activitypub: transmogrifier: allow profile updates from bots

[akkoma] / lib / pleroma / web / activity_pub / transmogrifier.ex
diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex

index 9d7c64743a7b43571892b228700aa070115735c3..48c3aec970cbbfc2a8049ee67513a590123aa334 100644 (file)
--- a/lib/pleroma/web/activity_pub/transmogrifier.ex
+++ b/lib/pleroma/web/activity_pub/transmogrifier.ex
@@ -13,18 +13,87 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
  
    require Logger
  
+  def get_actor(%{"actor" => actor}) when is_binary(actor) do
+    actor
+  end
+
+  def get_actor(%{"actor" => actor}) when is_list(actor) do
+    if is_binary(Enum.at(actor, 0)) do
+      Enum.at(actor, 0)
+    else
+      Enum.find(actor, fn %{"type" => type} -> type == "Person" end)
+      |> Map.get("id")
+    end
+  end
+
+  def get_actor(%{"actor" => actor}) when is_map(actor) do
+    actor["id"]
+  end
+
+  @doc """
+  Checks that an imported AP object's actor matches the domain it came from.
+  """
+  def contain_origin(id, %{"actor" => actor} = params) do
+    id_uri = URI.parse(id)
+    actor_uri = URI.parse(get_actor(params))
+
+    if id_uri.host == actor_uri.host do
+      :ok
+    else
+      :error
+    end
+  end
+
    @doc """
    Modifies an incoming AP object (mastodon format) to our internal format.
    """
    def fix_object(object) do
      object
-    |> Map.put("actor", object["attributedTo"])
+    |> fix_actor
      |> fix_attachments
      |> fix_context
      |> fix_in_reply_to
      |> fix_emoji
      |> fix_tag
      |> fix_content_map
+    |> fix_likes
+    |> fix_addressing
+  end
+
+  def fix_addressing_list(map, field) do
+    if is_binary(map[field]) do
+      map
+      |> Map.put(field, [map[field]])
+    else
+      map
+    end
+  end
+
+  def fix_addressing(map) do
+    map
+    |> fix_addressing_list("to")
+    |> fix_addressing_list("cc")
+    |> fix_addressing_list("bto")
+    |> fix_addressing_list("bcc")
+  end
+
+  def fix_actor(%{"attributedTo" => actor} = object) do
+    object
+    |> Map.put("actor", get_actor(%{"actor" => actor}))
+  end
+
+  def fix_likes(%{"likes" => likes} = object)
+      when is_bitstring(likes) do
+    # Check for standardisation
+    # This is what Peertube does
+    # curl -H 'Accept: application/activity+json' $likes | jq .totalItems
+    object
+    |> Map.put("likes", [])
+    |> Map.put("like_count", 0)
+  end
+
+  def fix_likes(object) do
+    object
    end
  
    def fix_in_reply_to(%{"inReplyTo" => in_reply_to_id} = object)
@@ -54,8 +123,11 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
    def fix_in_reply_to(object), do: object
  
    def fix_context(object) do
+    context = object["context"] || object["conversation"] || Utils.generate_context_id()
+
      object
-    |> Map.put("context", object["conversation"])
+    |> Map.put("context", context)
+    |> Map.put("conversation", context)
    end
  
    def fix_attachments(object) do
@@ -119,10 +191,23 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
  
    def fix_content_map(object), do: object
  
+  # disallow objects with bogus IDs
+  def handle_incoming(%{"id" => nil}), do: :error
+  def handle_incoming(%{"id" => ""}), do: :error
+  # length of https:// = 8, should validate better, but good enough for now.
+  def handle_incoming(%{"id" => id}) when not (is_binary(id) and length(id) > 8), do: :error
+
    # TODO: validate those with a Ecto scheme
    # - tags
    # - emoji
-  def handle_incoming(%{"type" => "Create", "object" => %{"type" => "Note"} = object} = data) do
+  def handle_incoming(%{"type" => "Create", "object" => %{"type" => objtype} = object} = data)
+      when objtype in ["Article", "Note", "Video"] do
+    actor = get_actor(data)
+
+    data =
+      Map.put(data, "actor", actor)
+      |> fix_addressing
+
      with nil <- Activity.get_create_activity_by_object_ap_id(object["id"]),
           %User{} = user <- User.get_or_fetch_by_ap_id(data["actor"]) do
        object = fix_object(data["object"])
@@ -270,9 +355,10 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
    end
  
    def handle_incoming(
-        %{"type" => "Update", "object" => %{"type" => "Person"} = object, "actor" => actor_id} =
+        %{"type" => "Update", "object" => %{"type" => object_type} = object, "actor" => actor_id} =
            data
-      ) do
+      )
+      when object_type in ["Person", "Application", "Service", "Organization"] do
      with %User{ap_id: ^actor_id} = actor <- User.get_by_ap_id(object["id"]) do
        {:ok, new_user_data} = ActivityPub.user_data_from_user_object(object)