Merge branch 'backendhack' into 'develop'

[akkoma] / lib / pleroma / web / activity_pub / activity_pub.ex

diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex
index bab272323f47e749c9b098800e775432c7f541f5..e6c2dc9cff4a0d021f4bad5cd1892b27d79760cc 100644 (file)
--- a/lib/pleroma/web/activity_pub/activity_pub.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub.ex
@@ -12,8 +12,33 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
 
   @instance Application.get_env(:pleroma, :instance)
 
-  def get_recipients(data) do
-    (data["to"] || []) ++ (data["cc"] || [])
+  # For Announce activities, we filter the recipients based on following status for any actors
+  # that match actual users.  See issue #164 for more information about why this is necessary.
+  defp get_recipients(%{"type" => "Announce"} = data) do
+    to = data["to"] || []
+    cc = data["cc"] || []
+    recipients = to ++ cc
+    actor = User.get_cached_by_ap_id(data["actor"])
+
+    recipients
+    |> Enum.filter(fn recipient ->
+      case User.get_cached_by_ap_id(recipient) do
+        nil ->
+          true
+
+        user ->
+          User.following?(user, actor)
+      end
+    end)
+
+    {recipients, to, cc}
+  end
+
+  defp get_recipients(data) do
+    to = data["to"] || []
+    cc = data["cc"] || []
+    recipients = to ++ cc
+    {recipients, to, cc}
   end
 
   defp check_actor_is_active(actor) do
@@ -35,12 +60,14 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
          :ok <- check_actor_is_active(map["actor"]),
          {:ok, map} <- MRF.filter(map),
          :ok <- insert_full_object(map) do
+      {recipients, _, _} = get_recipients(map)
+
       {:ok, activity} =
         Repo.insert(%Activity{
           data: map,
           local: local,
           actor: map["actor"],
-          recipients: get_recipients(map)
+          recipients: recipients
         })
 
       Notification.create_notifications(activity)
@@ -381,6 +408,20 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
 
   defp restrict_tag(query, _), do: query
 
+  defp restrict_to_cc(query, recipients_to, recipients_cc) do
+    from(
+      activity in query,
+      where:
+        fragment(
+          "(?->'to' \\?| ?) or (?->'cc' \\?| ?)",
+          activity.data,
+          ^recipients_to,
+          activity.data,
+          ^recipients_cc
+        )
+    )
+  end
+
   defp restrict_recipients(query, [], _user), do: query
 
   defp restrict_recipients(query, recipients, nil) do
@@ -522,6 +563,13 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
     |> Enum.reverse()
   end
 
+  def fetch_activities_bounded(recipients_to, recipients_cc, opts \\ %{}) do
+    fetch_activities_query([], opts)
+    |> restrict_to_cc(recipients_to, recipients_cc)
+    |> Repo.all()
+    |> Enum.reverse()
+  end
+
   def upload(file) do
     data = Upload.store(file, Application.get_env(:pleroma, :instance)[:dedupe_media])
     Repo.insert(%Object{data: data})
@@ -562,7 +610,11 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
     # nickname can be nil because of virtual actors
     user_data =
       if data["preferredUsername"] do
-        Map.put(user_data, :nickname, "#{data["preferredUsername"]}@#{URI.parse(data["id"]).host}")
+        Map.put(
+          user_data,
+          :nickname,
+          "#{data["preferredUsername"]}@#{URI.parse(data["id"]).host}"
+        )
       else
         Map.put(user_data, :nickname, nil)
       end
@@ -572,7 +624,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
 
   def fetch_and_prepare_user_from_ap_id(ap_id) do
     with {:ok, %{status_code: 200, body: body}} <-
-           @httpoison.get(ap_id, Accept: "application/activity+json"),
+           @httpoison.get(ap_id, [Accept: "application/activity+json"], follow_redirect: true),
          {:ok, data} <- Jason.decode(body) do
       user_data_from_user_object(data)
     else