From e7ba414980a6af4ce69d7c7a184d5cc03533f014 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E3=81=82=E3=82=8F=E3=82=8F=E3=82=8F=E3=81=A8=E3=83=BC?=
 =?UTF-8?q?=E3=81=AB=E3=82=85?=
 <17376330+u1-liquid@users.noreply.github.com>
Date: Sat, 28 Dec 2024 12:26:25 +0900
Subject: [PATCH] check actor

---
 .../src/core/activitypub/models/ApNoteService.ts      | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/packages/backend/src/core/activitypub/models/ApNoteService.ts b/packages/backend/src/core/activitypub/models/ApNoteService.ts
index 6037c66b2e5c..258a66ed0aa8 100644
--- a/packages/backend/src/core/activitypub/models/ApNoteService.ts
+++ b/packages/backend/src/core/activitypub/models/ApNoteService.ts
@@ -102,11 +102,14 @@ export class ApNoteService {
 			return new IdentifiableError('d450b8a9-48e4-4dab-ae36-f4db763fda7c', 'invalid Note: published timestamp is malformed');
 		}
 
-		if (actor) {
-			const attribution = (object.attributedTo) ? getOneApId(object.attributedTo) : actor.uri;
+		if (actor?.uri) {
+			if (object.id && !this.utilityService.isRelatedUris(object.id, actor.uri)) {
+				return new IdentifiableError('d450b8a9-48e4-4dab-ae36-f4db763fda7c', `invalid Note: id has unrelated host to actor. actor: ${actor.uri}, id: ${object.id}`);
+			}
 
-			if (attribution !== actor.uri) {
-				return new IdentifiableError('d450b8a9-48e4-4dab-ae36-f4db763fda7c', `invalid Note: attribution does not match the actor that send it. attribution: ${attribution}, actor: ${actor.uri}`);
+			const attributedTo = object.attributedTo && getOneApId(object.attributedTo);
+			if (attributedTo && !this.utilityService.isRelatedUris(attributedTo, actor.uri)) {
+				return new IdentifiableError('d450b8a9-48e4-4dab-ae36-f4db763fda7c', `invalid Note: attributedTo has unrelated host to actor. actor: ${actor.uri}, attributedTo: ${attributedTo}`);
 			}
 		}