Enforce site and community bans for federated users
This commit is contained in:
parent
b469b6d8d3
commit
8803e7834f
6 changed files with 36 additions and 15 deletions
|
@ -175,7 +175,7 @@ impl Perform for Register {
|
||||||
published: None,
|
published: None,
|
||||||
updated: None,
|
updated: None,
|
||||||
admin: data.admin,
|
admin: data.admin,
|
||||||
banned: false,
|
banned: Some(false),
|
||||||
show_nsfw: data.show_nsfw,
|
show_nsfw: data.show_nsfw,
|
||||||
theme: "browser".into(),
|
theme: "browser".into(),
|
||||||
default_sort_type: SortType::Active as i16,
|
default_sort_type: SortType::Active as i16,
|
||||||
|
@ -407,7 +407,7 @@ impl Perform for SaveUserSettings {
|
||||||
published: Some(read_user.published),
|
published: Some(read_user.published),
|
||||||
updated: Some(naive_now()),
|
updated: Some(naive_now()),
|
||||||
admin: read_user.admin,
|
admin: read_user.admin,
|
||||||
banned: read_user.banned,
|
banned: Some(read_user.banned),
|
||||||
show_nsfw: data.show_nsfw,
|
show_nsfw: data.show_nsfw,
|
||||||
theme: data.theme.to_owned(),
|
theme: data.theme.to_owned(),
|
||||||
default_sort_type: data.default_sort_type,
|
default_sort_type: data.default_sort_type,
|
||||||
|
|
|
@ -27,7 +27,9 @@ use actix_web::{web, HttpRequest, HttpResponse};
|
||||||
use anyhow::{anyhow, Context};
|
use anyhow::{anyhow, Context};
|
||||||
use lemmy_db::{
|
use lemmy_db::{
|
||||||
community::{Community, CommunityFollower, CommunityFollowerForm},
|
community::{Community, CommunityFollower, CommunityFollowerForm},
|
||||||
|
community_view::CommunityUserBanView,
|
||||||
user::User_,
|
user::User_,
|
||||||
|
DbPool,
|
||||||
Followable,
|
Followable,
|
||||||
};
|
};
|
||||||
use lemmy_structs::blocking;
|
use lemmy_structs::blocking;
|
||||||
|
@ -110,14 +112,21 @@ pub(crate) async fn community_receive_message(
|
||||||
context: &LemmyContext,
|
context: &LemmyContext,
|
||||||
request_counter: &mut i32,
|
request_counter: &mut i32,
|
||||||
) -> Result<HttpResponse, LemmyError> {
|
) -> Result<HttpResponse, LemmyError> {
|
||||||
// TODO: check if the sending user is banned by the community
|
// Only users can send activities to the community, so we can get the actor as user
|
||||||
|
// unconditionally.
|
||||||
|
let actor_id = actor.actor_id_str();
|
||||||
|
let user = blocking(&context.pool(), move |conn| {
|
||||||
|
User_::read_from_actor_id(&conn, &actor_id)
|
||||||
|
})
|
||||||
|
.await??;
|
||||||
|
check_community_or_site_ban(&user, &to_community, context.pool()).await?;
|
||||||
|
|
||||||
let any_base = activity.clone().into_any_base()?;
|
let any_base = activity.clone().into_any_base()?;
|
||||||
let actor_url = actor.actor_id()?;
|
let actor_url = actor.actor_id()?;
|
||||||
let activity_kind = activity.kind().context(location_info!())?;
|
let activity_kind = activity.kind().context(location_info!())?;
|
||||||
let do_announce = match activity_kind {
|
let do_announce = match activity_kind {
|
||||||
CommunityValidTypes::Follow => {
|
CommunityValidTypes::Follow => {
|
||||||
handle_follow(any_base.clone(), actor_url, &to_community, &context).await?;
|
handle_follow(any_base.clone(), user, &to_community, &context).await?;
|
||||||
false
|
false
|
||||||
}
|
}
|
||||||
CommunityValidTypes::Undo => {
|
CommunityValidTypes::Undo => {
|
||||||
|
@ -172,17 +181,13 @@ pub(crate) async fn community_receive_message(
|
||||||
/// Accept activity.
|
/// Accept activity.
