Skip to content

Commit

Permalink
Remove check that avatars/banners are locally hosted (fixes #2254) (#…
Browse files Browse the repository at this point in the history 
…2255)
  • Loading branch information
@Nutomic
Nutomic authored May 10, 2022
1 parent 99f3141 commit f0ec301
Show file tree
Hide file tree
Showing 10 changed files with 11 additions and 75 deletions.
10 changes: 1 addition & 9 deletions crates/api/src/local_user/save_settings.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,7 @@ use crate::Perform;
use actix_web::web::Data;
use lemmy_api_common::{
person::{LoginResponse, SaveUserSettings},
utils::{
blocking,
check_image_has_local_domain,
get_local_user_view_from_jwt,
send_verification_email,
},
utils::{blocking, get_local_user_view_from_jwt, send_verification_email},
};
use lemmy_db_schema::{
source::{
Expand Down Expand Up @@ -49,9 +44,6 @@ impl Perform for SaveUserSettings {
let email_deref = data.email.as_deref().map(|e| e.to_owned());
let email = diesel_option_overwrite(&email_deref);

check_image_has_local_domain(avatar.as_ref().unwrap_or(&None))?;
check_image_has_local_domain(banner.as_ref().unwrap_or(&None))?;

if let Some(Some(email)) = &email {
let previous_email = local_user_view.local_user.email.clone().unwrap_or_default();
// Only send the verification email if there was an email change
Expand Down
13 changes: 1 addition & 12 deletions crates/api_common/src/utils.rs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
use crate::{sensitive::Sensitive, site::FederatedInstances};
use lemmy_db_schema::{
newtypes::{CommunityId, DbUrl, LocalUserId, PersonId, PostId},
newtypes::{CommunityId, LocalUserId, PersonId, PostId},
source::{
comment::Comment,
community::Community,
Expand Down Expand Up @@ -592,14 +592,3 @@ pub async fn delete_user_account(person_id: PersonId, pool: &DbPool) -> Result<(

Ok(())
}

pub fn check_image_has_local_domain(url: &Option<DbUrl>) -> Result<(), LemmyError> {
if let Some(url) = url {
let settings = Settings::get();
let domain = url.domain().expect("url has domain");
if domain != settings.hostname {
return Err(LemmyError::from_message("image_not_local"));
}
}
Ok(())
}
4 changes: 1 addition & 3 deletions crates/api_crud/src/community/create.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ use crate::PerformCrud;
use actix_web::web::Data;
use lemmy_api_common::{
community::{CommunityResponse, CreateCommunity},
utils::{blocking, check_image_has_local_domain, get_local_user_view_from_jwt, is_admin},
utils::{blocking, get_local_user_view_from_jwt, is_admin},
};
use lemmy_apub::{
generate_followers_url,
Expand Down Expand Up @@ -65,8 +65,6 @@ impl PerformCrud for CreateCommunity {
check_slurs(&data.name, &context.settings().slur_regex())?;
check_slurs(&data.title, &context.settings().slur_regex())?;
check_slurs_opt(&data.description, &context.settings().slur_regex())?;
check_image_has_local_domain(icon.as_ref().unwrap_or(&None))?;
check_image_has_local_domain(banner.as_ref().unwrap_or(&None))?;

if !is_valid_actor_name(&data.name, context.settings().actor_name_max_length) {
return Err(LemmyError::from_message("invalid_community_name"));
Expand Down
4 changes: 1 addition & 3 deletions crates/api_crud/src/community/update.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ use crate::PerformCrud;
use actix_web::web::Data;
use lemmy_api_common::{
community::{CommunityResponse, EditCommunity},
utils::{blocking, check_image_has_local_domain, get_local_user_view_from_jwt},
utils::{blocking, get_local_user_view_from_jwt},
};
use lemmy_apub::protocol::activities::community::update::UpdateCommunity;
use lemmy_db_schema::{
Expand Down Expand Up @@ -34,8 +34,6 @@ impl PerformCrud for EditCommunity {

check_slurs_opt(&data.title, &context.settings().slur_regex())?;
check_slurs_opt(&data.description, &context.settings().slur_regex())?;
check_image_has_local_domain(icon.as_ref().unwrap_or(&None))?;
check_image_has_local_domain(banner.as_ref().unwrap_or(&None))?;

// Verify its a mod (only mods can edit it)
let community_id = data.community_id;
Expand Down
10 changes: 1 addition & 9 deletions crates/api_crud/src/site/create.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,7 @@ use crate::PerformCrud;
use actix_web::web::Data;
use lemmy_api_common::{
site::{CreateSite, SiteResponse},
utils::{
blocking,
check_image_has_local_domain,
get_local_user_view_from_jwt,
is_admin,
site_description_length_check,
},
utils::{blocking, get_local_user_view_from_jwt, is_admin, site_description_length_check},
};
use lemmy_apub::generate_site_inbox_url;
use lemmy_db_schema::{
Expand Down Expand Up @@ -55,8 +49,6 @@ impl PerformCrud for CreateSite {

check_slurs(&data.name, &context.settings().slur_regex())?;
check_slurs_opt(&data.description, &context.settings().slur_regex())?;
check_image_has_local_domain(icon.as_ref().unwrap_or(&None))?;
check_image_has_local_domain(banner.as_ref().unwrap_or(&None))?;

