Add support for editing for published statuses (#16697)

* Add support for editing for published statuses

* Fix references to stripped-out code

* Various fixes and improvements

* Further fixes and improvements

* Fix updates being potentially sent to unauthorized recipients

* Various fixes and improvements

* Fix wrong words in test

* Fix notifying accounts that were tagged but were not in the audience

* Fix mistake
This commit is contained in:
Eugen Rochko 2022-01-19 22:37:27 +01:00 committed by GitHub
commit 1060666c58
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
56 changed files with 1415 additions and 574 deletions

View file

@ -94,49 +94,6 @@ class ActivityPub::Activity
equals_or_includes_any?(@object['type'], CONVERTED_TYPES)
end
def distribute(status)
crawl_links(status)
notify_about_reblog(status) if reblog_of_local_account?(status) && !reblog_by_following_group_account?(status)
notify_about_mentions(status)
# Only continue if the status is supposed to have arrived in real-time.
# Note that if @options[:override_timestamps] isn't set, the status
# may have a lower snowflake id than other existing statuses, potentially
# "hiding" it from paginated API calls
return unless @options[:override_timestamps] || status.within_realtime_window?
distribute_to_followers(status)
end
def reblog_of_local_account?(status)
status.reblog? && status.reblog.account.local?
end
def reblog_by_following_group_account?(status)
status.reblog? && status.account.group? && status.reblog.account.following?(status.account)
end
def notify_about_reblog(status)
NotifyService.new.call(status.reblog.account, :reblog, status)
end
def notify_about_mentions(status)
status.active_mentions.includes(:account).each do |mention|
next unless mention.account.local? && audience_includes?(mention.account)
NotifyService.new.call(mention.account, :mention, mention)
end
end
def crawl_links(status)
# Spread out crawling randomly to avoid DDoSing the link
LinkCrawlWorker.perform_in(rand(1..59).seconds, status.id)
end
def distribute_to_followers(status)
::DistributionWorker.perform_async(status.id)
end
def delete_arrived_first?(uri)
redis.exists?("delete_upon_arrival:#{@account.id}:#{uri}")
end

View file

@ -25,7 +25,7 @@ class ActivityPub::Activity::Announce < ActivityPub::Activity
Trends.tags.register(@status)
Trends.links.register(@status)
distribute(@status)
distribute
end
@status
@ -33,6 +33,22 @@ class ActivityPub::Activity::Announce < ActivityPub::Activity
private
def distribute
# Notify the author of the original status if that status is local
NotifyService.new.call(@status.reblog.account, :reblog, @status) if reblog_of_local_account?(@status) && !reblog_by_following_group_account?(@status)
# Distribute into home and list feeds
::DistributionWorker.perform_async(@status.id) if @options[:override_timestamps] || @status.within_realtime_window?
end
def reblog_of_local_account?(status)
status.reblog? && status.reblog.account.local?
end
def reblog_by_following_group_account?(status)
status.reblog? && status.account.group? && status.reblog.account.following?(status.account)
end
def audience_to
as_array(@json['to']).map { |x| value_or_id(x) }
end

