[Privacy] Add profile option for indirect federation mode, disabled by default

12 files changed, 28 insertions, 4 deletions

diff --git a/app/controllers/api/v1/accounts/credentials_controller.rb b/app/controllers/api/v1/accounts/credentials_controller.rb
index 64b5cb747..dbafc3cc2 100644
--- a/app/controllers/api/v1/accounts/credentials_controller.rb
+++ b/app/controllers/api/v1/accounts/credentials_controller.rb
@@ -21,7 +21,7 @@ class Api::V1::Accounts::CredentialsController < Api::BaseController
   private
 
   def account_params
-    params.permit(:display_name, :note, :avatar, :header, :locked, :bot, :discoverable, fields_attributes: [:name, :value])
+    params.permit(:display_name, :note, :avatar, :header, :locked, :bot, :discoverable, :require_dereference, fields_attributes: [:name, :value])
   end
 
   def user_settings_params
diff --git a/app/controllers/settings/profiles_controller.rb b/app/controllers/settings/profiles_controller.rb
index 19a7ce157..33d93a233 100644
--- a/app/controllers/settings/profiles_controller.rb
+++ b/app/controllers/settings/profiles_controller.rb
@@ -23,7 +23,7 @@ class Settings::ProfilesController < Settings::BaseController
   private
 
   def account_params
-    params.require(:account).permit(:display_name, :note, :avatar, :header, :locked, :bot, :discoverable, fields_attributes: [:name, :value])
+    params.require(:account).permit(:display_name, :note, :avatar, :header, :locked, :bot, :discoverable, :require_dereference, fields_attributes: [:name, :value])
   end
 
   def set_account
diff --git a/app/lib/activitypub/adapter.rb b/app/lib/activitypub/adapter.rb
index 309b84c37..6ecce7fe9 100644
--- a/app/lib/activitypub/adapter.rb
+++ b/app/lib/activitypub/adapter.rb
@@ -9,6 +9,7 @@ class ActivityPub::Adapter < ActiveModelSerializers::Adapter::Base
   CONTEXT_EXTENSION_MAP = {
     direct_message: { 'litepub': 'http://litepub.social/ns#', 'directMessage': 'litepub:directMessage' },
     edited: { 'mp' => 'http://the.monsterpit.net/ns#', 'edited' => 'mp:edited' },
+    require_dereference: { 'mp' => 'http://the.monsterpit.net/ns#', 'requireDereference' => 'mp:requireDereference' },
     manually_approves_followers: { 'manuallyApprovesFollowers' => 'as:manuallyApprovesFollowers' },
     sensitive: { 'sensitive' => 'as:sensitive' },
     hashtag: { 'Hashtag' => 'as:Hashtag' },
diff --git a/app/models/account.rb b/app/models/account.rb
index 0b3c48543..48e6e8532 100644
--- a/app/models/account.rb
+++ b/app/models/account.rb
@@ -50,6 +50,7 @@
 #  avatar_storage_schema_version :integer
 #  header_storage_schema_version :integer
 #  devices_url                   :string
+#  require_dereference           :boolean          default(FALSE), not null
 #
 
 class Account < ApplicationRecord
diff --git a/app/presenters/activitypub/activity_presenter.rb b/app/presenters/activitypub/activity_presenter.rb
index 471071efc..4d5d28611 100644
--- a/app/presenters/activitypub/activity_presenter.rb
+++ b/app/presenters/activitypub/activity_presenter.rb
@@ -14,7 +14,7 @@ class ActivityPub::ActivityPresenter < ActiveModelSerializers::Model
         presenter.to        = ActivityPub::TagManager.instance.to(status)
         presenter.cc        = ActivityPub::TagManager.instance.cc(status)
 
-        unless embed
+        unless embed || !status.account.require_dereference
           presenter.virtual_object = ActivityPub::TagManager.instance.uri_for(status.proper)
           next
         end
diff --git a/app/serializers/activitypub/actor_serializer.rb b/app/serializers/activitypub/actor_serializer.rb
index 627d4446b..f3ed70490 100644
--- a/app/serializers/activitypub/actor_serializer.rb
+++ b/app/serializers/activitypub/actor_serializer.rb
@@ -24,6 +24,9 @@ class ActivityPub::ActorSerializer < ActivityPub::Serializer
   attribute :moved_to, if: :moved?
   attribute :also_known_as, if: :also_known_as?
 
