[#1560] Misc. improvements in ActivityPubController federation state restrictions.
This commit is contained in:
parent
b6fc98d9cd
commit
40765875d4
3 changed files with 32 additions and 16 deletions
|
@ -13,13 +13,17 @@ def call(conn, _opts) do
|
||||||
if federating?() do
|
if federating?() do
|
||||||
conn
|
conn
|
||||||
else
|
else
|
||||||
|
fail(conn)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def federating?, do: Pleroma.Config.get([:instance, :federating])
|
||||||
|
|
||||||
|
def fail(conn) do
|
||||||
conn
|
conn
|
||||||
|> put_status(404)
|
|> put_status(404)
|
||||||
|> Phoenix.Controller.put_view(Pleroma.Web.ErrorView)
|
|> Phoenix.Controller.put_view(Pleroma.Web.ErrorView)
|
||||||
|> Phoenix.Controller.render("404.json")
|
|> Phoenix.Controller.render("404.json")
|
||||||
|> halt()
|
|> halt()
|
||||||
end
|
end
|
||||||
end
|
|
||||||
|
|
||||||
def federating?, do: Pleroma.Config.get([:instance, :federating])
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -29,6 +29,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
|
||||||
@client_to_server_actions [
|
@client_to_server_actions [
|
||||||
:whoami,
|
:whoami,
|
||||||
:read_inbox,
|
:read_inbox,
|
||||||
|
:outbox,
|
||||||
:update_outbox,
|
:update_outbox,
|
||||||
:upload_media,
|
:upload_media,
|
||||||
:followers,
|
:followers,
|
||||||
|
@ -140,10 +141,14 @@ defp set_cache_ttl_for(conn, entity) do
|
||||||
|
|
||||||
# GET /relay/following
|
# GET /relay/following
|
||||||
def following(%{assigns: %{relay: true}} = conn, _params) do
|
def following(%{assigns: %{relay: true}} = conn, _params) do
|
||||||
|
if FederatingPlug.federating?() do
|
||||||
conn
|
conn
|
||||||
|> put_resp_content_type("application/activity+json")
|
|> put_resp_content_type("application/activity+json")
|
||||||
|> put_view(UserView)
|
|> put_view(UserView)
|
||||||
|> render("following.json", %{user: Relay.get_actor()})
|
|> render("following.json", %{user: Relay.get_actor()})
|
||||||
|
else
|
||||||
|
FederatingPlug.fail(conn)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def following(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname, "page" => page}) do
|
def following(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname, "page" => page}) do
|
||||||
|
@ -177,10 +182,14 @@ def following(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname}) d
|
||||||
|
|
||||||
# GET /relay/followers
|
# GET /relay/followers
|
||||||
def followers(%{assigns: %{relay: true}} = conn, _params) do
|
def followers(%{assigns: %{relay: true}} = conn, _params) do
|
||||||
|
if FederatingPlug.federating?() do
|
||||||
conn
|
conn
|
||||||
|> put_resp_content_type("application/activity+json")
|
|> put_resp_content_type("application/activity+json")
|
||||||
|> put_view(UserView)
|
|> put_view(UserView)
|
||||||
|> render("followers.json", %{user: Relay.get_actor()})
|
|> render("followers.json", %{user: Relay.get_actor()})
|
||||||
|
else
|
||||||
|
FederatingPlug.fail(conn)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def followers(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname, "page" => page}) do
|
def followers(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname, "page" => page}) do
|
||||||
|
|
|
@ -577,7 +577,7 @@ test "it removes all follower collections but actor's", %{conn: conn} do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "/users/:nickname/outbox" do
|
describe "GET /users/:nickname/outbox" do
|
||||||
test "it will not bomb when there is no activity", %{conn: conn} do
|
test "it will not bomb when there is no activity", %{conn: conn} do
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
|
|
||||||
|
@ -614,7 +614,9 @@ test "it returns an announce activity in a collection", %{conn: conn} do
|
||||||
|
|
||||||
assert response(conn, 200) =~ announce_activity.data["object"]
|
assert response(conn, 200) =~ announce_activity.data["object"]
|
||||||
end
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "POST /users/:nickname/outbox" do
|
||||||
test "it rejects posts from other users", %{conn: conn} do
|
test "it rejects posts from other users", %{conn: conn} do
|
||||||
data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
|
data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
|
@ -1059,9 +1061,10 @@ test "returns 404 for GET routes", %{conn: conn} do
|
||||||
|
|
||||||
get_uris = [
|
get_uris = [
|
||||||
"/users/#{user.nickname}",
|
"/users/#{user.nickname}",
|
||||||
"/users/#{user.nickname}/outbox",
|
|
||||||
"/internal/fetch",
|
"/internal/fetch",
|
||||||
"/relay"
|
"/relay",
|
||||||
|
"/relay/following",
|
||||||
|
"/relay/followers"
|
||||||
]
|
]
|
||||||
|
|
||||||
for get_uri <- get_uris do
|
for get_uri <- get_uris do
|
||||||
|
|
Loading…
Reference in a new issue