forked from fedi/mastodon
Dereference object URIs in Create and Update messages (#14359)
* Dereference object URIs in Create and Update messages Fixes #14353 Signed-off-by: Thibaut Girka <thib@sitedethib.com> * Refactor, and perform origin check *before* attempting to fetch object Co-authored-by: Fire Demon <firedemon@creature.cafe>
This commit is contained in:
parent
a8b6524b43
commit
bcf85b5208
|
@ -157,6 +157,34 @@ class ActivityPub::Activity
|
||||||
fetch_remote_original_status
|
fetch_remote_original_status
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def dereference_object!
|
||||||
|
return unless @object.is_a?(String)
|
||||||
|
return if invalid_origin?(@object)
|
||||||
|
|
||||||
|
object = fetch_resource(@object, true, signed_fetch_account)
|
||||||
|
return unless object.present? && object.is_a?(Hash) && supported_context?(object)
|
||||||
|
|
||||||
|
@object = object
|
||||||
|
end
|
||||||
|
|
||||||
|
def signed_fetch_account
|
||||||
|
first_mentioned_local_account || first_local_follower
|
||||||
|
end
|
||||||
|
|
||||||
|
def first_mentioned_local_account
|
||||||
|
audience = (as_array(@json['to']) + as_array(@json['cc'])).uniq
|
||||||
|
local_usernames = audience.select { |uri| ActivityPub::TagManager.instance.local_uri?(uri) }
|
||||||
|
.map { |uri| ActivityPub::TagManager.instance.uri_to_local_id(uri, :username) }
|
||||||
|
|
||||||
|
return if local_usernames.empty?
|
||||||
|
|
||||||
|
Account.local.where(username: local_usernames).first
|
||||||
|
end
|
||||||
|
|
||||||
|
def first_local_follower
|
||||||
|
@account.followers.local.first
|
||||||
|
end
|
||||||
|
|
||||||
def follow_request_from_object
|
def follow_request_from_object
|
||||||
@follow_request ||= FollowRequest.find_by(target_account: @account, uri: object_uri) unless object_uri.nil?
|
@follow_request ||= FollowRequest.find_by(target_account: @account, uri: object_uri) unless object_uri.nil?
|
||||||
end
|
end
|
||||||
|
|
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
class ActivityPub::Activity::Create < ActivityPub::Activity
|
class ActivityPub::Activity::Create < ActivityPub::Activity
|
||||||
def perform
|
def perform
|
||||||
|
dereference_object!
|
||||||
|
|
||||||
case @object['type']
|
case @object['type']
|
||||||
when 'EncryptedMessage'
|
when 'EncryptedMessage'
|
||||||
create_encrypted_message
|
create_encrypted_message
|
||||||
|
|
|
@ -4,6 +4,8 @@ class ActivityPub::Activity::Update < ActivityPub::Activity
|
||||||
SUPPORTED_TYPES = %w(Application Group Organization Person Service).freeze
|
SUPPORTED_TYPES = %w(Application Group Organization Person Service).freeze
|
||||||
|
|
||||||
def perform
|
def perform
|
||||||
|
dereference_object!
|
||||||
|
|
||||||
if equals_or_includes_any?(@object['type'], SUPPORTED_TYPES)
|
if equals_or_includes_any?(@object['type'], SUPPORTED_TYPES)
|
||||||
update_account
|
update_account
|
||||||
elsif equals_or_includes_any?(@object['type'], %w(Question))
|
elsif equals_or_includes_any?(@object['type'], %w(Question))
|
||||||
|
|
Loading…
Reference in a new issue