diff options
| author | William Pitcock <nenolod@dereferenced.org> | 2018-11-17 20:02:02 +0000 |
|---|---|---|
| committer | William Pitcock <nenolod@dereferenced.org> | 2018-11-17 20:15:59 +0000 |
| commit | daa8ec3d6273b7002ddee041686adf7652ec8e18 (patch) | |
| tree | fa376d40926276e97950aca52fc3ae157b3f1fc7 | |
| parent | a960983815b8798632fc489b762f760738cf798b (diff) | |
| download | pleroma-daa8ec3d6273b7002ddee041686adf7652ec8e18.tar.gz | |
activitypub: factor out AP object fetching to it's own function and add ID-based containment
| -rw-r--r-- | lib/pleroma/web/activity_pub/activity_pub.ex | 32 | ||||
| -rw-r--r-- | lib/pleroma/web/activity_pub/transmogrifier.ex | 13 |
2 files changed, 35 insertions, 10 deletions
diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 51b787272..98e9e2120 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -732,16 +732,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do else Logger.info("Fetching #{id} via AP") - with true <- String.starts_with?(id, "http"), - {:ok, %{body: body, status_code: code}} when code in 200..299 <- - @httpoison.get( - id, - [Accept: "application/activity+json"], - follow_redirect: true, - timeout: 10000, - recv_timeout: 20000 - ), - {:ok, data} <- Jason.decode(body), + with {:ok, data} <- fetch_and_contain_remote_object_from_id(id), nil <- Object.normalize(data), params <- %{ "type" => "Create", @@ -771,6 +762,27 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end end + def fetch_and_contain_remote_object_from_id(id) do + Logger.info("Fetching #{id} via AP") + + with true <- String.starts_with?(id, "http"), + {:ok, %{body: body, status_code: code}} when code in 200..299 <- + @httpoison.get( + id, + [Accept: "application/activity+json"], + follow_redirect: true, + timeout: 10000, + recv_timeout: 20000 + ), + {:ok, data} <- Jason.decode(body), + :ok <- Transmogrifier.contain_origin_from_id(id, data) do + {:ok, data} + else + e -> + {:error, e} + end + end + def is_public?(activity) do "https://www.w3.org/ns/activitystreams#Public" in (activity.data["to"] ++ (activity.data["cc"] || [])) diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index d51d8626b..1f886839e 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -50,6 +50,19 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do end end + def contain_origin_from_id(id, %{"id" => nil}), do: :error + + def contain_origin_from_id(id, %{"id" => other_id} = params) do + id_uri = URI.parse(id) + other_uri = URI.parse(other_id) + + if id_uri.host == other_uri.host do + :ok + else + :error + end + end + @doc """ Modifies an incoming AP object (mastodon format) to our internal format. """ |