From 7074a2efafd374aa4401fd4d497c251c5946de21 Mon Sep 17 00:00:00 2001
From: Laura Hausmann <laura@hausmann.dev>
Date: Wed, 18 Sep 2024 23:37:09 +0200
Subject: [PATCH] [backend] Canonicalize URLs before comparing them during
 object id consistency checks in the AP resolver

---
 packages/backend/src/remote/activitypub/resolver.ts | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/packages/backend/src/remote/activitypub/resolver.ts b/packages/backend/src/remote/activitypub/resolver.ts
index 53185cd42..17cf50e2a 100644
--- a/packages/backend/src/remote/activitypub/resolver.ts
+++ b/packages/backend/src/remote/activitypub/resolver.ts
@@ -125,14 +125,20 @@ export default class Resolver {
 		const {res, object} = await this.doFetch(value);
 
 		if (object.id == null) throw new Error("Object has no ID");
-		if (res.finalUrl === object.id) return object;
+		const objectId = new URL(object.id);
+		const resFinalUrl = new URL(res.finalUrl);
+		if (resFinalUrl.toString() === objectId.toString()) return object;
 
-		if (new URL(res.finalUrl).host !== new URL(object.id).host)
+		if (resFinalUrl.host !== objectId.host)
 			throw new Error("Object ID host doesn't match final url host");
 
 		const {res: finalRes, object: finalObject} = await this.doFetch(object.id);
 
-		if (finalRes.finalUrl !== finalObject.id)
+		if (finalObject.id == null) throw new Error("Final object has no ID");
+		const finalObjectId = new URL(finalObject.id);
+		const finalResFinalUrl = new URL(finalRes.finalUrl);
+
+		if (finalResFinalUrl.toString() !== finalObjectId.toString())
 			throw new Error("Object ID still doesn't match final URL after second fetch attempt")
 
 		return finalObject;