From 15621f5324b4613d83efb94711c97eeaa83da2b3 Mon Sep 17 00:00:00 2001 From: tobi <31960611+tsmethurst@users.noreply.github.com> Date: Sat, 16 Oct 2021 13:27:43 +0200 Subject: [PATCH] Follow request improvements (#282) * tiny doc update * add rejectfollowrequest to db * add follow request reject to processor * add reject handler * tidy up follow request api * tidy up federation call * regenerate swagger docs * api endpoint tests * processor test * add reject federatingdb handler * start writing reject tests * test reject follow request * go fmt * increase sleep for slow test setups * more relaxed time.sleep --- CONTRIBUTING.md | 4 +- docs/api/swagger.yaml | 109 +++++++++++++ .../api/client/followrequest/authorize.go | 99 ++++++++++++ .../client/followrequest/authorize_test.go | 87 +++++++++++ internal/api/client/followrequest/deny.go | 27 ---- .../api/client/followrequest/followrequest.go | 19 ++- .../followrequest/followrequest_test.go | 105 +++++++++++++ internal/api/client/followrequest/get.go | 53 ++++++- internal/api/client/followrequest/get_test.go | 78 ++++++++++ .../followrequest/{accept.go => reject.go} | 54 ++++++- .../api/client/followrequest/reject_test.go | 87 +++++++++++ internal/db/bundb/relationship.go | 25 +++ internal/db/relationship.go | 5 + internal/federation/federatingdb/db.go | 1 + .../federatingdb/federatingdb_test.go | 2 +- internal/federation/federatingdb/reject.go | 119 +++++++++++++++ .../federation/federatingdb/reject_test.go | 96 ++++++++++++ internal/federation/federatingprotocol.go | 7 +- internal/processing/followrequest.go | 43 +++++- internal/processing/followrequest_test.go | 143 ++++++++++++++++++ internal/processing/fromclientapi.go | 113 +++++++++++++- internal/processing/fromfederator.go | 11 +- internal/processing/processor.go | 4 +- internal/processing/processor_test.go | 34 ++++- 24 files changed, 1256 insertions(+), 69 deletions(-) create mode 100644 internal/api/client/followrequest/authorize.go create mode 100644 internal/api/client/followrequest/authorize_test.go delete mode 100644 internal/api/client/followrequest/deny.go create mode 100644 internal/api/client/followrequest/followrequest_test.go create mode 100644 internal/api/client/followrequest/get_test.go rename internal/api/client/followrequest/{accept.go => reject.go} (56%) create mode 100644 internal/api/client/followrequest/reject_test.go create mode 100644 internal/federation/federatingdb/reject.go create mode 100644 internal/federation/federatingdb/reject_test.go create mode 100644 internal/processing/followrequest_test.go diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d6a37e418..47fdee960 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -215,7 +215,9 @@ You can install go-swagger following the instructions [here](https://goswagger.i If you change Swagger annotations on any of the API paths, you can generate a new Swagger file at `./docs/api/swagger.yaml` by running: -`swagger generate spec -o docs/api/swagger.yaml --scan-models` +```bash +swagger generate spec -o docs/api/swagger.yaml --scan-models +``` ## CI/CD configuration diff --git a/docs/api/swagger.yaml b/docs/api/swagger.yaml index 72c543a3a..ae258bb46 100644 --- a/docs/api/swagger.yaml +++ b/docs/api/swagger.yaml @@ -2450,6 +2450,115 @@ paths: summary: Get an array of accounts that requesting account has blocked. tags: - blocks + /api/v1/follow_requests: + get: + description: |- + The next and previous queries can be parsed from the returned Link header. + Example: + + ``` + ; rel="next", ; rel="prev" + ```` + operationId: getFollowRequests + parameters: + - default: 40 + description: Number of accounts to return. + in: query + name: limit + type: integer + produces: + - application/json + responses: + "200": + description: "" + headers: + Link: + description: Links to the next and previous queries. + type: string + schema: + items: + $ref: '#/definitions/account' + type: array + "400": + description: bad request + "401": + description: unauthorized + "403": + description: forbidden + "404": + description: not found + security: + - OAuth2 Bearer: + - read:follows + summary: Get an array of accounts that have requested to follow you. + tags: + - follow_requests + /api/v1/follow_requests/{account_id}/authorize: + post: + description: Accept a follow request and put the requesting account in your + 'followers' list. + operationId: authorizeFollowRequest + parameters: + - description: ID of the account requesting to follow you. + in: path + name: account_id + required: true + type: string + produces: + - application/json + responses: + "200": + description: Your relationship to this account. + schema: + $ref: '#/definitions/accountRelationship' + "400": + description: bad request + "401": + description: unauthorized + "403": + description: forbidden + "404": + description: not found + "500": + description: internal server error + security: + - OAuth2 Bearer: + - write:follows + summary: Accept/authorize follow request from the given account ID. + tags: + - follow_requests + /api/v1/follow_requests/{account_id}/reject: + post: + operationId: rejectFollowRequest + parameters: + - description: ID of the account requesting to follow you. + in: path + name: account_id + required: true + type: string + produces: + - application/json + responses: + "200": + description: Your relationship to this account. + schema: + $ref: '#/definitions/accountRelationship' + "400": + description: bad request + "401": + description: unauthorized + "403": + description: forbidden + "404": + description: not found + "500": + description: internal server error + security: + - OAuth2 Bearer: + - write:follows + summary: Reject/deny follow request from the given account ID. + tags: + - follow_requests /api/v1/instance: get: description: |- diff --git a/internal/api/client/followrequest/authorize.go b/internal/api/client/followrequest/authorize.go new file mode 100644 index 000000000..1ab7891a6 --- /dev/null +++ b/internal/api/client/followrequest/authorize.go @@ -0,0 +1,99 @@ +/* + GoToSocial + Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +package followrequest + +import ( + "github.com/sirupsen/logrus" + "net/http" + + "github.com/gin-gonic/gin" + "github.com/superseriousbusiness/gotosocial/internal/oauth" +) + +// FollowRequestAuthorizePOSTHandler swagger:operation POST /api/v1/follow_requests/{account_id}/authorize authorizeFollowRequest +// +// Accept/authorize follow request from the given account ID. +// +// Accept a follow request and put the requesting account in your 