mirror of
https://git.joinplu.me/Plume/Plume.git
synced 2025-01-11 05:35:24 +00:00
ActivityPub: don't delete anything if the actor is not authorized
This commit is contained in:
parent
fc5acac861
commit
fcf911fac9
6 changed files with 32 additions and 13 deletions
|
@ -31,7 +31,7 @@ pub trait Notify<C> {
|
||||||
|
|
||||||
pub trait Deletable<C, A> {
|
pub trait Deletable<C, A> {
|
||||||
fn delete(&self, conn: &C) -> A;
|
fn delete(&self, conn: &C) -> A;
|
||||||
fn delete_id(id: String, conn: &C);
|
fn delete_id(id: String, actor_id: String, conn: &C);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -122,9 +122,13 @@ impl Deletable<Connection, Undo> for Follow {
|
||||||
undo
|
undo
|
||||||
}
|
}
|
||||||
|
|
||||||
fn delete_id(id: String, conn: &Connection) {
|
fn delete_id(id: String, actor_id: String, conn: &Connection) {
|
||||||
if let Some(follow) = Follow::find_by_ap_url(conn, id) {
|
if let Some(follow) = Follow::find_by_ap_url(conn, id) {
|
||||||
follow.delete(conn);
|
if let Some(user) = User::find_by_ap_url(conn, actor_id) {
|
||||||
|
if user.id == follow.follower_id {
|
||||||
|
follow.delete(conn);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -107,9 +107,13 @@ impl Deletable<Connection, activity::Undo> for Like {
|
||||||
act
|
act
|
||||||
}
|
}
|
||||||
|
|
||||||
fn delete_id(id: String, conn: &Connection) {
|
fn delete_id(id: String, actor_id: String, conn: &Connection) {
|
||||||
if let Some(like) = Like::find_by_ap_url(conn, id.into()) {
|
if let Some(like) = Like::find_by_ap_url(conn, id.into()) {
|
||||||
like.delete(conn);
|
if let Some(user) = User::find_by_ap_url(conn, actor_id) {
|
||||||
|
if user.id == like.user_id {
|
||||||
|
like.delete(conn);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -479,8 +479,15 @@ impl Deletable<Connection, Delete> for Post {
|
||||||
act
|
act
|
||||||
}
|
}
|
||||||
|
|
||||||
fn delete_id(id: String, conn: &Connection) {
|
fn delete_id(id: String, actor_id: String, conn: &Connection) {
|
||||||
Post::find_by_ap_url(conn, id).map(|p| p.delete(conn));
|
let actor = User::find_by_ap_url(conn, actor_id);
|
||||||
|
let post = Post::find_by_ap_url(conn, id);
|
||||||
|
let can_delete = actor.and_then(|act|
|
||||||
|
post.clone().map(|p| p.get_authors(conn).into_iter().any(|a| act.id == a.id))
|
||||||
|
).unwrap_or(false);
|
||||||
|
if can_delete {
|
||||||
|
post.map(|p| p.delete(conn));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -120,9 +120,13 @@ impl Deletable<Connection, Undo> for Reshare {
|
||||||
act
|
act
|
||||||
}
|
}
|
||||||
|
|
||||||
fn delete_id(id: String, conn: &Connection) {
|
fn delete_id(id: String, actor_id: String, conn: &Connection) {
|
||||||
if let Some(reshare) = Reshare::find_by_ap_url(conn, id) {
|
if let Some(reshare) = Reshare::find_by_ap_url(conn, id) {
|
||||||
reshare.delete(conn);
|
if let Some(actor) = User::find_by_ap_url(conn, actor_id) {
|
||||||
|
if actor.id == reshare.user_id {
|
||||||
|
reshare.delete(conn);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,7 +34,7 @@ pub trait Inbox {
|
||||||
},
|
},
|
||||||
"Delete" => {
|
"Delete" => {
|
||||||
let act: Delete = serde_json::from_value(act.clone())?;
|
let act: Delete = serde_json::from_value(act.clone())?;
|
||||||
Post::delete_id(act.delete_props.object_object::<Tombstone>()?.object_props.id_string()?, conn);
|
Post::delete_id(act.delete_props.object_object::<Tombstone>()?.object_props.id_string()?, actor_id.into(), conn);
|
||||||
Ok(())
|
Ok(())
|
||||||
},
|
},
|
||||||
"Follow" => {
|
"Follow" => {
|
||||||
|
@ -49,15 +49,15 @@ pub trait Inbox {
|
||||||
let act: Undo = serde_json::from_value(act.clone())?;
|
let act: Undo = serde_json::from_value(act.clone())?;
|
||||||
match act.undo_props.object["type"].as_str().expect("Inbox::received: undo without original type error") {
|
match act.undo_props.object["type"].as_str().expect("Inbox::received: undo without original type error") {
|
||||||
"Like" => {
|
"Like" => {
|
||||||
likes::Like::delete_id(act.undo_props.object_object::<Like>()?.object_props.id_string()?, conn);
|
likes::Like::delete_id(act.undo_props.object_object::<Like>()?.object_props.id_string()?, actor_id.into(), conn);
|
||||||
Ok(())
|
Ok(())
|
||||||
},
|
},
|
||||||
"Announce" => {
|
"Announce" => {
|
||||||
Reshare::delete_id(act.undo_props.object_object::<Announce>()?.object_props.id_string()?, conn);
|
Reshare::delete_id(act.undo_props.object_object::<Announce>()?.object_props.id_string()?, actor_id.into(), conn);
|
||||||
Ok(())
|
Ok(())
|
||||||
},
|
},
|
||||||
"Follow" => {
|
"Follow" => {
|
||||||
Follow::delete_id(act.undo_props.object_object::<Like>()?.object_props.id_string()?, conn);
|
Follow::delete_id(act.undo_props.object_object::<Like>()?.object_props.id_string()?, actor_id.into(), conn);
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
_ => Err(InboxError::CantUndo)?
|
_ => Err(InboxError::CantUndo)?
|
||||||
|
|
Loading…
Reference in a new issue