hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fed/fetch: use same sanitisation logic as when delivering to inboxes

Browse source 
Port of commit 85171750f17725b71dcda098a5085b7f402cb061 from
Akkoma PR 1018.

Modifications from Akkoma patch:
- Pleroma.Web.ActivityPub.Utils.make_json_ld_header() calls had
  activity.data as argument.
- render() had Listen activities in activity_type, Akkoma only has
  Create activities there. Needs testing whether transmogrifier can
  handle this.

Original commit author: Oneric <oneric@oneric.stub>
Original commit message:
Duped code just means double the chance to mess up. This would have
prevented the leak of confidential info more minimally fixed in
6a8b8a14999f3ed82fdaedf6a53f9a391280df2f and  now furthermore
fixes the representation of Update activites which _need_ to have their
object inlined, as well as better interop for follow Accept and Reject
activities and all other special cases already handled in Transmogrifier.
It also means we get more thorough tests for free.

This also already adds JSON-LD context and does not add bogus Note-only
fields as happened before due to this views misuse of prepare_object
for activities. The doc of prepare_object clearly states it is only
intended for creatable objects, i.e. (for us) Notes and Questions.
This commit is contained in:
Oneric 2025-12-01 18:14:38 +01:00 committed by Phantasm
commit a1662f05e0
No known key found for this signature in database
GPG key ID: 2669E588BCC634C8
1 changed files with 2 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

26
lib/pleroma/web/activity_pub/views/object_view.ex
View file

@ -7,7 +7,6 @@ defmodule Pleroma.Web.ActivityPub.ObjectView do
alias Pleroma.Activity
alias Pleroma.Object
alias Pleroma.Web.ActivityPub.Transmogrifier
alias Pleroma.Web.ActivityPub.Utils
def render("object.json", %{object: %Object{} = object}) do
base = Pleroma.Web.ActivityPub.Utils.make_json_ld_header(object.data)
@ -16,29 +15,8 @@ defmodule Pleroma.Web.ActivityPub.ObjectView do
Map.merge(base, additional)
end
def render("object.json", %{object: %Activity{data: %{"type" => activity_type}} = activity})
when activity_type in ["Create", "Listen"] do
base = Pleroma.Web.ActivityPub.Utils.make_json_ld_header(activity.data)
object = Object.normalize(activity, fetch: false)
additional =
Transmogrifier.prepare_object(activity.data)
|> Map.put("object", Transmogrifier.prepare_object(object.data))
Map.merge(base, additional)
end
def render("object.json", %{object: %Activity{} = activity}) do
base = Pleroma.Web.ActivityPub.Utils.make_json_ld_header(activity.data)
object_id = object_id_from_activity(activity)
additional =
Transmogrifier.prepare_object(activity.data)
|> Map.put("object", object_id)
Map.merge(base, additional)
{:ok, ap_data} = Transmogrifier.prepare_outgoing(activity.data)
ap_data
end
defp object_id_from_activity(%Activity{object: %Object{data: %{"id" => obj_id}}}), do: obj_id
defp object_id_from_activity(%Activity{data: %{"object" => ap_object_ref}}), do: Utils.get_ap_id(ap_object_ref)
end