commit: 81293e5aadd5f1dfe7f90f6a71f625ef86cf3359
parent af3f00292c6cb37580a6bf93d7e779316bc44c6a
Author: lain <lain@soykaf.club>
Date: Tue, 17 Nov 2020 13:11:39 +0100
ActivityPubController: Don't return local only objects
Diffstat:
2 files changed, 41 insertions(+), 2 deletions(-)
diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
@@ -82,7 +82,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
def object(conn, _) do
with ap_id <- Endpoint.url() <> conn.request_path,
%Object{} = object <- Object.get_cached_by_ap_id(ap_id),
- {_, true} <- {:public?, Visibility.is_public?(object)} do
+ {_, true} <- {:public?, Visibility.is_public?(object)},
+ {_, false} <- {:local?, Visibility.is_local_public?(object)} do
conn
|> assign(:tracking_fun_data, object.id)
|> set_cache_ttl_for(object)
@@ -92,6 +93,9 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
else
{:public?, false} ->
{:error, :not_found}
+
+ {:local?, true} ->
+ {:error, :not_found}
end
end
@@ -108,7 +112,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
def activity(conn, _params) do
with ap_id <- Endpoint.url() <> conn.request_path,
%Activity{} = activity <- Activity.normalize(ap_id),
- {_, true} <- {:public?, Visibility.is_public?(activity)} do
+ {_, true} <- {:public?, Visibility.is_public?(activity)},
+ {_, false} <- {:local?, Visibility.is_local_public?(activity)} do
conn
|> maybe_set_tracking_data(activity)
|> set_cache_ttl_for(activity)
@@ -117,6 +122,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
|> render("object.json", object: activity)
else
{:public?, false} -> {:error, :not_found}
+ {:local?, true} -> {:error, :not_found}
nil -> {:error, :not_found}
end
end
diff --git a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs
@@ -213,6 +213,23 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
end
describe "/objects/:uuid" do
+ test "it doesn't return a local-only object", %{conn: conn} do
+ user = insert(:user)
+ {:ok, post} = CommonAPI.post(user, %{status: "test", visibility: "local"})
+
+ assert Pleroma.Web.ActivityPub.Visibility.is_local_public?(post)
+
+ object = Object.normalize(post, false)
+ uuid = String.split(object.data["id"], "/") |> List.last()
+
+ conn =
+ conn
+ |> put_req_header("accept", "application/json")
+ |> get("/objects/#{uuid}")
+
+ assert json_response(conn, 404)
+ end
+
test "it returns a json representation of the object with accept application/json", %{
conn: conn
} do
@@ -326,6 +343,22 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
end
describe "/activities/:uuid" do
+ test "it doesn't return a local-only activity", %{conn: conn} do
+ user = insert(:user)
+ {:ok, post} = CommonAPI.post(user, %{status: "test", visibility: "local"})
+
+ assert Pleroma.Web.ActivityPub.Visibility.is_local_public?(post)
+
+ uuid = String.split(post.data["id"], "/") |> List.last()
+
+ conn =
+ conn
+ |> put_req_header("accept", "application/json")
+ |> get("/activities/#{uuid}")
+
+ assert json_response(conn, 404)
+ end
+
test "it returns a json representation of the activity", %{conn: conn} do
activity = insert(:note_activity)
uuid = String.split(activity.data["id"], "/") |> List.last()
