Add sensitive column to activities table, so PMs arent served over HTTP

This commit is contained in:
Felix Ableitner 2020-11-05 16:49:10 +01:00
parent 8e3ee367f4
commit 1a6f584fbb
8 changed files with 23 additions and 8 deletions

View file

@ -57,6 +57,7 @@ where
vec![inbox], vec![inbox],
context.pool(), context.pool(),
true, true,
true,
) )
.await?; .await?;
} }
@ -102,6 +103,7 @@ where
follower_inboxes, follower_inboxes,
context.pool(), context.pool(),
true, true,
false,
) )
.await?; .await?;
@ -145,6 +147,7 @@ where
vec![inbox], vec![inbox],
context.pool(), context.pool(),
true, true,
false,
) )
.await?; .await?;
} }
@ -185,6 +188,7 @@ where
mentions, mentions,
context.pool(), context.pool(),
false, // Don't create a new DB row false, // Don't create a new DB row
false,
) )
.await?; .await?;
Ok(()) Ok(())
@ -202,6 +206,7 @@ async fn send_activity_internal<T, Kind>(
inboxes: Vec<Url>, inboxes: Vec<Url>,
pool: &DbPool, pool: &DbPool,
insert_into_db: bool, insert_into_db: bool,
sensitive: bool,
) -> Result<(), LemmyError> ) -> Result<(), LemmyError>
where where
T: AsObject<Kind> + Extends<Kind> + Debug, T: AsObject<Kind> + Extends<Kind> + Debug,
@ -219,7 +224,7 @@ where
// might send the same ap_id // might send the same ap_id
if insert_into_db { if insert_into_db {
let id = activity.id().context(location_info!())?; let id = activity.id().context(location_info!())?;
insert_activity(id, activity.clone(), true, pool).await?; insert_activity(id, activity.clone(), true, sensitive, pool).await?;
} }
for i in inboxes { for i in inboxes {

View file

@ -54,5 +54,9 @@ pub async fn get_activity(
}) })
.await??; .await??;
if !activity.local || activity.sensitive {
Ok(HttpResponse::NotFound().finish())
} else {
Ok(create_apub_response(&activity.data)) Ok(create_apub_response(&activity.data))
}
} }

View file

@ -93,7 +93,7 @@ pub async fn community_inbox(
ValidTypes::Undo => handle_undo_follow(any_base, user, community, &context).await, ValidTypes::Undo => handle_undo_follow(any_base, user, community, &context).await,
}; };
insert_activity(&activity_id, activity.clone(), false, context.pool()).await?; insert_activity(&activity_id, activity.clone(), false, true, context.pool()).await?;
res res
} }

View file

@ -125,7 +125,7 @@ pub async fn shared_inbox(
ValidTypes::Undo => receive_undo(&context, any_base, actor_id, request_counter).await, ValidTypes::Undo => receive_undo(&context, any_base, actor_id, request_counter).await,
}; };
insert_activity(&activity_id, activity.clone(), false, context.pool()).await?; insert_activity(&activity_id, activity.clone(), false, true, context.pool()).await?;
res res
} }

View file

@ -107,7 +107,7 @@ pub async fn user_inbox(
} }
}; };
insert_activity(&activity_id, activity.clone(), false, context.pool()).await?; insert_activity(&activity_id, activity.clone(), false, true, context.pool()).await?;
res res
} }

View file

@ -255,6 +255,7 @@ pub async fn insert_activity<T>(
ap_id: &Url, ap_id: &Url,
activity: T, activity: T,
local: bool, local: bool,
sensitive: bool,
pool: &DbPool, pool: &DbPool,
) -> Result<(), LemmyError> ) -> Result<(), LemmyError>
where where
@ -262,7 +263,7 @@ where
{ {
let ap_id = ap_id.to_string(); let ap_id = ap_id.to_string();
blocking(pool, move |conn| { blocking(pool, move |conn| {
Activity::insert(conn, ap_id, &activity, local) Activity::insert(conn, ap_id, &activity, local, sensitive)
}) })
.await??; .await??;
Ok(()) Ok(())

View file

@ -15,6 +15,7 @@ pub struct Activity {
pub ap_id: String, pub ap_id: String,
pub data: Value, pub data: Value,
pub local: bool, pub local: bool,
pub sensitive: bool,
pub published: chrono::NaiveDateTime, pub published: chrono::NaiveDateTime,
pub updated: Option<chrono::NaiveDateTime>, pub updated: Option<chrono::NaiveDateTime>,
} }
@ -25,6 +26,7 @@ pub struct ActivityForm {
pub ap_id: String, pub ap_id: String,
pub data: Value, pub data: Value,
pub local: bool, pub local: bool,
pub sensitive: bool,
pub updated: Option<chrono::NaiveDateTime>, pub updated: Option<chrono::NaiveDateTime>,
} }
@ -59,6 +61,7 @@ impl Activity {
ap_id: String, ap_id: String,
data: &T, data: &T,
local: bool, local: bool,
sensitive: bool,
) -> Result<Self, IoError> ) -> Result<Self, IoError>
where where
T: Serialize + Debug, T: Serialize + Debug,
@ -68,6 +71,7 @@ impl Activity {
ap_id, ap_id,
data: serde_json::to_value(&data)?, data: serde_json::to_value(&data)?,
local, local,
sensitive,
updated: None, updated: None,
}; };
let result = Activity::create(&conn, &activity_form); let result = Activity::create(&conn, &activity_form);
@ -149,9 +153,9 @@ mod tests {
.unwrap(); .unwrap();
let activity_form = ActivityForm { let activity_form = ActivityForm {
ap_id: ap_id.to_string(), ap_id: ap_id.to_string(),
user_id: inserted_creator.id,
data: test_json.to_owned(), data: test_json.to_owned(),
local: true, local: true,
sensitive: false,
updated: None, updated: None,
}; };
@ -160,9 +164,9 @@ mod tests {
let expected_activity = Activity { let expected_activity = Activity {
ap_id: ap_id.to_string(), ap_id: ap_id.to_string(),
id: inserted_activity.id, id: inserted_activity.id,
user_id: inserted_creator.id,
data: test_json, data: test_json,
local: true, local: true,
sensitive: false,
published: inserted_activity.published, published: inserted_activity.published,
updated: None, updated: None,
}; };

View file

@ -4,6 +4,7 @@ table! {
ap_id -> Text, ap_id -> Text,
data -> Jsonb, data -> Jsonb,
local -> Bool, local -> Bool,
sensitive -> Bool,
published -> Timestamp, published -> Timestamp,
updated -> Nullable<Timestamp>, updated -> Nullable<Timestamp>,
} }