'followers' list. +// +// --- +// tags: +// - follow_requests +// +// produces: +// - application/json +// +// parameters: +// - name: account_id +// type: string +// description: ID of the account requesting to follow you. +// in: path +// required: true +// +// security: +// - OAuth2 Bearer: +// - write:follows +// +// responses: +// '200': +// name: account relationship +// description: Your relationship to this account. +// schema: +// "$ref": "#/definitions/accountRelationship" +// '400': +// description: bad request +// '401': +// description: unauthorized +// '403': +// description: forbidden +// '404': +// description: not found +// '500': +// description: internal server error +func (m *Module) FollowRequestAuthorizePOSTHandler(c *gin.Context) { + l := logrus.WithField("func", "FollowRequestAuthorizePOSTHandler") + + authed, err := oauth.Authed(c, true, true, true, true) + if err != nil { + l.Debugf("couldn't auth: %s", err) + c.JSON(http.StatusUnauthorized, gin.H{"error": err.Error()}) + return + } + + if authed.User.Disabled || !authed.User.Approved || !authed.Account.SuspendedAt.IsZero() { + l.Debugf("couldn't auth: %s", err) + c.JSON(http.StatusForbidden, gin.H{"error": "account is disabled, not yet approved, or suspended"}) + return + } + + originAccountID := c.Param(IDKey) + if originAccountID == "" { + c.JSON(http.StatusBadRequest, gin.H{"error": "no follow request origin account id provided"}) + return + } + + relationship, errWithCode := m.processor.FollowRequestAccept(c.Request.Context(), authed, originAccountID) + if errWithCode != nil { + l.Debug(errWithCode.Error()) + c.JSON(errWithCode.Code(), gin.H{"error": errWithCode.Safe()}) + return + } + + c.JSON(http.StatusOK, relationship) +} diff --git a/internal/api/client/followrequest/authorize_test.go b/internal/api/client/followrequest/authorize_test.go new file mode 100644 index 000000000..ee1c3fc3a --- /dev/null +++ b/internal/api/client/followrequest/authorize_test.go @@ -0,0 +1,87 @@ +/* + GoToSocial + Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +package followrequest_test + +import ( + "context" + "fmt" + "io/ioutil" + "net/http" + "net/http/httptest" + "testing" + "time" + + "github.com/gin-gonic/gin" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/suite" + "github.com/superseriousbusiness/gotosocial/internal/api/client/followrequest" + "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" +) + +type AuthorizeTestSuite struct { + FollowRequestStandardTestSuite +} + +func (suite *AuthorizeTestSuite) TestAuthorize() { + requestingAccount := suite.testAccounts["remote_account_2"] + targetAccount := suite.testAccounts["local_account_1"] + + // put a follow request in the database + fr := >smodel.FollowRequest{ + ID: "01FJ1S8DX3STJJ6CEYPMZ1M0R3", + CreatedAt: time.Now(), + UpdatedAt: time.Now(), + URI: fmt.Sprintf("%s/follow/01FJ1S8DX3STJJ6CEYPMZ1M0R3", requestingAccount.URI), + AccountID: requestingAccount.ID, + TargetAccountID: targetAccount.ID, + } + + err := suite.db.Put(context.Background(), fr) + suite.NoError(err) + + recorder := httptest.NewRecorder() + ctx := suite.newContext(recorder, http.MethodPost, []byte{}, fmt.Sprintf("/api/v1/follow_requests/%s/authorize", requestingAccount.ID), "") + + ctx.Params = gin.Params{ + gin.Param{ + Key: followrequest.IDKey, + Value: requestingAccount.ID, + }, + } + + // call the handler + suite.followRequestModule.FollowRequestAuthorizePOSTHandler(ctx) + + // 1. we should have OK because our request was valid + suite.Equal(http.StatusOK, recorder.Code) + + // 2. we should have no error message in the result body + result := recorder.Result() + defer result.Body.Close() + + // check the response + b, err := ioutil.ReadAll(result.Body) + assert.NoError(suite.T(), err) + + suite.Equal(`{"id":"01FHMQX3GAABWSM0S2VZEC2SWC","following":false,"showing_reblogs":false,"notifying":false,"followed_by":true,"blocking":false,"blocked_by":false,"muting":false,"muting_notifications":false,"requested":false,"domain_blocking":false,"endorsed":false,"note":""}`, string(b)) +} + +func TestAuthorizeTestSuite(t *testing.T) { + suite.Run(t, &AuthorizeTestSuite{}) +} diff --git a/internal/api/client/followrequest/deny.go b/internal/api/client/followrequest/deny.go deleted file mode 100644 index c1a9e4dbf..000000000 --- a/internal/api/client/followrequest/deny.go +++ /dev/null @@ -1,27 +0,0 @@ -/* - GoToSocial - Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Affero General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . -*/ - -package followrequest - -import "github.com/gin-gonic/gin" - -// FollowRequestDenyPOSTHandler deals with follow request rejection. It should be served at -// /api/v1/follow_requests/:id/reject -func (m *Module) FollowRequestDenyPOSTHandler(c *gin.Context) { - -} diff --git a/internal/api/client/followrequest/followrequest.go b/internal/api/client/followrequest/followrequest.go index beedeb2d0..4f46e1654 100644 --- a/internal/api/client/followrequest/followrequest.go +++ b/internal/api/client/followrequest/followrequest.go @@ -28,21 +28,20 @@ import ( ) const ( - // IDKey is for status UUIDs + // IDKey is for account IDs IDKey = "id" // BasePath is the base path for serving the follow request API BasePath = "/api/v1/follow_requests" // BasePathWithID is just the base path with the ID key in it. - // Use this anywhere you need to know the ID of the follow request being queried. + // Use this anywhere you need to know the ID of the account that owns the follow request being queried. BasePathWithID = BasePath + "/:" + IDKey - - // AcceptPath is used for accepting follow requests - AcceptPath = BasePathWithID + "/authorize" - // DenyPath is used for denying follow requests - DenyPath = BasePathWithID + "/reject" + // AuthorizePath is used for authorizing follow requests + AuthorizePath = BasePathWithID + "/authorize" + // RejectPath is used for rejecting follow requests + RejectPath = BasePathWithID + "/reject" ) -// Module implements the ClientAPIModule interface for every related to interacting with follow requests +// Module implements the ClientAPIModule interface type Module struct { config *config.Config processor processing.Processor @@ -59,7 +58,7 @@ func New(config *config.Config, processor processing.Processor) api.ClientModule // Route attaches all routes from this module to the given router func (m *Module) Route(r router.Router) error { r.AttachHandler(http.MethodGet, BasePath, m.FollowRequestGETHandler) - r.AttachHandler(http.MethodPost, AcceptPath, m.FollowRequestAcceptPOSTHandler) - r.AttachHandler(http.MethodPost, DenyPath, m.FollowRequestDenyPOSTHandler) + r.AttachHandler(http.MethodPost, AuthorizePath, m.FollowRequestAuthorizePOSTHandler) + r.AttachHandler(http.MethodPost, RejectPath, m.FollowRequestRejectPOSTHandler) return nil } diff --git a/internal/api/client/followrequest/followrequest_test.go b/internal/api/client/followrequest/followrequest_test.go new file mode 100644 index 000000000..32b3048a1 --- /dev/null +++ b/internal/api/client/followrequest/followrequest_test.go @@ -0,0 +1,105 @@ +/* + GoToSocial + Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +package followrequest_test + +import ( + "bytes" + "fmt" + "net/http/httptest" + + "git.iim.gay/grufwub/go-store/kv" + "github.com/gin-gonic/gin" + "github.com/stretchr/testify/suite" + "github.com/superseriousbusiness/gotosocial/internal/api/client/followrequest" + "github.com/superseriousbusiness/gotosocial/internal/config" + "github.com/superseriousbusiness/gotosocial/internal/db" + "github.com/superseriousbusiness/gotosocial/internal/federation" + "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" + "github.com/superseriousbusiness/gotosocial/internal/oauth" + "github.com/superseriousbusiness/gotosocial/internal/processing" + "github.com/superseriousbusiness/gotosocial/testrig" +) + +type FollowRequestStandardTestSuite struct { + suite.Suite + config *config.Config + db db.DB + storage *kv.KVStore + federator federation.Federator + processor processing.Processor + + // standard suite models + testTokens map[string]*gtsmodel.Token + testClients map[string]*gtsmodel.Client + testApplications map[string]*gtsmodel.Application + testUsers map[string]*gtsmodel.User + testAccounts map[string]*gtsmodel.Account + testAttachments map[string]*gtsmodel.MediaAttachment + testStatuses map[string]*gtsmodel.Status + + // module being tested + followRequestModule *followrequest.Module +} + +func (suite *FollowRequestStandardTestSuite) SetupSuite() { + suite.testTokens = testrig.NewTestTokens() + suite.testClients = testrig.NewTestClients() + suite.testApplications = testrig.NewTestApplications() + suite.testUsers = testrig.NewTestUsers() + suite.testAccounts = testrig.NewTestAccounts() + suite.testAttachments = testrig.NewTestAttachments() + suite.testStatuses = testrig.NewTestStatuses() +} + +func (suite *FollowRequestStandardTestSuite) SetupTest() { + testrig.InitTestLog() + suite.config = testrig.NewTestConfig() + suite.db = testrig.NewTestDB() + suite.storage = testrig.NewTestStorage() + suite.federator = testrig.NewTestFederator(suite.db, testrig.NewTestTransportController(testrig.NewMockHTTPClient(nil), suite.db), suite.storage) + suite.processor = testrig.NewTestProcessor(suite.db, suite.storage, suite.federator) + suite.followRequestModule = followrequest.New(suite.config, suite.processor).(*followrequest.Module) + testrig.StandardDBSetup(suite.db, nil) + testrig.StandardStorageSetup(suite.storage, "../../../../testrig/media") +} + +func (suite *FollowRequestStandardTestSuite) TearDownTest() { + testrig.StandardDBTeardown(suite.db) + testrig.StandardStorageTeardown(suite.storage) +} + +func (suite *FollowRequestStandardTestSuite) newContext(recorder *httptest.ResponseRecorder, requestMethod string, requestBody []byte, requestPath string, bodyContentType string) *gin.Context { + ctx, _ := gin.CreateTestContext(recorder) + + ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) + ctx.Set(oauth.SessionAuthorizedToken, oauth.DBTokenToToken(suite.testTokens["local_account_1"])) + ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"]) + ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) + + baseURI := fmt.Sprintf("%s://%s", suite.config.Protocol, suite.config.Host) + requestURI := fmt.Sprintf("%s/%s", baseURI, requestPath) + + ctx.Request = httptest.NewRequest(requestMethod, requestURI, bytes.NewReader(requestBody)) // the endpoint we're hitting + + if bodyContentType != "" { + ctx.Request.Header.Set("Content-Type", bodyContentType) + } + + return ctx +} diff --git a/internal/api/client/followrequest/get.go b/internal/api/client/followrequest/get.go index a07e3ad83..de8c83d9a 100644 --- a/internal/api/client/followrequest/get.go +++ b/internal/api/client/followrequest/get.go @@ -26,13 +26,60 @@ import ( "github.com/superseriousbusiness/gotosocial/internal/oauth" ) -// FollowRequestGETHandler allows clients to get a list of their incoming follow requests. +// FollowRequestGETHandler swagger:operation GET /api/v1/follow_requests getFollowRequests +// +// Get an array of accounts that have requested to follow you. +// +// The next and previous queries can be parsed from the returned Link header. +// Example: +// +// ``` +// ; rel="next", ; rel="prev" +// ```` +// +// --- +// tags: +// - follow_requests +// +// produces: +// - application/json +// +// parameters: +// - name: limit +// type: integer +// description: Number of accounts to return. +// default: 40 +// in: query +// +// security: +// - OAuth2 Bearer: +// - read:follows +// +// responses: +// '200': +// headers: +// Link: +// type: string +// description: Links to the next and previous queries. +// schema: +// type: array +// items: +// "$ref": "#/definitions/account" +// '400': +// description: bad request +// '401': +// description: unauthorized +// '403': +// description: forbidden +// '404': +// description: not found func (m *Module) FollowRequestGETHandler(c *gin.Context) { - l := logrus.WithField("func", "statusCreatePOSTHandler") + l := logrus.WithField("func", "FollowRequestGETHandler") + authed, err := oauth.Authed(c, true, true, true, true) if err != nil { l.Debugf("couldn't auth: %s", err) - c.JSON(http.StatusForbidden, gin.H{"error": err.Error()}) + c.JSON(http.StatusUnauthorized, gin.H{"error": err.Error()}) return } diff --git a/internal/api/client/followrequest/get_test.go b/internal/api/client/followrequest/get_test.go new file mode 100644 index 000000000..df7df1445 --- /dev/null +++ b/internal/api/client/followrequest/get_test.go @@ -0,0 +1,78 @@ +/* + GoToSocial + Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +package followrequest_test + +import ( + "context" + "fmt" + "io/ioutil" + "net/http" + "net/http/httptest" + "testing" + "time" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/suite" + "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" +) + +type GetTestSuite struct { + FollowRequestStandardTestSuite +} + +func (suite *GetTestSuite) TestGet() { + requestingAccount := suite.testAccounts["remote_account_2"] + targetAccount := suite.testAccounts["local_account_1"] + + // put a follow request in the database + fr := >smodel.FollowRequest{ + ID: "01FJ1S8DX3STJJ6CEYPMZ1M0R3", + CreatedAt: time.Now(), + UpdatedAt: time.Now(), + URI: fmt.Sprintf("%s/follow/01FJ1S8DX3STJJ6CEYPMZ1M0R3", requestingAccount.URI), + AccountID: requestingAccount.ID, + TargetAccountID: targetAccount.ID, + } + + err := suite.db.Put(context.Background(), fr) + suite.NoError(err) + + recorder := httptest.NewRecorder() + ctx := suite.newContext(recorder, http.MethodGet, []byte{}, "/api/v1/follow_requests", "") + + // call the handler + suite.followRequestModule.FollowRequestGETHandler(ctx) + + // 1. we should have OK because our request was valid + suite.Equal(http.StatusOK, recorder.Code) + + // 2. we should have no error message in the result body + result := recorder.Result() + defer result.Body.Close() + + // check the response + b, err := ioutil.ReadAll(result.Body) + assert.NoError(suite.T(), err) + + suite.Equal(`[{"id":"01FHMQX3GAABWSM0S2VZEC2SWC","username":"some_user","acct":"some_user@example.org","display_name":"some user","locked":true,"bot":false,"created_at":"2020-08-10T12:13:28Z","note":"i'm a real son of a gun","url":"http://example.org/@some_user","avatar":"","avatar_static":"","header":"","header_static":"","followers_count":0,"following_count":0,"statuses_count":0,"last_status_at":"","emojis":[],"fields":[]}]`, string(b)) +} + +func TestGetTestSuite(t *testing.T) { + suite.Run(t, &GetTestSuite{}) +} diff --git a/internal/api/client/followrequest/accept.go b/internal/api/client/followrequest/reject.go similarity index 56% rename from internal/api/client/followrequest/accept.go rename to internal/api/client/followrequest/reject.go index 6f5613f3e..a7fa12e7f 100644 --- a/internal/api/client/followrequest/accept.go +++ b/internal/api/client/followrequest/reject.go @@ -19,21 +19,58 @@ package followrequest import ( - "github.com/sirupsen/logrus" "net/http" "github.com/gin-gonic/gin" + "github.com/sirupsen/logrus" "github.com/superseriousbusiness/gotosocial/internal/oauth" ) -// FollowRequestAcceptPOSTHandler deals with follow request accepting. It should be served at -// /api/v1/follow_requests/:id/authorize -func (m *Module) FollowRequestAcceptPOSTHandler(c *gin.Context) { - l := logrus.WithField("func", "statusCreatePOSTHandler") +// FollowRequestRejectPOSTHandler swagger:operation POST /api/v1/follow_requests/{account_id}/reject rejectFollowRequest +// +// Reject/deny follow request from the given account ID. +// +// --- +// tags: +// - follow_requests +// +// produces: +// - application/json +// +// parameters: +// - name: account_id +// type: string +// description: ID of the account requesting to follow you. +// in: path +// required: true +// +// security: +// - OAuth2 Bearer: +// - write:follows +// +// responses: +// '200': +// name: account relationship +// description: Your relationship to this account. +// schema: +// "$ref": "#/definitions/accountRelationship" +// '400': +// description: bad request +// '401': +// description: unauthorized +// '403': +// description: forbidden +// '404': +// description: not found +// '500': +// description: internal server error +func (m *Module) FollowRequestRejectPOSTHandler(c *gin.Context) { + l := logrus.WithField("func", "FollowRequestRejectPOSTHandler") + authed, err := oauth.Authed(c, true, true, true, true) if err != nil { l.Debugf("couldn't auth: %s", err) - c.JSON(http.StatusForbidden, gin.H{"error": err.Error()}) + c.JSON(http.StatusUnauthorized, gin.H{"error": err.Error()}) return } @@ -49,11 +86,12 @@ func (m *Module) FollowRequestAcceptPOSTHandler(c *gin.Context) { return } - r, errWithCode := m.processor.FollowRequestAccept(c.Request.Context(), authed, originAccountID) + relationship, errWithCode := m.processor.FollowRequestReject(c.Request.Context(), authed, originAccountID) if errWithCode != nil { l.Debug(errWithCode.Error()) c.JSON(errWithCode.Code(), gin.H{"error": errWithCode.Safe()}) return } - c.JSON(http.StatusOK, r) + + c.JSON(http.StatusOK, relationship) } diff --git a/internal/api/client/followrequest/reject_test.go b/internal/api/client/followrequest/reject_test.go new file mode 100644 index 000000000..5f2741399 --- /dev/null +++ b/internal/api/client/followrequest/reject_test.go @@ -0,0 +1,87 @@ +/* + GoToSocial + Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +package followrequest_test + +import ( + "context" + "fmt" + "io/ioutil" + "net/http" + "net/http/httptest" + "testing" + "time" + + "github.com/gin-gonic/gin" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/suite" + "github.com/superseriousbusiness/gotosocial/internal/api/client/followrequest" + "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" +) + +type RejectTestSuite struct { + FollowRequestStandardTestSuite +} + +func (suite *RejectTestSuite) TestReject() { + requestingAccount := suite.testAccounts["remote_account_2"] + targetAccount := suite.testAccounts["local_account_1"] + + // put a follow request in the database + fr := >smodel.FollowRequest{ + ID: "01FJ1S8DX3STJJ6CEYPMZ1M0R3", + CreatedAt: time.Now(), + UpdatedAt: time.Now(), + URI: fmt.Sprintf("%s/follow/01FJ1S8DX3STJJ6CEYPMZ1M0R3", requestingAccount.URI), + AccountID: requestingAccount.ID, + TargetAccountID: targetAccount.ID, + } + + err := suite.db.Put(context.Background(), fr) + suite.NoError(err) + + recorder := httptest.NewRecorder() + ctx := suite.newContext(recorder, http.MethodPost, []byte{}, fmt.Sprintf("/api/v1/follow_requests/%s/reject", requestingAccount.ID), "") + + ctx.Params = gin.Params{ + gin.Param{ + Key: followrequest.IDKey, + Value: requestingAccount.ID, + }, + } + + // call the handler + suite.followRequestModule.FollowRequestRejectPOSTHandler(ctx) + + // 1. we should have OK because our request was valid + suite.Equal(http.StatusOK, recorder.Code) + + // 2. we should have no error message in the result body + result := recorder.Result() + defer result.Body.Close() + + // check the response + b, err := ioutil.ReadAll(result.Body) + assert.NoError(suite.T(), err) + + suite.Equal(`{"id":"01FHMQX3GAABWSM0S2VZEC2SWC","following":false,"showing_reblogs":false,"notifying":false,"followed_by":false,"blocking":false,"blocked_by":false,"muting":false,"muting_notifications":false,"requested":false,"domain_blocking":false,"endorsed":false,"note":""}`, string(b)) +} + +func TestRejectTestSuite(t *testing.T) { + suite.Run(t, &RejectTestSuite{}) +} diff --git a/internal/db/bundb/relationship.go b/internal/db/bundb/relationship.go index 64d896527..4f15c7772 100644 --- a/internal/db/bundb/relationship.go +++ b/internal/db/bundb/relationship.go @@ -255,6 +255,31 @@ func (r *relationshipDB) AcceptFollowRequest(ctx context.Context, originAccountI return follow, nil } +func (r *relationshipDB) RejectFollowRequest(ctx context.Context, originAccountID string, targetAccountID string) (*gtsmodel.FollowRequest, db.Error) { + // first get the follow request out of the database + fr := >smodel.FollowRequest{} + if err := r.conn. + NewSelect(). + Model(fr). + Where("account_id = ?", originAccountID). + Where("target_account_id = ?", targetAccountID). + Scan(ctx); err != nil { + return nil, r.conn.ProcessError(err) + } + + // now delete it from the database by ID + if _, err := r.conn. + NewDelete(). + Model(>smodel.FollowRequest{ID: fr.ID}). + WherePK(). + Exec(ctx); err != nil { + return nil, r.conn.ProcessError(err) + } + + // return the deleted follow request + return fr, nil +} + func (r *relationshipDB) GetAccountFollowRequests(ctx context.Context, accountID string) ([]*gtsmodel.FollowRequest, db.Error) { followRequests := []*gtsmodel.FollowRequest{} diff --git a/internal/db/relationship.go b/internal/db/relationship.go index c43b3d9ac..ac2df5228 100644 --- a/internal/db/relationship.go +++ b/internal/db/relationship.go @@ -54,6 +54,11 @@ type Relationship interface { // It will return the newly created follow for further processing. AcceptFollowRequest(ctx context.Context, originAccountID string, targetAccountID string) (*gtsmodel.Follow, Error) + // RejectFollowRequest fetches a follow request from the database, and then deletes it. + // + // The deleted follow request will be returned so that further processing can be done on it. + RejectFollowRequest(ctx context.Context, originAccountID string, targetAccountID string) (*gtsmodel.FollowRequest, Error) + // GetAccountFollowRequests returns all follow requests targeting the given account. GetAccountFollowRequests(ctx context.Context, accountID string) ([]*gtsmodel.FollowRequest, Error) diff --git a/internal/federation/federatingdb/db.go b/internal/federation/federatingdb/db.go index 039c70168..196d6163c 100644 --- a/internal/federation/federatingdb/db.go +++ b/internal/federation/federatingdb/db.go @@ -35,6 +35,7 @@ type DB interface { pub.Database Undo(ctx context.Context, undo vocab.ActivityStreamsUndo) error Accept(ctx context.Context, accept vocab.ActivityStreamsAccept) error + Reject(ctx context.Context, reject vocab.ActivityStreamsReject) error Announce(ctx context.Context, announce vocab.ActivityStreamsAnnounce) error } diff --git a/internal/federation/federatingdb/federatingdb_test.go b/internal/federation/federatingdb/federatingdb_test.go index 9198266eb..24cbfed98 100644 --- a/internal/federation/federatingdb/federatingdb_test.go +++ b/internal/federation/federatingdb/federatingdb_test.go @@ -63,10 +63,10 @@ func (suite *FederatingDBTestSuite) SetupSuite() { } func (suite *FederatingDBTestSuite) SetupTest() { + testrig.InitTestLog() suite.config = testrig.NewTestConfig() suite.db = testrig.NewTestDB() suite.tc = testrig.NewTestTypeConverter(suite.db) - testrig.InitTestLog() suite.federatingDB = testrig.NewTestFederatingDB(suite.db) testrig.StandardDBSetup(suite.db, suite.testAccounts) } diff --git a/internal/federation/federatingdb/reject.go b/internal/federation/federatingdb/reject.go new file mode 100644 index 000000000..d05c41654 --- /dev/null +++ b/internal/federation/federatingdb/reject.go @@ -0,0 +1,119 @@ +/* + GoToSocial + Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +package federatingdb + +import ( + "context" + "errors" + "fmt" + + "github.com/go-fed/activity/streams/vocab" + "github.com/sirupsen/logrus" + "github.com/superseriousbusiness/gotosocial/internal/ap" + "github.com/superseriousbusiness/gotosocial/internal/db" + "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" + "github.com/superseriousbusiness/gotosocial/internal/util" +) + +func (f *federatingDB) Reject(ctx context.Context, reject vocab.ActivityStreamsReject) error { + l := logrus.WithFields( + logrus.Fields{ + "func": "Reject", + }, + ) + + if logrus.GetLevel() >= logrus.DebugLevel { + i, err := marshalItem(reject) + if err != nil { + return err + } + l = l.WithField("reject", i) + l.Debug("entering Reject") + } + + receivingAccount, _, fromFederatorChan := extractFromCtx(ctx) + if receivingAccount == nil || fromFederatorChan == nil { + // If the receiving account or federator channel wasn't set on the context, that means this request didn't pass + // through the API, but came from inside GtS as the result of another activity on this instance. That being so, + // we can safely just ignore this activity, since we know we've already processed it elsewhere. + return nil + } + + rejectObject := reject.GetActivityStreamsObject() + if rejectObject == nil { + return errors.New("Reject: no object set on vocab.ActivityStreamsReject") + } + + for iter := rejectObject.Begin(); iter != rejectObject.End(); iter = iter.Next() { + // check if the object is an IRI + if iter.IsIRI() { + // we have just the URI of whatever is being rejected, so we need to find out what it is + rejectedObjectIRI := iter.GetIRI() + if util.IsFollowPath(rejectedObjectIRI) { + // REJECT FOLLOW + gtsFollowRequest := >smodel.FollowRequest{} + if err := f.db.GetWhere(ctx, []db.Where{{Key: "uri", Value: rejectedObjectIRI.String()}}, gtsFollowRequest); err != nil { + return fmt.Errorf("Reject: couldn't get follow request with id %s from the database: %s", rejectedObjectIRI.String(), err) + } + + // make sure the addressee of the original follow is the same as whatever inbox this landed in + if gtsFollowRequest.AccountID != receivingAccount.ID { + return errors.New("Reject: follow object account and inbox account were not the same") + } + + if _, err := f.db.RejectFollowRequest(ctx, gtsFollowRequest.AccountID, gtsFollowRequest.TargetAccountID); err != nil { + return err + } + + return nil + } + } + + // check if iter is an AP object / type + if iter.GetType() == nil { + continue + } + + switch iter.GetType().GetTypeName() { + // we have the whole object so we can figure out what we're rejecting + case ap.ActivityFollow: + // REJECT FOLLOW + asFollow, ok := iter.GetType().