// Make sure user is an admin
is_admin(&local_user_view)?;
Expand Down
10 changes: 1 addition & 9 deletions crates/api_crud/src/site/update.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,7 @@ use crate::PerformCrud;
use actix_web::web::Data;
use lemmy_api_common::{
site::{EditSite, SiteResponse},
utils::{
blocking,
check_image_has_local_domain,
get_local_user_view_from_jwt,
is_admin,
site_description_length_check,
},
utils::{blocking, get_local_user_view_from_jwt, is_admin, site_description_length_check},
};
use lemmy_db_schema::{
source::{
Expand Down Expand Up @@ -51,8 +45,6 @@ impl PerformCrud for EditSite {

check_slurs_opt(&data.name, &context.settings().slur_regex())?;
check_slurs_opt(&data.description, &context.settings().slur_regex())?;
check_image_has_local_domain(icon.as_ref().unwrap_or(&None))?;
check_image_has_local_domain(banner.as_ref().unwrap_or(&None))?;

if let Some(Some(desc)) = &description {
site_description_length_check(desc)?;
Expand Down
4 changes: 1 addition & 3 deletions crates/apub/src/objects/instance.rs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
use crate::{
check_is_apub_id_valid,
objects::{read_from_string_or_source_opt, verify_image_domain_matches},
objects::read_from_string_or_source_opt,
protocol::{
objects::instance::{Instance, InstanceType},
ImageObject,
Expand Down Expand Up @@ -107,8 +107,6 @@ impl ApubObject for ApubSite {
) -> Result<(), LemmyError> {
check_is_apub_id_valid(apub.id.inner(), true, &data.settings())?;
verify_domains_match(expected_domain, apub.id.inner())?;
verify_image_domain_matches(expected_domain, &apub.icon)?;
verify_image_domain_matches(expected_domain, &apub.image)?;

let slur_regex = &data.settings().slur_regex();
check_slurs(&apub.name, slur_regex)?;
Expand Down
15 changes: 2 additions & 13 deletions crates/apub/src/objects/mod.rs
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
use crate::protocol::{ImageObject, Source};
use crate::protocol::Source;
use anyhow::anyhow;
use html2md::parse_html;
use lemmy_apub_lib::{values::MediaTypeMarkdownOrHtml, verify::verify_domains_match};
use lemmy_apub_lib::values::MediaTypeMarkdownOrHtml;
use lemmy_utils::{settings::structs::Settings, LemmyError};
use url::Url;

Expand Down Expand Up @@ -39,17 +39,6 @@ pub(crate) fn read_from_string_or_source_opt(
.map(|content| read_from_string_or_source(content, media_type, source))
}

pub(crate) fn verify_image_domain_matches(
a: &Url,
b: &Option<ImageObject>,
) -> Result<(), LemmyError> {
if let Some(b) = b {
verify_domains_match(a, &b.url)
} else {
Ok(())
}
}

/// When for example a Post is made in a remote community, the community will send it back,
/// wrapped in Announce. If we simply receive this like any other federated object, overwrite the
/// existing, local Post. In particular, it will set the field local = false, so that the object
Expand Down
8 changes: 1 addition & 7 deletions crates/apub/src/objects/person.rs
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,7 @@
use crate::{
check_is_apub_id_valid,
generate_outbox_url,
objects::{
instance::fetch_instance_actor_for_object,
read_from_string_or_source_opt,
verify_image_domain_matches,
},
objects::{instance::fetch_instance_actor_for_object, read_from_string_or_source_opt},
protocol::{
objects::{
person::{Person, UserTypes},
Expand Down Expand Up @@ -128,8 +124,6 @@ impl ApubObject for ApubPerson {
) -> Result<(), LemmyError> {
verify_domains_match(person.id.inner(), expected_domain)?;
check_is_apub_id_valid(person.id.inner(), false, &context.settings())?;
verify_image_domain_matches(expected_domain, &person.icon)?;
verify_image_domain_matches(expected_domain, &person.image)?;

let slur_regex = &context.settings().slur_regex();
check_slurs(&person.preferred_username, slur_regex)?;
Expand Down
8 changes: 1 addition & 7 deletions crates/apub/src/protocol/objects/group.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,7 @@ use crate::{
community_moderators::ApubCommunityModerators,
community_outbox::ApubCommunityOutbox,
},
objects::{
community::ApubCommunity,
read_from_string_or_source_opt,
verify_image_domain_matches,
},
objects::{community::ApubCommunity, read_from_string_or_source_opt},
protocol::{objects::Endpoints, ImageObject, Source},
};
use activitystreams_kinds::actor::GroupType;
Expand Down Expand Up @@ -65,8 +61,6 @@ impl Group {
) -> Result<(), LemmyError> {
check_is_apub_id_valid(self.id.inner(), true, &context.settings())?;
verify_domains_match(expected_domain, self.id.inner())?;
verify_image_domain_matches(expected_domain, &self.icon)?;
verify_image_domain_matches(expected_domain, &self.image)?;

let slur_regex = &context.settings().slur_regex();
check_slurs(&self.preferred_username, slur_regex)?;
Expand Down

0 comments on commit f0ec301

Please sign in to comment.