In activity table, remove user_id and add sensitive (#127)

Forgot to add migrations

Add `sensitive` column to activities table, so PMs arent served over HTTP

Remove user_id column from actvity table

Co-authored-by: Felix Ableitner <me@nutomic.com>
Reviewed-on: https://yerbamate.ml/LemmyNet/lemmy/pulls/127
This commit is contained in:
nutomic 2020-11-06 13:06:47 +00:00 committed by dessalines
parent b7d2dac9bf
commit 7c51a36012
12 changed files with 27 additions and 49 deletions

View file

@ -41,10 +41,6 @@ impl ActorType for Community {
self.private_key.to_owned() self.private_key.to_owned()
} }
fn user_id(&self) -> i32 {
self.creator_id
}
async fn send_follow( async fn send_follow(
&self, &self,
_follow_actor_id: &Url, _follow_actor_id: &Url,

View file

@ -32,10 +32,6 @@ impl ActorType for User_ {
self.private_key.to_owned() self.private_key.to_owned()
} }
fn user_id(&self) -> i32 {
self.id
}
/// As a given local user, send out a follow request to a remote community. /// As a given local user, send out a follow request to a remote community.
async fn send_follow( async fn send_follow(
&self, &self,

View file

@ -57,6 +57,7 @@ where
vec![inbox], vec![inbox],
context.pool(), context.pool(),
true, true,
true,
) )
.await?; .await?;
} }
@ -102,6 +103,7 @@ where
follower_inboxes, follower_inboxes,
context.pool(), context.pool(),
true, true,
false,
) )
.await?; .await?;
@ -145,6 +147,7 @@ where
vec![inbox], vec![inbox],
context.pool(), context.pool(),
true, true,
false,
) )
.await?; .await?;
} }
@ -185,6 +188,7 @@ where
mentions, mentions,
context.pool(), context.pool(),
false, // Don't create a new DB row false, // Don't create a new DB row
false,
) )
.await?; .await?;
Ok(()) Ok(())
@ -202,6 +206,7 @@ async fn send_activity_internal<T, Kind>(
inboxes: Vec<Url>, inboxes: Vec<Url>,
pool: &DbPool, pool: &DbPool,
insert_into_db: bool, insert_into_db: bool,
sensitive: bool,
) -> Result<(), LemmyError> ) -> Result<(), LemmyError>
where where
T: AsObject<Kind> + Extends<Kind> + Debug, T: AsObject<Kind> + Extends<Kind> + Debug,
@ -219,7 +224,7 @@ where
// might send the same ap_id // might send the same ap_id
if insert_into_db { if insert_into_db {
let id = activity.id().context(location_info!())?; let id = activity.id().context(location_info!())?;
insert_activity(id, actor.user_id(), activity.clone(), true, pool).await?; insert_activity(id, activity.clone(), true, sensitive, pool).await?;
} }
for i in inboxes { for i in inboxes {

View file

@ -54,5 +54,9 @@ pub async fn get_activity(
}) })
.await??; .await??;
Ok(create_apub_response(&activity.data)) if !activity.local || activity.sensitive {
Ok(HttpResponse::NotFound().finish())
} else {
Ok(create_apub_response(&activity.data))
}
} }

View file

@ -88,20 +88,12 @@ pub async fn community_inbox(
let any_base = activity.clone().into_any_base()?; let any_base = activity.clone().into_any_base()?;
let kind = activity.kind().context(location_info!())?; let kind = activity.kind().context(location_info!())?;
let user_id = user.id;
let res = match kind { let res = match kind {
ValidTypes::Follow => handle_follow(any_base, user, community, &context).await, ValidTypes::Follow => handle_follow(any_base, user, community, &context).await,
ValidTypes::Undo => handle_undo_follow(any_base, user, community, &context).await, ValidTypes::Undo => handle_undo_follow(any_base, user, community, &context).await,
}; };
insert_activity( insert_activity(&activity_id, activity.clone(), false, true, context.pool()).await?;
&activity_id,
user_id,
activity.clone(),
false,
context.pool(),
)
.await?;
res res
} }

View file

@ -125,14 +125,7 @@ pub async fn shared_inbox(
ValidTypes::Undo => receive_undo(&context, any_base, actor_id, request_counter).await, ValidTypes::Undo => receive_undo(&context, any_base, actor_id, request_counter).await,
}; };
insert_activity( insert_activity(&activity_id, activity.clone(), false, true, context.pool()).await?;
&activity_id,
actor.user_id(),
activity.clone(),
false,
context.pool(),
)
.await?;
res res
} }

View file

@ -107,14 +107,7 @@ pub async fn user_inbox(
} }
}; };
insert_activity( insert_activity(&activity_id, activity.clone(), false, true, context.pool()).await?;
&activity_id,
actor.user_id(),
activity.clone(),
false,
context.pool(),
)
.await?;
res res
} }

