logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://anongit.hacktivis.me/git/pleroma.git/

update_validator.ex (2615B)

    

  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  5. defmodule Pleroma.Web.ActivityPub.ObjectValidators.UpdateValidator do
  6.   use Ecto.Schema
  8.   alias Pleroma.EctoType.ActivityPub.ObjectValidators
  9.   alias Pleroma.Object
  10.   alias Pleroma.User
  12.   import Ecto.Changeset
  13.   import Pleroma.Web.ActivityPub.ObjectValidators.CommonValidations
  15.   @primary_key false
  17.   embedded_schema do
  18.     quote do
  19.       unquote do
  20.         import Elixir.Pleroma.Web.ActivityPub.ObjectValidators.CommonFields
  21.         message_fields()
  22.       end
  23.     end
  25.     field(:actor, ObjectValidators.ObjectID)
  26.     # In this case, we save the full object in this activity instead of just a
  27.     # reference, so we can always see what was actually changed by this.
  28.     field(:object, :map)
  29.   end
  31.   def cast_data(data) do
  32.     %__MODULE__{}
  33.     |> cast(data, __schema__(:fields))
  34.   end
  36.   defp validate_data(cng, meta) do
  37.     cng
  38.     |> validate_required([:id, :type, :actor, :to, :cc, :object])
  39.     |> validate_inclusion(:type, ["Update"])
  40.     |> validate_actor_presence()
  41.     |> validate_updating_rights(meta)
  42.   end
  44.   def cast_and_validate(data, meta \\ []) do
  45.     data
  46.     |> cast_data
  47.     |> validate_data(meta)
  48.   end
  50.   def validate_updating_rights(cng, meta) do
  51.     if meta[:local] do
  52.       validate_updating_rights_local(cng)
  53.     else
  54.       validate_updating_rights_remote(cng)
  55.     end
  56.   end
  58.   # For local Updates, verify the actor can edit the object
  59.   def validate_updating_rights_local(cng) do
  60.     actor = get_field(cng, :actor)
  61.     updated_object = get_field(cng, :object)
  63.     if {:ok, actor} == ObjectValidators.ObjectID.cast(updated_object) do
  64.       cng
  65.     else
  66.       with %User{} = user <- User.get_cached_by_ap_id(actor),
  67.            {_, %Object{} = orig_object} <- {:object, Object.normalize(updated_object)},
  68.            :ok <- Object.authorize_access(orig_object, user) do
  69.         cng
  70.       else
  71.         _e ->
  72.           cng
  73.           |> add_error(:object, "Can't be updated by this actor")
  74.       end
  75.     end
  76.   end
  78.   # For remote Updates, verify the host is the same.
  79.   def validate_updating_rights_remote(cng) do
  80.     with actor = get_field(cng, :actor),
  81.          object = get_field(cng, :object),
  82.          {:ok, object_id} <- ObjectValidators.ObjectID.cast(object),
  83.          actor_uri <- URI.parse(actor),
  84.          object_uri <- URI.parse(object_id),
  85.          true <- actor_uri.host == object_uri.host do
  86.       cng
  87.     else
  88.       _e ->
  89.         cng
  90.         |> add_error(:object, "Can't be updated by this actor")
  91.     end
  92.   end
  93. end