Fix user matching

In order to be a proper prefix, the actor url must end with a '/' otherwise it can match another user that starts with the same prefix: for example 'testuser' will match anything made by 'testuser2'
author: rako 2025-11-28 10:37:49 +0100
committer: rako 2025-11-30 21:19:13 +0100
commit: a45c1ce152011e8fe25eb1d25594ac5705f65404 (patch)
tree: 93c9f3f9dc187fe7aa38e882879f72353b273925 /activitypub.c
parent: Moved is_msg_mine() to data.c. (diff)
download: snac2-a45c1ce152011e8fe25eb1d25594ac5705f65404.tar.gz
snac2-a45c1ce152011e8fe25eb1d25594ac5705f65404.tar.xz
snac2-a45c1ce152011e8fe25eb1d25594ac5705f65404.zip
1 files changed, 7 insertions, 7 deletions
diff --git a/activitypub.c b/activitypub.c
index 2c0fa2e..90230d8 100644
--- a/activitypub.c
+++ b/activitypub.c
@@ -779,7 +779,7 @@ int is_msg_for_me(snac *snac, const xs_dict *c_msg)
            object_get(object, &obj);
        /* if it's about one of our posts, accept it */
-        if (xs_startswith(object, snac->actor))
+        if (is_msg_mine(snac, object))
            return 2;
        /* blocked by hashtag? */
@@ -1242,7 +1242,7 @@ void notify(snac *snac, const char *type, const char *utype, const char *actor,
    if (xs_match(type, "Like|Announce|EmojiReact")) {
        /* if it's not an admiration about something by us, done */
-        if (xs_is_null(objid) || !xs_startswith(objid, snac->actor))
+        if (xs_is_null(objid) || !is_msg_mine(snac, objid))
            return;
        /* if it's an announce by our own relay, done */
@@ -1267,7 +1267,7 @@ void notify(snac *snac, const char *type, const char *utype, const char *actor,
            return;
        /* if it's not ours and we didn't vote, discard */
-        if (!xs_startswith(poll_id, snac->actor) && !was_question_voted(snac, poll_id))
+        if (!is_msg_mine(snac, poll_id) && !was_question_voted(snac, poll_id))
            return;
    }
@@ -2792,10 +2792,10 @@ int process_input_message(snac *snac, const xs_dict *msg, const xs_dict *req)
        if (xs_is_null(object))
            snac_log(snac, xs_fmt("malformed message: no 'id' field"));
        else
-        if (is_muted(snac, actor) && !xs_startswith(object, snac->actor))
+        if (is_muted(snac, actor) && !is_msg_mine(snac, object))
            snac_log(snac, xs_fmt("dropped 'Announce' from muted actor %s", actor));
        else
-        if (is_limited(snac, actor) && !xs_startswith(object, snac->actor))
+        if (is_limited(snac, actor) && !is_msg_mine(snac, object))
            snac_log(snac, xs_fmt("dropped 'Announce' from limited actor %s", actor));
        else {
            xs *a_msg = NULL;
@@ -2903,7 +2903,7 @@ int process_input_message(snac *snac, const xs_dict *msg, const xs_dict *req)
            snac_log(snac, xs_fmt("malformed message: no 'id' field"));
        else
        if (object_here(object)) {
-            if (xs_startswith(object, srv_baseurl) && !xs_startswith(object, actor))
+            if (xs_startswith(object, srv_baseurl) && !is_msg_mine(snac, object))
                snac_log(snac, xs_fmt("ignored incorrect 'Delete' %s %s", actor, object));
            else {
                timeline_del(snac, object);
@@ -3716,7 +3716,7 @@ int activitypub_get_handler(const xs_dict *req, const char *q_path,
                const char *type = xs_dict_get(i, "type");
                const char *id   = xs_dict_get(i, "id");
-                if (type && id && strcmp(type, "Note") == 0 && xs_startswith(id, snac.actor)) {
+                if (type && id && strcmp(type, "Note") == 0 && is_msg_mine(&snac, id)) {
                    if (is_msg_public(i)) {
                        xs *c_msg = msg_create(&snac, i);
                        list = xs_list_append(list, c_msg);
author	rako	2025-11-28 10:37:49 +0100
committer	rako	2025-11-30 21:19:13 +0100
commit	a45c1ce152011e8fe25eb1d25594ac5705f65404 (patch)
tree	93c9f3f9dc187fe7aa38e882879f72353b273925 /activitypub.c
parent	Moved is_msg_mine() to data.c. (diff)
