From b4b8eaf61cfb0bd6df8fe1cf0d00e55be13dd1f5 Mon Sep 17 00:00:00 2001 From: multiple creatures Date: Wed, 15 Jan 2020 14:24:55 -0600 Subject: anti-harassment: add option to toggle whether to allow follows/packmate requests from accounts you've never interacted with before; default to off --- app/lib/activitypub/activity/follow.rb | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'app/lib/activitypub') diff --git a/app/lib/activitypub/activity/follow.rb b/app/lib/activitypub/activity/follow.rb index 66df92601..1c19c7006 100644 --- a/app/lib/activitypub/activity/follow.rb +++ b/app/lib/activitypub/activity/follow.rb @@ -14,6 +14,11 @@ class ActivityPub::Activity::Follow < ActivityPub::Activity return end + if !target_account.user.allow_unknown_follows? && !(target_account.following?(@account) || ever_mentioned_by?(target_account)) + reject_follow_request!(target_account) + return + end + # Fast-forward repeat follow requests if @account.following?(target_account) AuthorizeFollowService.new.call(@account, target_account, skip_follow_request: true, follow_request_uri: @json['id']) @@ -33,5 +38,11 @@ class ActivityPub::Activity::Follow < ActivityPub::Activity def reject_follow_request!(target_account) json = Oj.dump(serialize_payload(FollowRequest.new(account: @account, target_account: target_account, uri: @json['id']), ActivityPub::RejectFollowSerializer)) ActivityPub::DeliveryWorker.perform_async(json, target_account.id, @account.inbox_url) + endA + + private + + def ever_mentioned_by?(target_account) + Status.joins(:mentions).merge(target_account.mentions).where(account_id: @account.id).exists? end end -- cgit