AP C2S: Restrict creation to `Note`s for now.
This commit is contained in:
parent
797dd3f581
commit
45df70e691
|
@ -370,7 +370,10 @@ def read_inbox(%{assigns: %{user: %{nickname: as_nickname}}} = conn, %{
|
||||||
|> json(err)
|
|> json(err)
|
||||||
end
|
end
|
||||||
|
|
||||||
def handle_user_activity(user, %{"type" => "Create"} = params) do
|
defp handle_user_activity(
|
||||||
|
%User{} = user,
|
||||||
|
%{"type" => "Create", "object" => %{"type" => "Note"}} = params
|
||||||
|
) do
|
||||||
object =
|
object =
|
||||||
params["object"]
|
params["object"]
|
||||||
|> Map.merge(Map.take(params, ["to", "cc"]))
|
|> Map.merge(Map.take(params, ["to", "cc"]))
|
||||||
|
@ -386,7 +389,7 @@ def handle_user_activity(user, %{"type" => "Create"} = params) do
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
def handle_user_activity(user, %{"type" => "Delete"} = params) do
|
defp handle_user_activity(user, %{"type" => "Delete"} = params) do
|
||||||
with %Object{} = object <- Object.normalize(params["object"]),
|
with %Object{} = object <- Object.normalize(params["object"]),
|
||||||
true <- user.is_moderator || user.ap_id == object.data["actor"],
|
true <- user.is_moderator || user.ap_id == object.data["actor"],
|
||||||
{:ok, delete} <- ActivityPub.delete(object) do
|
{:ok, delete} <- ActivityPub.delete(object) do
|
||||||
|
@ -396,7 +399,7 @@ def handle_user_activity(user, %{"type" => "Delete"} = params) do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def handle_user_activity(user, %{"type" => "Like"} = params) do
|
defp handle_user_activity(user, %{"type" => "Like"} = params) do
|
||||||
with %Object{} = object <- Object.normalize(params["object"]),
|
with %Object{} = object <- Object.normalize(params["object"]),
|
||||||
{:ok, activity, _object} <- ActivityPub.like(user, object) do
|
{:ok, activity, _object} <- ActivityPub.like(user, object) do
|
||||||
{:ok, activity}
|
{:ok, activity}
|
||||||
|
@ -405,7 +408,7 @@ def handle_user_activity(user, %{"type" => "Like"} = params) do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def handle_user_activity(_, _) do
|
defp handle_user_activity(_, _) do
|
||||||
{:error, dgettext("errors", "Unhandled activity type")}
|
{:error, dgettext("errors", "Unhandled activity type")}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -702,6 +702,21 @@ test "it inserts an incoming create activity into the database", %{
|
||||||
assert object["content"] == activity["object"]["content"]
|
assert object["content"] == activity["object"]["content"]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it rejects anything beyond 'Note' creations", %{conn: conn, activity: activity} do
|
||||||
|
user = insert(:user)
|
||||||
|
|
||||||
|
activity =
|
||||||
|
activity
|
||||||
|
|> put_in(["object", "type"], "Benis")
|
||||||
|
|
||||||
|
_result =
|
||||||
|
conn
|
||||||
|
|> assign(:user, user)
|
||||||
|
|> put_req_header("content-type", "application/activity+json")
|
||||||
|
|> post("/users/#{user.nickname}/outbox", activity)
|
||||||
|
|> json_response(400)
|
||||||
|
end
|
||||||
|
|
||||||
test "it inserts an incoming sensitive activity into the database", %{
|
test "it inserts an incoming sensitive activity into the database", %{
|
||||||
conn: conn,
|
conn: conn,
|
||||||
activity: activity
|
activity: activity
|
||||||
|
|
Loading…
Reference in New Issue