(vocab.ActivityStreamsFollow) + if !ok { + return errors.New("Reject: couldn't parse follow into vocab.ActivityStreamsFollow") + } + // convert the follow to something we can understand + gtsFollow, err := f.typeConverter.ASFollowToFollow(ctx, asFollow) + if err != nil { + return fmt.Errorf("Reject: error converting asfollow to gtsfollow: %s", err) + } + // make sure the addressee of the original follow is the same as whatever inbox this landed in + if gtsFollow.AccountID != receivingAccount.ID { + return errors.New("Reject: follow object account and inbox account were not the same") + } + if _, err := f.db.RejectFollowRequest(ctx, gtsFollow.AccountID, gtsFollow.TargetAccountID); err != nil { + return err + } + + return nil + } + } + + return nil +} diff --git a/internal/federation/federatingdb/reject_test.go b/internal/federation/federatingdb/reject_test.go new file mode 100644 index 000000000..5e5f12a79 --- /dev/null +++ b/internal/federation/federatingdb/reject_test.go @@ -0,0 +1,96 @@ +/* + GoToSocial + Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +package federatingdb_test + +import ( + "testing" + "time" + + "github.com/go-fed/activity/streams" + "github.com/stretchr/testify/suite" + "github.com/superseriousbusiness/gotosocial/internal/db" + "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" + "github.com/superseriousbusiness/gotosocial/internal/messages" + "github.com/superseriousbusiness/gotosocial/internal/util" + "github.com/superseriousbusiness/gotosocial/testrig" +) + +type RejectTestSuite struct { + FederatingDBTestSuite +} + +func (suite *RejectTestSuite) TestRejectFollowRequest() { + // local_account_1 sent a follow request to remote_account_2; + // remote_account_2 rejects the follow request + followingAccount := suite.testAccounts["local_account_1"] + followedAccount := suite.testAccounts["remote_account_2"] + fromFederatorChan := make(chan messages.FromFederator, 10) + ctx := createTestContext(followingAccount, followedAccount, fromFederatorChan) + + // put the follow request in the database + fr := >smodel.FollowRequest{ + ID: "01FJ1S8DX3STJJ6CEYPMZ1M0R3", + CreatedAt: time.Now(), + UpdatedAt: time.Now(), + URI: util.GenerateURIForFollow(followingAccount.Username, "http", "localhost:8080", "01FJ1S8DX3STJJ6CEYPMZ1M0R3"), + AccountID: followingAccount.ID, + TargetAccountID: followedAccount.ID, + } + err := suite.db.Put(ctx, fr) + suite.NoError(err) + + asFollow, err := suite.tc.FollowToAS(ctx, suite.tc.FollowRequestToFollow(ctx, fr), followingAccount, followedAccount) + suite.NoError(err) + + rejectingAccountURI := testrig.URLMustParse(followedAccount.URI) + requestingAccountURI := testrig.URLMustParse(followingAccount.URI) + + // create a Reject + reject := streams.NewActivityStreamsReject() + + // set the rejecting actor on it + acceptActorProp := streams.NewActivityStreamsActorProperty() + acceptActorProp.AppendIRI(rejectingAccountURI) + reject.SetActivityStreamsActor(acceptActorProp) + + // Set the recreated follow as the 'object' property. + acceptObject := streams.NewActivityStreamsObjectProperty() + acceptObject.AppendActivityStreamsFollow(asFollow) + reject.SetActivityStreamsObject(acceptObject) + + // Set the To of the reject as the originator of the follow + acceptTo := streams.NewActivityStreamsToProperty() + acceptTo.AppendIRI(requestingAccountURI) + reject.SetActivityStreamsTo(acceptTo) + + // process the reject in the federating database + err = suite.federatingDB.Reject(ctx, reject) + suite.NoError(err) + + // there should be nothing in the federator channel since nothing needs to be passed + suite.Empty(fromFederatorChan) + + // the follow request should not be in the database anymore -- it's been rejected + err = suite.db.GetByID(ctx, fr.ID, >smodel.FollowRequest{}) + suite.ErrorIs(err, db.ErrNoEntries) +} + +func TestRejectTestSuite(t *testing.T) { + suite.Run(t, &RejectTestSuite{}) +} diff --git a/internal/federation/federatingprotocol.go b/internal/federation/federatingprotocol.go index ea9084609..504e2dbeb 100644 --- a/internal/federation/federatingprotocol.go +++ b/internal/federation/federatingprotocol.go @@ -250,16 +250,17 @@ func (f *federator) FederatingCallbacks(ctx context.Context) (wrapped pub.Federa OnFollow: pub.OnFollowDoNothing, } + // override some default behaviors and trigger our own side effects other = []interface{}{ - // override default undo behavior and trigger our own side effects func(ctx context.Context, undo vocab.ActivityStreamsUndo) error { return f.FederatingDB().Undo(ctx, undo) }, - // override default accept behavior and trigger our own side effects func(ctx context.Context, accept vocab.ActivityStreamsAccept) error { return f.FederatingDB().Accept(ctx, accept) }, - // override default announce behavior and trigger our own side effects + func(ctx context.Context, reject vocab.ActivityStreamsReject) error { + return f.FederatingDB().Reject(ctx, reject) + }, func(ctx context.Context, announce vocab.ActivityStreamsAnnounce) error { return f.FederatingDB().Announce(ctx, announce) }, diff --git a/internal/processing/followrequest.go b/internal/processing/followrequest.go index 74bffd693..20df80f57 100644 --- a/internal/processing/followrequest.go +++ b/internal/processing/followrequest.go @@ -99,6 +99,45 @@ func (p *processor) FollowRequestAccept(ctx context.Context, auth *oauth.Auth, a return r, nil } -func (p *processor) FollowRequestDeny(ctx context.Context, auth *oauth.Auth) gtserror.WithCode { - return nil +func (p *processor) FollowRequestReject(ctx context.Context, auth *oauth.Auth, accountID string) (*apimodel.Relationship, gtserror.WithCode) { + followRequest, err := p.db.RejectFollowRequest(ctx, accountID, auth.Account.ID) + if err != nil { + return nil, gtserror.NewErrorNotFound(err) + } + + if followRequest.Account == nil { + a, err := p.db.GetAccountByID(ctx, followRequest.AccountID) + if err != nil { + return nil, gtserror.NewErrorInternalError(err) + } + followRequest.Account = a + } + + if followRequest.TargetAccount == nil { + a, err := p.db.GetAccountByID(ctx, followRequest.TargetAccountID) + if err != nil { + return nil, gtserror.NewErrorInternalError(err) + } + followRequest.TargetAccount = a + } + + p.fromClientAPI <- messages.FromClientAPI{ + APObjectType: ap.ActivityFollow, + APActivityType: ap.ActivityReject, + GTSModel: followRequest, + OriginAccount: followRequest.Account, + TargetAccount: followRequest.TargetAccount, + } + + gtsR, err := p.db.GetRelationship(ctx, auth.Account.ID, accountID) + if err != nil { + return nil, gtserror.NewErrorInternalError(err) + } + + r, err := p.tc.RelationshipToAPIRelationship(ctx, gtsR) + if err != nil { + return nil, gtserror.NewErrorInternalError(err) + } + + return r, nil } diff --git a/internal/processing/followrequest_test.go b/internal/processing/followrequest_test.go new file mode 100644 index 000000000..e3817de77 --- /dev/null +++ b/internal/processing/followrequest_test.go @@ -0,0 +1,143 @@ +/* + GoToSocial + Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +package processing_test + +import ( + "context" + "encoding/json" + "fmt" + "testing" + "time" + + "github.com/stretchr/testify/suite" + apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" + "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" +) + +type FollowRequestTestSuite struct { + ProcessingStandardTestSuite +} + +func (suite *FollowRequestTestSuite) TestFollowRequestAccept() { + requestingAccount := suite.testAccounts["remote_account_2"] + targetAccount := suite.testAccounts["local_account_1"] + + // put a follow request in the database + fr := >smodel.FollowRequest{ + ID: "01FJ1S8DX3STJJ6CEYPMZ1M0R3", + CreatedAt: time.Now(), + UpdatedAt: time.Now(), + URI: fmt.Sprintf("%s/follow/01FJ1S8DX3STJJ6CEYPMZ1M0R3", requestingAccount.URI), + AccountID: requestingAccount.ID, + TargetAccountID: targetAccount.ID, + } + + err := suite.db.Put(context.Background(), fr) + suite.NoError(err) + + relationship, errWithCode := suite.processor.FollowRequestAccept(context.Background(), suite.testAutheds["local_account_1"], requestingAccount.ID) + suite.NoError(errWithCode) + suite.EqualValues(&apimodel.Relationship{ID: "01FHMQX3GAABWSM0S2VZEC2SWC", Following: false, ShowingReblogs: false, Notifying: false, FollowedBy: true, Blocking: false, BlockedBy: false, Muting: false, MutingNotifications: false, Requested: false, DomainBlocking: false, Endorsed: false, Note: ""}, relationship) + time.Sleep(1 * time.Second) + + // accept should be sent to some_user + sent, ok := suite.sentHTTPRequests[requestingAccount.InboxURI] + suite.True(ok) + + accept := &struct { + Actor string `json:"actor"` + ID string `json:"id"` + Object struct { + Actor string `json:"actor"` + ID string `json:"id"` + Object string `json:"object"` + To string `json:"to"` + Type string `json:"type"` + } + To string `json:"to"` + Type string `json:"type"` + }{} + err = json.Unmarshal(sent, accept) + suite.NoError(err) + + suite.Equal(targetAccount.URI, accept.Actor) + suite.Equal(requestingAccount.URI, accept.Object.Actor) + suite.Equal(fr.URI, accept.Object.ID) + suite.Equal(targetAccount.URI, accept.Object.Object) + suite.Equal(targetAccount.URI, accept.Object.To) + suite.Equal("Follow", accept.Object.Type) + suite.Equal(requestingAccount.URI, accept.To) + suite.Equal("Accept", accept.Type) +} + +func (suite *FollowRequestTestSuite) TestFollowRequestReject() { + requestingAccount := suite.testAccounts["remote_account_2"] + targetAccount := suite.testAccounts["local_account_1"] + + // put a follow request in the database + fr := >smodel.FollowRequest{ + ID: "01FJ1S8DX3STJJ6CEYPMZ1M0R3", + CreatedAt: time.Now(), + UpdatedAt: time.Now(), + URI: fmt.Sprintf("%s/follow/01FJ1S8DX3STJJ6CEYPMZ1M0R3", requestingAccount.URI), + AccountID: requestingAccount.ID, + TargetAccountID: targetAccount.ID, + } + + err := suite.db.Put(context.Background(), fr) + suite.NoError(err) + + relationship, errWithCode := suite.processor.FollowRequestReject(context.Background(), suite.testAutheds["local_account_1"], requestingAccount.ID) + suite.NoError(errWithCode) + suite.EqualValues(&apimodel.Relationship{ID: "01FHMQX3GAABWSM0S2VZEC2SWC", Following: false, ShowingReblogs: false, Notifying: false, FollowedBy: false, Blocking: false, BlockedBy: false, Muting: false, MutingNotifications: false, Requested: false, DomainBlocking: false, Endorsed: false, Note: ""}, relationship) + time.Sleep(1 * time.Second) + + // reject should be sent to some_user + sent, ok := suite.sentHTTPRequests[requestingAccount.InboxURI] + suite.True(ok) + + reject := &struct { + Actor string `json:"actor"` + ID string `json:"id"` + Object struct { + Actor string `json:"actor"` + ID string `json:"id"` + Object string `json:"object"` + To string `json:"to"` + Type string `json:"type"` + } + To string `json:"to"` + Type string `json:"type"` + }{} + err = json.Unmarshal(sent, reject) + suite.NoError(err) + + suite.Equal(targetAccount.URI, reject.Actor) + suite.Equal(requestingAccount.URI, reject.Object.Actor) + suite.Equal(fr.URI, reject.Object.ID) + suite.Equal(targetAccount.URI, reject.Object.Object) + suite.Equal(targetAccount.URI, reject.Object.To) + suite.Equal("Follow", reject.Object.Type) + suite.Equal(requestingAccount.URI, reject.To) + suite.Equal("Reject", reject.Type) +} + +func TestFollowRequestTestSuite(t *testing.T) { + suite.Run(t, &FollowRequestTestSuite{}) +} diff --git a/internal/processing/fromclientapi.go b/internal/processing/fromclientapi.go index e15299d70..d4e8f5fa5 100644 --- a/internal/processing/fromclientapi.go +++ b/internal/processing/fromclientapi.go @@ -140,7 +140,19 @@ func (p *processor) ProcessFromClientAPI(ctx context.Context, clientMsg messages return err } - return p.federateAcceptFollowRequest(ctx, follow, clientMsg.OriginAccount, clientMsg.TargetAccount) + return p.federateAcceptFollowRequest(ctx, follow) + } + case ap.ActivityReject: + // REJECT + switch clientMsg.APObjectType { + case ap.ActivityFollow: + // REJECT FOLLOW (request) + followRequest, ok := clientMsg.GTSModel.(*gtsmodel.FollowRequest) + if !ok { + return errors.New("reject was not parseable as *gtsmodel.FollowRequest") + } + + return p.federateRejectFollowRequest(ctx, followRequest) } case ap.ActivityUndo: // UNDO @@ -453,7 +465,30 @@ func (p *processor) federateUnannounce(ctx context.Context, boost *gtsmodel.Stat return err } -func (p *processor) federateAcceptFollowRequest(ctx context.Context, follow *gtsmodel.Follow, originAccount *gtsmodel.Account, targetAccount *gtsmodel.Account) error { +func (p *processor) federateAcceptFollowRequest(ctx context.Context, follow *gtsmodel.Follow) error { + if follow.Account == nil { + a, err := p.db.GetAccountByID(ctx, follow.AccountID) + if err != nil { + return err + } + follow.Account = a + } + originAccount := follow.Account + + if follow.TargetAccount == nil { + a, err := p.db.GetAccountByID(ctx, follow.TargetAccountID) + if err != nil { + return err + } + follow.TargetAccount = a + } + targetAccount := follow.TargetAccount + + // if target account isn't from our domain we shouldn't do anything + if targetAccount.Domain != "" { + return nil + } + // if both accounts are local there's nothing to do here if originAccount.Domain == "" && targetAccount.Domain == "" { return nil @@ -503,6 +538,80 @@ func (p *processor) federateAcceptFollowRequest(ctx context.Context, follow *gts return err } +func (p *processor) federateRejectFollowRequest(ctx