DeleteValidator: Don't federate local deletions of remote objects.

Closes #1497
2020-04-30 21:23:18 +02:00 · 2020-04-30 21:23:18 +02:00 · 32b8386ede
commit 32b8386ede
parent 999d639873
5 changed files with 119 additions and 10 deletions
--- a/lib/pleroma/web/activity_pub/object_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validator.ex
@ -19,11 +19,11 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidator do
  def validate(object, meta)

  def validate(%{"type" => "Delete"} = object, meta) do
-    with {:ok, object} <-
-           object
-           |> DeleteValidator.cast_and_validate()
-           |> Ecto.Changeset.apply_action(:insert) do
+    with cng <- DeleteValidator.cast_and_validate(object),
+         do_not_federate <- DeleteValidator.do_not_federate?(cng),
+         {:ok, object} <- Ecto.Changeset.apply_action(cng, :insert) do
      object = stringify_keys(object)
+      meta = Keyword.put(meta, :do_not_federate, do_not_federate)
      {:ok, object, meta}
    end
  end
--- a/lib/pleroma/web/activity_pub/object_validators/delete_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/delete_validator.ex
@ -6,6 +6,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.DeleteValidator do
  use Ecto.Schema

  alias Pleroma.Activity
+  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ObjectValidators.Types

  import Ecto.Changeset
@ -45,12 +46,17 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.DeleteValidator do
    cng
    |> validate_required([:id, :type, :actor, :to, :cc, :object])
    |> validate_inclusion(:type, ["Delete"])
-    |> validate_same_domain()
+    |> validate_actor_presence()
+    |> validate_deletion_rights()
    |> validate_object_or_user_presence()
    |> add_deleted_activity_id()
  end

-  def validate_same_domain(cng) do
+  def do_not_federate?(cng) do
+    !same_domain?(cng)
+  end
+
+  defp same_domain?(cng) do
    actor_domain =
      cng
      |> get_field(:actor)
@ -63,11 +69,17 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.DeleteValidator do
      |> URI.parse()
      |> (& &1.host).()

-    if object_domain != actor_domain do
+    object_domain == actor_domain
+  end
+
+  def validate_deletion_rights(cng) do
+    actor = User.get_cached_by_ap_id(get_field(cng, :actor))
+
+    if User.superuser?(actor) || same_domain?(cng) do
      cng
-      |> add_error(:actor, "is not allowed to delete object")
    else
      cng
+      |> add_error(:actor, "is not allowed to delete object")
    end
  end

--- a/lib/pleroma/web/activity_pub/pipeline.ex
+++ b/lib/pleroma/web/activity_pub/pipeline.ex
@ -29,7 +29,9 @@ defmodule Pleroma.Web.ActivityPub.Pipeline do

  defp maybe_federate(activity, meta) do
    with {:ok, local} <- Keyword.fetch(meta, :local) do
-      if local do
+      do_not_federate = meta[:do_not_federate]
+
+      if !do_not_federate && local do
        Federator.publish(activity)
        {:ok, :federated}
      else