From bccf1f3a269d992704c7a0299ea07953e0cd8c63 Mon Sep 17 00:00:00 2001 From: alemi Date: Fri, 19 Apr 2024 05:26:51 +0200 Subject: [PATCH] fix: ensure viewer has perms even for fetches before, the first fetch would bypass addressing checks. now we always do 2 trips to db when viewing+fetching remote stuff: 1st to make sure we have it, second to make sure we can view it --- src/routes/activitypub/activity.rs | 10 +++++----- src/routes/activitypub/object/mod.rs | 22 ++++++++-------------- src/routes/activitypub/user/mod.rs | 9 ++++----- 3 files changed, 17 insertions(+), 24 deletions(-) diff --git a/src/routes/activitypub/activity.rs b/src/routes/activitypub/activity.rs index e2d59a6..a7bb6ff 100644 --- a/src/routes/activitypub/activity.rs +++ b/src/routes/activitypub/activity.rs @@ -15,6 +15,10 @@ pub async fn view( } else { ctx.aid(id.clone()) }; + if auth.is_local() && query.fetch && !ctx.is_local(&aid) { + ctx.fetch_activity(&aid).await?; + } + match model::addressing::Entity::find_activities() .filter(model::activity::Column::Id.eq(&aid)) .filter(auth.filter_condition()) @@ -23,11 +27,7 @@ pub async fn view( .await? { Some(activity) => Ok(JsonLD(serde_json::Value::from(activity).ld_context())), - None => if auth.is_local() && query.fetch && !ctx.is_local(&aid) { - Ok(JsonLD(ctx.fetch_activity(&aid).await?.ap().ld_context())) - } else { - Err(UpubError::not_found()) - }, + None => Err(UpubError::not_found()), } } diff --git a/src/routes/activitypub/object/mod.rs b/src/routes/activitypub/object/mod.rs index a626d12..baf439c 100644 --- a/src/routes/activitypub/object/mod.rs +++ b/src/routes/activitypub/object/mod.rs @@ -19,23 +19,18 @@ pub async fn view( } else { ctx.oid(id.clone()) }; + if auth.is_local() && query.fetch && !ctx.is_local(&oid) { + ctx.fetch_object(&oid).await?; + } - let result = model::addressing::Entity::find_objects() + let Some(object) = model::addressing::Entity::find_objects() .filter(model::object::Column::Id.eq(&oid)) .filter(auth.filter_condition()) - .into_model::() + .into_model::() .one(ctx.db()) - .await?; - - let object = match result { - Some(EmbeddedActivity { activity: _, object: Some(obj) }) => obj, - _ => { - if auth.is_local() && query.fetch && !ctx.is_local(&oid) { - ctx.fetch_object(&oid).await? - } else { - return Err(UpubError::not_found()) - } - }, + .await? + else { + return Err(UpubError::not_found()); }; let replies = @@ -45,7 +40,6 @@ pub async fn view( .set_first(apb::Node::link(crate::url!(ctx, "/objects/{id}/replies/page"))) .set_total_items(Some(object.comments as u64)); - Ok(JsonLD( object.ap() .set_replies(apb::Node::object(replies)) diff --git a/src/routes/activitypub/user/mod.rs b/src/routes/activitypub/user/mod.rs index 488abb6..a5fdccb 100644 --- a/src/routes/activitypub/user/mod.rs +++ b/src/routes/activitypub/user/mod.rs @@ -24,6 +24,9 @@ pub async fn view( } else { ctx.uid(id.clone()) }; + if auth.is_local() && query.fetch && !ctx.is_local(&uid) { + ctx.fetch_user(&uid).await?; + } match user::Entity::find_by_id(&uid) .find_also_related(model::config::Entity) .one(ctx.db()).await? @@ -71,11 +74,7 @@ pub async fn view( }, // remote user TODDO doesn't work? Some((user, None)) => Ok(JsonLD(user.ap().ld_context())), - None => if auth.is_local() && query.fetch && !ctx.is_local(&uid) { - Ok(JsonLD(ctx.fetch_user(&uid).await?.ap().ld_context())) - } else { - Err(UpubError::not_found()) - }, + None => Err(UpubError::not_found()), } }