Merge pull request #3615 from pixelfed/staging

Staging
2022-08-07 21:08:35 -06:00 · 2022-08-07 21:08:35 -06:00 · 35a0c6b99b
parent 352500fdce ab3dde14a8
commit 35a0c6b99b
6 changed files with 46 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -53,6 +53,7 @@
 - Fix email verification requests filtering to gracefully handle deleted accounts and accounts already verified ([b57066d1](https://github.com/pixelfed/pixelfed/commit/b57066d1))
 - Add configuration to v1/instance endpoint. Fixes #3605 ([2fb18b7d](https://github.com/pixelfed/pixelfed/commit/2fb18b7d))
 - Fix remote account post counts ([149cf9dc](https://github.com/pixelfed/pixelfed/commit/149cf9dc))
+- Enforce blocks on incoming likes, shares, replies and follows on all endpoints ([1545e37c](https://github.com/pixelfed/pixelfed/commit/1545e37c))
 -  ([](https://github.com/pixelfed/pixelfed/commit/))

 ## [v0.11.3 (2022-05-09)](https://github.com/pixelfed/pixelfed/compare/v0.11.2...v0.11.3)
--- a/app/Http/Controllers/Api/ApiV1Controller.php
+++ b/app/Http/Controllers/Api/ApiV1Controller.php
@ -1089,6 +1089,11 @@ class ApiV1Controller extends Controller
 			429
 		);

+		$blocks = UserFilterService::blocks($spid);
+		if($blocks && in_array($user->profile_id, $blocks)) {
+			abort(422);
+		}
+
 		$like = Like::firstOrCreate([
 			'profile_id' => $user->profile_id,
 			'status_id' => $status['id']
@ -2494,6 +2499,8 @@ class ApiV1Controller extends Controller

 		if($in_reply_to_id) {
 			$parent = Status::findOrFail($in_reply_to_id);
+			$blocks = UserFilterService::blocks($parent->profile_id);
+			abort_if(in_array($profile->id, $blocks), 422, 'Cannot reply to this post at this time.');

 			$status = new Status;
 			$status->caption = $content;
@ -2625,6 +2632,11 @@ class ApiV1Controller extends Controller
 			} else {
 				abort_if(!in_array($status->scope, ['public','unlisted']), 403);
 			}
+
+			$blocks = UserFilterService::blocks($status->profile_id);
+			if($blocks && in_array($user->profile_id, $blocks)) {
+				abort(422);
+			}
 		}

 		$share = Status::firstOrCreate([
--- a/app/Http/Controllers/LikeController.php
+++ b/app/Http/Controllers/LikeController.php
@ -25,6 +25,9 @@ class LikeController extends Controller
 			'item'    => 'required|integer|min:1',
 		]);

+		// API deprecated
+		return;
+
 		$user = Auth::user();
 		$profile = $user->profile;
 		$status = Status::findOrFail($request->input('item'));
--- a/app/Jobs/StatusPipeline/StatusEntityLexer.php
+++ b/app/Jobs/StatusPipeline/StatusEntityLexer.php
@ -18,6 +18,7 @@ use Illuminate\Contracts\Queue\ShouldQueue;
 use Illuminate\Foundation\Bus\Dispatchable;
 use Illuminate\Queue\InteractsWithQueue;
 use Illuminate\Queue\SerializesModels;
+use App\Services\UserFilterService;

 class StatusEntityLexer implements ShouldQueue
 {
@ -134,6 +135,10 @@ class StatusEntityLexer implements ShouldQueue
 			if (empty($mentioned) || !isset($mentioned->id)) {
 				continue;
 			}
+            $blocks = UserFilterService::blocks($mentioned->id);
+            if($blocks && in_array($status->profile_id, $blocks)) {
+                continue;
+            }

 			DB::transaction(function () use ($status, $mentioned) {
 				$m = new Mention();
--- a/app/Util/ActivityPub/Helpers.php
+++ b/app/Util/ActivityPub/Helpers.php
@ -40,6 +40,7 @@ use App\Models\Poll;
 use Illuminate\Contracts\Cache\LockTimeoutException;
 use App\Jobs\ProfilePipeline\IncrementPostCount;
 use App\Jobs\ProfilePipeline\DecrementPostCount;
+use App\Services\UserFilterService;

 class Helpers {

@ -398,6 +399,12 @@ class Helpers {
 		$profile = self::profileFirstOrNew($attributedTo);
 		if(isset($activity['object']['inReplyTo']) && !empty($activity['object']['inReplyTo']) || $replyTo == true) {
 			$reply_to = self::statusFirstOrFetch(self::pluckval($activity['object']['inReplyTo']), false);
+			if($reply_to) {
+				$blocks = UserFilterService::blocks($reply_to->profile_id);
+				if(in_array($profile->id, $blocks)) {
+					return;
+				}
+			}
 			$reply_to = optional($reply_to)->id;
 		} else {
 			$reply_to = null;
--- a/app/Util/ActivityPub/Inbox.php
+++ b/app/Util/ActivityPub/Inbox.php
@ -37,6 +37,7 @@ use App\Util\ActivityPub\Validator\UndoFollow as UndoFollowValidator;
 use App\Services\PollService;
 use App\Services\FollowerService;
 use App\Services\StatusService;
+use App\Services\UserFilterService;
 use App\Models\Conversation;
 use App\Jobs\ProfilePipeline\IncrementPostCount;
 use App\Jobs\ProfilePipeline\DecrementPostCount;
@ -475,6 +476,12 @@ class Inbox
 		) {
 			return;
 		}
+
+        $blocks = UserFilterService::blocks($target->id);
+        if($blocks && in_array($actor->id, $blocks)) {
+            return;
+        }
+
 		if($target->is_private == true) {
 			FollowRequest::updateOrCreate([
 				'follower_id' => $actor->id,
@ -532,6 +539,11 @@ class Inbox
 			return;
 		}

+        $blocks = UserFilterService::blocks($parent->profile_id);
+        if($blocks && in_array($actor->id, $blocks)) {
+            return;
+        }
+
 		$status = Status::firstOrCreate([
 			'profile_id' => $actor->id,
 			'reblog_of_id' => $parent->id,
@ -693,6 +705,12 @@ class Inbox
 		if(!$status || !$profile) {
 			return;
 		}
+
+        $blocks = UserFilterService::blocks($status->profile_id);
+        if($blocks && in_array($profile->id, $blocks)) {
+            return;
+        }
+
 		$like = Like::firstOrCreate([
 			'profile_id' => $profile->id,
 			'status_id' => $status->id