From c6378fe0c5babea9b71bde543dfaf93814acfe9a Mon Sep 17 00:00:00 2001
From: Felix Ableitner <me@nutomic.com>
Date: Thu, 11 Apr 2024 11:05:32 +0200
Subject: [PATCH] use verify_is_remote_object()

---
 crates/apub/src/objects/comment.rs         | 5 -----
 crates/apub/src/objects/community.rs       | 5 -----
 crates/apub/src/objects/instance.rs        | 6 ++----
 crates/apub/src/objects/person.rs          | 6 ++----
 crates/apub/src/objects/post.rs            | 5 -----
 crates/apub/src/objects/private_message.rs | 7 ++-----
 crates/apub/src/protocol/objects/group.rs  | 6 ++++--
 7 files changed, 10 insertions(+), 30 deletions(-)

diff --git a/crates/apub/src/objects/comment.rs b/crates/apub/src/objects/comment.rs
index 291390bc7..c07cbcdf9 100644
--- a/crates/apub/src/objects/comment.rs
+++ b/crates/apub/src/objects/comment.rs
@@ -158,11 +158,6 @@ impl Object for ApubComment {
   /// If the parent community, post and comment(s) are not known locally, these are also fetched.
   #[tracing::instrument(skip_all)]
   async fn from_json(note: Note, context: &Data<LemmyContext>) -> Result<ApubComment, LemmyError> {
-    // Avoid overwriting local object
-    if note.id.is_local(context) {
-      return note.id.dereference_local(context).await;
-    }
-
     let creator = note.attributed_to.dereference(context).await?;
     let (post, parent_comment) = note.get_parents(context).await?;
 
diff --git a/crates/apub/src/objects/community.rs b/crates/apub/src/objects/community.rs
index 07cd321aa..7630d80b2 100644
--- a/crates/apub/src/objects/community.rs
+++ b/crates/apub/src/objects/community.rs
@@ -138,11 +138,6 @@ impl Object for ApubCommunity {
     group: Group,
     context: &Data<Self::DataType>,
   ) -> Result<ApubCommunity, LemmyError> {
-    // Avoid overwriting local object
-    if group.id.is_local(context) {
-      return group.id.dereference_local(context).await;
-    }
-
     let instance_id = fetch_instance_actor_for_object(&group.id, context).await?;
 
     let local_site = LocalSite::read(&mut context.pool()).await.ok();
diff --git a/crates/apub/src/objects/instance.rs b/crates/apub/src/objects/instance.rs
index 13aee45d7..057db5e12 100644
--- a/crates/apub/src/objects/instance.rs
+++ b/crates/apub/src/objects/instance.rs
@@ -1,3 +1,4 @@
+use super::verify_is_remote_object;
 use crate::{
   activities::GetActorType,
   check_apub_id_valid_with_strictness,
@@ -127,6 +128,7 @@ impl Object for ApubSite {
   ) -> Result<(), LemmyError> {
     check_apub_id_valid_with_strictness(apub.id.inner(), true, data).await?;
     verify_domains_match(expected_domain, apub.id.inner())?;
+    verify_is_remote_object(&apub.id, data)?;
 
     let local_site_data = local_site_data_cached(&mut data.pool()).await?;
     let slur_regex = &local_site_opt_to_slur_regex(&local_site_data.local_site);
@@ -138,10 +140,6 @@ impl Object for ApubSite {
 
   #[tracing::instrument(skip_all)]
   async fn from_json(apub: Self::Kind, context: &Data<Self::DataType>) -> Result<Self, LemmyError> {
-    // Avoid overwriting local object
-    if apub.id.is_local(context) {
-      return apub.id.dereference_local(context).await;
-    }
     let domain = apub.id.inner().domain().expect("group id has domain");
     let instance = DbInstance::read_or_create(&mut context.pool(), domain.to_string()).await?;
 
diff --git a/crates/apub/src/objects/person.rs b/crates/apub/src/objects/person.rs
index 598ec4485..dcc87adcc 100644
--- a/crates/apub/src/objects/person.rs
+++ b/crates/apub/src/objects/person.rs
@@ -1,3 +1,4 @@
+use super::verify_is_remote_object;
 use crate::{
   activities::GetActorType,
   check_apub_id_valid_with_strictness,
@@ -137,6 +138,7 @@ impl Object for ApubPerson {
     check_slurs_opt(&person.name, slur_regex)?;
 
