@evanp/activitypub-bot 0.46.4 → 0.46.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/lib/activityhandler.js +8 -2
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
package/lib/activityhandler.js
CHANGED
|
@@ -47,6 +47,12 @@ export class ActivityHandler {
|
|
|
47
47
|
'activity parameter must be an object'
|
|
48
48
|
)
|
|
49
49
|
|
|
50
|
+
const actor = activity.actor?.first
|
|
51
|
+
|
|
52
|
+
if (!actor || !await this.#authz.sameOrigin(activity, actor)) {
|
|
53
|
+
return
|
|
54
|
+
}
|
|
55
|
+
|
|
50
56
|
await this.#cache.set(
|
|
51
57
|
activity.id,
|
|
52
58
|
bot.username,
|
|
@@ -135,7 +141,7 @@ export class ActivityHandler {
|
|
|
135
141
|
)
|
|
136
142
|
return
|
|
137
143
|
}
|
|
138
|
-
if (this.#authz.isOwner(await this.#botActor(bot), original)) {
|
|
144
|
+
if (await this.#authz.isOwner(await this.#botActor(bot), original)) {
|
|
139
145
|
if (!await this.#authz.canRead(actor, original)) {
|
|
140
146
|
this.#logger.warn(
|
|
141
147
|
'Create activity references inaccessible original object',
|
|
@@ -950,7 +956,7 @@ export class ActivityHandler {
|
|
|
950
956
|
}
|
|
951
957
|
this.#logger.debug({ msg: 'Ensuring object', source: source.id, object: object.id, required })
|
|
952
958
|
// Try getting the object from the source
|
|
953
|
-
if (this.#authz.sameOrigin(source, object) &&
|
|
959
|
+
if (await this.#authz.sameOrigin(source, object) &&
|
|
954
960
|
(!required.includes('type') || object.type) &&
|
|
955
961
|
!others.find((prop) => !object.has(prop))) {
|
|
956
962
|
this.#logger.debug('Object is already complete')
|