View file

@ -69,9 +69,10 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
end
def process_status
@tags = []
@mentions = []
@params = {}
@tags = []
@mentions = []
@silenced_account_ids = []
@params = {}
process_status_params
process_tags
@ -84,10 +85,18 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
resolve_thread(@status)
fetch_replies(@status)
distribute(@status)
distribute
forward_for_reply
end
def distribute
# Spread out crawling randomly to avoid DDoSing the link
LinkCrawlWorker.perform_in(rand(1..59).seconds, @status.id)
# Distribute into home and list feeds and notify mentioned accounts
::DistributionWorker.perform_async(@status.id, silenced_account_ids: @silenced_account_ids) if @options[:override_timestamps] || @status.within_realtime_window?
end
def find_existing_status
status = status_from_uri(object_uri)
status ||= Status.find_by(uri: @object['atomUri']) if @object['atomUri'].present?
@ -95,19 +104,22 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
end
def process_status_params
@status_parser = ActivityPub::Parser::StatusParser.new(@json, followers_collection: @account.followers_url)
@params = begin
{
uri: object_uri,
url: object_url || object_uri,
uri: @status_parser.uri,
url: @status_parser.url || @status_parser.uri,
account: @account,
text: text_from_content || '',
language: detected_language,
spoiler_text: converted_object_type? ? '' : (text_from_summary || ''),
created_at: @object['published'],
text: converted_object_type? ? converted_text : (@status_parser.text || ''),
language: @status_parser.language || detected_language,
spoiler_text: converted_object_type? ? '' : (@status_parser.spoiler_text || ''),
created_at: @status_parser.created_at,
edited_at: @status_parser.edited_at,
override_timestamps: @options[:override_timestamps],
reply: @object['inReplyTo'].present?,
sensitive: @account.sensitized? || @object['sensitive'] || false,
visibility: visibility_from_audience,
reply: @status_parser.reply,
sensitive: @account.sensitized? || @status_parser.sensitive || false,
visibility: @status_parser.visibility,
thread: replied_to_status,
conversation: conversation_from_uri(@object['conversation']),
media_attachment_ids: process_attachments.take(4).map(&:id),
@ -117,42 +129,40 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
end
def process_audience
(audience_to + audience_cc).uniq.each do |audience|
next if ActivityPub::TagManager.instance.public_collection?(audience)
# Unlike with tags, there is no point in resolving accounts we don't already
# know here, because silent mentions would only be used for local access control anyway
accounts_in_audience = (audience_to + audience_cc).uniq.filter_map do |audience|
account_from_uri(audience) unless ActivityPub::TagManager.instance.public_collection?(audience)
end
# Unlike with tags, there is no point in resolving accounts we don't already
# know here, because silent mentions would only be used for local access
# control anyway
account = account_from_uri(audience)
# If the payload was delivered to a specific inbox, the inbox owner must have
# access to it, unless they already have access to it anyway
if @options[:delivered_to_account_id]
accounts_in_audience << delivered_to_account
accounts_in_audience.uniq!
end
next if account.nil? || @mentions.any? { |mention| mention.account_id == account.id }
accounts_in_audience.each do |account|
# This runs after tags are processed, and those translate into non-silent
# mentions, which take precedence
next if @mentions.any? { |mention| mention.account_id == account.id }
@mentions << Mention.new(account: account, silent: true)
# If there is at least one silent mention, then the status can be considered
# as a limited-audience status, and not strictly a direct message, but only
# if we considered a direct message in the first place
next unless @params[:visibility] == :direct
@params[:visibility] = :limited
@params[:visibility] = :limited if @params[:visibility] == :direct
end
# If the payload was delivered to a specific inbox, the inbox owner must have
# access to it, unless they already have access to it anyway
return if @options[:delivered_to_account_id].nil? || @mentions.any? { |mention| mention.account_id == @options[:delivered_to_account_id] }
@mentions << Mention.new(account_id: @options[:delivered_to_account_id], silent: true)
return unless @params[:visibility] == :direct
@params[:visibility] = :limited
# Accounts that are tagged but are not in the audience are not
# supposed to be notified explicitly
@silenced_account_ids = @mentions.map(&:account_id) - accounts_in_audience.map(&:id)
end
def postprocess_audience_and_deliver
return if @status.mentions.find_by(account_id: @options[:delivered_to_account_id])
delivered_to_account = Account.find(@options[:delivered_to_account_id])
@status.mentions.create(account: delivered_to_account, silent: true)
@status.update(visibility: :limited) if @status.direct_visibility?
@ -161,6 +171,10 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
FeedInsertWorker.perform_async(@status.id, delivered_to_account.id, :home)
end
def delivered_to_account
@delivered_to_account ||= Account.find(@options[:delivered_to_account_id])
end
def attach_tags(status)
@tags.each do |tag|
status.tags << tag
@ -215,21 +229,22 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
def process_emoji(tag)
return if skip_download?
return if tag['name'].blank? || tag['icon'].blank? || tag['icon']['url'].blank?
shortcode = tag['name'].delete(':')
image_url = tag['icon']['url']
uri = tag['id']
updated = tag['updated']
emoji = CustomEmoji.find_by(shortcode: shortcode, domain: @account.domain)
custom_emoji_parser = ActivityPub::Parser::CustomEmojiParser.new(tag)
return unless emoji.nil? || image_url != emoji.image_remote_url || (updated && updated >= emoji.updated_at)
return if custom_emoji_parser.shortcode.blank? || custom_emoji_parser.image_remote_url.blank?
emoji ||= CustomEmoji.new(domain: @account.domain, shortcode: shortcode, uri: uri)
emoji.image_remote_url = image_url
emoji.save
rescue Seahorse::Client::NetworkingError => e
Rails.logger.warn "Error storing emoji: #{e}"
