forked from Plume/Plume
ActivityPub: don't delete anything if the actor is not authorized
This commit is contained in:
parent
fc5acac861
commit
fcf911fac9
6 changed files with 32 additions and 13 deletions
|
@ -31,7 +31,7 @@ pub trait Notify<C> {
|
|||
|
||||
pub trait Deletable<C, A> {
|
||||
fn delete(&self, conn: &C) -> A;
|
||||
fn delete_id(id: String, conn: &C);
|
||||
fn delete_id(id: String, actor_id: String, conn: &C);
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -122,9 +122,13 @@ impl Deletable<Connection, Undo> for Follow {
|
|||
undo
|
||||
}
|
||||
|
||||
fn delete_id(id: String, conn: &Connection) {
|
||||
fn delete_id(id: String, actor_id: String, conn: &Connection) {
|
||||
if let Some(follow) = Follow::find_by_ap_url(conn, id) {
|
||||
follow.delete(conn);
|
||||
if let Some(user) = User::find_by_ap_url(conn, actor_id) {
|
||||
if user.id == follow.follower_id {
|
||||
follow.delete(conn);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -107,9 +107,13 @@ impl Deletable<Connection, activity::Undo> for Like {
|
|||
act
|
||||
}
|
||||
|
||||
fn delete_id(id: String, conn: &Connection) {
|
||||
fn delete_id(id: String, actor_id: String, conn: &Connection) {
|
||||
if let Some(like) = Like::find_by_ap_url(conn, id.into()) {
|
||||
like.delete(conn);
|
||||
if let Some(user) = User::find_by_ap_url(conn, actor_id) {
|
||||
if user.id == like.user_id {
|
||||
like.delete(conn);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -479,8 +479,15 @@ impl Deletable<Connection, Delete> for Post {
|
|||
act
|
||||
}
|
||||
|
||||
fn delete_id(id: String, conn: &Connection) {
|
||||
Post::find_by_ap_url(conn, id).map(|p| p.delete(conn));
|
||||
fn delete_id(id: String, actor_id: String, conn: &Connection) {
|
||||
let actor = User::find_by_ap_url(conn, actor_id);
|
||||
let post = Post::find_by_ap_url(conn, id);
|
||||
let can_delete = actor.and_then(|act|
|
||||
post.clone().map(|p| p.get_authors(conn).into_iter().any(|a| act.id == a.id))
|
||||
).unwrap_or(false);
|
||||
if can_delete {
|
||||
post.map(|p| p.delete(conn));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -120,9 +120,13 @@ impl Deletable<Connection, Undo> for Reshare {
|
|||
act
|
||||
}
|
||||
|
||||
fn delete_id(id: String, conn: &Connection) {
|
||||
fn delete_id(id: String, actor_id: String, conn: &Connection) {
|
||||
if let Some(reshare) = Reshare::find_by_ap_url(conn, id) {
|
||||
reshare.delete(conn);
|
||||
if let Some(actor) = User::find_by_ap_url(conn, actor_id) {
|
||||
if actor.id == reshare.user_id {
|
||||
reshare.delete(conn);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -34,7 +34,7 @@ pub trait Inbox {
|
|||
},
|
||||
"Delete" => {
|
||||
let act: Delete = serde_json::from_value(act.clone())?;
|
||||
Post::delete_id(act.delete_props.object_object::<Tombstone>()?.object_props.id_string()?, conn);
|
||||
Post::delete_id(act.delete_props.object_object::<Tombstone>()?.object_props.id_string()?, actor_id.into(), conn);
|
||||
Ok(())
|
||||
},
|
||||
"Follow" => {
|
||||
|
@ -49,15 +49,15 @@ pub trait Inbox {
|
|||
let act: Undo = serde_json::from_value(act.clone())?;
|
||||
match act.undo_props.object["type"].as_str().expect("Inbox::received: undo without original type error") {
|
||||
"Like" => {
|
||||
likes::Like::delete_id(act.undo_props.object_object::<Like>()?.object_props.id_string()?, conn);
|
||||
likes::Like::delete_id(act.undo_props.object_object::<Like>()?.object_props.id_string()?, actor_id.into(), conn);
|
||||
Ok(())
|
||||
},
|
||||
"Announce" => {
|
||||
Reshare::delete_id(act.undo_props.object_object::<Announce>()?.object_props.id_string()?, conn);
|
||||
Reshare::delete_id(act.undo_props.object_object::<Announce>()?.object_props.id_string()?, actor_id.into(), conn);
|
||||
Ok(())
|
||||
},
|
||||
"Follow" => {
|
||||
Follow::delete_id(act.undo_props.object_object::<Like>()?.object_props.id_string()?, conn);
|
||||
Follow::delete_id(act.undo_props.object_object::<Like>()?.object_props.id_string()?, actor_id.into(), conn);
|
||||
Ok(())
|
||||
}
|
||||
_ => Err(InboxError::CantUndo)?
|
||||
|
|
Loading…
Reference in a new issue