From cdfdf3ee07c867d8499a6b84daa3e3a0d151e240 Mon Sep 17 00:00:00 2001 From: alemi Date: Tue, 10 Dec 2024 23:21:52 +0100 Subject: [PATCH] fix: split again auth filter i hate having to do this, but if i don't include `activity.actor` column we can't see our own activities (likes, announces, follows), and if i do all queries which don't bring up activities break. so it's necessary to split these two in order to manually include the extra filter when needed --- upub/routes/src/activitypub/activity.rs | 2 +- upub/routes/src/activitypub/actor/outbox.rs | 2 +- upub/routes/src/activitypub/application.rs | 2 +- upub/routes/src/activitypub/object/context.rs | 4 ++-- upub/routes/src/activitypub/object/mod.rs | 4 ++-- upub/routes/src/activitypub/object/replies.rs | 4 ++-- upub/routes/src/activitypub/tags.rs | 2 +- upub/routes/src/auth.rs | 19 ++++++++++++++++++- 8 files changed, 28 insertions(+), 11 deletions(-) diff --git a/upub/routes/src/activitypub/activity.rs b/upub/routes/src/activitypub/activity.rs index 1affdb7..a428e1e 100644 --- a/upub/routes/src/activitypub/activity.rs +++ b/upub/routes/src/activitypub/activity.rs @@ -24,7 +24,7 @@ pub async fn view( } let row = upub::Query::feed(auth.my_id()) - .filter(auth.filter()) + .filter(auth.filter_activities()) .filter(model::activity::Column::Id.eq(&aid)) .into_model::() .one(ctx.db()) diff --git a/upub/routes/src/activitypub/actor/outbox.rs b/upub/routes/src/activitypub/actor/outbox.rs index 5e7f1bf..959789e 100644 --- a/upub/routes/src/activitypub/actor/outbox.rs +++ b/upub/routes/src/activitypub/actor/outbox.rs @@ -20,7 +20,7 @@ pub async fn page( ) -> crate::ApiResult> { let uid = ctx.uid(&id); let filter = Condition::all() - .add(auth.filter()) + .add(auth.filter_activities()) .add( Condition::any() .add(model::activity::Column::Actor.eq(&uid)) diff --git a/upub/routes/src/activitypub/application.rs b/upub/routes/src/activitypub/application.rs index 219220e..c7a01e1 100644 --- a/upub/routes/src/activitypub/application.rs +++ b/upub/routes/src/activitypub/application.rs @@ -52,7 +52,7 @@ pub async fn search( } let filter = Condition::all() - .add(auth.filter()) + .add(auth.filter_activities()) .add(upub::model::object::Column::Content.like(format!("%{}%", page.q))); // TODO lmao rethink this all diff --git a/upub/routes/src/activitypub/object/context.rs b/upub/routes/src/activitypub/object/context.rs index 4a55f0e..c9464d9 100644 --- a/upub/routes/src/activitypub/object/context.rs +++ b/upub/routes/src/activitypub/object/context.rs @@ -12,7 +12,7 @@ pub async fn get( let context = ctx.oid(&id); let count = upub::Query::objects(auth.my_id()) - .filter(auth.filter()) + .filter(auth.filter_objects()) .filter(model::object::Column::Context.eq(&context)) .count(ctx.db()) .await?; @@ -31,7 +31,7 @@ pub async fn page( let offset = page.offset.unwrap_or(0); let items = upub::Query::objects(auth.my_id()) - .filter(auth.filter()) + .filter(auth.filter_objects()) .filter(model::object::Column::Context.eq(context)) // note that this should be ASC so we get replies somewhat ordered .order_by(model::object::Column::Published, Order::Asc) diff --git a/upub/routes/src/activitypub/object/mod.rs b/upub/routes/src/activitypub/object/mod.rs index 5b046c8..15c2e2f 100644 --- a/upub/routes/src/activitypub/object/mod.rs +++ b/upub/routes/src/activitypub/object/mod.rs @@ -28,7 +28,7 @@ pub async fn view( } let item = upub::Query::objects(auth.my_id()) - .filter(auth.filter()) + .filter(auth.filter_objects()) .filter(model::object::Column::Id.eq(&oid)) .into_model::() .one(ctx.db()) @@ -45,7 +45,7 @@ pub async fn view( if ctx.cfg().security.show_reply_ids { let replies_ids = upub::Query::objects(auth.my_id()) - .filter(auth.filter()) + .filter(auth.filter_objects()) .filter(model::object::Column::InReplyTo.eq(oid)) .select_only() .select_column(model::object::Column::Id) diff --git a/upub/routes/src/activitypub/object/replies.rs b/upub/routes/src/activitypub/object/replies.rs index caaa968..861d811 100644 --- a/upub/routes/src/activitypub/object/replies.rs +++ b/upub/routes/src/activitypub/object/replies.rs @@ -22,7 +22,7 @@ pub async fn get( } let replies_ids = upub::Query::objects(auth.my_id()) - .filter(auth.filter()) + .filter(auth.filter_objects()) .filter(model::object::Column::InReplyTo.eq(ctx.oid(&id))) .select_only() .select_column(model::object::Column::Id) @@ -56,7 +56,7 @@ pub async fn page( crate::builders::paginate_feed( page_id, Condition::all() - .add(auth.filter()) + .add(auth.filter_activities()) .add(model::object::Column::InReplyTo.eq(oid)), ctx.db(), page, diff --git a/upub/routes/src/activitypub/tags.rs b/upub/routes/src/activitypub/tags.rs index 52f7925..5fd2228 100644 --- a/upub/routes/src/activitypub/tags.rs +++ b/upub/routes/src/activitypub/tags.rs @@ -25,7 +25,7 @@ pub async fn page( let offset = page.offset.unwrap_or(0); let objects = upub::Query::hashtags() - .filter(auth.filter()) + .filter(auth.filter_objects()) .filter(upub::model::hashtag::Column::Name.eq(&id)) .limit(limit) .offset(offset) diff --git a/upub/routes/src/auth.rs b/upub/routes/src/auth.rs index 70ed8ca..fbff387 100644 --- a/upub/routes/src/auth.rs +++ b/upub/routes/src/auth.rs @@ -20,7 +20,24 @@ pub enum Identity { } impl Identity { - pub fn filter(&self) -> Condition { + // TODO i hate having to do this, but if i don't include `activity.actor` column + // we can't see our own activities (likes, announces, follows), and if i do + // all queries which don't bring up activities break. so it's necessary to + // split these two in order to manually include the extra filter when + // needed + + pub fn filter_objects(&self) -> Condition { + let base_cond = Condition::any().add(upub::model::addressing::Column::Actor.is_null()); + match self { + Identity::Anonymous => base_cond, + Identity::Remote { internal, .. } => base_cond.add(upub::model::addressing::Column::Instance.eq(*internal)), + Identity::Local { internal, id } => base_cond + .add(upub::model::addressing::Column::Actor.eq(*internal)) + .add(upub::model::object::Column::AttributedTo.eq(id)) + } + } + + pub fn filter_activities(&self) -> Condition { let base_cond = Condition::any().add(upub::model::addressing::Column::Actor.is_null()); match self { Identity::Anonymous => base_cond,