emoji = CustomEmoji.find_by(shortcode: custom_emoji_parser.shortcode, domain: @account.domain)
return unless emoji.nil? || custom_emoji_parser.image_remote_url != emoji.image_remote_url || (custom_emoji_parser.updated_at && custom_emoji_parser.updated_at >= emoji.updated_at)
begin
emoji ||= CustomEmoji.new(domain: @account.domain, shortcode: custom_emoji_parser.shortcode, uri: custom_emoji_parser.uri)
emoji.image_remote_url = custom_emoji_parser.image_remote_url
emoji.save
rescue Seahorse::Client::NetworkingError => e
Rails.logger.warn "Error storing emoji: #{e}"
end
end
def process_attachments
@ -238,14 +253,23 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
media_attachments = []
as_array(@object['attachment']).each do |attachment|
next if attachment['url'].blank? || media_attachments.size >= 4
media_attachment_parser = ActivityPub::Parser::MediaAttachmentParser.new(attachment)
next if media_attachment_parser.remote_url.blank? || media_attachments.size >= 4
begin
href = Addressable::URI.parse(attachment['url']).normalize.to_s
media_attachment = MediaAttachment.create(account: @account, remote_url: href, thumbnail_remote_url: icon_url_from_attachment(attachment), description: attachment['summary'].presence || attachment['name'].presence, focus: attachment['focalPoint'], blurhash: supported_blurhash?(attachment['blurhash']) ? attachment['blurhash'] : nil)
media_attachment = MediaAttachment.create(
account: @account,
remote_url: media_attachment_parser.remote_url,
thumbnail_remote_url: media_attachment_parser.thumbnail_remote_url,
description: media_attachment_parser.description,
focus: media_attachment_parser.focus,
blurhash: media_attachment_parser.blurhash
)
media_attachments << media_attachment
next if unsupported_media_type?(attachment['mediaType']) || skip_download?
next if unsupported_media_type?(media_attachment_parser.file_content_type) || skip_download?
media_attachment.download_file!
media_attachment.download_thumbnail!
@ -263,42 +287,17 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
media_attachments
end
def icon_url_from_attachment(attachment)
url = attachment['icon'].is_a?(Hash) ? attachment['icon']['url'] : attachment['icon']
Addressable::URI.parse(url).normalize.to_s if url.present?
rescue Addressable::URI::InvalidURIError
nil
end
def process_poll
return unless @object['type'] == 'Question' && (@object['anyOf'].is_a?(Array) || @object['oneOf'].is_a?(Array))
poll_parser = ActivityPub::Parser::PollParser.new(@object)
expires_at = begin
if @object['closed'].is_a?(String)
@object['closed']
elsif !@object['closed'].nil? && !@object['closed'].is_a?(FalseClass)
Time.now.utc
else
@object['endTime']
end
end
if @object['anyOf'].is_a?(Array)
multiple = true
items = @object['anyOf']
else
multiple = false
items = @object['oneOf']
end
voters_count = @object['votersCount']
return unless poll_parser.valid?
@account.polls.new(
multiple: multiple,
expires_at: expires_at,
options: items.map { |item| item['name'].presence || item['content'] }.compact,
cached_tallies: items.map { |item| item.dig('replies', 'totalItems') || 0 },
voters_count: voters_count
multiple: poll_parser.multiple,
expires_at: poll_parser.expires_at,
options: poll_parser.options,
cached_tallies: poll_parser.cached_tallies,
voters_count: poll_parser.voters_count
)
end
@ -351,23 +350,6 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
end
end
def visibility_from_audience
if audience_to.any? { |to| ActivityPub::TagManager.instance.public_collection?(to) }
:public
elsif audience_cc.any? { |cc| ActivityPub::TagManager.instance.public_collection?(cc) }
:unlisted
elsif audience_to.include?(@account.followers_url)
:private
else
:direct
end
end
def audience_includes?(account)
uri = ActivityPub::TagManager.instance.uri_for(account)
audience_to.include?(uri) || audience_cc.include?(uri)
end
def replied_to_status
return @replied_to_status if defined?(@replied_to_status)
@ -384,81 +366,18 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
value_or_id(@object['inReplyTo'])
end
def text_from_content
return Formatter.instance.linkify([[text_from_name, text_from_summary.presence].compact.join("\n\n"), object_url || object_uri].join(' ')) if converted_object_type?
if @object['content'].present?
@object['content']
elsif content_language_map?
@object['contentMap'].values.first
end
end
def text_from_summary
if @object['summary'].present?
@object['summary']
elsif summary_language_map?
@object['summaryMap'].values.first
end
end
def text_from_name
if @object['name'].present?
@object['name']
elsif name_language_map?
@object['nameMap'].values.first
end
def converted_text
Formatter.instance.linkify([@status_parser.title.presence, @status_parser.spoiler_text.presence, @status_parser.url || @status_parser.uri].compact.join("\n\n"))
end
def detected_language
if content_language_map?
@object['contentMap'].keys.first
elsif name_language_map?
@object['nameMap'].keys.first
elsif summary_language_map?
@object['summaryMap'].keys.first
elsif supported_object_type?
LanguageDetector.instance.detect(text_from_content, @account)
end
end
def object_url
return if @object['url'].blank?
url_candidate = url_to_href(@object['url'], 'text/html')
if invalid_origin?(url_candidate)
nil
else
url_candidate
end
end
def summary_language_map?
@object['summaryMap'].is_a?(Hash) && !@object['summaryMap'].empty?
end
def content_language_map?
@object['contentMap'].is_a?(Hash) && !@object['contentMap'].empty?
end
def name_language_map?
@object['nameMap'].is_a?(Hash) && !@object['nameMap'].empty?
LanguageDetector.instance.detect(@status_parser.text, @account) if supported_object_type?
end
def unsupported_media_type?(mime_type)
mime_type.present? && !MediaAttachment.supported_mime_types.include?(mime_type)
end
def supported_blurhash?(blurhash)
components = blurhash.blank? || !blurhash_valid_chars?(blurhash) ? nil : Blurhash.components(blurhash)
components.present? && components.none? { |comp| comp > 5 }
end
def blurhash_valid_chars?(blurhash)
/^[\w#$%*+-.:;=?@\[\]^{|}~]+$/.match?(blurhash)
end
def skip_download?
return @skip_download if defined?(@skip_download)

