pleroma

update_validator.ex (1769B)

# Pleroma: A lightweight social networking server
# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.ActivityPub.ObjectValidators.UpdateValidator do
  use Ecto.Schema
  alias Pleroma.EctoType.ActivityPub.ObjectValidators
  import Ecto.Changeset
  import Pleroma.Web.ActivityPub.ObjectValidators.CommonValidations
  @primary_key false
  embedded_schema do
    quote do
      unquote do
        import Elixir.Pleroma.Web.ActivityPub.ObjectValidators.CommonFields
        message_fields()
      end
    end
    field(:actor, ObjectValidators.ObjectID)
    # In this case, we save the full object in this activity instead of just a
    # reference, so we can always see what was actually changed by this.
    field(:object, :map)
  end
  def cast_data(data) do
    %__MODULE__{}
    |> cast(data, __schema__(:fields))
  end
  defp validate_data(cng) do
    cng
    |> validate_required([:id, :type, :actor, :to, :cc, :object])
    |> validate_inclusion(:type, ["Update"])
    |> validate_actor_presence()
    |> validate_updating_rights()
  end
  def cast_and_validate(data) do
    data
    |> cast_data
    |> validate_data
  end
  # For now we only support updating users, and here the rule is easy:
  # object id == actor id
  def validate_updating_rights(cng) do
    with actor = get_field(cng, :actor),
         object = get_field(cng, :object),
         {:ok, object_id} <- ObjectValidators.ObjectID.cast(object),
         actor_uri <- URI.parse(actor),
         object_uri <- URI.parse(object_id),
         true <- actor_uri.host == object_uri.host do
      cng
    else
      _e ->
        cng
        |> add_error(:object, "Can't be updated by this actor")
    end
  end
end