mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2024-12-26 09:00:29 +00:00
[bugfix] Prevent future statuses entering timelines (#1134)
* [bugfix] Prevent future statuses entering timeline Statuses created more than 5 minutes into the future are now rejected in the visibility package. * Come on buddy
This commit is contained in:
parent
fcb9c0bb8b
commit
da8954858a
5 changed files with 69 additions and 13 deletions
|
@ -60,8 +60,8 @@ func (suite *FilterStandardTestSuite) SetupSuite() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (suite *FilterStandardTestSuite) SetupTest() {
|
func (suite *FilterStandardTestSuite) SetupTest() {
|
||||||
testrig.InitTestLog()
|
|
||||||
testrig.InitTestConfig()
|
testrig.InitTestConfig()
|
||||||
|
testrig.InitTestLog()
|
||||||
|
|
||||||
suite.db = testrig.NewTestDB()
|
suite.db = testrig.NewTestDB()
|
||||||
suite.filter = visibility.NewFilter(suite.db)
|
suite.filter = visibility.NewFilter(suite.db)
|
||||||
|
|
|
@ -21,17 +21,27 @@ package visibility
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"time"
|
||||||
|
|
||||||
"codeberg.org/gruf/go-kv"
|
"codeberg.org/gruf/go-kv"
|
||||||
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
|
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
|
||||||
|
"github.com/superseriousbusiness/gotosocial/internal/id"
|
||||||
"github.com/superseriousbusiness/gotosocial/internal/log"
|
"github.com/superseriousbusiness/gotosocial/internal/log"
|
||||||
)
|
)
|
||||||
|
|
||||||
func (f *filter) StatusHometimelineable(ctx context.Context, targetStatus *gtsmodel.Status, timelineOwnerAccount *gtsmodel.Account) (bool, error) {
|
func (f *filter) StatusHometimelineable(ctx context.Context, targetStatus *gtsmodel.Status, timelineOwnerAccount *gtsmodel.Account) (bool, error) {
|
||||||
l := log.WithFields(kv.Fields{
|
l := log.WithFields(kv.Fields{{"statusID", targetStatus.ID}}...)
|
||||||
|
|
||||||
{"statusID", targetStatus.ID},
|
// don't timeline statuses more than 5 min in the future
|
||||||
}...)
|
maxID, err := id.NewULIDFromTime(time.Now().Add(5 * time.Minute))
|
||||||
|
if err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
|
||||||
|
if targetStatus.ID > maxID {
|
||||||
|
l.Debug("status not hometimelineable because it's from more than 5 minutes in the future")
|
||||||
|
return false, nil
|
||||||
|
}
|
||||||
|
|
||||||
// status owner should always be able to see their own status in their timeline so we can return early if this is the case
|
// status owner should always be able to see their own status in their timeline so we can return early if this is the case
|
||||||
if targetStatus.AccountID == timelineOwnerAccount.ID {
|
if targetStatus.AccountID == timelineOwnerAccount.ID {
|
||||||
|
|
|
@ -21,10 +21,12 @@ package visibility_test
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"testing"
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/stretchr/testify/suite"
|
"github.com/stretchr/testify/suite"
|
||||||
"github.com/superseriousbusiness/gotosocial/internal/ap"
|
"github.com/superseriousbusiness/gotosocial/internal/ap"
|
||||||
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
|
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
|
||||||
|
"github.com/superseriousbusiness/gotosocial/internal/id"
|
||||||
"github.com/superseriousbusiness/gotosocial/testrig"
|
"github.com/superseriousbusiness/gotosocial/testrig"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -65,6 +67,44 @@ func (suite *StatusStatusHometimelineableTestSuite) TestNotFollowingStatusHometi
|
||||||
suite.False(timelineable)
|
suite.False(timelineable)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (suite *StatusStatusHometimelineableTestSuite) TestStatusTooNewNotTimelineable() {
|
||||||
|
testStatus := >smodel.Status{}
|
||||||
|
*testStatus = *suite.testStatuses["local_account_1_status_1"]
|
||||||
|
|
||||||
|
var err error
|
||||||
|
testStatus.ID, err = id.NewULIDFromTime(time.Now().Add(10 * time.Minute))
|
||||||
|
if err != nil {
|
||||||
|
suite.FailNow(err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
