mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-11-18 13:07:35 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

[chore/security] refactor AuthenticateFederatedRequest() to handle account deref + suspension checks (#2371)

Browse source 
* refactor AuthenticateFederatedRequest() to handle account suspension + fetching of owner

* small fixups

* small changes

* revert to 'IsEitherBlocked' instead of just 'IsBlocked" :grimace:

* update code comment to indicate that AuthenticateFederatedRequest() will handle account + instance dereferencing
This commit is contained in:
kim 2023-11-21 10:35:30 +00:00 committed by GitHub
commit 42d8011ff4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 205 additions and 198 deletions
Download patch file Download diff file Expand all files Collapse all files

5
internal/federation/dereferencing/handshake.go
View file

@ -38,8 +38,11 @@ func (d *Dereferencer) Handshaking(username string, remoteAccountID *url.URL) bo
return false
}
// Calculate remote account ID str once.
remoteIDStr := remoteAccountID.String()
for _, id := range remoteIDs {
if id.String() == remoteAccountID.String() {
if id.String() == remoteIDStr {
// We are currently handshaking
// with the remote account.
return true