[#1560] Misc. improvements in ActivityPubController federation state restrictions.

This commit is contained in:
Ivan Tashkinov 2020-03-05 21:19:21 +03:00
parent b6fc98d9cd
commit 40765875d4
3 changed files with 32 additions and 16 deletions

View File

@ -13,13 +13,17 @@ def call(conn, _opts) do
if federating?() do if federating?() do
conn conn
else else
fail(conn)
end
end
def federating?, do: Pleroma.Config.get([:instance, :federating])
def fail(conn) do
conn conn
|> put_status(404) |> put_status(404)
|> Phoenix.Controller.put_view(Pleroma.Web.ErrorView) |> Phoenix.Controller.put_view(Pleroma.Web.ErrorView)
|> Phoenix.Controller.render("404.json") |> Phoenix.Controller.render("404.json")
|> halt() |> halt()
end end
end
def federating?, do: Pleroma.Config.get([:instance, :federating])
end end

View File

@ -29,6 +29,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
@client_to_server_actions [ @client_to_server_actions [
:whoami, :whoami,
:read_inbox, :read_inbox,
:outbox,
:update_outbox, :update_outbox,
:upload_media, :upload_media,
:followers, :followers,
@ -140,10 +141,14 @@ defp set_cache_ttl_for(conn, entity) do
# GET /relay/following # GET /relay/following
def following(%{assigns: %{relay: true}} = conn, _params) do def following(%{assigns: %{relay: true}} = conn, _params) do
if FederatingPlug.federating?() do
conn conn
|> put_resp_content_type("application/activity+json") |> put_resp_content_type("application/activity+json")
|> put_view(UserView) |> put_view(UserView)
|> render("following.json", %{user: Relay.get_actor()}) |> render("following.json", %{user: Relay.get_actor()})
else
FederatingPlug.fail(conn)
end
end end
def following(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname, "page" => page}) do def following(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname, "page" => page}) do
@ -177,10 +182,14 @@ def following(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname}) d
# GET /relay/followers # GET /relay/followers
def followers(%{assigns: %{relay: true}} = conn, _params) do def followers(%{assigns: %{relay: true}} = conn, _params) do
if FederatingPlug.federating?() do
conn conn
|> put_resp_content_type("application/activity+json") |> put_resp_content_type("application/activity+json")
|> put_view(UserView) |> put_view(UserView)
|> render("followers.json", %{user: Relay.get_actor()}) |> render("followers.json", %{user: Relay.get_actor()})
else
FederatingPlug.fail(conn)
end
end end
def followers(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname, "page" => page}) do def followers(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname, "page" => page}) do

View File

@ -577,7 +577,7 @@ test "it removes all follower collections but actor's", %{conn: conn} do
end end
end end
describe "/users/:nickname/outbox" do describe "GET /users/:nickname/outbox" do
test "it will not bomb when there is no activity", %{conn: conn} do test "it will not bomb when there is no activity", %{conn: conn} do
user = insert(:user) user = insert(:user)
@ -614,7 +614,9 @@ test "it returns an announce activity in a collection", %{conn: conn} do
assert response(conn, 200) =~ announce_activity.data["object"] assert response(conn, 200) =~ announce_activity.data["object"]
end end
end
describe "POST /users/:nickname/outbox" do
test "it rejects posts from other users", %{conn: conn} do test "it rejects posts from other users", %{conn: conn} do
data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!() data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
user = insert(:user) user = insert(:user)
@ -1059,9 +1061,10 @@ test "returns 404 for GET routes", %{conn: conn} do
get_uris = [ get_uris = [
"/users/#{user.nickname}", "/users/#{user.nickname}",
"/users/#{user.nickname}/outbox",
"/internal/fetch", "/internal/fetch",
"/relay" "/relay",
"/relay/following",
"/relay/followers"
] ]
for get_uri <- get_uris do for get_uri <- get_uris do