git.squeep.com Git - akkoma/blob - lib/pleroma/web/activity_pub/object_validators/create_generic_validator.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 # Code based on CreateChatMessageValidator
   6 # NOTES
   7 # - doesn't embed, will only get the object id
   8 defmodule Pleroma.Web.ActivityPub.ObjectValidators.CreateGenericValidator do
   9   use Ecto.Schema
  10
  11   alias Pleroma.EctoType.ActivityPub.ObjectValidators
  12   alias Pleroma.Object
  13   alias Pleroma.User
  14   alias Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes
  15   alias Pleroma.Web.ActivityPub.ObjectValidators.CommonValidations
  16
  17   import Ecto.Changeset
  18
  19   @primary_key false
  20
  21   embedded_schema do
  22     quote do
  23       unquote do
  24         import Elixir.Pleroma.Web.ActivityPub.ObjectValidators.CommonFields
  25         message_fields()
  26         activity_fields()
  27       end
  28     end
  29
  30     field(:expires_at, ObjectValidators.DateTime)
  31
  32     # Should be moved to object, done for CommonAPI.Utils.make_context
  33     field(:context, :string)
  34   end
  35
  36   def cast_data(data, meta \\ []) do
  37     data = fix(data, meta)
  38
  39     %__MODULE__{}
  40     |> changeset(data)
  41   end
  42
  43   def cast_and_apply(data) do
  44     data
  45     |> cast_data
  46     |> apply_action(:insert)
  47   end
  48
  49   def cast_and_validate(data, meta \\ []) do
  50     data
  51     |> cast_data(meta)
  52     |> validate_data(meta)
  53   end
  54
  55   def changeset(struct, data) do
  56     struct
  57     |> cast(data, __schema__(:fields))
  58   end
  59
  60   # CommonFixes.fix_activity_addressing adapted for Create specific behavior
  61   defp fix_addressing(data, object) do
  62     %User{follower_address: follower_collection} = User.get_cached_by_ap_id(data["actor"])
  63
  64     data
  65     |> CommonFixes.cast_and_filter_recipients("to", follower_collection, object["to"])
  66     |> CommonFixes.cast_and_filter_recipients("cc", follower_collection, object["cc"])
  67     |> CommonFixes.cast_and_filter_recipients("bto", follower_collection, object["bto"])
  68     |> CommonFixes.cast_and_filter_recipients("bcc", follower_collection, object["bcc"])
  69     |> CommonFixes.fix_implicit_addressing(follower_collection)
  70   end
  71
  72   def fix(data, meta) do
  73     object = meta[:object_data]
  74
  75     data
  76     |> CommonFixes.fix_actor()
  77     |> Map.put_new("context", object["context"])
  78     |> fix_addressing(object)
  79   end
  80
  81   defp validate_data(cng, meta) do
  82     object = meta[:object_data]
  83
  84     cng
  85     |> validate_required([:actor, :type, :object, :to, :cc])
  86     |> validate_inclusion(:type, ["Create"])
  87     |> CommonValidations.validate_actor_presence()
  88     |> validate_actors_match(object)
  89     |> validate_context_match(object)
  90     |> validate_addressing_match(object)
  91     |> validate_object_nonexistence()
  92     |> validate_object_containment()
  93   end
  94
  95   def validate_object_containment(cng) do
  96     actor = get_field(cng, :actor)
  97
  98     cng
  99     |> validate_change(:object, fn :object, object_id ->
 100       %URI{host: object_id_host} = URI.parse(object_id)
 101       %URI{host: actor_host} = URI.parse(actor)
 102
 103       if object_id_host == actor_host do
 104         []
 105       else
 106         [{:object, "The host of the object id doesn't match with the host of the actor"}]
 107       end
 108     end)
 109   end
 110
 111   def validate_object_nonexistence(cng) do
 112     cng
 113     |> validate_change(:object, fn :object, object_id ->
 114       if Object.get_cached_by_ap_id(object_id) do
 115         [{:object, "The object to create already exists"}]
 116       else
 117         []
 118       end
 119     end)
 120   end
 121
 122   def validate_actors_match(cng, object) do
 123     attributed_to = object["attributedTo"] || object["actor"]
 124
 125     cng
 126     |> validate_change(:actor, fn :actor, actor ->
 127       if actor == attributed_to do
 128         []
 129       else
 130         [{:actor, "Actor doesn't match with object attributedTo"}]
 131       end
 132     end)
 133   end
 134
 135   def validate_context_match(cng, %{"context" => object_context}) do
 136     cng
 137     |> validate_change(:context, fn :context, context ->
 138       if context == object_context do
 139         []
 140       else
 141         [{:context, "context field not matching between Create and object (#{object_context})"}]
 142       end
 143     end)
 144   end
 145
 146   def validate_addressing_match(cng, object) do
 147     [:to, :cc, :bcc, :bto]
 148     |> Enum.reduce(cng, fn field, cng ->
 149       object_data = object[to_string(field)]
 150
 151       validate_change(cng, field, fn field, data ->
 152         if data == object_data do
 153           []
 154         else
 155           [{field, "field doesn't match with object (#{inspect(object_data)})"}]
 156         end
 157       end)
 158     end)
 159   end
 160 end