mirror of
https://github.com/mastodon/mastodon.git
synced 2024-12-14 23:24:55 +01:00
e4a241abef
* Fix actors accepting invalid URI schemes or different host between URI and URL * Fix statuses accepting invalid URI scheme or different host to actor * Adjust tests to new requirements * Improve readability of mismatching_origin?/invalid_origin? methods
277 lines
7.6 KiB
Ruby
277 lines
7.6 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class ActivityPub::Activity::Create < ActivityPub::Activity
|
|
SUPPORTED_TYPES = %w(Note).freeze
|
|
CONVERTED_TYPES = %w(Image Video Article).freeze
|
|
|
|
def perform
|
|
return if delete_arrived_first?(object_uri) || unsupported_object_type? || invalid_origin?(@object['id'])
|
|
|
|
RedisLock.acquire(lock_options) do |lock|
|
|
if lock.acquired?
|
|
@status = find_existing_status
|
|
process_status if @status.nil?
|
|
end
|
|
end
|
|
|
|
@status
|
|
end
|
|
|
|
private
|
|
|
|
def process_status
|
|
media_attachments = process_attachments
|
|
|
|
ApplicationRecord.transaction do
|
|
@status = Status.create!(status_params)
|
|
|
|
process_tags(@status)
|
|
attach_media(@status, media_attachments)
|
|
end
|
|
|
|
resolve_thread(@status)
|
|
distribute(@status)
|
|
forward_for_reply if @status.public_visibility? || @status.unlisted_visibility?
|
|
end
|
|
|
|
def find_existing_status
|
|
status = status_from_uri(object_uri)
|
|
status ||= Status.find_by(uri: @object['atomUri']) if @object['atomUri'].present?
|
|
status
|
|
end
|
|
|
|
def status_params
|
|
{
|
|
uri: @object['id'],
|
|
url: object_url || @object['id'],
|
|
account: @account,
|
|
text: text_from_content || '',
|
|
language: detected_language,
|
|
spoiler_text: @object['summary'] || '',
|
|
created_at: @options[:override_timestamps] ? nil : @object['published'],
|
|
reply: @object['inReplyTo'].present?,
|
|
sensitive: @object['sensitive'] || false,
|
|
visibility: visibility_from_audience,
|
|
thread: replied_to_status,
|
|
conversation: conversation_from_uri(@object['conversation']),
|
|
}
|
|
end
|
|
|
|
def process_tags(status)
|
|
return if @object['tag'].nil?
|
|
|
|
as_array(@object['tag']).each do |tag|
|
|
case tag['type']
|
|
when 'Hashtag'
|
|
process_hashtag tag, status
|
|
when 'Mention'
|
|
process_mention tag, status
|
|
when 'Emoji'
|
|
process_emoji tag, status
|
|
end
|
|
end
|
|
end
|
|
|
|
def process_hashtag(tag, status)
|
|
return if tag['name'].blank?
|
|
|
|
hashtag = tag['name'].gsub(/\A#/, '').mb_chars.downcase
|
|
hashtag = Tag.where(name: hashtag).first_or_initialize(name: hashtag)
|
|
|
|
status.tags << hashtag
|
|
end
|
|
|
|
def process_mention(tag, status)
|
|
return if tag['href'].blank?
|
|
|
|
account = account_from_uri(tag['href'])
|
|
account = FetchRemoteAccountService.new.call(tag['href'], id: false) if account.nil?
|
|
return if account.nil?
|
|
account.mentions.create(status: status)
|
|
end
|
|
|
|
def process_emoji(tag, _status)
|
|
return if skip_download?
|
|
return if tag['name'].blank? || tag['icon'].blank? || tag['icon']['url'].blank?
|
|
|
|
shortcode = tag['name'].delete(':')
|
|
image_url = tag['icon']['url']
|
|
uri = tag['id']
|
|
updated = tag['updated']
|
|
emoji = CustomEmoji.find_by(shortcode: shortcode, domain: @account.domain)
|
|
|
|
return unless emoji.nil? || emoji.updated_at >= updated
|
|
|
|
emoji ||= CustomEmoji.new(domain: @account.domain, shortcode: shortcode, uri: uri)
|
|
emoji.image_remote_url = image_url
|
|
emoji.save
|
|
end
|
|
|
|
def process_attachments
|
|
return if @object['attachment'].nil?
|
|
|
|
media_attachments = []
|
|
|
|
as_array(@object['attachment']).each do |attachment|
|
|
next if unsupported_media_type?(attachment['mediaType']) || attachment['url'].blank?
|
|
|
|
href = Addressable::URI.parse(attachment['url']).normalize.to_s
|
|
media_attachment = MediaAttachment.create(account: @account, remote_url: href, description: attachment['name'].presence)
|
|
media_attachments << media_attachment
|
|
|
|
next if skip_download?
|
|
|
|
media_attachment.file_remote_url = href
|
|
media_attachment.save
|
|
end
|
|
|
|
media_attachments
|
|
rescue Addressable::URI::InvalidURIError => e
|
|
Rails.logger.debug e
|
|
|
|
media_attachments
|
|
end
|
|
|
|
def attach_media(status, media_attachments)
|
|
return if media_attachments.blank?
|
|
|
|
media = MediaAttachment.where(status_id: nil, id: media_attachments.take(4).map(&:id))
|
|
media.update(status_id: status.id)
|
|
end
|
|
|
|
def resolve_thread(status)
|
|
return unless status.reply? && status.thread.nil?
|
|
ThreadResolveWorker.perform_async(status.id, in_reply_to_uri)
|
|
end
|
|
|
|
def conversation_from_uri(uri)
|
|
return nil if uri.nil?
|
|
return Conversation.find_by(id: OStatus::TagManager.instance.unique_tag_to_local_id(uri, 'Conversation')) if OStatus::TagManager.instance.local_id?(uri)
|
|
Conversation.find_by(uri: uri) || Conversation.create(uri: uri)
|
|
end
|
|
|
|
def visibility_from_audience
|
|
if equals_or_includes?(@object['to'], ActivityPub::TagManager::COLLECTIONS[:public])
|
|
:public
|
|
elsif equals_or_includes?(@object['cc'], ActivityPub::TagManager::COLLECTIONS[:public])
|
|
:unlisted
|
|
elsif equals_or_includes?(@object['to'], @account.followers_url)
|
|
:private
|
|
else
|
|
:direct
|
|
end
|
|
end
|
|
|
|
def audience_includes?(account)
|
|
uri = ActivityPub::TagManager.instance.uri_for(account)
|
|
equals_or_includes?(@object['to'], uri) || equals_or_includes?(@object['cc'], uri)
|
|
end
|
|
|
|
def replied_to_status
|
|
return @replied_to_status if defined?(@replied_to_status)
|
|
|
|
if in_reply_to_uri.blank?
|
|
@replied_to_status = nil
|
|
else
|
|
@replied_to_status = status_from_uri(in_reply_to_uri)
|
|
@replied_to_status ||= status_from_uri(@object['inReplyToAtomUri']) if @object['inReplyToAtomUri'].present?
|
|
@replied_to_status
|
|
end
|
|
end
|
|
|
|
def in_reply_to_uri
|
|
value_or_id(@object['inReplyTo'])
|
|
end
|
|
|
|
def text_from_content
|
|
return Formatter.instance.linkify([text_from_name, object_url || @object['id']].join(' ')) if converted_object_type?
|
|
|
|
if @object['content'].present?
|
|
@object['content']
|
|
elsif content_language_map?
|
|
@object['contentMap'].values.first
|
|
end
|
|
end
|
|
|
|
def text_from_name
|
|
if @object['name'].present?
|
|
@object['name']
|
|
elsif name_language_map?
|
|
@object['nameMap'].values.first
|
|
end
|
|
end
|
|
|
|
def detected_language
|
|
if content_language_map?
|
|
@object['contentMap'].keys.first
|
|
elsif name_language_map?
|
|
@object['nameMap'].keys.first
|
|
elsif supported_object_type?
|
|
LanguageDetector.instance.detect(text_from_content, @account)
|
|
end
|
|
end
|
|
|
|
def object_url
|
|
return if @object['url'].blank?
|
|
|
|
url_candidate = url_to_href(@object['url'], 'text/html')
|
|
|
|
if invalid_origin?(url_candidate)
|
|
nil
|
|
else
|
|
url_candidate
|
|
end
|
|
end
|
|
|
|
def content_language_map?
|
|
@object['contentMap'].is_a?(Hash) && !@object['contentMap'].empty?
|
|
end
|
|
|
|
def name_language_map?
|
|
@object['nameMap'].is_a?(Hash) && !@object['nameMap'].empty?
|
|
end
|
|
|
|
def unsupported_object_type?
|
|
@object.is_a?(String) || !(supported_object_type? || converted_object_type?)
|
|
end
|
|
|
|
def unsupported_media_type?(mime_type)
|
|
mime_type.present? && !(MediaAttachment::IMAGE_MIME_TYPES + MediaAttachment::VIDEO_MIME_TYPES).include?(mime_type)
|
|
end
|
|
|
|
def supported_object_type?
|
|
SUPPORTED_TYPES.include?(@object['type'])
|
|
end
|
|
|
|
def converted_object_type?
|
|
CONVERTED_TYPES.include?(@object['type'])
|
|
end
|
|
|
|
def skip_download?
|
|
return @skip_download if defined?(@skip_download)
|
|
@skip_download ||= DomainBlock.find_by(domain: @account.domain)&.reject_media?
|
|
end
|
|
|
|
def invalid_origin?(url)
|
|
return true if unsupported_uri_scheme?(url)
|
|
|
|
needle = Addressable::URI.parse(url).host
|
|
haystack = Addressable::URI.parse(@account.uri).host
|
|
|
|
!haystack.casecmp(needle).zero?
|
|
end
|
|
|
|
def reply_to_local?
|
|
!replied_to_status.nil? && replied_to_status.account.local?
|
|
end
|
|
|
|
def forward_for_reply
|
|
return unless @json['signature'].present? && reply_to_local?
|
|
ActivityPub::RawDistributionWorker.perform_async(Oj.dump(@json), replied_to_status.account_id, [@account.preferred_inbox_url])
|
|
end
|
|
|
|
def lock_options
|
|
{ redis: Redis.current, key: "create:#{@object['id']}" }
|
|
end
|
|
end
|