about summary refs log tree commit diff
path: root/app/lib
diff options
context:
space:
mode:
authorFire Demon <firedemon@creature.cafe>2020-11-01 23:54:26 -0600
committerFire Demon <firedemon@creature.cafe>2020-11-01 23:54:47 -0600
commit65fa7525754ffdceb4d6903b118d217c4783edce (patch)
treea290d00d3baad98eb9fb9a1a323e9d5f95d6bfa4 /app/lib
parent7d752af6645778f79e3bea8121fdd24fe3aa41fa (diff)
Limit visibility of incoming objects addressed to servers not allowlisted
Diffstat (limited to 'app/lib')
-rw-r--r--app/lib/activitypub/activity/create.rb3
1 files changed, 3 insertions, 0 deletions
diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb
index cc585eb10..8aaa31aed 100644
--- a/app/lib/activitypub/activity/create.rb
+++ b/app/lib/activitypub/activity/create.rb
@@ -3,6 +3,7 @@
 # rubocop:disable Metrics/ClassLength
 class ActivityPub::Activity::Create < ActivityPub::Activity
   include ImgProxyHelper
+  include DomainControlHelper
 
   def perform
     dereference_object!
@@ -197,6 +198,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
 
     (audience_to + audience_cc).uniq.each do |audience|
       next if audience == ActivityPub::TagManager::COLLECTIONS[:public]
+      next (@params[:visibility] = :limited) if domain_not_allowed?(audience)
 
       # Unlike with tags, there is no point in resolving accounts we don't already
       # know here, because silent mentions would only be used for local access
@@ -278,6 +280,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
 
   def process_mention(tag)
     return if tag['href'].blank?
+    return (@params[:visibility] = :limited) if domain_not_allowed?(tag['href'])
 
     account = account_from_uri(tag['href'])
     account = ActivityPub::FetchRemoteAccountService.new.call(tag['href']) if account.nil?