+  context_extensions :require_dereference
+  attribute :require_dereference
+
   class EndpointsSerializer < ActivityPub::Serializer
     include RoutingHelper
 
diff --git a/app/serializers/rest/account_serializer.rb b/app/serializers/rest/account_serializer.rb
index 4e497cdbd..bc941d3e7 100644
--- a/app/serializers/rest/account_serializer.rb
+++ b/app/serializers/rest/account_serializer.rb
@@ -7,6 +7,8 @@ class REST::AccountSerializer < ActiveModel::Serializer
              :note, :url, :avatar, :avatar_static, :header, :header_static,
              :followers_count, :following_count, :statuses_count, :last_status_at
 
+  attribute :require_dereference
+
   has_one :moved_to_account, key: :moved, serializer: REST::AccountSerializer, if: :moved_and_not_nested?
   has_many :emojis, serializer: REST::CustomEmojiSerializer
 
diff --git a/app/services/activitypub/process_account_service.rb b/app/services/activitypub/process_account_service.rb
index 85b915ec6..56c70cfa0 100644
--- a/app/services/activitypub/process_account_service.rb
+++ b/app/services/activitypub/process_account_service.rb
@@ -86,6 +86,7 @@ class ActivityPub::ProcessAccountService < BaseService
     @account.also_known_as           = as_array(@json['alsoKnownAs'] || []).map { |item| value_or_id(item) }
     @account.actor_type              = actor_type
     @account.discoverable            = @json['discoverable'] || false
+    @account.require_dereference     = @json['requireDereference'] || false
   end
 
   def set_fetchable_attributes!
diff --git a/app/views/settings/profiles/show.html.haml b/app/views/settings/profiles/show.html.haml
index 6061e9cfd..7ca54c146 100644
--- a/app/views/settings/profiles/show.html.haml
+++ b/app/views/settings/profiles/show.html.haml
@@ -32,6 +32,11 @@
   - if Setting.profile_directory
     .fields-group
       = f.input :discoverable, as: :boolean, wrapper: :with_label, hint: t('simple_form.hints.defaults.discoverable'), recommended: true
+  
+  %h4= t 'preferences.profiles.advanced_privacy'
+
+  .fields-group
+    = f.input :require_dereference, as: :boolean, wrapper: :with_label, hint: t('simple_form.hints.defaults.require_dereference_html')
 
   %hr.spacer/
 
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 40adfc21e..b5c1a8113 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -1014,6 +1014,8 @@ en:
     other: Other
     posting_defaults: Posting defaults
     public_timelines: Public timelines
+    profiles:
+      advanced_privacy: Advanced privacy
   reactions:
     errors:
       limit_reached: Limit of different reactions reached
diff --git a/config/locales/simple_form.en-MP.yml b/config/locales/simple_form.en-MP.yml
index 9903fb174..55097c519 100644
--- a/config/locales/simple_form.en-MP.yml
+++ b/config/locales/simple_form.en-MP.yml
@@ -10,9 +10,10 @@ en-MP:
         text_html: Optional. You can use roar syntax. You can <a href="%{path}">add warning presets</a> to save time
       announcement:
         text: You can use roar syntax. Please be mindful of the space the announcement will take up on the user's screen
-      defaults:
+      defaults: 
         irreversible: Filtered roars will disappear irreversibly, even if filter is later removed
         phrase: Will be matched regardless of casing in text or content warning of a roar
+        require_dereference_html: "When enabled, Monsterpit will deliver your roars to other servers as pointers and require an authenticated request to access their (non-public) content.  This allows permissions and blocks you've set to be enforced more stringently.  <strong>Beware that standard Mastodon servers are not compatible with this feature.</strong>"
         setting_aggregate_reblogs: Do not show new boosts for roars that have been recently boosted (only affects newly-received boosts)
         setting_default_content_type_html: When composing roars, assume they are written in raw HTML, unless specified otherwise
         setting_default_content_type_markdown: When composing roars, assume they are using Markdown for rich text formatting, unless specified otherwise
@@ -34,6 +35,7 @@ en-MP:
         include_statuses: Include reported roars in the e-mail
       defaults:
         bot: This is an automated account
+        require_dereference: Indirect federation mode
         setting_crop_images: Crop images in non-expanded roars to 16x9
         setting_default_content_type: Default format for roars
         setting_default_language: Roar language
diff --git a/db/migrate/20200718011317_add_require_dereference_to_accounts.rb b/db/migrate/20200718011317_add_require_dereference_to_accounts.rb
new file mode 100644
index 000000000..9fcabd891
--- /dev/null
+++ b/db/migrate/20200718011317_add_require_dereference_to_accounts.rb
@@ -0,0 +1,7 @@
+class AddRequireDereferenceToAccounts < ActiveRecord::Migration[5.2]
+  def change
+    safety_assured do
+      add_column :accounts, :require_dereference, :boolean, null: false, default: false
+    end
+  end
+end