fix: when updating must reset changing fields

2024-05-02 13:16:23 +02:00 · 2024-05-02 13:16:23 +02:00 · 44de7040ec
commit 44de7040ec
parent 95ad0d92b7
2 changed files with 82 additions and 36 deletions
--- a/src/server/inbox.rs
+++ b/src/server/inbox.rs
@ -1,6 +1,6 @@
 use apb::{target::Addressed, Activity, Base, Object};
 use reqwest::StatusCode;
-use sea_orm::{sea_query::Expr, ColumnTrait, Condition, EntityTrait, IntoActiveModel, QueryFilter, Set};
+use sea_orm::{sea_query::Expr, ActiveModelTrait, ColumnTrait, Condition, EntityTrait, IntoActiveModel, QueryFilter, Set};

 use crate::{errors::{LoggableError, UpubError}, model::{self, FieldError}};

@ -238,12 +238,22 @@ impl apb::server::Inbox for Context {
 				// TODO oof here is an example of the weakness of this model, we have to go all the way
 				// back up to serde_json::Value because impl Object != impl Actor
 				let actor_model = model::user::Model::new(&object_node)?;
-				model::user::Entity::update(actor_model.into_active_model())
+				let update_model = actor_model.into_active_model();
+				update_model.reset(model::user::Column::Name);
+				update_model.reset(model::user::Column::Summary);
+				update_model.reset(model::user::Column::Image);
+				update_model.reset(model::user::Column::Icon);
+				model::user::Entity::update(update_model)
 					.exec(self.db()).await?;
 			},
 			Some(apb::ObjectType::Note) => {
 				let object_model = model::object::Model::new(&object_node)?;
-				model::object::Entity::update(object_model.into_active_model())
+				let update_model = object_model.into_active_model();
+				update_model.reset(model::object::Column::Name);
+				update_model.reset(model::object::Column::Summary);
+				update_model.reset(model::object::Column::Content);
+				update_model.reset(model::object::Column::Sensitive);
+				model::object::Entity::update(update_model)
 					.exec(self.db()).await?;
 			},
 			Some(t) => tracing::warn!("no side effects implemented for update type {t:?}"),
--- a/src/server/outbox.rs
+++ b/src/server/outbox.rs
@ -1,7 +1,8 @@
-use apb::{target::Addressed, Activity, ActivityMut, BaseMut, Node, ObjectMut};
-use sea_orm::{sea_query::Expr, ColumnTrait, EntityTrait, IntoActiveModel, QueryFilter, Set};
+use apb::{target::Addressed, Activity, ActivityMut, ActorMut, BaseMut, Node, Object, ObjectMut, PublicKeyMut};
+use reqwest::StatusCode;
+use sea_orm::{sea_query::Expr, ActiveModelTrait, ColumnTrait, EntityTrait, IntoActiveModel, QueryFilter, Set};

-use crate::{errors::UpubError, model};
+use crate::{errors::UpubError, model, routes::activitypub::jsonld::LD};

 use super::{fetcher::Fetcher, Context};

@ -299,34 +300,74 @@ impl apb::server::Outbox for Context {
 	async fn update(&self, uid: String, activity: serde_json::Value) -> crate::Result<String> {
 		let aid = self.aid(uuid::Uuid::new_v4().to_string());
 		let object_node = activity.object().extract().ok_or_else(UpubError::bad_request)?;
-		let mut object_model = model::object::Model::new(
-			&object_node.set_published(Some(chrono::Utc::now()))
-		)?;

-		let old_object_model = model::object::Entity::find_by_id(&object_model.id)
-			.one(self.db())
-			.await?
-			.ok_or_else(UpubError::not_found)?;
+		match object_node.object_type() {
+			Some(apb::ObjectType::Actor(_)) => {
+				let actor_model = model::user::Model::new(
+					&object_node
+						// TODO must set these, but we will ignore them
+						.set_actor_type(Some(apb::ActorType::Person))
+						.set_public_key(apb::Node::object(
+							serde_json::Value::new_object().set_public_key_pem("")
+						))
+				)?;
+				let old_actor_model = model::user::Entity::find_by_id(&actor_model.id)
+					.one(self.db())
+					.await?
+					.ok_or_else(UpubError::not_found)?;

-		// can't change local objects attributed to nobody
-		let author_id = old_object_model.attributed_to.ok_or_else(UpubError::forbidden)?;
-		if author_id != uid {
-			// can't change objects of others
-			return Err(UpubError::forbidden());
+				if old_actor_model.id != uid {
+					// can't change user fields of others
+					return Err(UpubError::forbidden());
+				}
+
+				if actor_model.name.is_none() { actor_model.name = old_actor_model.name }
+				if actor_model.summary.is_none() { actor_model.summary = old_actor_model.summary }
+				if actor_model.image.is_none() { actor_model.image = old_actor_model.image }
+				if actor_model.icon.is_none() { actor_model.icon = old_actor_model.icon }
+
+				let update_model = actor_model.into_active_model();
+				update_model.reset(model::user::Column::Name);
+				update_model.reset(model::user::Column::Summary);
+				update_model.reset(model::user::Column::Image);
+				update_model.reset(model::user::Column::Icon);
+
+				model::user::Entity::update(update_model)
+					.exec(self.db()).await?;
+			},
+			Some(apb::ObjectType::Note) => {
+				let mut object_model = model::object::Model::new(
+					&object_node.set_published(Some(chrono::Utc::now()))
+				)?;
+
+				let old_object_model = model::object::Entity::find_by_id(&object_model.id)
+					.one(self.db())
+					.await?
+					.ok_or_else(UpubError::not_found)?;
+
+				// can't change local objects attributed to nobody
+				let author_id = old_object_model.attributed_to.ok_or_else(UpubError::forbidden)?;
+				if author_id != uid {
+					// can't change objects of others
+					return Err(UpubError::forbidden());
+				}
+
+				if object_model.name.is_none() { object_model.name = old_object_model.name }
+				if object_model.summary.is_none() { object_model.summary = old_object_model.summary }
+				if object_model.content.is_none() { object_model.content = old_object_model.content }
+
+				let update_model = object_model.into_active_model();
+				update_model.reset(model::object::Column::Name);
+				update_model.reset(model::object::Column::Summary);
+				update_model.reset(model::object::Column::Content);
+				update_model.reset(model::object::Column::Sensitive);
+
+				model::object::Entity::update(update_model)
+					.exec(self.db()).await?;
+			},
+			_ => return Err(UpubError::Status(StatusCode::NOT_IMPLEMENTED)),
 		}

-		object_model.id = old_object_model.id;
-		object_model.attributed_to = Some(uid.clone());
-		object_model.context = old_object_model.context;
-		object_model.likes = old_object_model.likes;
-		object_model.shares = old_object_model.shares;
-		object_model.comments = old_object_model.comments;
-		object_model.bto = old_object_model.bto;
-		object_model.to = old_object_model.to;
-		object_model.bcc = old_object_model.bcc;
-		object_model.cc = old_object_model.cc;
-		object_model.published = old_object_model.published;
-
 		let addressed = activity.addressed();
 		let activity_model = model::activity::Model::new(
 			&activity
@ -335,13 +376,8 @@ impl apb::server::Outbox for Context {
 				.set_published(Some(chrono::Utc::now()))
 		)?;

-		model::object::Entity::update(object_model.into_active_model())
-			.exec(self.db())
-			.await?;
-
 		model::activity::Entity::insert(activity_model.into_active_model())
-			.exec(self.db())
-			.await?;
+			.exec(self.db()).await?;

 		self.dispatch(&uid, addressed, &aid, None).await?;