|
||||||
async fn handle_follow(
|
async fn handle_follow(
|
||||||
activity: AnyBase,
|
activity: AnyBase,
|
||||||
user_url: Url,
|
user: User_,
|
||||||
community: &Community,
|
community: &Community,
|
||||||
context: &LemmyContext,
|
context: &LemmyContext,
|
||||||
) -> Result<HttpResponse, LemmyError> {
|
) -> Result<HttpResponse, LemmyError> {
|
||||||
let follow = Follow::from_any_base(activity)?.context(location_info!())?;
|
let follow = Follow::from_any_base(activity)?.context(location_info!())?;
|
||||||
verify_activity_domains_valid(&follow, &user_url, false)?;
|
verify_activity_domains_valid(&follow, &user.actor_id()?, false)?;
|
||||||
|
|
||||||
let user = blocking(&context.pool(), move |conn| {
|
|
||||||
User_::read_from_actor_id(&conn, user_url.as_str())
|
|
||||||
})
|
|
||||||
.await??;
|
|
||||||
let community_follower_form = CommunityFollowerForm {
|
let community_follower_form = CommunityFollowerForm {
|
||||||
community_id: community.id,
|
community_id: community.id,
|
||||||
user_id: user.id,
|
user_id: user.id,
|
||||||
|
@ -250,3 +255,21 @@ async fn handle_undo_follow(
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async fn check_community_or_site_ban(
|
||||||
|
user: &User_,
|
||||||
|
community: &Community,
|
||||||
|
pool: &DbPool,
|
||||||
|
) -> Result<(), LemmyError> {
|
||||||
|
if user.banned {
|
||||||
|
return Err(anyhow!("User is banned from site").into());
|
||||||
|
}
|
||||||
|
let user_id = user.id;
|
||||||
|
let community_id = community.id;
|
||||||
|
let is_banned = move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
|
||||||
|
if blocking(pool, is_banned).await? {
|
||||||
|
return Err(anyhow!("User is banned from community").into());
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
|
@ -135,7 +135,6 @@ pub(in crate::inbox) async fn receive_delete_for_community(
|
||||||
activity: AnyBase,
|
activity: AnyBase,
|
||||||
expected_domain: &Url,
|
expected_domain: &Url,
|
||||||
) -> Result<(), LemmyError> {
|
) -> Result<(), LemmyError> {
|
||||||
dbg!("receive_delete_for_community");
|
|
||||||
let delete = Delete::from_any_base(activity)?.context(location_info!())?;
|
let delete = Delete::from_any_base(activity)?.context(location_info!())?;
|
||||||
verify_activity_domains_valid(&delete, &expected_domain, true)?;
|
verify_activity_domains_valid(&delete, &expected_domain, true)?;
|
||||||
is_addressed_to_public(&delete)?;
|
is_addressed_to_public(&delete)?;
|
||||||
|
@ -160,7 +159,6 @@ pub(in crate::inbox) async fn receive_remove_for_community(
|
||||||
activity: AnyBase,
|
activity: AnyBase,
|
||||||
expected_domain: &Url,
|
expected_domain: &Url,
|
||||||
) -> Result<(), LemmyError> {
|
) -> Result<(), LemmyError> {
|
||||||
dbg!("receive_remove_for_community");
|
|
||||||
let remove = Remove::from_any_base(activity)?.context(location_info!())?;
|
let remove = Remove::from_any_base(activity)?.context(location_info!())?;
|
||||||
verify_activity_domains_valid(&remove, &expected_domain, false)?;
|
verify_activity_domains_valid(&remove, &expected_domain, false)?;
|
||||||
is_addressed_to_public(&remove)?;
|
is_addressed_to_public(&remove)?;
|
||||||
|
|
|
@ -132,7 +132,7 @@ impl FromApub for UserForm {
|
||||||
preferred_username: Some(preferred_username),
|
preferred_username: Some(preferred_username),
|
||||||
password_encrypted: "".to_string(),
|
password_encrypted: "".to_string(),
|
||||||
admin: false,
|
admin: false,
|
||||||
banned: false,
|
banned: None,
|
||||||
email: None,
|
email: None,
|
||||||
avatar,
|
avatar,
|
||||||
banner,
|
banner,
|
||||||
|
|
|
@ -46,7 +46,7 @@ pub struct UserForm {
|
||||||
pub preferred_username: Option<Option<String>>,
|
pub preferred_username: Option<Option<String>>,
|
||||||
pub password_encrypted: String,
|
pub password_encrypted: String,
|
||||||
pub admin: bool,
|
pub admin: bool,
|
||||||
pub banned: bool,
|
pub banned: Option<bool>,
|
||||||
pub email: Option<Option<String>>,
|
pub email: Option<Option<String>>,
|
||||||
pub avatar: Option<Option<String>>,
|
pub avatar: Option<Option<String>>,
|
||||||
pub published: Option<chrono::NaiveDateTime>,
|
pub published: Option<chrono::NaiveDateTime>,
|
||||||
|
|
|
@ -57,7 +57,7 @@ fn user_updates_2020_04_02(conn: &PgConnection) -> Result<(), LemmyError> {
|
||||||
published: Some(cuser.published),
|
published: Some(cuser.published),
|
||||||
updated: None,
|
updated: None,
|
||||||
admin: cuser.admin,
|
admin: cuser.admin,
|
||||||
banned: cuser.banned,
|
banned: Some(cuser.banned),
|
||||||
show_nsfw: cuser.show_nsfw,
|
show_nsfw: cuser.show_nsfw,
|
||||||
theme: cuser.theme.to_owned(),
|
theme: cuser.theme.to_owned(),
|
||||||
default_sort_type: cuser.default_sort_type,
|
default_sort_type: cuser.default_sort_type,
|
||||||
|
|
Loading…
Reference in a new issue