about summary refs log tree commit diff
path: root/app/lib/activitypub/activity
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2019-02-15 18:19:45 +0100
committerGitHub <noreply@github.com>2019-02-15 18:19:45 +0100
commitc417e8c198238f80396c0e4e89c2653e4217108a (patch)
tree245ffe23cbb643ca51b98a62b402bffff87d777b /app/lib/activitypub/activity
parent8ef50706a11e115e8b4aa31b30de93738bc7e754 (diff)
Filter incoming Announce activities by relation to local activity (#10041)
* Filter incoming Announce activities by relation to local activity

Reject if announcer is not followed by local accounts, and is not
from an enabled relay, and the object is not a local status

Follow-up to #10005

* Fix tests
Diffstat (limited to 'app/lib/activitypub/activity')
-rw-r--r--app/lib/activitypub/activity/announce.rb11
-rw-r--r--app/lib/activitypub/activity/create.rb12
2 files changed, 10 insertions, 13 deletions
diff --git a/app/lib/activitypub/activity/announce.rb b/app/lib/activitypub/activity/announce.rb
index 04afeea20..28a1cda02 100644
--- a/app/lib/activitypub/activity/announce.rb
+++ b/app/lib/activitypub/activity/announce.rb
@@ -3,7 +3,8 @@
 class ActivityPub::Activity::Announce < ActivityPub::Activity
   def perform
     original_status = status_from_object
-    return if original_status.nil? || delete_arrived_first?(@json['id']) || !announceable?(original_status)
+
+    return if original_status.nil? || delete_arrived_first?(@json['id']) || !announceable?(original_status) || !related_to_local_activity?
 
     status = Status.find_by(account: @account, reblog: original_status)
 
@@ -39,4 +40,12 @@ class ActivityPub::Activity::Announce < ActivityPub::Activity
   def announceable?(status)
     status.account_id == @account.id || status.public_visibility? || status.unlisted_visibility?
   end
+
+  def related_to_local_activity?
+    followed_by_local_accounts? || requested_through_relay? || reblog_of_local_status?
+  end
+
+  def reblog_of_local_status?
+    status_from_uri(object_uri)&.account&.local?
+  end
 end
diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb
index 1b31768d9..4fc37fb4b 100644
--- a/app/lib/activitypub/activity/create.rb
+++ b/app/lib/activitypub/activity/create.rb
@@ -341,18 +341,6 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
       responds_to_followed_account? || addresses_local_accounts?
   end
 
-  def fetch?
-    !@options[:delivery]
-  end
-
-  def followed_by_local_accounts?
-    @account.passive_relationships.exists?
-  end
-
-  def requested_through_relay?
-    @options[:relayed_through_account] && Relay.find_by(inbox_url: @options[:relayed_through_account].inbox_url)&.enabled?
-  end
-
   def responds_to_followed_account?
     !replied_to_status.nil? && (replied_to_status.account.local? || replied_to_status.account.passive_relationships.exists?)
   end
generated by cgit-pink (git 2.37.1) at 2025-02-18 19:23:50 +0000