fix: refuse proxying valid json documents

this to avoid impersonation. this should usually be a cheap check, as most media won't be starting with valid json characters, so from_slice() should just check 1 byte most of the times
2024-07-17 18:08:15 +02:00 · 2024-07-17 18:08:15 +02:00 · d9d7acbe98
commit d9d7acbe98
parent ab46e23ef9
1 changed files with 9 additions and 5 deletions
--- a/upub/routes/src/activitypub/application.rs
+++ b/upub/routes/src/activitypub/application.rs
@ -3,7 +3,7 @@ use axum::{extract::{Path, Query, State}, http::HeaderMap, response::{IntoRespon
 use reqwest::Method;
 use upub::{traits::{Cloaker, Fetcher}, Context};

-use crate::{builders::JsonLD, ApiError, AuthIdentity, Identity};
+use crate::{builders::JsonLD, ApiError, ApiResult, AuthIdentity, Identity};


 pub async fn view(
@ -86,9 +86,13 @@ pub async fn cloak_proxy(
 		)
 			.await?
 			.error_for_status()?;
+	
+	let headers = resp.headers().clone();
+	let body = resp.bytes().await?.to_vec();

-	Ok((
-		resp.headers().clone(),
-		resp.bytes().await?.to_vec(),
-	))
+	if serde_json::from_slice::<serde_json::Value>(&body).is_ok() {
+		return Err(ApiError::forbidden());
+	}
+
+	Ok((headers, body))
 }