From f89e8b90e86e9c96296c03c80ce7a874d4ad4cf4 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Tue, 9 Apr 2024 14:43:53 +0200 Subject: [PATCH] is_local check in apub lib --- Cargo.lock | 5 ++--- Cargo.toml | 2 +- crates/apub/src/objects/comment.rs | 6 +++--- crates/apub/src/objects/community.rs | 4 ++-- crates/apub/src/objects/instance.rs | 4 ++-- crates/apub/src/objects/mod.rs | 23 ++++++++++++++++------ crates/apub/src/objects/person.rs | 4 ++-- crates/apub/src/objects/post.rs | 6 +++--- crates/apub/src/objects/private_message.rs | 4 ++-- 9 files changed, 34 insertions(+), 24 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index c0edf2dcf..d1895ed8d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -16,9 +16,8 @@ checksum = "8f27d075294830fcab6f66e320dab524bc6d048f4a151698e153205559113772" [[package]] name = "activitypub_federation" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a028034c642d3ed16b535f98f48b3df30397833c183d68852d79de16650d5ed5" +version = "0.5.3" +source = "git+https://github.com/LemmyNet/activitypub-federation-rust.git?branch=object-id-is-local#579319e75595a7d9ffbc616854fefc7aa9dadc67" dependencies = [ "activitystreams-kinds", "actix-web", diff --git a/Cargo.toml b/Cargo.toml index 554448d02..8cc13efc0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -99,7 +99,7 @@ lemmy_db_views = { version = "=0.19.4-beta.2", path = "./crates/db_views" } lemmy_db_views_actor = { version = "=0.19.4-beta.2", path = "./crates/db_views_actor" } lemmy_db_views_moderator = { version = "=0.19.4-beta.2", path = "./crates/db_views_moderator" } lemmy_federate = { version = "=0.19.4-beta.2", path = "./crates/federate" } -activitypub_federation = { version = "0.5.2", default-features = false, features = [ +activitypub_federation = { git = "https://github.com/LemmyNet/activitypub-federation-rust.git", branch = "object-id-is-local", default-features = false, features = [ "actix-web", ] } diesel = "2.1.4" diff --git a/crates/apub/src/objects/comment.rs b/crates/apub/src/objects/comment.rs index 364583865..291390bc7 100644 --- a/crates/apub/src/objects/comment.rs +++ b/crates/apub/src/objects/comment.rs @@ -139,7 +139,7 @@ impl Object for ApubComment { let community = note.community(context).await?; check_apub_id_valid_with_strictness(note.id.inner(), community.local, context).await?; - verify_is_remote_object(note.id.inner(), context.settings())?; + verify_is_remote_object(¬e.id, context)?; verify_person_in_community(¬e.attributed_to, &community, context).await?; let (post, _) = note.get_parents(context).await?; let creator = note.attributed_to.dereference(context).await?; @@ -158,8 +158,8 @@ impl Object for ApubComment { /// If the parent community, post and comment(s) are not known locally, these are also fetched. #[tracing::instrument(skip_all)] async fn from_json(note: Note, context: &Data) -> Result { - // Dont allow overwriting local object - if note.id.inner().domain() == Some(context.domain()) { + // Avoid overwriting local object + if note.id.is_local(context) { return note.id.dereference_local(context).await; } diff --git a/crates/apub/src/objects/community.rs b/crates/apub/src/objects/community.rs index 8a1fa9a71..07cd321aa 100644 --- a/crates/apub/src/objects/community.rs +++ b/crates/apub/src/objects/community.rs @@ -138,8 +138,8 @@ impl Object for ApubCommunity { group: Group, context: &Data, ) -> Result { - // Dont allow overwriting local object - if group.id.inner().domain() == Some(context.domain()) { + // Avoid overwriting local object + if group.id.is_local(context) { return group.id.dereference_local(context).await; } diff --git a/crates/apub/src/objects/instance.rs b/crates/apub/src/objects/instance.rs index c50bce28e..13aee45d7 100644 --- a/crates/apub/src/objects/instance.rs +++ b/crates/apub/src/objects/instance.rs @@ -138,8 +138,8 @@ impl Object for ApubSite { #[tracing::instrument(skip_all)] async fn from_json(apub: Self::Kind, context: &Data) -> Result { - // Dont allow overwriting local object - if apub.id.inner().domain() == Some(context.domain()) { + // Avoid overwriting local object + if apub.id.is_local(context) { return apub.id.dereference_local(context).await; } let domain = apub.id.inner().domain().expect("group id has domain"); diff --git a/crates/apub/src/objects/mod.rs b/crates/apub/src/objects/mod.rs index cabd07e6d..1e8576688 100644 --- a/crates/apub/src/objects/mod.rs +++ b/crates/apub/src/objects/mod.rs @@ -1,9 +1,14 @@ use crate::protocol::Source; -use activitypub_federation::protocol::values::MediaTypeMarkdownOrHtml; +use activitypub_federation::{ + config::Data, + fetch::object_id::ObjectId, + protocol::values::MediaTypeMarkdownOrHtml, +}; use anyhow::anyhow; use html2md::parse_html; -use lemmy_utils::{error::LemmyError, settings::structs::Settings}; -use url::Url; +use lemmy_api_common::context::LemmyContext; +use lemmy_utils::error::LemmyError; +use std::fmt::Debug; pub mod comment; pub mod community; @@ -43,9 +48,15 @@ pub(crate) fn read_from_string_or_source_opt( /// wrapped in Announce. If we simply receive this like any other federated object, overwrite the /// existing, local Post. In particular, it will set the field local = false, so that the object /// can't be fetched from the Activitypub HTTP endpoint anymore (which only serves local objects). -pub(crate) fn verify_is_remote_object(id: &Url, settings: &Settings) -> Result<(), LemmyError> { - let local_domain = settings.get_hostname_without_port()?; - if id.domain() == Some(&local_domain) { +pub(crate) fn verify_is_remote_object( + id: &ObjectId, + context: &Data, +) -> Result<(), LemmyError> +where + T: activitypub_federation::traits::Object + Debug + Send + 'static, + for<'de2> ::Kind: serde::Deserialize<'de2>, +{ + if !id.is_local(context) { Err(anyhow!("cant accept local object from remote instance").into()) } else { Ok(()) diff --git a/crates/apub/src/objects/person.rs b/crates/apub/src/objects/person.rs index 8950f05e6..598ec4485 100644 --- a/crates/apub/src/objects/person.rs +++ b/crates/apub/src/objects/person.rs @@ -149,8 +149,8 @@ impl Object for ApubPerson { person: Person, context: &Data, ) -> Result { - // Dont allow overwriting local object - if person.id.inner().domain() == Some(context.domain()) { + // Avoid overwriting local object + if person.id.is_local(context) { return person.id.dereference_local(context).await; } let instance_id = fetch_instance_actor_for_object(&person.id, context).await?; diff --git a/crates/apub/src/objects/post.rs b/crates/apub/src/objects/post.rs index c02b34768..f50100a21 100644 --- a/crates/apub/src/objects/post.rs +++ b/crates/apub/src/objects/post.rs @@ -164,7 +164,7 @@ impl Object for ApubPost { // instance from the post author. if !page.is_mod_action(context).await? { verify_domains_match(page.id.inner(), expected_domain)?; - verify_is_remote_object(page.id.inner(), context.settings())?; + verify_is_remote_object(&page.id, context)?; }; let community = page.community(context).await?; @@ -182,8 +182,8 @@ impl Object for ApubPost { #[tracing::instrument(skip_all)] async fn from_json(page: Page, context: &Data) -> Result { - // Dont allow overwriting local object - if page.id.inner().domain() == Some(context.domain()) { + // Avoid overwriting local object + if page.id.is_local(context) { return page.id.dereference_local(context).await; } diff --git a/crates/apub/src/objects/private_message.rs b/crates/apub/src/objects/private_message.rs index a1cecfe1e..3d807ea3b 100644 --- a/crates/apub/src/objects/private_message.rs +++ b/crates/apub/src/objects/private_message.rs @@ -121,8 +121,8 @@ impl Object for ApubPrivateMessage { note: ChatMessage, context: &Data, ) -> Result { - // Dont allow overwriting local object - if note.id.inner().domain() == Some(context.domain()) { + // Avoid overwriting local object + if note.id.is_local(context) { return note.id.dereference_local(context).await; }