View file

@ -169,9 +169,6 @@ pub trait ActorType {
fn public_key(&self) -> Option<String>; fn public_key(&self) -> Option<String>;
fn private_key(&self) -> Option<String>; fn private_key(&self) -> Option<String>;
/// numeric id in the database, used for insert_activity
fn user_id(&self) -> i32;
async fn send_follow( async fn send_follow(
&self, &self,
follow_actor_id: &Url, follow_actor_id: &Url,
@ -252,9 +249,9 @@ pub trait ActorType {
/// persistent. /// persistent.
pub async fn insert_activity<T>( pub async fn insert_activity<T>(
ap_id: &Url, ap_id: &Url,
user_id: i32,
activity: T, activity: T,
local: bool, local: bool,
sensitive: bool,
pool: &DbPool, pool: &DbPool,
) -> Result<(), LemmyError> ) -> Result<(), LemmyError>
where where
@ -262,7 +259,7 @@ where
{ {
let ap_id = ap_id.to_string(); let ap_id = ap_id.to_string();
blocking(pool, move |conn| { blocking(pool, move |conn| {
Activity::insert(conn, ap_id, user_id, &activity, local) Activity::insert(conn, ap_id, &activity, local, sensitive)
}) })
.await??; .await??;
Ok(()) Ok(())

View file

@ -13,9 +13,9 @@ use std::{
pub struct Activity { pub struct Activity {
pub id: i32, pub id: i32,
pub ap_id: String, pub ap_id: String,
pub user_id: i32,
pub data: Value, pub data: Value,
pub local: bool, pub local: bool,
pub sensitive: bool,
pub published: chrono::NaiveDateTime, pub published: chrono::NaiveDateTime,
pub updated: Option<chrono::NaiveDateTime>, pub updated: Option<chrono::NaiveDateTime>,
} }
@ -24,9 +24,9 @@ pub struct Activity {
#[table_name = "activity"] #[table_name = "activity"]
pub struct ActivityForm { pub struct ActivityForm {
pub ap_id: String, pub ap_id: String,
pub user_id: i32,
pub data: Value, pub data: Value,
pub local: bool, pub local: bool,
pub sensitive: bool,
pub updated: Option<chrono::NaiveDateTime>, pub updated: Option<chrono::NaiveDateTime>,
} }
@ -59,20 +59,19 @@ impl Activity {
pub fn insert<T>( pub fn insert<T>(
conn: &PgConnection, conn: &PgConnection,
ap_id: String, ap_id: String,
user_id: i32,
data: &T, data: &T,
local: bool, local: bool,
sensitive: bool,
) -> Result<Self, IoError> ) -> Result<Self, IoError>
where where
T: Serialize + Debug, T: Serialize + Debug,
{ {
debug!("inserting activity for user {}: ", user_id);
debug!("{}", serde_json::to_string_pretty(&data)?); debug!("{}", serde_json::to_string_pretty(&data)?);
let activity_form = ActivityForm { let activity_form = ActivityForm {
ap_id, ap_id,
user_id,
data: serde_json::to_value(&data)?, data: serde_json::to_value(&data)?,
local, local,
sensitive,
updated: None, updated: None,
}; };
let result = Activity::create(&conn, &activity_form); let result = Activity::create(&conn, &activity_form);
@ -154,9 +153,9 @@ mod tests {
.unwrap(); .unwrap();
let activity_form = ActivityForm { let activity_form = ActivityForm {
ap_id: ap_id.to_string(), ap_id: ap_id.to_string(),
user_id: inserted_creator.id,
data: test_json.to_owned(), data: test_json.to_owned(),
local: true, local: true,
sensitive: false,
updated: None, updated: None,
}; };
@ -165,9 +164,9 @@ mod tests {
let expected_activity = Activity { let expected_activity = Activity {
ap_id: ap_id.to_string(), ap_id: ap_id.to_string(),
id: inserted_activity.id, id: inserted_activity.id,
user_id: inserted_creator.id,
data: test_json, data: test_json,
local: true, local: true,
sensitive: false,
published: inserted_activity.published, published: inserted_activity.published,
updated: None, updated: None,
}; };

View file

@ -2,9 +2,9 @@ table! {
activity (id) { activity (id) {
id -> Int4, id -> Int4,
ap_id -> Text, ap_id -> Text,
user_id -> Int4,
data -> Jsonb, data -> Jsonb,
local -> Bool, local -> Bool,
sensitive -> Bool,
published -> Timestamp, published -> Timestamp,
updated -> Nullable<Timestamp>, updated -> Nullable<Timestamp>,
} }
@ -481,7 +481,6 @@ table! {
} }
} }
joinable!(activity -> user_ (user_id));
joinable!(comment -> post (post_id)); joinable!(comment -> post (post_id));
joinable!(comment -> user_ (creator_id)); joinable!(comment -> user_ (creator_id));
joinable!(comment_like -> comment (comment_id)); joinable!(comment_like -> comment (comment_id));

View file

@ -0,0 +1,2 @@
ALTER TABLE activity ADD COLUMN user_id INTEGER;
ALTER TABLE activity DROP COLUMN sensitive;

View file

@ -0,0 +1,2 @@
ALTER TABLE activity DROP COLUMN user_id;
ALTER TABLE activity ADD COLUMN sensitive BOOLEAN DEFAULT TRUE;