Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-05-06 17:16:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: add domain blocklist check in activitypub middleware

Browse Source
This commit is contained in:
Julian Lam
2026-04-16 14:22:17 -04:00
parent be68e0da5c
commit 8e5e208607
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/middleware/activitypub.js
View File

@@ -76,6 +76,14 @@ middleware.assertPayload = helpers.try(async function (req, res, next) {
return res.sendStatus(403);
}
// Domain check against blocklists
const { hostname } = new URL(req.body.actor);
const isAllowed = await activitypub.blocklists.check(hostname);
if (!isAllowed) {
activitypub.helpers.log(`[middleware/activitypub] Blocked incoming activity from ${hostname} due to blocklist.`);
return res.sendStatus(403);
}
// Sanity-check payload schema
const required = ['id', 'type', 'actor', 'object'];
if (!required.every(prop => req.body.hasOwnProperty(prop))) {