context.Context, followRequest *gtsmodel.FollowRequest) error { + if followRequest.Account == nil { + a, err := p.db.GetAccountByID(ctx, followRequest.AccountID) + if err != nil { + return err + } + followRequest.Account = a + } + originAccount := followRequest.Account + + if followRequest.TargetAccount == nil { + a, err := p.db.GetAccountByID(ctx, followRequest.TargetAccountID) + if err != nil { + return err + } + followRequest.TargetAccount = a + } + targetAccount := followRequest.TargetAccount + + // if target account isn't from our domain we shouldn't do anything + if targetAccount.Domain != "" { + return nil + } + + // if both accounts are local there's nothing to do here + if originAccount.Domain == "" && targetAccount.Domain == "" { + return nil + } + + // recreate the AS follow + follow := p.tc.FollowRequestToFollow(ctx, followRequest) + asFollow, err := p.tc.FollowToAS(ctx, follow, originAccount, targetAccount) + if err != nil { + return fmt.Errorf("federateUnfollow: error converting follow to as format: %s", err) + } + + rejectingAccountURI, err := url.Parse(targetAccount.URI) + if err != nil { + return fmt.Errorf("error parsing uri %s: %s", targetAccount.URI, err) + } + + requestingAccountURI, err := url.Parse(originAccount.URI) + if err != nil { + return fmt.Errorf("error parsing uri %s: %s", targetAccount.URI, err) + } + + // create a Reject + reject := streams.NewActivityStreamsReject() + + // set the rejecting actor on it + acceptActorProp := streams.NewActivityStreamsActorProperty() + acceptActorProp.AppendIRI(rejectingAccountURI) + reject.SetActivityStreamsActor(acceptActorProp) + + // Set the recreated follow as the 'object' property. + acceptObject := streams.NewActivityStreamsObjectProperty() + acceptObject.AppendActivityStreamsFollow(asFollow) + reject.SetActivityStreamsObject(acceptObject) + + // Set the To of the reject as the originator of the follow + acceptTo := streams.NewActivityStreamsToProperty() + acceptTo.AppendIRI(requestingAccountURI) + reject.SetActivityStreamsTo(acceptTo) + + outboxIRI, err := url.Parse(targetAccount.OutboxURI) + if err != nil { + return fmt.Errorf("federateRejectFollowRequest: error parsing outboxURI %s: %s", originAccount.OutboxURI, err) + } + + // send off the reject using the rejecting account's outbox + _, err = p.federator.FederatingActor().Send(ctx, outboxIRI, reject) + return err +} + func (p *processor) federateFave(ctx context.Context, fave *gtsmodel.StatusFave, originAccount *gtsmodel.Account, targetAccount *gtsmodel.Account) error { // if both accounts are local there's nothing to do here if originAccount.Domain == "" && targetAccount.Domain == "" { diff --git a/internal/processing/fromfederator.go b/internal/processing/fromfederator.go index 8a36fb9b7..243c0f3d7 100644 --- a/internal/processing/fromfederator.go +++ b/internal/processing/fromfederator.go @@ -161,22 +161,13 @@ func (p *processor) processCreateFollowRequestFromFederator(ctx context.Context, return p.notifyFollowRequest(ctx, followRequest) } - if followRequest.Account == nil { - a, err := p.db.GetAccountByID(ctx, followRequest.AccountID) - if err != nil { - return err - } - followRequest.Account = a - } - originAccount := followRequest.Account - // if the target account isn't locked, we should already accept the follow and notify about the new follower instead follow, err := p.db.AcceptFollowRequest(ctx, followRequest.AccountID, followRequest.TargetAccountID) if err != nil { return err } - if err := p.federateAcceptFollowRequest(ctx, follow, originAccount, targetAccount); err != nil { + if err := p.federateAcceptFollowRequest(ctx, follow); err != nil { return err } diff --git a/internal/processing/processor.go b/internal/processing/processor.go index e61661dc9..8fd372735 100644 --- a/internal/processing/processor.go +++ b/internal/processing/processor.go @@ -118,8 +118,10 @@ type Processor interface { // FollowRequestsGet handles the getting of the authed account's incoming follow requests FollowRequestsGet(ctx context.Context, auth *oauth.Auth) ([]apimodel.Account, gtserror.WithCode) - // FollowRequestAccept handles the acceptance of a follow request from the given account ID + // FollowRequestAccept handles the acceptance of a follow request from the given account ID. FollowRequestAccept(ctx context.Context, auth *oauth.Auth, accountID string) (*apimodel.Relationship, gtserror.WithCode) + // FollowRequestReject handles the rejection of a follow request from the given account ID. + FollowRequestReject(ctx context.Context, auth *oauth.Auth, accountID string) (*apimodel.Relationship, gtserror.WithCode) // InstanceGet retrieves instance information for serving at api/v1/instance InstanceGet(ctx context.Context, domain string) (*apimodel.Instance, gtserror.WithCode) diff --git a/internal/processing/processor_test.go b/internal/processing/processor_test.go index f2a9e455e..beae5dba0 100644 --- a/internal/processing/processor_test.go +++ b/internal/processing/processor_test.go @@ -96,9 +96,9 @@ func (suite *ProcessingStandardTestSuite) SetupSuite() { } func (suite *ProcessingStandardTestSuite) SetupTest() { + testrig.InitTestLog() suite.config = testrig.NewTestConfig() suite.db = testrig.NewTestDB() - testrig.InitTestLog() suite.storage = testrig.NewTestStorage() suite.typeconverter = testrig.NewTestTypeConverter(suite.db) @@ -149,6 +149,38 @@ func (suite *ProcessingStandardTestSuite) SetupTest() { return response, nil } + if req.URL.String() == suite.testAccounts["remote_account_2"].URI { + // the request is for remote account 2 + someAccount := suite.testAccounts["remote_account_2"] + + someAccountAS, err := suite.typeconverter.AccountToAS(context.Background(), someAccount) + if err != nil { + panic(err) + } + + someAccountI, err := streams.Serialize(someAccountAS) + if err != nil { + panic(err) + } + someAccountJson, err := json.Marshal(someAccountI) + if err != nil { + panic(err) + } + responseType := "application/activity+json" + + reader := bytes.NewReader(someAccountJson) + readCloser := io.NopCloser(reader) + response := &http.Response{ + StatusCode: 200, + Body: readCloser, + ContentLength: int64(len(someAccountJson)), + Header: http.Header{ + "content-type": {responseType}, + }, + } + return response, nil + } + if req.URL.String() == "http://example.org/users/some_user/statuses/afaba698-5740-4e32-a702-af61aa543bc1" { // the request is for the forwarded message message := suite.testActivities["forwarded_message"].Activity.GetActivityStreamsObject().At(0).GetActivityStreamsNote()