f5f87ca5d596aa6d63c1edc3d973a70cf6554a3a
[akkoma] / lib / pleroma / web / activity_pub / object_validators / common_validations.ex
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.ActivityPub.ObjectValidators.CommonValidations do
6 import Ecto.Changeset
7
8 alias Pleroma.Activity
9 alias Pleroma.Object
10 alias Pleroma.User
11
12 def validate_any_presence(cng, fields) do
13 non_empty =
14 fields
15 |> Enum.map(fn field -> get_field(cng, field) end)
16 |> Enum.any?(fn
17 [] -> false
18 _ -> true
19 end)
20
21 if non_empty do
22 cng
23 else
24 fields
25 |> Enum.reduce(cng, fn field, cng ->
26 cng
27 |> add_error(field, "none of #{inspect(fields)} present")
28 end)
29 end
30 end
31
32 def validate_actor_presence(cng, options \\ []) do
33 field_name = Keyword.get(options, :field_name, :actor)
34
35 cng
36 |> validate_change(field_name, fn field_name, actor ->
37 case User.get_cached_by_ap_id(actor) do
38 %User{deactivated: true} ->
39 [{field_name, "user is deactivated"}]
40
41 %User{} ->
42 []
43
44 _ ->
45 [{field_name, "can't find user"}]
46 end
47 end)
48 end
49
50 def validate_object_presence(cng, options \\ []) do
51 field_name = Keyword.get(options, :field_name, :object)
52 allowed_types = Keyword.get(options, :allowed_types, false)
53
54 cng
55 |> validate_change(field_name, fn field_name, object_id ->
56 object = Object.get_cached_by_ap_id(object_id) || Activity.get_by_ap_id(object_id)
57
58 cond do
59 !object ->
60 [{field_name, "can't find object"}]
61
62 object && allowed_types && object.data["type"] not in allowed_types ->
63 [{field_name, "object not in allowed types"}]
64
65 true ->
66 []
67 end
68 end)
69 end
70
71 def validate_object_or_user_presence(cng, options \\ []) do
72 field_name = Keyword.get(options, :field_name, :object)
73 options = Keyword.put(options, :field_name, field_name)
74
75 actor_cng =
76 cng
77 |> validate_actor_presence(options)
78
79 object_cng =
80 cng
81 |> validate_object_presence(options)
82
83 if actor_cng.valid?, do: actor_cng, else: object_cng
84 end
85
86 def validate_host_match(cng, fields \\ [:id, :actor]) do
87 if same_domain?(cng, fields) do
88 cng
89 else
90 fields
91 |> Enum.reduce(cng, fn field, cng ->
92 cng
93 |> add_error(field, "hosts of #{inspect(fields)} aren't matching")
94 end)
95 end
96 end
97
98 def validate_fields_match(cng, fields) do
99 if map_unique?(cng, fields) do
100 cng
101 else
102 fields
103 |> Enum.reduce(cng, fn field, cng ->
104 cng
105 |> add_error(field, "Fields #{inspect(fields)} aren't matching")
106 end)
107 end
108 end
109
110 defp map_unique?(cng, fields, func \\ & &1) do
111 Enum.reduce_while(fields, nil, fn field, acc ->
112 value =
113 cng
114 |> get_field(field)
115 |> func.()
116
117 case {value, acc} do
118 {value, nil} -> {:cont, value}
119 {value, value} -> {:cont, value}
120 _ -> {:halt, false}
121 end
122 end)
123 end
124
125 def same_domain?(cng, fields \\ [:actor, :object]) do
126 map_unique?(cng, fields, fn value -> URI.parse(value).host end)
127 end
128
129 # This figures out if a user is able to create, delete or modify something
130 # based on the domain and superuser status
131 def validate_modification_rights(cng) do
132 actor = User.get_cached_by_ap_id(get_field(cng, :actor))
133
134 if User.superuser?(actor) || same_domain?(cng) do
135 cng
136 else
137 cng
138 |> add_error(:actor, "is not allowed to modify object")
139 end
140 end
141 end