1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 # Code based on CreateChatMessageValidator
7 # - doesn't embed, will only get the object id
8 defmodule Pleroma.Web.ActivityPub.ObjectValidators.CreateGenericValidator do
11 alias Pleroma.EctoType.ActivityPub.ObjectValidators
14 alias Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes
15 alias Pleroma.Web.ActivityPub.ObjectValidators.CommonValidations
24 import Elixir.Pleroma.Web.ActivityPub.ObjectValidators.CommonFields
30 field(:expires_at, ObjectValidators.DateTime)
32 # Should be moved to object, done for CommonAPI.Utils.make_context
33 field(:context, :string)
36 def cast_data(data, meta \\ []) do
37 data = fix(data, meta)
43 def cast_and_apply(data) do
46 |> apply_action(:insert)
49 def cast_and_validate(data, meta \\ []) do
52 |> validate_data(meta)
55 def changeset(struct, data) do
57 |> cast(data, __schema__(:fields))
60 # CommonFixes.fix_activity_addressing adapted for Create specific behavior
61 defp fix_addressing(data, object) do
62 %User{follower_address: follower_collection} = User.get_cached_by_ap_id(data["actor"])
65 |> CommonFixes.cast_and_filter_recipients("to", follower_collection, object["to"])
66 |> CommonFixes.cast_and_filter_recipients("cc", follower_collection, object["cc"])
67 |> CommonFixes.cast_and_filter_recipients("bto", follower_collection, object["bto"])
68 |> CommonFixes.cast_and_filter_recipients("bcc", follower_collection, object["bcc"])
69 |> CommonFixes.fix_implicit_addressing(follower_collection)
72 def fix(data, meta) do
73 object = meta[:object_data]
76 |> CommonFixes.fix_actor()
77 |> Map.put_new("context", object["context"])
78 |> fix_addressing(object)
81 defp validate_data(cng, meta) do
82 object = meta[:object_data]
85 |> validate_required([:actor, :type, :object, :to, :cc])
86 |> validate_inclusion(:type, ["Create"])
87 |> CommonValidations.validate_actor_presence()
88 |> validate_actors_match(object)
89 |> validate_context_match(object)
90 |> validate_addressing_match(object)
91 |> validate_object_nonexistence()
92 |> validate_object_containment()
95 def validate_object_containment(cng) do
96 actor = get_field(cng, :actor)
99 |> validate_change(:object, fn :object, object_id ->
100 %URI{host: object_id_host} = URI.parse(object_id)
101 %URI{host: actor_host} = URI.parse(actor)
103 if object_id_host == actor_host do
106 [{:object, "The host of the object id doesn't match with the host of the actor"}]
111 def validate_object_nonexistence(cng) do
113 |> validate_change(:object, fn :object, object_id ->
114 if Object.get_cached_by_ap_id(object_id) do
115 [{:object, "The object to create already exists"}]
122 def validate_actors_match(cng, object) do
123 attributed_to = object["attributedTo"] || object["actor"]
126 |> validate_change(:actor, fn :actor, actor ->
127 if actor == attributed_to do
130 [{:actor, "Actor doesn't match with object attributedTo"}]
135 def validate_context_match(cng, %{"context" => object_context}) do
137 |> validate_change(:context, fn :context, context ->
138 if context == object_context do
141 [{:context, "context field not matching between Create and object (#{object_context})"}]
146 def validate_addressing_match(cng, object) do
147 [:to, :cc, :bcc, :bto]
148 |> Enum.reduce(cng, fn field, cng ->
149 object_data = object[to_string(field)]
151 validate_change(cng, field, fn field, data ->
152 if data == object_data do
155 [{field, "field doesn't match with object (#{inspect(object_data)})"}]