View file

@ -1,32 +1,31 @@
# frozen_string_literal: true
class ActivityPub::Activity::Update < ActivityPub::Activity
SUPPORTED_TYPES = %w(Application Group Organization Person Service).freeze
def perform
dereference_object!
if equals_or_includes_any?(@object['type'], SUPPORTED_TYPES)
if equals_or_includes_any?(@object['type'], %w(Application Group Organization Person Service))
update_account
elsif equals_or_includes_any?(@object['type'], %w(Question))
update_poll
elsif equals_or_includes_any?(@object['type'], %w(Note Question))
update_status
end
end
private
def update_account
return if @account.uri != object_uri
return reject_payload! if @account.uri != object_uri
ActivityPub::ProcessAccountService.new.call(@account.username, @account.domain, @object, signed_with_known_key: true)
end
def update_poll
def update_status
return reject_payload! if invalid_origin?(@object['id'])
status = Status.find_by(uri: object_uri, account_id: @account.id)
return if status.nil? || status.preloadable_poll.nil?
ActivityPub::ProcessPollService.new.call(status.preloadable_poll, @object)
return if status.nil?
ActivityPub::ProcessStatusUpdateService.new.call(status, @object)
end
end

View file

@ -0,0 +1,27 @@
# frozen_string_literal: true
class ActivityPub::Parser::CustomEmojiParser
include JsonLdHelper
def initialize(json)
@json = json
end
def uri
@json['id']
end
def shortcode
@json['name']&.delete(':')
end
def image_remote_url
@json.dig('icon', 'url')
end
def updated_at
@json['updated']&.to_datetime
rescue ArgumentError
nil
end
end

