diff options
Diffstat (limited to 'app/lib/activitypub/activity')
-rw-r--r-- | app/lib/activitypub/activity/accept.rb | 17 | ||||
-rw-r--r-- | app/lib/activitypub/activity/announce.rb | 6 | ||||
-rw-r--r-- | app/lib/activitypub/activity/create.rb | 24 |
3 files changed, 32 insertions, 15 deletions
diff --git a/app/lib/activitypub/activity/accept.rb b/app/lib/activitypub/activity/accept.rb index d0082483c..bd90c9019 100644 --- a/app/lib/activitypub/activity/accept.rb +++ b/app/lib/activitypub/activity/accept.rb @@ -2,18 +2,16 @@ class ActivityPub::Activity::Accept < ActivityPub::Activity def perform - if @object.respond_to?(:[]) && - @object['type'] == 'Follow' && @object['actor'].present? - accept_follow_from @object['actor'] - else - accept_follow_object @object + case @object['type'] + when 'Follow' + accept_follow end end private - def accept_follow_from(actor) - target_account = account_from_uri(value_or_id(actor)) + def accept_follow + target_account = account_from_uri(target_uri) return if target_account.nil? || !target_account.local? @@ -21,8 +19,7 @@ class ActivityPub::Activity::Accept < ActivityPub::Activity follow_request&.authorize! end - def accept_follow_object(object) - follow_request = ActivityPub::TagManager.instance.uri_to_resource(value_or_id(object), FollowRequest) - follow_request&.authorize! + def target_uri + @target_uri ||= value_or_id(@object['actor']) end end diff --git a/app/lib/activitypub/activity/announce.rb b/app/lib/activitypub/activity/announce.rb index b84098933..abf2b9b80 100644 --- a/app/lib/activitypub/activity/announce.rb +++ b/app/lib/activitypub/activity/announce.rb @@ -5,7 +5,7 @@ class ActivityPub::Activity::Announce < ActivityPub::Activity original_status = status_from_uri(object_uri) original_status ||= fetch_remote_original_status - return if original_status.nil? || delete_arrived_first?(@json['id']) + return if original_status.nil? || delete_arrived_first?(@json['id']) || !announceable?(original_status) status = Status.find_by(account: @account, reblog: original_status) @@ -33,4 +33,8 @@ class ActivityPub::Activity::Announce < ActivityPub::Activity ::FetchRemoteStatusService.new.call(@object['url']) end end + + def announceable?(status) + status.public_visibility? || status.unlisted_visibility? + end end diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb index 3a985c19b..64c429420 100644 --- a/app/lib/activitypub/activity/create.rb +++ b/app/lib/activitypub/activity/create.rb @@ -1,11 +1,11 @@ # frozen_string_literal: true class ActivityPub::Activity::Create < ActivityPub::Activity - SUPPORTED_TYPES = %w(Article Note).freeze - CONVERTED_TYPES = %w(Image Video).freeze + SUPPORTED_TYPES = %w(Note).freeze + CONVERTED_TYPES = %w(Image Video Article).freeze def perform - return if delete_arrived_first?(object_uri) || unsupported_object_type? + return if delete_arrived_first?(object_uri) || unsupported_object_type? || invalid_origin?(@object['id']) RedisLock.acquire(lock_options) do |lock| if lock.acquired? @@ -213,7 +213,14 @@ class ActivityPub::Activity::Create < ActivityPub::Activity def object_url return if @object['url'].blank? - url_to_href(@object['url'], 'text/html') + + url_candidate = url_to_href(@object['url'], 'text/html') + + if invalid_origin?(url_candidate) + nil + else + url_candidate + end end def content_language_map? @@ -245,6 +252,15 @@ class ActivityPub::Activity::Create < ActivityPub::Activity @skip_download ||= DomainBlock.find_by(domain: @account.domain)&.reject_media? end + def invalid_origin?(url) + return true if unsupported_uri_scheme?(url) + + needle = Addressable::URI.parse(url).host + haystack = Addressable::URI.parse(@account.uri).host + + !haystack.casecmp(needle).zero? + end + def reply_to_local? !replied_to_status.nil? && replied_to_status.account.local? end |