Issue 9303: Detect AP accesses as backend, prevent ping pong

This commit is contained in:
Michael 2020-10-02 09:31:39 +00:00
parent 97f07b7518
commit 73a7df85f7
3 changed files with 25 additions and 5 deletions

View file

@ -448,7 +448,7 @@ class App
Core\Worker::executeIfIdle();
}
if ($this->mode->isNormal()) {
if ($this->mode->isNormal() && !$this->mode->isBackend()) {
$requester = HTTPSignature::getSigner('', $_SERVER);
if (!empty($requester)) {
Profile::addVisitorCookieForHandle($requester);
@ -456,7 +456,7 @@ class App
}
// ZRL
if (!empty($_GET['zrl']) && $this->mode->isNormal()) {
if (!empty($_GET['zrl']) && $this->mode->isNormal() && !$this->mode->isBackend()) {
if (!local_user()) {
// Only continue when the given profile link seems valid
// Valid profile links contain a path with "/profile/" and no query parameters

View file

@ -134,8 +134,15 @@ class Mode
*/
public function determineRunMode(bool $isBackend, Module $module, array $server, MobileDetect $mobileDetect)
{
$isBackend = $isBackend ||
$module->isBackend();
$contenttypes = ['application/jrd+json', 'application/xrd+xml', 'text/xml',
'application/rss+xml', 'application/atom+xml', 'application/activity+json'];
foreach ($contenttypes as $type) {
if (strpos(strtolower($server['HTTP_ACCEPT'] ?? ''), $type) !== false) {
$isBackend = true;
}
}
$isBackend = $isBackend || $module->isBackend();
$isMobile = $mobileDetect->isMobile();
$isTablet = $mobileDetect->isTablet();
$isAjax = strtolower($server['HTTP_X_REQUESTED_WITH'] ?? '') == 'xmlhttprequest';

View file

@ -22,8 +22,11 @@
namespace Friendica\Model;
use Friendica\Content\Text\HTML;
use Friendica\Core\Cache\Duration;
use Friendica\Core\Logger;
use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\DI;
use Friendica\Network\Probe;
use Friendica\Protocol\ActivityNamespace;
use Friendica\Protocol\ActivityPub;
@ -40,7 +43,7 @@ class APContact
* @param string $addr Address
* @return array webfinger data
*/
public static function fetchWebfingerData(string $addr)
private static function fetchWebfingerData(string $addr)
{
$addr_parts = explode('@', $addr);
if (count($addr_parts) != 2) {
@ -154,6 +157,16 @@ class APContact
return $fetched_contact;
}
// Detect multiple fast repeating request to the same address
// See https://github.com/friendica/friendica/issues/9303
$cachekey = 'apcontact:getByURL:' . $url;
$result = DI::cache()->get($cachekey);
if (!is_null($result)) {
Logger::notice('Multiple requests for the address', ['url' => $url, 'update' => $update, 'callstack' => System::callstack(20), 'result' => $result]);
} else {
DI::cache()->set($cachekey, System::callstack(20), Duration::FIVE_MINUTES);
}
$apcontact['url'] = $compacted['@id'];
$apcontact['uuid'] = JsonLD::fetchElement($compacted, 'diaspora:guid', '@value');
$apcontact['type'] = str_replace('as:', '', JsonLD::fetchElement($compacted, '@type'));