[#1560] Misc. improvements in ActivityPubController federation state restrictions.

This commit is contained in:
Ivan Tashkinov 2020-03-05 21:19:21 +03:00
parent b6fc98d9cd
commit 40765875d4
3 changed files with 32 additions and 16 deletions

View file

@ -13,13 +13,17 @@ def call(conn, _opts) do
if federating?() do
conn
else
conn
|> put_status(404)
|> Phoenix.Controller.put_view(Pleroma.Web.ErrorView)
|> Phoenix.Controller.render("404.json")
|> halt()
fail(conn)
end
end
def federating?, do: Pleroma.Config.get([:instance, :federating])
def fail(conn) do
conn
|> put_status(404)
|> Phoenix.Controller.put_view(Pleroma.Web.ErrorView)
|> Phoenix.Controller.render("404.json")
|> halt()
end
end

View file

@ -29,6 +29,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
@client_to_server_actions [
:whoami,
:read_inbox,
:outbox,
:update_outbox,
:upload_media,
:followers,
@ -140,10 +141,14 @@ defp set_cache_ttl_for(conn, entity) do
# GET /relay/following
def following(%{assigns: %{relay: true}} = conn, _params) do
conn
|> put_resp_content_type("application/activity+json")
|> put_view(UserView)
|> render("following.json", %{user: Relay.get_actor()})
if FederatingPlug.federating?() do
conn
|> put_resp_content_type("application/activity+json")
|> put_view(UserView)
|> render("following.json", %{user: Relay.get_actor()})
else
FederatingPlug.fail(conn)
end
end
def following(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname, "page" => page}) do
@ -177,10 +182,14 @@ def following(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname}) d
# GET /relay/followers
def followers(%{assigns: %{relay: true}} = conn, _params) do
conn
|> put_resp_content_type("application/activity+json")
|> put_view(UserView)
|> render("followers.json", %{user: Relay.get_actor()})
if FederatingPlug.federating?() do
conn
|> put_resp_content_type("application/activity+json")
|> put_view(UserView)
|> render("followers.json", %{user: Relay.get_actor()})
else
FederatingPlug.fail(conn)
end
end
def followers(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname, "page" => page}) do

View file

@ -577,7 +577,7 @@ test "it removes all follower collections but actor's", %{conn: conn} do
end
end
describe "/users/:nickname/outbox" do
describe "GET /users/:nickname/outbox" do
test "it will not bomb when there is no activity", %{conn: conn} do
user = insert(:user)
@ -614,7 +614,9 @@ test "it returns an announce activity in a collection", %{conn: conn} do
assert response(conn, 200) =~ announce_activity.data["object"]
end
end
describe "POST /users/:nickname/outbox" do
test "it rejects posts from other users", %{conn: conn} do
data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
user = insert(:user)
@ -1059,9 +1061,10 @@ test "returns 404 for GET routes", %{conn: conn} do
get_uris = [
"/users/#{user.nickname}",
"/users/#{user.nickname}/outbox",
"/internal/fetch",
"/relay"
"/relay",
"/relay/following",
"/relay/followers"
]
for get_uri <- get_uris do