download	snac2-a45c1ce152011e8fe25eb1d25594ac5705f65404.tar.gz snac2-a45c1ce152011e8fe25eb1d25594ac5705f65404.tar.xz snac2-a45c1ce152011e8fe25eb1d25594ac5705f65404.zip

diff --git a/activitypub.c b/activitypub.c index 2c0fa2e..90230d8 100644 --- a/activitypub.c +++ b/activitypub.c
@@ -779,7 +779,7 @@ int is_msg_for_me(snac snac, const xs_dict c_msg)
779	object_get(object, &obj);	779	object_get(object, &obj);
780		780
781	/* if it's about one of our posts, accept it */	781	/* if it's about one of our posts, accept it */
782	if (xs_startswith(object, snac->actor))	782	if (is_msg_mine(snac, object))
783	return 2;	783	return 2;
784		784
785	/* blocked by hashtag? */	785	/* blocked by hashtag? */
@@ -1242,7 +1242,7 @@ void notify(snac snac, const char type, const char utype, const char actor,
1242		1242
1243	if (xs_match(type, "Like\|Announce\|EmojiReact")) {	1243	if (xs_match(type, "Like\|Announce\|EmojiReact")) {
1244	/* if it's not an admiration about something by us, done */	1244	/* if it's not an admiration about something by us, done */
1245	if (xs_is_null(objid) \|\| !xs_startswith(objid, snac->actor))	1245	if (xs_is_null(objid) \|\| !is_msg_mine(snac, objid))
1246	return;	1246	return;
1247		1247
1248	/* if it's an announce by our own relay, done */	1248	/* if it's an announce by our own relay, done */
@@ -1267,7 +1267,7 @@ void notify(snac snac, const char type, const char utype, const char actor,
1267	return;	1267	return;
1268		1268
1269	/* if it's not ours and we didn't vote, discard */	1269	/* if it's not ours and we didn't vote, discard */
1270	if (!xs_startswith(poll_id, snac->actor) && !was_question_voted(snac, poll_id))	1270	if (!is_msg_mine(snac, poll_id) && !was_question_voted(snac, poll_id))
1271	return;	1271	return;
1272	}	1272	}
1273		1273
@@ -2792,10 +2792,10 @@ int process_input_message(snac snac, const xs_dict msg, const xs_dict *req)
2792	if (xs_is_null(object))	2792	if (xs_is_null(object))
2793	snac_log(snac, xs_fmt("malformed message: no 'id' field"));	2793	snac_log(snac, xs_fmt("malformed message: no 'id' field"));
2794	else	2794	else
2795	if (is_muted(snac, actor) && !xs_startswith(object, snac->actor))	2795	if (is_muted(snac, actor) && !is_msg_mine(snac, object))
2796	snac_log(snac, xs_fmt("dropped 'Announce' from muted actor %s", actor));	2796	snac_log(snac, xs_fmt("dropped 'Announce' from muted actor %s", actor));
2797	else	2797	else
2798	if (is_limited(snac, actor) && !xs_startswith(object, snac->actor))	2798	if (is_limited(snac, actor) && !is_msg_mine(snac, object))
2799	snac_log(snac, xs_fmt("dropped 'Announce' from limited actor %s", actor));	2799	snac_log(snac, xs_fmt("dropped 'Announce' from limited actor %s", actor));
2800	else {	2800	else {
2801	xs *a_msg = NULL;	2801	xs *a_msg = NULL;
@@ -2903,7 +2903,7 @@ int process_input_message(snac snac, const xs_dict msg, const xs_dict *req)
2903	snac_log(snac, xs_fmt("malformed message: no 'id' field"));	2903	snac_log(snac, xs_fmt("malformed message: no 'id' field"));
2904	else	2904	else
2905	if (object_here(object)) {	2905	if (object_here(object)) {
2906	if (xs_startswith(object, srv_baseurl) && !xs_startswith(object, actor))	2906	if (xs_startswith(object, srv_baseurl) && !is_msg_mine(snac, object))
2907	snac_log(snac, xs_fmt("ignored incorrect 'Delete' %s %s", actor, object));	2907	snac_log(snac, xs_fmt("ignored incorrect 'Delete' %s %s", actor, object));
2908	else {	2908	else {
2909	timeline_del(snac, object);	2909	timeline_del(snac, object);
@@ -3716,7 +3716,7 @@ int activitypub_get_handler(const xs_dict req, const char q_path,
3716	const char *type = xs_dict_get(i, "type");	3716	const char *type = xs_dict_get(i, "type");
3717	const char *id = xs_dict_get(i, "id");	3717	const char *id = xs_dict_get(i, "id");
3718		3718
3719	if (type && id && strcmp(type, "Note") == 0 && xs_startswith(id, snac.actor)) {	3719	if (type && id && strcmp(type, "Note") == 0 && is_msg_mine(&snac, id)) {
3720	if (is_msg_public(i)) {	3720	if (is_msg_public(i)) {
3721	xs *c_msg = msg_create(&snac, i);	3721	xs *c_msg = msg_create(&snac, i);
3722	list = xs_list_append(list, c_msg);	3722	list = xs_list_append(list, c_msg);