     verify_domains_match(person.id.inner(), expected_domain)?;
+    verify_is_remote_object(&person.id, context)?;
     check_apub_id_valid_with_strictness(person.id.inner(), false, context).await?;
 
     let bio = read_from_string_or_source_opt(&person.summary, &None, &person.source);
@@ -149,10 +151,6 @@ impl Object for ApubPerson {
     person: Person,
     context: &Data<Self::DataType>,
   ) -> Result<ApubPerson, LemmyError> {
-    // Avoid overwriting local object
-    if person.id.is_local(context) {
-      return person.id.dereference_local(context).await;
-    }
     let instance_id = fetch_instance_actor_for_object(&person.id, context).await?;
 
     let local_site = LocalSite::read(&mut context.pool()).await.ok();
diff --git a/crates/apub/src/objects/post.rs b/crates/apub/src/objects/post.rs
index f50100a21..5b70fe863 100644
--- a/crates/apub/src/objects/post.rs
+++ b/crates/apub/src/objects/post.rs
@@ -182,11 +182,6 @@ impl Object for ApubPost {
 
   #[tracing::instrument(skip_all)]
   async fn from_json(page: Page, context: &Data<Self::DataType>) -> Result<ApubPost, LemmyError> {
-    // Avoid overwriting local object
-    if page.id.is_local(context) {
-      return page.id.dereference_local(context).await;
-    }
-
     let creator = page.creator()?.dereference(context).await?;
     let community = page.community(context).await?;
     if community.posting_restricted_to_mods {
diff --git a/crates/apub/src/objects/private_message.rs b/crates/apub/src/objects/private_message.rs
index 3d807ea3b..e32721f52 100644
--- a/crates/apub/src/objects/private_message.rs
+++ b/crates/apub/src/objects/private_message.rs
@@ -1,3 +1,4 @@
+use super::verify_is_remote_object;
 use crate::{
   check_apub_id_valid_with_strictness,
   objects::read_from_string_or_source,
@@ -104,6 +105,7 @@ impl Object for ApubPrivateMessage {
   ) -> Result<(), LemmyError> {
     verify_domains_match(note.id.inner(), expected_domain)?;
     verify_domains_match(note.attributed_to.inner(), note.id.inner())?;
+    verify_is_remote_object(&note.id, context)?;
 
     check_apub_id_valid_with_strictness(note.id.inner(), false, context).await?;
     let person = note.attributed_to.dereference(context).await?;
@@ -121,11 +123,6 @@ impl Object for ApubPrivateMessage {
     note: ChatMessage,
     context: &Data<Self::DataType>,
   ) -> Result<ApubPrivateMessage, LemmyError> {
-    // Avoid overwriting local object
-    if note.id.is_local(context) {
-      return note.id.dereference_local(context).await;
-    }
-
     let creator = note.attributed_to.dereference(context).await?;
     let recipient = note.to[0].dereference(context).await?;
     check_person_block(creator.id, recipient.id, &mut context.pool()).await?;
diff --git a/crates/apub/src/protocol/objects/group.rs b/crates/apub/src/protocol/objects/group.rs
index 2a625a5a7..93e345f23 100644
--- a/crates/apub/src/protocol/objects/group.rs
+++ b/crates/apub/src/protocol/objects/group.rs
@@ -7,7 +7,7 @@ use crate::{
     community_outbox::ApubCommunityOutbox,
   },
   local_site_data_cached,
-  objects::{community::ApubCommunity, read_from_string_or_source_opt},
+  objects::{community::ApubCommunity, read_from_string_or_source_opt, verify_is_remote_object},
   protocol::{
     objects::{Endpoints, LanguageTag},
     ImageObject,
@@ -15,6 +15,7 @@ use crate::{
   },
 };
 use activitypub_federation::{
+  config::Data,
   fetch::{collection_id::CollectionId, object_id::ObjectId},
   kinds::actor::GroupType,
   protocol::{
@@ -75,10 +76,11 @@ impl Group {
   pub(crate) async fn verify(
     &self,
     expected_domain: &Url,
-    context: &LemmyContext,
+    context: &Data<LemmyContext>,
   ) -> Result<(), LemmyError> {
     check_apub_id_valid_with_strictness(self.id.inner(), true, context).await?;
     verify_domains_match(expected_domain, self.id.inner())?;
+    verify_is_remote_object(&self.id, context)?;
 
     let local_site_data = local_site_data_cached(&mut context.pool()).await?;
     let slur_regex = &local_site_opt_to_slur_regex(&local_site_data.local_site);