5 files changed, 109 insertions, 2 deletions

diff --git a/lib/pleroma/web/activity_pub/mrf/object_age_policy.ex b/lib/pleroma/web/activity_pub/mrf/object_age_policy.ex
new file mode 100644
index 000000000..8b36c1021
--- /dev/null
+++ b/lib/pleroma/web/activity_pub/mrf/object_age_policy.ex
@@ -0,0 +1,101 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy do
+  alias Pleroma.Config
+  alias Pleroma.User
+  alias Pleroma.Web.ActivityPub.MRF
+
+  require Pleroma.Constants
+
+  @moduledoc "Filter activities depending on their age"
+  @behaviour MRF
+
+  defp check_date(%{"published" => published} = message) do
+    with %DateTime{} = now <- DateTime.utc_now(),
+         {:ok, %DateTime{} = then, _} <- DateTime.from_iso8601(published),
+         max_ttl <- Config.get([:mrf_object_age, :threshold]),
+         {:ttl, false} <- {:ttl, DateTime.diff(now, then) > max_ttl} do
+      {:ok, message}
+    else
+      {:ttl, true} ->
+        {:reject, nil}
+
+      e ->
+        {:error, e}
+    end
+  end
+
+  defp check_reject(message, actions) do
+    if :reject in actions do
+      {:reject, nil}
+    else
+      {:ok, message}
+    end
+  end
+
+  defp check_delist(message, actions) do
+    if :delist in actions do
+      with %User{} = user <- User.get_cached_by_ap_id(message["actor"]) do
+        to = List.delete(message["to"], Pleroma.Constants.as_public()) ++ [user.follower_address]
+        cc = List.delete(message["cc"], user.follower_address) ++ [Pleroma.Constants.as_public()]
+
+        message =
+          message
+          |> Map.put("to", to)
+          |> Map.put("cc", cc)
+
+        {:ok, message}
+      else
+        # Unhandleable error: somebody is messing around, just drop the message.
+        _e ->
+          {:reject, nil}
+      end
+    else
+      {:ok, message}
+    end
+  end
+
+  defp check_strip_followers(message, actions) do
+    if :strip_followers in actions do
+      with %User{} = user <- User.get_cached_by_ap_id(message["actor"]) do
+        to = List.delete(message["to"], user.follower_address)
+        cc = List.delete(message["cc"], user.follower_address)
+
+        message =
+          message
+          |> Map.put("to", to)
+          |> Map.put("cc", cc)
+
+        {:ok, message}
+      else
+        # Unhandleable error: somebody is messing around, just drop the message.
+        _e ->
+          {:reject, nil}
+      end
+    else
+      {:ok, message}
+    end
+  end
+
+  @impl true
+  def filter(%{"type" => "Create", "published" => _} = message) do
+    with actions <- Config.get([:mrf_object_age, :actions]),
+         {:reject, _} <- check_date(message),
+         {:ok, message} <- check_reject(message, actions),
+         {:ok, message} <- check_delist(message, actions),
+         {:ok, message} <- check_strip_followers(message, actions) do
+      {:ok, message}
+    else
+      # check_date() is allowed to short-circuit the pipeline
+      e -> e
+    end
+  end
+
+  @impl true
+  def filter(message), do: {:ok, message}
+
+  @impl true
+  def describe, do: {:ok, %{}}
+end
diff --git a/lib/pleroma/web/activity_pub/relay.ex b/lib/pleroma/web/activity_pub/relay.ex
index fc2619680..99a804568 100644
--- a/lib/pleroma/web/activity_pub/relay.ex
+++ b/lib/pleroma/web/activity_pub/relay.ex
@@ -14,7 +14,6 @@ defmodule Pleroma.Web.ActivityPub.Relay do
       relay_ap_id()
       |> User.get_or_create_service_actor_by_ap_id()
 
-    {:ok, actor} = User.set_invisible(actor, true)
     actor
   end
 
diff --git a/lib/pleroma/web/mastodon_api/controllers/account_controller.ex b/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
index 5b01b964b..5f2544640 100644
--- a/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
@@ -238,7 +238,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
   @doc "GET /api/v1/accounts/:id"
   def show(%{assigns: %{user: for_user}} = conn, %{"id" => nickname_or_id}) do
     with %User{} = user <- User.get_cached_by_nickname_or_id(nickname_or_id, for: for_user),
-         true <- User.auth_active?(user) || user.id == for_user.id || User.superuser?(for_user) do
+         true <- User.visible_for?(user, for_user) do
       render(conn, "show.json", user: user, for: for_user)
     else
       _e -> render_error(conn, :not_found, "Can't find user")
diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
index 486b9f6a4..abcf46034 100644
--- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
+++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
@@ -120,6 +120,12 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do
           banner: Config.get([:instance, :banner_upload_limit]),
           background: Config.get([:instance, :background_upload_limit])
         },
+        fieldsLimits: %{
+          maxFields: Config.get([:instance, :max_account_fields]),
+          maxRemoteFields: Config.get([:instance, :max_remote_account_fields]),
+          nameLength: Config.get([:instance, :account_field_name_length]),
+          valueLength: Config.get([:instance, :account_field_value_length])
+        },
         accountActivationRequired: Config.get([:instance, :account_activation_required], false),
         invitesEnabled: Config.get([:instance, :invites_enabled], false),
         mailerEnabled: Config.get([Pleroma.Emails.Mailer, :enabled], false),
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index b654d00c7..0b54f4ab7 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -13,6 +13,7 @@ defmodule Pleroma.Web.Router do
   pipeline :oauth do
     plug(:fetch_session)
     plug(Pleroma.Plugs.OAuthPlug)
+    plug(Pleroma.Plugs.UserEnabledPlug)
   end
 
   pipeline :api do