From 81293e5aadd5f1dfe7f90f6a71f625ef86cf3359 Mon Sep 17 00:00:00 2001 From: lain Date: Tue, 17 Nov 2020 13:11:39 +0100 Subject: [PATCH] ActivityPubController: Don't return local only objects --- .../activity_pub/activity_pub_controller.ex | 10 ++++-- .../activity_pub_controller_test.exs | 33 +++++++++++++++++++ 2 files changed, 41 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex index 31df80adb..7e5647f8f 100644 --- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex +++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex @@ -82,7 +82,8 @@ def user(conn, %{"nickname" => nickname}) do def object(conn, _) do with ap_id <- Endpoint.url() <> conn.request_path, %Object{} = object <- Object.get_cached_by_ap_id(ap_id), - {_, true} <- {:public?, Visibility.is_public?(object)} do + {_, true} <- {:public?, Visibility.is_public?(object)}, + {_, false} <- {:local?, Visibility.is_local_public?(object)} do conn |> assign(:tracking_fun_data, object.id) |> set_cache_ttl_for(object) @@ -92,6 +93,9 @@ def object(conn, _) do else {:public?, false} -> {:error, :not_found} + + {:local?, true} -> + {:error, :not_found} end end @@ -108,7 +112,8 @@ def track_object_fetch(conn, object_id) do def activity(conn, _params) do with ap_id <- Endpoint.url() <> conn.request_path, %Activity{} = activity <- Activity.normalize(ap_id), - {_, true} <- {:public?, Visibility.is_public?(activity)} do + {_, true} <- {:public?, Visibility.is_public?(activity)}, + {_, false} <- {:local?, Visibility.is_local_public?(activity)} do conn |> maybe_set_tracking_data(activity) |> set_cache_ttl_for(activity) @@ -117,6 +122,7 @@ def activity(conn, _params) do |> render("object.json", object: activity) else {:public?, false} -> {:error, :not_found} + {:local?, true} -> {:error, :not_found} nil -> {:error, :not_found} end end diff --git a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs index b696a24f4..31e48f87f 100644 --- a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs +++ b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs @@ -213,6 +213,23 @@ test "it returns a json representation of the activity with accept application/j end describe "/objects/:uuid" do + test "it doesn't return a local-only object", %{conn: conn} do + user = insert(:user) + {:ok, post} = CommonAPI.post(user, %{status: "test", visibility: "local"}) + + assert Pleroma.Web.ActivityPub.Visibility.is_local_public?(post) + + object = Object.normalize(post, false) + uuid = String.split(object.data["id"], "/") |> List.last() + + conn = + conn + |> put_req_header("accept", "application/json") + |> get("/objects/#{uuid}") + + assert json_response(conn, 404) + end + test "it returns a json representation of the object with accept application/json", %{ conn: conn } do @@ -326,6 +343,22 @@ test "cached purged after object deletion", %{conn: conn} do end describe "/activities/:uuid" do + test "it doesn't return a local-only activity", %{conn: conn} do + user = insert(:user) + {:ok, post} = CommonAPI.post(user, %{status: "test", visibility: "local"}) + + assert Pleroma.Web.ActivityPub.Visibility.is_local_public?(post) + + uuid = String.split(post.data["id"], "/") |> List.last() + + conn = + conn + |> put_req_header("accept", "application/json") + |> get("/activities/#{uuid}") + + assert json_response(conn, 404) + end + test "it returns a json representation of the activity", %{conn: conn} do activity = insert(:note_activity) uuid = String.split(activity.data["id"], "/") |> List.last()