[#3053] Rollback of access control changes in ActivityPubController (base actions: :user, :object, :activity).
This commit is contained in:
parent
6c2264af24
commit
e1eb54d389
1 changed files with 25 additions and 31 deletions
|
@ -32,23 +32,17 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
|
||||||
|
|
||||||
@federating_only_actions [:internal_fetch, :relay, :relay_following, :relay_followers]
|
@federating_only_actions [:internal_fetch, :relay, :relay_following, :relay_followers]
|
||||||
|
|
||||||
# Note: :following and :followers must be served even without authentication (as via :api)
|
|
||||||
@auth_only_actions [:read_inbox, :update_outbox, :whoami, :upload_media]
|
|
||||||
|
|
||||||
# Always accessible actions (must perform entity accessibility checks)
|
|
||||||
@no_auth_no_federation_actions [:user, :activity, :object]
|
|
||||||
|
|
||||||
@authenticated_or_federating_actions @federating_only_actions ++
|
|
||||||
@auth_only_actions ++ @no_auth_no_federation_actions
|
|
||||||
|
|
||||||
plug(FederatingPlug when action in @federating_only_actions)
|
plug(FederatingPlug when action in @federating_only_actions)
|
||||||
|
|
||||||
plug(EnsureAuthenticatedPlug when action in @auth_only_actions)
|
|
||||||
|
|
||||||
plug(
|
plug(
|
||||||
EnsureAuthenticatedPlug,
|
EnsureAuthenticatedPlug,
|
||||||
[unless_func: &FederatingPlug.federating?/1]
|
[unless_func: &FederatingPlug.federating?/1] when action not in @federating_only_actions
|
||||||
when action not in @authenticated_or_federating_actions
|
)
|
||||||
|
|
||||||
|
# Note: :following and :followers must be served even without authentication (as via :api)
|
||||||
|
plug(
|
||||||
|
EnsureAuthenticatedPlug
|
||||||
|
when action in [:read_inbox, :update_outbox, :whoami, :upload_media]
|
||||||
)
|
)
|
||||||
|
|
||||||
plug(
|
plug(
|
||||||
|
@ -72,22 +66,21 @@ defp relay_active?(conn, _) do
|
||||||
|
|
||||||
def user(conn, %{"nickname" => nickname}) do
|
def user(conn, %{"nickname" => nickname}) do
|
||||||
with %User{local: true} = user <- User.get_cached_by_nickname(nickname),
|
with %User{local: true} = user <- User.get_cached_by_nickname(nickname),
|
||||||
{_, :visible} <- {:visibility, User.visible_for(user, _reading_user = nil)},
|
|
||||||
{:ok, user} <- User.ensure_keys_present(user) do
|
{:ok, user} <- User.ensure_keys_present(user) do
|
||||||
conn
|
conn
|
||||||
|> put_resp_content_type("application/activity+json")
|
|> put_resp_content_type("application/activity+json")
|
||||||
|> put_view(UserView)
|
|> put_view(UserView)
|
||||||
|> render("user.json", %{user: user})
|
|> render("user.json", %{user: user})
|
||||||
else
|
else
|
||||||
_ -> {:error, :not_found}
|
nil -> {:error, :not_found}
|
||||||
|
%{local: false} -> {:error, :not_found}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def object(conn, _) do
|
def object(conn, _) do
|
||||||
with ap_id <- Endpoint.url() <> conn.request_path,
|
with ap_id <- Endpoint.url() <> conn.request_path,
|
||||||
%Object{} = object <- Object.get_cached_by_ap_id(ap_id),
|
%Object{} = object <- Object.get_cached_by_ap_id(ap_id),
|
||||||
{_, true} <- {:public?, Visibility.is_public?(object)},
|
{_, true} <- {:public?, Visibility.is_public?(object)} do
|
||||||
{_, false} <- {:restricted?, Visibility.restrict_unauthenticated_access?(object)} do
|
|
||||||
conn
|
conn
|
||||||
|> assign(:tracking_fun_data, object.id)
|
|> assign(:tracking_fun_data, object.id)
|
||||||
|> set_cache_ttl_for(object)
|
|> set_cache_ttl_for(object)
|
||||||
|
@ -95,15 +88,25 @@ def object(conn, _) do
|
||||||
|> put_view(ObjectView)
|
|> put_view(ObjectView)
|
||||||
|> render("object.json", object: object)
|
|> render("object.json", object: object)
|
||||||
else
|
else
|
||||||
_ -> {:error, :not_found}
|
{:public?, false} ->
|
||||||
|
{:error, :not_found}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def track_object_fetch(conn, nil), do: conn
|
||||||
|
|
||||||
|
def track_object_fetch(conn, object_id) do
|
||||||
|
with %{assigns: %{user: %User{id: user_id}}} <- conn do
|
||||||
|
Delivery.create(object_id, user_id)
|
||||||
|
end
|
||||||
|
|
||||||
|
conn
|
||||||
|
end
|
||||||
|
|
||||||
def activity(conn, _params) do
|
def activity(conn, _params) do
|
||||||
with ap_id <- Endpoint.url() <> conn.request_path,
|
with ap_id <- Endpoint.url() <> conn.request_path,
|
||||||
%Activity{} = activity <- Activity.normalize(ap_id),
|
%Activity{} = activity <- Activity.normalize(ap_id),
|
||||||
{_, true} <- {:public?, Visibility.is_public?(activity)},
|
{_, true} <- {:public?, Visibility.is_public?(activity)} do
|
||||||
{_, true} <- {:visible?, Visibility.visible_for_user?(activity, _reading_user = nil)} do
|
|
||||||
conn
|
conn
|
||||||
|> maybe_set_tracking_data(activity)
|
|> maybe_set_tracking_data(activity)
|
||||||
|> set_cache_ttl_for(activity)
|
|> set_cache_ttl_for(activity)
|
||||||
|
@ -111,7 +114,8 @@ def activity(conn, _params) do
|
||||||
|> put_view(ObjectView)
|
|> put_view(ObjectView)
|
||||||
|> render("object.json", object: activity)
|
|> render("object.json", object: activity)
|
||||||
else
|
else
|
||||||
_ -> {:error, :not_found}
|
{:public?, false} -> {:error, :not_found}
|
||||||
|
nil -> {:error, :not_found}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -546,14 +550,4 @@ def upload_media(%{assigns: %{user: %User{} = user}} = conn, %{"file" => file} =
|
||||||
|> json(object.data)
|
|> json(object.data)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def track_object_fetch(conn, nil), do: conn
|
|
||||||
|
|
||||||
def track_object_fetch(conn, object_id) do
|
|
||||||
with %{assigns: %{user: %User{id: user_id}}} <- conn do
|
|
||||||
Delivery.create(object_id, user_id)
|
|
||||||
end
|
|
||||||
|
|
||||||
conn
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue