git.squeep.com Git - akkoma/blob - lib/pleroma/web/activity_pub/object_validators/delete_validator.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.ActivityPub.ObjectValidators.DeleteValidator do
   6   use Ecto.Schema
   7
   8   alias Pleroma.Web.ActivityPub.ObjectValidators.Types
   9
  10   import Ecto.Changeset
  11   import Pleroma.Web.ActivityPub.ObjectValidators.CommonValidations
  12
  13   @primary_key false
  14
  15   embedded_schema do
  16     field(:id, Types.ObjectID, primary_key: true)
  17     field(:type, :string)
  18     field(:actor, Types.ObjectID)
  19     field(:to, Types.Recipients, default: [])
  20     field(:cc, Types.Recipients, default: [])
  21     field(:object, Types.ObjectID)
  22   end
  23
  24   def cast_data(data) do
  25     %__MODULE__{}
  26     |> cast(data, __schema__(:fields))
  27   end
  28
  29   def validate_data(cng) do
  30     cng
  31     |> validate_required([:id, :type, :actor, :to, :cc, :object])
  32     |> validate_inclusion(:type, ["Delete"])
  33     |> validate_same_domain()
  34     |> validate_object_presence()
  35     |> validate_recipients_presence()
  36   end
  37
  38   def validate_same_domain(cng) do
  39     actor_domain =
  40       cng
  41       |> get_field(:actor)
  42       |> URI.parse()
  43       |> (& &1.host).()
  44
  45     object_domain =
  46       cng
  47       |> get_field(:object)
  48       |> URI.parse()
  49       |> (& &1.host).()
  50
  51     if object_domain != actor_domain do
  52       cng
  53       |> add_error(:actor, "is not allowed to delete object")
  54     else
  55       cng
  56     end
  57   end
  58
  59   def cast_and_validate(data) do
  60     data
  61     |> cast_data
  62     |> validate_data
  63   end
  64 end