Slop/activitypub-federation-rust
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add to_canonical() for ip check

Browse source
This commit is contained in:
Felix Ableitner 2026-02-04 11:47:39 +01:00
parent b5dd86ab07
commit ec34fc9e99
1 changed files with 14 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
src/config.rs
View file

@ -186,23 +186,23 @@ impl<T: Clone> FederationConfig<T> {
// Resolve domain and see if it points to private IP // Resolve domain and see if it points to private IP
// TODO: Use is_global() once stabilized // TODO: Use is_global() once stabilized
// https://doc.rust-lang.org/std/net/enum.IpAddr.html#method.is_global // https://doc.rust-lang.org/std/net/enum.IpAddr.html#method.is_global
let invalid_ip = let mut ips = lookup_host((domain.to_owned(), 80))
lookup_host((domain.to_owned(), 80)) .await?
.await? .map(|s| s.ip().to_canonical());
.any(|addr| match addr.ip() { let invalid_ip = ips.any(|ip| match ip {
IpAddr::V4(addr) => { IpAddr::V4(addr) => {
addr.is_private() addr.is_private()
|| addr.is_link_local() || addr.is_link_local()
|| addr.is_loopback() || addr.is_loopback()
|| addr.is_multicast() || addr.is_multicast()
} }
IpAddr::V6(addr) => { IpAddr::V6(addr) => {
addr.is_loopback() addr.is_loopback()
|| addr.is_multicast() || addr.is_multicast()
|| ((addr.segments()[0] & 0xfe00) == 0xfc00) // is_unique_local || ((addr.segments()[0] & 0xfe00) == 0xfc00) // is_unique_local
|| ((addr.segments()[0] & 0xffc0) == 0xfe80) // is_unicast_link_local || ((addr.segments()[0] & 0xffc0) == 0xfe80) // is_unicast_link_local
} }
}); });
if invalid_ip { if invalid_ip {
return Err(Error::UrlVerificationError( return Err(Error::UrlVerificationError(
"Localhost is only allowed in debug mode", "Localhost is only allowed in debug mode",