View file

@ -0,0 +1,58 @@
# frozen_string_literal: true
class ActivityPub::Parser::MediaAttachmentParser
include JsonLdHelper
def initialize(json)
@json = json
end
# @param [MediaAttachment] previous_record
def significantly_changes?(previous_record)
remote_url != previous_record.remote_url ||
thumbnail_remote_url != previous_record.thumbnail_remote_url ||
description != previous_record.description
end
def remote_url
Addressable::URI.parse(@json['url'])&.normalize&.to_s
rescue Addressable::URI::InvalidURIError
nil
end
def thumbnail_remote_url
Addressable::URI.parse(@json['icon'].is_a?(Hash) ? @json['icon']['url'] : @json['icon'])&.normalize&.to_s
rescue Addressable::URI::InvalidURIError
nil
end
def description
@json['summary'].presence || @json['name'].presence
end
def focus
@json['focalPoint']
end
def blurhash
supported_blurhash? ? @json['blurhash'] : nil
end
def file_content_type
@json['mediaType']
end
private
def supported_blurhash?
components = begin
blurhash = @json['blurhash']
if blurhash.present? && /^[\w#$%*+-.:;=?@\[\]^{|}~]+$/.match?(blurhash)
Blurhash.components(blurhash)
end
end
components.present? && components.none? { |comp| comp > 5 }
end
end

View file

@ -0,0 +1,53 @@
# frozen_string_literal: true
class ActivityPub::Parser::PollParser
include JsonLdHelper
def initialize(json)
@json = json
end
def valid?
equals_or_includes?(@json['type'], 'Question') && items.is_a?(Array)
end
# @param [Poll] previous_record
def significantly_changes?(previous_record)
options != previous_record.options ||
multiple != previous_record.multiple
end
def options
items.filter_map { |item| item['name'].presence || item['content'] }
end
def multiple
@json['anyOf'].is_a?(Array)
end
def expires_at
if @json['closed'].is_a?(String)
@json['closed'].to_datetime
elsif !@json['closed'].nil? && !@json['closed'].is_a?(FalseClass)
Time.now.utc
else
@json['endTime']&.to_datetime
end
rescue ArgumentError
nil
end
def voters_count
@json['votersCount']
end
def cached_tallies
items.map { |item| item.dig('replies', 'totalItems') || 0 }
end
private
def items
@json['anyOf'] || @json['oneOf']
end
end

View file

@ -0,0 +1,118 @@
# frozen_string_literal: true
class ActivityPub::Parser::StatusParser
include JsonLdHelper
# @param [Hash] json
# @param [Hash] magic_values
# @option magic_values [String] :followers_collection
def initialize(json, magic_values = {})
@json = json
@object = json['object'] || json
@magic_values = magic_values
end
def uri
id = @object['id']
if id&.start_with?('bear:')
Addressable::URI.parse(id).query_values['u']
else
id
end
rescue Addressable::URI::InvalidURIError
id
end
def url
url_to_href(@object['url'], 'text/html') if @object['url'].present?
end
def text
if @object['content'].present?
@object['content']
elsif content_language_map?
@object['contentMap'].values.first
end
end
def spoiler_text
if @object['summary'].present?
@object['summary']
elsif summary_language_map?
@object['summaryMap'].values.first
end
end
def title
if @object['name'].present?
@object['name']
elsif name_language_map?
@object['nameMap'].values.first
end
end
def created_at
@object['published']&.to_datetime
rescue ArgumentError
nil
end
def edited_at
@object['updated']&.to_datetime
rescue ArgumentError
nil
end
def reply
@object['inReplyTo'].present?
end
def sensitive
@object['sensitive']
end
def visibility
if audience_to.any? { |to| ActivityPub::TagManager.instance.public_collection?(to) }
:public
elsif audience_cc.any? { |cc| ActivityPub::TagManager.instance.public_collection?(cc) }
:unlisted
elsif audience_to.include?(@magic_values[:followers_collection])
:private
else
:direct
end
end
def language
if content_language_map?
@object['contentMap'].keys.first
elsif name_language_map?
@object['nameMap'].keys.first
elsif summary_language_map?
@object['summaryMap'].keys.first
end
end
private
def audience_to
as_array(@object['to'] || @json['to']).map { |x| value_or_id(x) }
end
def audience_cc
as_array(@object['cc'] || @json['cc']).map { |x| value_or_id(x) }
end
def summary_language_map?
@object['summaryMap'].is_a?(Hash) && !@object['summaryMap'].empty?
end
def content_language_map?
@object['contentMap'].is_a?(Hash) && !@object['contentMap'].empty?
end
def name_language_map?
@object['nameMap'].is_a?(Hash) && !@object['nameMap'].empty?
end
end