From 3a5c621e1775e0f08ed7886379dc074ef94a191f Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Tue, 12 Nov 2024 12:06:18 +0100 Subject: [PATCH] Throw error when attempting to http fetch local object --- src/error.rs | 3 +++ src/fetch/object_id.rs | 10 +++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/error.rs b/src/error.rs index 1866e48..a13f8c5 100644 --- a/src/error.rs +++ b/src/error.rs @@ -78,6 +78,9 @@ pub enum Error { /// Attempted to fetch object but the response's id field doesn't match #[error("Attempted to fetch object from {0} but the response's id field doesn't match")] FetchWrongId(Url), + /// Object which has local domain cannot be fetched over HTTP + #[error("Object which has local domain cannot be fetched over HTTP")] + CannotDereferenceLocalObject, /// Other generic errors #[error("{0}")] Other(String), diff --git a/src/fetch/object_id.rs b/src/fetch/object_id.rs index 3f0676b..f71b03f 100644 --- a/src/fetch/object_id.rs +++ b/src/fetch/object_id.rs @@ -92,7 +92,7 @@ where // object found in database if let Some(object) = db_object { if let Some(last_refreshed_at) = object.last_refreshed_at() { - let is_local = data.config.is_local_url(&self.0); + let is_local = self.is_local(data); if !is_local && should_refetch_object(last_refreshed_at) { // object is outdated and should be refetched return self.dereference_from_http(data, Some(object)).await; @@ -158,6 +158,10 @@ where where ::Error: From, { + if self.is_local(data) { + return Err(Error::CannotDereferenceLocalObject.into()); + } + let res = Box::pin(fetch_object_http(&self.0, data)).await; if let Err(Error::ObjectDeleted(url)) = res { @@ -170,6 +174,10 @@ where let res = res?; let redirect_url = &res.url; + if data.config.is_local_url(&redirect_url) { + return Err(Error::CannotDereferenceLocalObject.into()); + } + Box::pin(Kind::verify(&res.object, redirect_url, data)).await?; Box::pin(Kind::from_json(res.object, data)).await }