testAccount := suite.testAccounts["local_account_1"]
|
||||||
|
ctx := context.Background()
|
||||||
|
|
||||||
|
timelineable, err := suite.filter.StatusHometimelineable(ctx, testStatus, testAccount)
|
||||||
|
suite.NoError(err)
|
||||||
|
|
||||||
|
suite.False(timelineable)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (suite *StatusStatusHometimelineableTestSuite) TestStatusNotTooNewTimelineable() {
|
||||||
|
testStatus := >smodel.Status{}
|
||||||
|
*testStatus = *suite.testStatuses["local_account_1_status_1"]
|
||||||
|
|
||||||
|
var err error
|
||||||
|
testStatus.ID, err = id.NewULIDFromTime(time.Now().Add(4 * time.Minute))
|
||||||
|
if err != nil {
|
||||||
|
suite.FailNow(err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
testAccount := suite.testAccounts["local_account_1"]
|
||||||
|
ctx := context.Background()
|
||||||
|
|
||||||
|
timelineable, err := suite.filter.StatusHometimelineable(ctx, testStatus, testAccount)
|
||||||
|
suite.NoError(err)
|
||||||
|
|
||||||
|
suite.True(timelineable)
|
||||||
|
}
|
||||||
|
|
||||||
func (suite *StatusStatusHometimelineableTestSuite) TestChainReplyFollowersOnly() {
|
func (suite *StatusStatusHometimelineableTestSuite) TestChainReplyFollowersOnly() {
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
|
|
||||||
|
|
|
@ -21,17 +21,27 @@ package visibility
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"time"
|
||||||
|
|
||||||
"codeberg.org/gruf/go-kv"
|
"codeberg.org/gruf/go-kv"
|
||||||
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
|
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
|
||||||
|
"github.com/superseriousbusiness/gotosocial/internal/id"
|
||||||
"github.com/superseriousbusiness/gotosocial/internal/log"
|
"github.com/superseriousbusiness/gotosocial/internal/log"
|
||||||
)
|
)
|
||||||
|
|
||||||
func (f *filter) StatusPublictimelineable(ctx context.Context, targetStatus *gtsmodel.Status, timelineOwnerAccount *gtsmodel.Account) (bool, error) {
|
func (f *filter) StatusPublictimelineable(ctx context.Context, targetStatus *gtsmodel.Status, timelineOwnerAccount *gtsmodel.Account) (bool, error) {
|
||||||
l := log.WithFields(kv.Fields{
|
l := log.WithFields(kv.Fields{{"statusID", targetStatus.ID}}...)
|
||||||
|
|
||||||
{"statusID", targetStatus.ID},
|
// don't timeline statuses more than 5 min in the future
|
||||||
}...)
|
maxID, err := id.NewULIDFromTime(time.Now().Add(5 * time.Minute))
|
||||||
|
if err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
|
||||||
|
if targetStatus.ID > maxID {
|
||||||
|
l.Debug("status not hometimelineable because it's from more than 5 minutes in the future")
|
||||||
|
return false, nil
|
||||||
|
}
|
||||||
|
|
||||||
// Don't timeline boosted statuses
|
// Don't timeline boosted statuses
|
||||||
if targetStatus.BoostOfID != "" {
|
if targetStatus.BoostOfID != "" {
|
||||||
|
|
|
@ -29,14 +29,10 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func (f *filter) StatusVisible(ctx context.Context, targetStatus *gtsmodel.Status, requestingAccount *gtsmodel.Account) (bool, error) {
|
func (f *filter) StatusVisible(ctx context.Context, targetStatus *gtsmodel.Status, requestingAccount *gtsmodel.Account) (bool, error) {
|
||||||
const getBoosted = true
|
l := log.WithFields(kv.Fields{{"statusID", targetStatus.ID}}...)
|
||||||
|
|
||||||
l := log.WithFields(kv.Fields{
|
|
||||||
|
|
||||||
{"statusID", targetStatus.ID},
|
|
||||||
}...)
|
|
||||||
|
|
||||||
// Fetch any relevant accounts for the target status
|
// Fetch any relevant accounts for the target status
|
||||||
|
const getBoosted = true
|
||||||
relevantAccounts, err := f.relevantAccounts(ctx, targetStatus, getBoosted)
|
relevantAccounts, err := f.relevantAccounts(ctx, targetStatus, getBoosted)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
l.Debugf("error pulling relevant accounts for status %s: %s", targetStatus.ID, err)
|
l.Debugf("error pulling relevant accounts for status %s: %s", targetStatus.ID, err)
|
||||||
|
|
Loading…
Reference in a new issue