ActivityPubController: Don't return local only objects

This commit is contained in:
lain 2020-11-17 13:11:39 +01:00
parent af3f00292c
commit 81293e5aad
2 changed files with 41 additions and 2 deletions
lib/pleroma/web/activity_pub
test/pleroma/web/activity_pub

View file

@ -82,7 +82,8 @@ def user(conn, %{"nickname" => nickname}) do
def object(conn, _) do
with ap_id <- Endpoint.url() <> conn.request_path,
%Object{} = object <- Object.get_cached_by_ap_id(ap_id),
{_, true} <- {:public?, Visibility.is_public?(object)} do
{_, true} <- {:public?, Visibility.is_public?(object)},
{_, false} <- {:local?, Visibility.is_local_public?(object)} do
conn
|> assign(:tracking_fun_data, object.id)
|> set_cache_ttl_for(object)
@ -92,6 +93,9 @@ def object(conn, _) do
else
{:public?, false} ->
{:error, :not_found}
{:local?, true} ->
{:error, :not_found}
end
end
@ -108,7 +112,8 @@ def track_object_fetch(conn, object_id) do
def activity(conn, _params) do
with ap_id <- Endpoint.url() <> conn.request_path,
%Activity{} = activity <- Activity.normalize(ap_id),
{_, true} <- {:public?, Visibility.is_public?(activity)} do
{_, true} <- {:public?, Visibility.is_public?(activity)},
{_, false} <- {:local?, Visibility.is_local_public?(activity)} do
conn
|> maybe_set_tracking_data(activity)
|> set_cache_ttl_for(activity)
@ -117,6 +122,7 @@ def activity(conn, _params) do
|> render("object.json", object: activity)
else
{:public?, false} -> {:error, :not_found}
{:local?, true} -> {:error, :not_found}
nil -> {:error, :not_found}
end
end

View file

@ -213,6 +213,23 @@ test "it returns a json representation of the activity with accept application/j
end
describe "/objects/:uuid" do
test "it doesn't return a local-only object", %{conn: conn} do
user = insert(:user)
{:ok, post} = CommonAPI.post(user, %{status: "test", visibility: "local"})
assert Pleroma.Web.ActivityPub.Visibility.is_local_public?(post)
object = Object.normalize(post, false)
uuid = String.split(object.data["id"], "/") |> List.last()
conn =
conn
|> put_req_header("accept", "application/json")
|> get("/objects/#{uuid}")
assert json_response(conn, 404)
end
test "it returns a json representation of the object with accept application/json", %{
conn: conn
} do
@ -326,6 +343,22 @@ test "cached purged after object deletion", %{conn: conn} do
end
describe "/activities/:uuid" do
test "it doesn't return a local-only activity", %{conn: conn} do
user = insert(:user)
{:ok, post} = CommonAPI.post(user, %{status: "test", visibility: "local"})
assert Pleroma.Web.ActivityPub.Visibility.is_local_public?(post)
uuid = String.split(post.data["id"], "/") |> List.last()
conn =
conn
|> put_req_header("accept", "application/json")
|> get("/activities/#{uuid}")
assert json_response(conn, 404)
end
test "it returns a json representation of the activity", %{conn: conn} do
activity = insert(:note_activity)
uuid = String.split(activity.data["id"], "/") |> List.last()