about summary refs log tree commit diff
path: root/app/lib/activitypub
diff options
context:
space:
mode:
Diffstat (limited to 'app/lib/activitypub')
-rw-r--r--app/lib/activitypub/activity/accept.rb17
-rw-r--r--app/lib/activitypub/activity/announce.rb6
-rw-r--r--app/lib/activitypub/activity/create.rb24
-rw-r--r--app/lib/activitypub/tag_manager.rb10
4 files changed, 34 insertions, 23 deletions
diff --git a/app/lib/activitypub/activity/accept.rb b/app/lib/activitypub/activity/accept.rb
index d0082483c..bd90c9019 100644
--- a/app/lib/activitypub/activity/accept.rb
+++ b/app/lib/activitypub/activity/accept.rb
@@ -2,18 +2,16 @@
 
 class ActivityPub::Activity::Accept < ActivityPub::Activity
   def perform
-    if @object.respond_to?(:[]) &&
-       @object['type'] == 'Follow' && @object['actor'].present?
-      accept_follow_from @object['actor']
-    else
-      accept_follow_object @object
+    case @object['type']
+    when 'Follow'
+      accept_follow
     end
   end
 
   private
 
-  def accept_follow_from(actor)
-    target_account = account_from_uri(value_or_id(actor))
+  def accept_follow
+    target_account = account_from_uri(target_uri)
 
     return if target_account.nil? || !target_account.local?
 
@@ -21,8 +19,7 @@ class ActivityPub::Activity::Accept < ActivityPub::Activity
     follow_request&.authorize!
   end
 
-  def accept_follow_object(object)
-    follow_request = ActivityPub::TagManager.instance.uri_to_resource(value_or_id(object), FollowRequest)
-    follow_request&.authorize!
+  def target_uri
+    @target_uri ||= value_or_id(@object['actor'])
   end
 end
diff --git a/app/lib/activitypub/activity/announce.rb b/app/lib/activitypub/activity/announce.rb
index b84098933..abf2b9b80 100644
--- a/app/lib/activitypub/activity/announce.rb
+++ b/app/lib/activitypub/activity/announce.rb
@@ -5,7 +5,7 @@ class ActivityPub::Activity::Announce < ActivityPub::Activity
     original_status   = status_from_uri(object_uri)
     original_status ||= fetch_remote_original_status
 
-    return if original_status.nil? || delete_arrived_first?(@json['id'])
+    return if original_status.nil? || delete_arrived_first?(@json['id']) || !announceable?(original_status)
 
     status = Status.find_by(account: @account, reblog: original_status)
 
@@ -33,4 +33,8 @@ class ActivityPub::Activity::Announce < ActivityPub::Activity
       ::FetchRemoteStatusService.new.call(@object['url'])
     end
   end
+
+  def announceable?(status)
+    status.public_visibility? || status.unlisted_visibility?
+  end
 end
diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb
index 3a985c19b..64c429420 100644
--- a/app/lib/activitypub/activity/create.rb
+++ b/app/lib/activitypub/activity/create.rb
@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
 class ActivityPub::Activity::Create < ActivityPub::Activity
-  SUPPORTED_TYPES = %w(Article Note).freeze
-  CONVERTED_TYPES = %w(Image Video).freeze
+  SUPPORTED_TYPES = %w(Note).freeze
+  CONVERTED_TYPES = %w(Image Video Article).freeze
 
   def perform
-    return if delete_arrived_first?(object_uri) || unsupported_object_type?
+    return if delete_arrived_first?(object_uri) || unsupported_object_type? || invalid_origin?(@object['id'])
 
     RedisLock.acquire(lock_options) do |lock|
       if lock.acquired?
@@ -213,7 +213,14 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
 
   def object_url
     return if @object['url'].blank?
-    url_to_href(@object['url'], 'text/html')
+
+    url_candidate = url_to_href(@object['url'], 'text/html')
+
+    if invalid_origin?(url_candidate)
+      nil
+    else
+      url_candidate
+    end
   end
 
   def content_language_map?
@@ -245,6 +252,15 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
     @skip_download ||= DomainBlock.find_by(domain: @account.domain)&.reject_media?
   end
 
+  def invalid_origin?(url)
+    return true if unsupported_uri_scheme?(url)
+
+    needle   = Addressable::URI.parse(url).host
+    haystack = Addressable::URI.parse(@account.uri).host
+
+    !haystack.casecmp(needle).zero?
+  end
+
   def reply_to_local?
     !replied_to_status.nil? && replied_to_status.account.local?
   end
diff --git a/app/lib/activitypub/tag_manager.rb b/app/lib/activitypub/tag_manager.rb
index 1c35e1672..fa2a8f7d3 100644
--- a/app/lib/activitypub/tag_manager.rb
+++ b/app/lib/activitypub/tag_manager.rb
@@ -28,8 +28,6 @@ class ActivityPub::TagManager
     return target.uri if target.respond_to?(:local?) && !target.local?
 
     case target.object_type
-    when :follow
-      account_follow_url(target.account.username, target)
     when :person
       account_url(target)
     when :note, :comment, :activity
@@ -69,6 +67,8 @@ class ActivityPub::TagManager
   def cc(status)
     cc = []
 
+    cc << uri_for(status.reblog.account) if status.reblog?
+
     case status.visibility
     when 'public'
       cc << account_followers_url(status.account)
@@ -99,12 +99,6 @@ class ActivityPub::TagManager
       case klass.name
       when 'Account'
         klass.find_local(uri_to_local_id(uri, :username))
-      when 'FollowRequest'
-        params = Rails.application.routes.recognize_path(uri)
-        klass.joins(:account).find_by!(
-          accounts: { domain: nil, username: params[:account_username] },
-          id: params[:id]
-        )
       else
         StatusFinder.new(uri).status
       end
generated by cgit-pink (git 2.37.1) at 2025-02-12 14:28:14 +0000