mirror of
https://github.com/pixelfed/pixelfed.git
synced 2024-12-23 16:24:29 +00:00
Update ActivityPubFetchService, enforce stricter Content-Type validation
This commit is contained in:
parent
4c6ec20e36
commit
1232cfc86a
1 changed files with 52 additions and 29 deletions
|
@ -11,38 +11,61 @@ use Illuminate\Http\Client\RequestException;
|
||||||
|
|
||||||
class ActivityPubFetchService
|
class ActivityPubFetchService
|
||||||
{
|
{
|
||||||
public static function get($url, $validateUrl = true)
|
public static function get($url, $validateUrl = true)
|
||||||
{
|
{
|
||||||
if($validateUrl === true) {
|
if($validateUrl === true) {
|
||||||
if(!Helpers::validateUrl($url)) {
|
if(!Helpers::validateUrl($url)) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$baseHeaders = [
|
$baseHeaders = [
|
||||||
'Accept' => 'application/activity+json, application/ld+json',
|
'Accept' => 'application/activity+json, application/ld+json',
|
||||||
];
|
];
|
||||||
|
|
||||||
$headers = HttpSignature::instanceActorSign($url, false, $baseHeaders, 'get');
|
$headers = HttpSignature::instanceActorSign($url, false, $baseHeaders, 'get');
|
||||||
$headers['Accept'] = 'application/activity+json, application/ld+json';
|
$headers['Accept'] = 'application/activity+json, application/ld+json';
|
||||||
$headers['User-Agent'] = 'PixelFedBot/1.0.0 (Pixelfed/'.config('pixelfed.version').'; +'.config('app.url').')';
|
$headers['User-Agent'] = 'PixelFedBot/1.0.0 (Pixelfed/'.config('pixelfed.version').'; +'.config('app.url').')';
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$res = Http::withOptions(['allow_redirects' => false])->withHeaders($headers)
|
$res = Http::withOptions(['allow_redirects' => false])
|
||||||
->timeout(30)
|
->withHeaders($headers)
|
||||||
->connectTimeout(5)
|
->timeout(30)
|
||||||
->retry(3, 500)
|
->connectTimeout(5)
|
||||||
->get($url);
|
->retry(3, 500)
|
||||||
} catch (RequestException $e) {
|
->get($url);
|
||||||
return;
|
} catch (RequestException $e) {
|
||||||
} catch (ConnectionException $e) {
|
return;
|
||||||
return;
|
} catch (ConnectionException $e) {
|
||||||
} catch (Exception $e) {
|
return;
|
||||||
return;
|
} catch (Exception $e) {
|
||||||
}
|
return;
|
||||||
if(!$res->ok()) {
|
}
|
||||||
return;
|
|
||||||
}
|
if(!$res->ok()) {
|
||||||
return $res->body();
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(!$res->hasHeader('Content-Type')) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
$acceptedTypes = [
|
||||||
|
'application/activity+json; charset=utf-8',
|
||||||
|
'application/activity+json',
|
||||||
|
'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'
|
||||||
|
];
|
||||||
|
|
||||||
|
$contentType = $res->getHeader('Content-Type')[0];
|
||||||
|
|
||||||
|
if(!$contentType) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!in_array($contentType, $acceptedTypes)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
return $res->body();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue