akkoma/lib/pleroma/web/activity_pub/visibility.ex

# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.ActivityPub.Visibility do
  alias Pleroma.Activity
  alias Pleroma.Object
  alias Pleroma.Repo
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.Utils

  require Pleroma.Constants

  @spec is_public?(Object.t() | Activity.t() | map()) :: boolean()
  def is_public?(%Object{data: %{"type" => "Tombstone"}}), do: false
  def is_public?(%Object{data: data}), do: is_public?(data)
  def is_public?(%Activity{data: %{"type" => "Move"}}), do: true
  def is_public?(%Activity{data: data}), do: is_public?(data)
  def is_public?(%{"directMessage" => true}), do: false

  def is_public?(data) do
    Utils.label_in_message?(Pleroma.Constants.as_public(), data) or
      Utils.label_in_message?(Utils.as_local_public(), data)
  end

  def is_local_public?(%Object{data: data}), do: is_local_public?(data)
  def is_local_public?(%Activity{data: data}), do: is_local_public?(data)

  def is_local_public?(data) do
    Utils.label_in_message?(Utils.as_local_public(), data) and
      not Utils.label_in_message?(Pleroma.Constants.as_public(), data)
  end

  def is_private?(activity) do
    with false <- is_public?(activity),
         %User{follower_address: follower_address} <-
           User.get_cached_by_ap_id(activity.data["actor"]) do
      follower_address in activity.data["to"]
    else
      _ -> false
    end
  end

  def is_announceable?(activity, user, public \\ true) do
    is_public?(activity) ||
      (!public && is_private?(activity) && activity.data["actor"] == user.ap_id)
  end

  def is_direct?(%Activity{data: %{"directMessage" => true}}), do: true
  def is_direct?(%Object{data: %{"directMessage" => true}}), do: true

  def is_direct?(activity) do
    !is_public?(activity) && !is_private?(activity)
  end

  def is_list?(%{data: %{"listMessage" => _}}), do: true
  def is_list?(_), do: false

  @spec visible_for_user?(Object.t() | Activity.t() | nil, User.t() | nil) :: boolean()
  def visible_for_user?(%Object{data: %{"type" => "Tombstone"}}, _), do: false
  def visible_for_user?(%Activity{actor: ap_id}, %User{ap_id: ap_id}), do: true
  def visible_for_user?(%Object{data: %{"actor" => ap_id}}, %User{ap_id: ap_id}), do: true
  def visible_for_user?(nil, _), do: false
  def visible_for_user?(%Activity{data: %{"listMessage" => _}}, nil), do: false

  def visible_for_user?(
        %Activity{data: %{"listMessage" => list_ap_id}} = activity,
        %User{} = user
      ) do
    user.ap_id in activity.data["to"] ||
      list_ap_id
      |> Pleroma.List.get_by_ap_id()
      |> Pleroma.List.member?(user)
  end

  def visible_for_user?(%{__struct__: module} = message, nil)
      when module in [Activity, Object] do
    if restrict_unauthenticated_access?(message),
      do: false,
      else: is_public?(message) and not is_local_public?(message)
  end

  def visible_for_user?(%{__struct__: module} = message, user)
      when module in [Activity, Object] do
    x = [user.ap_id | User.following(user)]
    y = [message.data["actor"]] ++ message.data["to"] ++ (message.data["cc"] || [])

    if is_local_public?(message) do
      user.local
    else
      is_public?(message) || Enum.any?(x, &(&1 in y))
    end
  end

  def entire_thread_visible_for_user?(%Activity{} = activity, %User{} = user) do
    {:ok, %{rows: [[result]]}} =
      Ecto.Adapters.SQL.query(Repo, "SELECT thread_visibility($1, $2)", [
        user.ap_id,
        activity.data["id"]
      ])

    result
  end

  def restrict_unauthenticated_access?(%Activity{local: local}) do
    restrict_unauthenticated_access_to_activity?(local)
  end

  def restrict_unauthenticated_access?(%Object{} = object) do
    object
    |> Object.local?()
    |> restrict_unauthenticated_access_to_activity?()
  end

  def restrict_unauthenticated_access?(%User{} = user) do
    User.visible_for(user, _reading_user = nil)
  end

  defp restrict_unauthenticated_access_to_activity?(local?) when is_boolean(local?) do
    cfg_key = if local?, do: :local, else: :remote

    Pleroma.Config.restrict_unauthenticated_access?(:activities, cfg_key)
  end

  def get_visibility(object) do
    to = object.data["to"] || []
    cc = object.data["cc"] || []

    cond do
      Pleroma.Constants.as_public() in to ->
        "public"

      Pleroma.Constants.as_public() in cc ->
        "unlisted"

      Utils.as_local_public() in to ->
        "local"

      # this should use the sql for the object's activity
      Enum.any?(to, &String.contains?(&1, "/followers")) ->
        "private"

      object.data["directMessage"] == true ->
        "direct"

      is_binary(object.data["listMessage"]) ->
        "list"

      length(cc) > 0 ->
        "private"

      true ->
        "direct"
    end
  end
end
Add license/copyright to all project files 2019-07-10 05:13:23 +00:00			`# Pleroma: A lightweight social networking server`
Bump Copyright to 2021 grep -rl '# Copyright © .* Pleroma' * \| xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;' 2021-01-13 06:49:20 +00:00			`# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>`
Add license/copyright to all project files 2019-07-10 05:13:23 +00:00			`# SPDX-License-Identifier: AGPL-3.0-only`

Move visibility into own module. 2019-02-22 12:29:52 +00:00			`defmodule Pleroma.Web.ActivityPub.Visibility do`
			`alias Pleroma.Activity`
			`alias Pleroma.Object`
activitypub: visibility: use SQL thread_visibility() function instead of manually walking the thread 2019-03-25 00:38:28 +00:00			`alias Pleroma.Repo`
Move visibility into own module. 2019-02-22 12:29:52 +00:00			`alias Pleroma.User`
activitypub: visibility: refactor is_public?() to use JSON-LD safe accessors 2019-10-23 01:50:25 +00:00			`alias Pleroma.Web.ActivityPub.Utils`
Move visibility into own module. 2019-02-22 12:29:52 +00:00
constants: add as_public constant and use it everywhere 2019-07-29 02:43:19 +00:00			`require Pleroma.Constants`
tests for Pleroma.Web.ActivityPub.Publisher 2019-07-23 19:15:48 +00:00
			`@spec is_public?(Object.t() \| Activity.t() \| map()) :: boolean()`
Move visibility into own module. 2019-02-22 12:29:52 +00:00			`def is_public?(%Object{data: %{"type" => "Tombstone"}}), do: false`
			`def is_public?(%Object{data: data}), do: is_public?(data)`
Handle "Move" activity 2019-10-30 11:21:49 +00:00			`def is_public?(%Activity{data: %{"type" => "Move"}}), do: true`
Move visibility into own module. 2019-02-22 12:29:52 +00:00			`def is_public?(%Activity{data: data}), do: is_public?(data)`
			`def is_public?(%{"directMessage" => true}), do: false`
Add local-only statuses 2020-10-02 17:00:50 +00:00
			`def is_public?(data) do`
			`Utils.label_in_message?(Pleroma.Constants.as_public(), data) or`
Pleroma.Constants.as_local_public/0 --> Pleroma.Web.ActivityPub.Utils.as_local_public/0 Move as_local_public/0 to stop making modules depend on Web at compile-time 2021-05-31 18:39:15 +00:00			`Utils.label_in_message?(Utils.as_local_public(), data)`
Add local-only statuses 2020-10-02 17:00:50 +00:00			`end`
Move visibility into own module. 2019-02-22 12:29:52 +00:00
Add `local` visibility 2020-11-11 14:47:57 +00:00			`def is_local_public?(%Object{data: data}), do: is_local_public?(data)`
			`def is_local_public?(%Activity{data: data}), do: is_local_public?(data)`

			`def is_local_public?(data) do`
Pleroma.Constants.as_local_public/0 --> Pleroma.Web.ActivityPub.Utils.as_local_public/0 Move as_local_public/0 to stop making modules depend on Web at compile-time 2021-05-31 18:39:15 +00:00			`Utils.label_in_message?(Utils.as_local_public(), data) and`
Add `local` visibility 2020-11-11 14:47:57 +00:00			`not Utils.label_in_message?(Pleroma.Constants.as_public(), data)`
			`end`

Move visibility into own module. 2019-02-22 12:29:52 +00:00			`def is_private?(activity) do`
Visibility: Make it more resilient. 2019-05-08 16:08:50 +00:00			`with false <- is_public?(activity),`
			`%User{follower_address: follower_address} <-`
			`User.get_cached_by_ap_id(activity.data["actor"]) do`
			`follower_address in activity.data["to"]`
Move visibility into own module. 2019-02-22 12:29:52 +00:00			`else`
Visibility: Make it more resilient. 2019-05-08 16:08:50 +00:00			`_ -> false`
Move visibility into own module. 2019-02-22 12:29:52 +00:00			`end`
			`end`

Ensure self-announces do not widen the audience of the original post 2019-10-01 15:49:52 +00:00			`def is_announceable?(activity, user, public \\ true) do`
			`is_public?(activity) \|\|`
			`(!public && is_private?(activity) && activity.data["actor"] == user.ap_id)`
Make activity announceable by its author. 2019-02-24 17:45:29 +00:00			`end`

Move visibility into own module. 2019-02-22 12:29:52 +00:00			`def is_direct?(%Activity{data: %{"directMessage" => true}}), do: true`
			`def is_direct?(%Object{data: %{"directMessage" => true}}), do: true`

			`def is_direct?(activity) do`
			`!is_public?(activity) && !is_private?(activity)`
			`end`

Add `list` to Visibility 2019-07-11 12:29:24 +00:00			`def is_list?(%{data: %{"listMessage" => _}}), do: true`
			`def is_list?(_), do: false`

activity_pub_controller: Add authentication to object & activity endpoints 2021-01-21 16:45:42 +00:00			`@spec visible_for_user?(Object.t() \| Activity.t() \| nil, User.t() \| nil) :: boolean()`
Visibility: check Tombstone objects in visible_for_user?/2 2021-07-27 13:54:01 +00:00			`def visible_for_user?(%Object{data: %{"type" => "Tombstone"}}, _), do: false`
[#3053] Unauthenticated access control for OStatus-related controllers and ActivityPubController (base actions: :user, :object, :activity). Tests adjustments. 2020-10-05 20:48:00 +00:00			`def visible_for_user?(%Activity{actor: ap_id}, %User{ap_id: ap_id}), do: true`
activity_pub_controller: Add authentication to object & activity endpoints 2021-01-21 16:45:42 +00:00			`def visible_for_user?(%Object{data: %{"actor" => ap_id}}, %User{ap_id: ap_id}), do: true`
StatusView: Add pleroma.parent_visible 2020-06-24 11:29:08 +00:00			`def visible_for_user?(nil, _), do: false`
[#3053] Unauthenticated access control for OStatus-related controllers and ActivityPubController (base actions: :user, :object, :activity). Tests adjustments. 2020-10-05 20:48:00 +00:00			`def visible_for_user?(%Activity{data: %{"listMessage" => _}}, nil), do: false`
StatusView: Add pleroma.parent_visible 2020-06-24 11:29:08 +00:00
[#3053] Unauthenticated access control for OStatus-related controllers and ActivityPubController (base actions: :user, :object, :activity). Tests adjustments. 2020-10-05 20:48:00 +00:00			`def visible_for_user?(`
			`%Activity{data: %{"listMessage" => list_ap_id}} = activity,`
			`%User{} = user`
			`) do`
List messages must be visible for mentioned users 2019-07-15 07:54:40 +00:00			`user.ap_id in activity.data["to"] \|\|`
			`list_ap_id`
			`\|> Pleroma.List.get_by_ap_id()`
			`\|> Pleroma.List.member?(user)`
Add `list` to Visibility 2019-07-11 12:29:24 +00:00			`end`

activity_pub_controller: Add authentication to object & activity endpoints 2021-01-21 16:45:42 +00:00			`def visible_for_user?(%{__struct__: module} = message, nil)`
			`when module in [Activity, Object] do`
			`if restrict_unauthenticated_access?(message),`
restrict_unauthenticated setting 2020-03-20 10:04:37 +00:00			`do: false,`
activity_pub_controller: Add authentication to object & activity endpoints 2021-01-21 16:45:42 +00:00			`else: is_public?(message) and not is_local_public?(message)`
Move visibility into own module. 2019-02-22 12:29:52 +00:00			`end`

activity_pub_controller: Add authentication to object & activity endpoints 2021-01-21 16:45:42 +00:00			`def visible_for_user?(%{__struct__: module} = message, user)`
			`when module in [Activity, Object] do`
Replace `user.following` with Pleroma.FollowingRelationship 2019-10-10 19:35:32 +00:00			`x = [user.ap_id \| User.following(user)]`
activity_pub_controller: Add authentication to object & activity endpoints 2021-01-21 16:45:42 +00:00			`y = [message.data["actor"]] ++ message.data["to"] ++ (message.data["cc"] \|\| [])`
ensure local statuses are not visible remotely 2022-06-22 16:06:40 +00:00
			`if is_local_public?(message) do`
			`user.local`
			`else`
			`is_public?(message) \|\| Enum.any?(x, &(&1 in y))`
			`end`
Move visibility into own module. 2019-02-22 12:29:52 +00:00			`end`

activitypub: visibility: use SQL thread_visibility() function instead of manually walking the thread 2019-03-25 00:38:28 +00:00			`def entire_thread_visible_for_user?(%Activity{} = activity, %User{} = user) do`
			`{:ok, %{rows: [[result]]}} =`
			`Ecto.Adapters.SQL.query(Repo, "SELECT thread_visibility($1, $2)", [`
			`user.ap_id,`
			`activity.data["id"]`
			`])`
Move visibility into own module. 2019-02-22 12:29:52 +00:00
activitypub: visibility: use SQL thread_visibility() function instead of manually walking the thread 2019-03-25 00:38:28 +00:00			`result`
Move visibility into own module. 2019-02-22 12:29:52 +00:00			`end`
CommonAPI: Refactor visibility, forbid public to private replies. 2019-05-15 14:30:08 +00:00
[#3053] Unauthenticated access control for OStatus-related controllers and ActivityPubController (base actions: :user, :object, :activity). Tests adjustments. 2020-10-05 20:48:00 +00:00			`def restrict_unauthenticated_access?(%Activity{local: local}) do`
			`restrict_unauthenticated_access_to_activity?(local)`
			`end`

			`def restrict_unauthenticated_access?(%Object{} = object) do`
			`object`
			`\|> Object.local?()`
			`\|> restrict_unauthenticated_access_to_activity?()`
			`end`

			`def restrict_unauthenticated_access?(%User{} = user) do`
			`User.visible_for(user, _reading_user = nil)`
			`end`

			`defp restrict_unauthenticated_access_to_activity?(local?) when is_boolean(local?) do`
			`cfg_key = if local?, do: :local, else: :remote`

			`Pleroma.Config.restrict_unauthenticated_access?(:activities, cfg_key)`
			`end`

CommonAPI: Refactor visibility, forbid public to private replies. 2019-05-15 14:30:08 +00:00			`def get_visibility(object) do`
			`to = object.data["to"] \|\| []`
			`cc = object.data["cc"] \|\| []`

			`cond do`
constants: add as_public constant and use it everywhere 2019-07-29 02:43:19 +00:00			`Pleroma.Constants.as_public() in to ->`
CommonAPI: Refactor visibility, forbid public to private replies. 2019-05-15 14:30:08 +00:00			`"public"`

constants: add as_public constant and use it everywhere 2019-07-29 02:43:19 +00:00			`Pleroma.Constants.as_public() in cc ->`
CommonAPI: Refactor visibility, forbid public to private replies. 2019-05-15 14:30:08 +00:00			`"unlisted"`

Pleroma.Constants.as_local_public/0 --> Pleroma.Web.ActivityPub.Utils.as_local_public/0 Move as_local_public/0 to stop making modules depend on Web at compile-time 2021-05-31 18:39:15 +00:00			`Utils.as_local_public() in to ->`
Add `local` visibility 2020-11-11 14:47:57 +00:00			`"local"`

CommonAPI: Refactor visibility, forbid public to private replies. 2019-05-15 14:30:08 +00:00			`# this should use the sql for the object's activity`
			`Enum.any?(to, &String.contains?(&1, "/followers")) ->`
			`"private"`

visibility: if litepub:directMessage is asserted, always report the object as "direct" visibility 2019-06-01 03:23:21 +00:00			`object.data["directMessage"] == true ->`
			`"direct"`

Add `list` to Visibility 2019-07-11 12:29:24 +00:00			`is_binary(object.data["listMessage"]) ->`
			`"list"`

CommonAPI: Refactor visibility, forbid public to private replies. 2019-05-15 14:30:08 +00:00			`length(cc) > 0 ->`
			`"private"`

			`true ->`
			`"direct"`
			`end`
			`end`
Move visibility into own module. 2019-02-22 12:29:52 +00:00			`end`