diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2022-08-20 22:47:19 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2022-08-20 21:47:19 +0100 |
| commit | 570fa7c3598118ded6df7ced0a5326f54e7a43e2 (patch) | |
| tree | 9575a6f3016c73b7109c88f68a2a512981cf19e4 /internal/cache | |
| parent | [docs] Textual updates on markdown files (#756) (diff) | |
| download | gotosocial-570fa7c3598118ded6df7ced0a5326f54e7a43e2.tar.xz | |
[bugfix] Fix potential dereference of accounts on own instance (#757)
* add GetAccountByUsernameDomain
* simplify search
* add escape to not deref accounts on own domain
* check if local + we have account by ap uri
Diffstat (limited to 'internal/cache')
| -rw-r--r-- | internal/cache/account.go | 15 | ||||
| -rw-r--r-- | internal/cache/account_test.go | 4 |
2 files changed, 19 insertions, 0 deletions
diff --git a/internal/cache/account.go b/internal/cache/account.go index ac67b5d07..1f958ebb8 100644 --- a/internal/cache/account.go +++ b/internal/cache/account.go @@ -37,6 +37,7 @@ func NewAccountCache() *AccountCache { RegisterLookups: func(lm *cache.LookupMap[string, string]) { lm.RegisterLookup("uri") lm.RegisterLookup("url") + lm.RegisterLookup("usernamedomain") }, AddLookups: func(lm *cache.LookupMap[string, string], acc *gtsmodel.Account) { @@ -46,6 +47,7 @@ func NewAccountCache() *AccountCache { if url := acc.URL; url != "" { lm.Set("url", url, acc.ID) } + lm.Set("usernamedomain", usernameDomainKey(acc.Username, acc.Domain), acc.ID) }, DeleteLookups: func(lm *cache.LookupMap[string, string], acc *gtsmodel.Account) { @@ -55,6 +57,7 @@ func NewAccountCache() *AccountCache { if url := acc.URL; url != "" { lm.Delete("url", url) } + lm.Delete("usernamedomain", usernameDomainKey(acc.Username, acc.Domain)) }, }) c.cache.SetTTL(time.Minute*5, false) @@ -77,6 +80,10 @@ func (c *AccountCache) GetByURI(uri string) (*gtsmodel.Account, bool) { return c.cache.GetBy("uri", uri) } +func (c *AccountCache) GetByUsernameDomain(username string, domain string) (*gtsmodel.Account, bool) { + return c.cache.GetBy("usernamedomain", usernameDomainKey(username, domain)) +} + // Put places a account in the cache, ensuring that the object place is a copy for thread-safety func (c *AccountCache) Put(account *gtsmodel.Account) { if account == nil || account.ID == "" { @@ -135,3 +142,11 @@ func copyAccount(account *gtsmodel.Account) *gtsmodel.Account { SuspensionOrigin: account.SuspensionOrigin, } } + +func usernameDomainKey(username string, domain string) string { + u := "@" + username + if domain != "" { + return u + "@" + domain + } + return u +} diff --git a/internal/cache/account_test.go b/internal/cache/account_test.go index ff882cc3d..a6d3c6b7d 100644 --- a/internal/cache/account_test.go +++ b/internal/cache/account_test.go @@ -69,6 +69,10 @@ func (suite *AccountCacheTestSuite) TestAccountCache() { if account.URL != "" && !ok && !accountIs(account, check) { suite.Fail("Failed to fetch expected account with URL: %s", account.URL) } + check, ok = suite.cache.GetByUsernameDomain(account.Username, account.Domain) + if !ok && !accountIs(account, check) { + suite.Fail("Failed to fetch expected account with username/domain: %s/%s", account.Username, account.Domain) + } } } |