headers = HttpSignature::instanceActorSign($url, false, $baseHeaders, 'get');
 
+        $headers['Accept'] = 'application/activity+json, application/ld+json';
 
+        $headers['User-Agent'] = 'PixelFedBot/1.0.0 (Pixelfed/'.config('pixelfed.version').'; +'.config('app.url').')';
 
+
 
+        try {
 
+            $res = Http::withOptions(['allow_redirects' => false])
 
+                ->withHeaders($headers)
 
+                ->timeout(30)
 
+                ->connectTimeout(5)
 
+                ->retry(3, 500)
 
+                ->get($url);
 
+        } catch (RequestException $e) {
 
+            return;
 
+        } catch (ConnectionException $e) {
 
+            return;
 
+        } catch (Exception $e) {
 
+            return;
 
+        }
 
+
 
+        if(!$res->ok()) {
 
+            return;
 
+        }
 
+
 
+        if(!$res->hasHeader('Content-Type')) {
 
+            return;
 
+        }
 
+
 
+        $acceptedTypes = [
 
+            'application/activity+json; charset=utf-8',
 
+            'application/activity+json',
 
+            'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'
 
+        ];
 
+
 
+        $contentType = $res->getHeader('Content-Type')[0];
 
+
 
+        if(!$contentType) {
 
+            return;
 
+        }
 
+
 
+        if(!in_array($contentType, $acceptedTypes)) {
 
+            return;
 
+        }
 
+
 
+        return $res->body();
 
+    }
 
 }