mirror of
https://git.joinsharkey.org/Sharkey/Sharkey.git
synced 2024-11-22 11:23:09 +02:00
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/456
This commit is contained in:
commit
14eb42c5ef
1 changed files with 22 additions and 1 deletions
|
@ -31,6 +31,7 @@ import type { MiNote } from '@/models/Note.js';
|
||||||
import { QueryService } from '@/core/QueryService.js';
|
import { QueryService } from '@/core/QueryService.js';
|
||||||
import { UtilityService } from '@/core/UtilityService.js';
|
import { UtilityService } from '@/core/UtilityService.js';
|
||||||
import { UserEntityService } from '@/core/entities/UserEntityService.js';
|
import { UserEntityService } from '@/core/entities/UserEntityService.js';
|
||||||
|
import { UserBlockingService } from '@/core/UserBlockingService.js';
|
||||||
import { bindThis } from '@/decorators.js';
|
import { bindThis } from '@/decorators.js';
|
||||||
import { IActivity } from '@/core/activitypub/type.js';
|
import { IActivity } from '@/core/activitypub/type.js';
|
||||||
import { isPureRenote } from '@/misc/is-pure-renote.js';
|
import { isPureRenote } from '@/misc/is-pure-renote.js';
|
||||||
|
@ -78,6 +79,7 @@ export class ActivityPubServerService {
|
||||||
private metaService: MetaService,
|
private metaService: MetaService,
|
||||||
private utilityService: UtilityService,
|
private utilityService: UtilityService,
|
||||||
private userEntityService: UserEntityService,
|
private userEntityService: UserEntityService,
|
||||||
|
private userBlockingService: UserBlockingService,
|
||||||
private instanceActorService: InstanceActorService,
|
private instanceActorService: InstanceActorService,
|
||||||
private apRendererService: ApRendererService,
|
private apRendererService: ApRendererService,
|
||||||
private apDbResolverService: ApDbResolverService,
|
private apDbResolverService: ApDbResolverService,
|
||||||
|
@ -206,6 +208,17 @@ export class ActivityPubServerService {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (userId) {
|
||||||
|
/* this check is not really effective, because most requests we
|
||||||
|
get are signed by the remote instance user, not the user
|
||||||
|
who's requesting the information 😭 */
|
||||||
|
const blocked = await this.userBlockingService.checkBlocked(userId, authUser.user.id);
|
||||||
|
if (blocked) {
|
||||||
|
reply.code(401);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
let httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
|
let httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
|
||||||
|
|
||||||
if (!httpSignatureValidated) {
|
if (!httpSignatureValidated) {
|
||||||
|
@ -706,6 +719,8 @@ export class ActivityPubServerService {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (await this.shouldRefuseGetRequest(request, reply, note.userId)) return;
|
||||||
|
|
||||||
// リモートだったらリダイレクト
|
// リモートだったらリダイレクト
|
||||||
if (note.userHost != null) {
|
if (note.userHost != null) {
|
||||||
if (note.uri == null || this.utilityService.isSelfHost(note.userHost)) {
|
if (note.uri == null || this.utilityService.isSelfHost(note.userHost)) {
|
||||||
|
@ -739,6 +754,8 @@ export class ActivityPubServerService {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (await this.shouldRefuseGetRequest(request, reply, note.userId)) return;
|
||||||
|
|
||||||
if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180');
|
if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180');
|
||||||
this.setResponseType(request, reply);
|
this.setResponseType(request, reply);
|
||||||
return (this.apRendererService.addContext(await this.packActivity(note)));
|
return (this.apRendererService.addContext(await this.packActivity(note)));
|
||||||
|
@ -861,6 +878,8 @@ export class ActivityPubServerService {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (await this.shouldRefuseGetRequest(request, reply, note.userId)) return;
|
||||||
|
|
||||||
if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180');
|
if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180');
|
||||||
this.setResponseType(request, reply);
|
this.setResponseType(request, reply);
|
||||||
return (this.apRendererService.addContext(await this.apRendererService.renderLike(reaction, note)));
|
return (this.apRendererService.addContext(await this.apRendererService.renderLike(reaction, note)));
|
||||||
|
@ -868,7 +887,7 @@ export class ActivityPubServerService {
|
||||||
|
|
||||||
// follow
|
// follow
|
||||||
fastify.get<{ Params: { follower: string; followee: string; } }>('/follows/:follower/:followee', async (request, reply) => {
|
fastify.get<{ Params: { follower: string; followee: string; } }>('/follows/:follower/:followee', async (request, reply) => {
|
||||||
if (await this.shouldRefuseGetRequest(request, reply)) return;
|
if (await this.shouldRefuseGetRequest(request, reply, request.params.follwer)) return;
|
||||||
|
|
||||||
// This may be used before the follow is completed, so we do not
|
// This may be used before the follow is completed, so we do not
|
||||||
// check if the following exists.
|
// check if the following exists.
|
||||||
|
@ -910,6 +929,8 @@ export class ActivityPubServerService {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (await this.shouldRefuseGetRequest(request, reply, followRequest.followerId)) return;
|
||||||
|
|
||||||
const [follower, followee] = await Promise.all([
|
const [follower, followee] = await Promise.all([
|
||||||
this.usersRepository.findOneBy({
|
this.usersRepository.findOneBy({
|
||||||
id: followRequest.followerId,
|
id: followRequest.followerId,
|
||||||
|
|
Loading…
Reference in a new issue