Dont allow bots to vote. Fixes #3940 (#4100)

* Dont allow bots to vote. Fixes #3940

* Removing pointless function.
move_env_vars_to_utils
Dessalines 2023-10-25 10:14:12 -04:00 committed by GitHub
parent 568233b062
commit 64b00ee850
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 24 additions and 3 deletions

View File

@ -5,7 +5,7 @@ use lemmy_api_common::{
comment::{CommentResponse, CreateCommentLike},
context::LemmyContext,
send_activity::{ActivityChannel, SendActivityData},
utils::{check_community_user_action, check_downvotes_enabled},
utils::{check_bot_account, check_community_user_action, check_downvotes_enabled},
};
use lemmy_db_schema::{
newtypes::LocalUserId,
@ -32,6 +32,7 @@ pub async fn like_comment(
// Don't do a downvote if site has downvotes disabled
check_downvotes_enabled(data.score, &local_site)?;
check_bot_account(&local_user_view.person)?;
let comment_id = data.comment_id;
let orig_comment = CommentView::read(&mut context.pool(), comment_id, None).await?;

View File

@ -5,7 +5,12 @@ use lemmy_api_common::{
context::LemmyContext,
post::{CreatePostLike, PostResponse},
send_activity::{ActivityChannel, SendActivityData},
utils::{check_community_user_action, check_downvotes_enabled, mark_post_as_read},
utils::{
check_bot_account,
check_community_user_action,
check_downvotes_enabled,
mark_post_as_read,
},
};
use lemmy_db_schema::{
source::{
@ -29,6 +34,7 @@ pub async fn like_post(
// Don't do a downvote if site has downvotes disabled
check_downvotes_enabled(data.score, &local_site)?;
check_bot_account(&local_user_view.person)?;
// Check for a community ban
let post_id = data.post_id;

View File

@ -247,6 +247,16 @@ pub fn check_downvotes_enabled(score: i16, local_site: &LocalSite) -> Result<(),
}
}
/// Dont allow bots to do certain actions, like voting
#[tracing::instrument(skip_all)]
pub fn check_bot_account(person: &Person) -> Result<(), LemmyError> {
if person.bot_account {
Err(LemmyErrorType::InvalidBotAction)?
} else {
Ok(())
}
}
#[tracing::instrument(skip_all)]
pub fn check_private_instance(
local_user_view: &Option<LocalUserView>,

View File

@ -18,7 +18,7 @@ use activitypub_federation::{
traits::{ActivityHandler, Actor},
};
use anyhow::anyhow;
use lemmy_api_common::context::LemmyContext;
use lemmy_api_common::{context::LemmyContext, utils::check_bot_account};
use lemmy_db_schema::source::local_site::LocalSite;
use lemmy_utils::error::LemmyError;
use url::Url;
@ -74,6 +74,9 @@ impl ActivityHandler for Vote {
async fn receive(self, context: &Data<LemmyContext>) -> Result<(), LemmyError> {
let actor = self.actor.dereference(context).await?;
let object = self.object.dereference(context).await?;
check_bot_account(&actor.0)?;
match object {
PostOrComment::Post(p) => vote_post(&self.kind, actor, &p, context).await,
PostOrComment::Comment(c) => vote_comment(&self.kind, actor, &c, context).await,

View File

@ -226,6 +226,7 @@ pub enum LemmyErrorType {
CommunityHasNoFollowers,
BanExpirationInPast,
InvalidUnixTime,
InvalidBotAction,
Unknown(String),
}