From 916ffe268f79a1712c7902ead9cb18f71ead54b2 Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Thu, 4 Apr 2019 19:42:45 -0600
Subject: [PATCH 1/7] Add COSTAR config

---
 .env.example      |  4 ++++
 config/costar.php | 21 +++++++++++++++++++++
 2 files changed, 25 insertions(+)
 create mode 100644 config/costar.php

diff --git a/.env.example b/.env.example
index 66d51d9b1..92f6cb3ce 100644
--- a/.env.example
+++ b/.env.example
@@ -65,3 +65,7 @@ HORIZON_DARKMODE=true
 #   php artisan optimize
 ACTIVITY_PUB=false
 REMOTE_FOLLOW=false
+
+CS_BLOCKED_DOMAINS='example.org,example.net,example.com'
+CS_CW_DOMAINS='example.org,example.net,example.com'
+CS_UNLISTED_DOMAINS='example.org,example.net,example.com'
diff --git a/config/costar.php b/config/costar.php
new file mode 100644
index 000000000..979ae5049
--- /dev/null
+++ b/config/costar.php
@@ -0,0 +1,21 @@
+<?php
+
+/* 
+ * COSTAR - Confirm Object Sentiment Transform and Reduce
+ *
+ * v 0.1
+ *
+ */
+
+
+
+return [
+	'enabled' => env('PF_COSTAR_ENABLED', true),
+
+	'domain' => [
+		'block' => env('CS_BLOCKED_DOMAINS', null) ? explode(',', env('CS_BLOCKED_DOMAINS')) : null,
+		'cw' => env('CS_CW_DOMAINS', null) ? explode(',', env('CS_CW_DOMAINS')) : null,
+		'unlisted' => env('CS_UNLISTED_DOMAINS', null) ? explode(',', env('CS_UNLISTED_DOMAINS')) : null,
+	],
+
+];
\ No newline at end of file

From 1580bb6b4b664f5cbb8df9ec863ea3e8b9615e29 Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Thu, 4 Apr 2019 19:57:13 -0600
Subject: [PATCH 2/7] Update AP Helpers

---
 app/Util/ActivityPub/Helpers.php | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/app/Util/ActivityPub/Helpers.php b/app/Util/ActivityPub/Helpers.php
index e529b3bc6..ba972b2b2 100644
--- a/app/Util/ActivityPub/Helpers.php
+++ b/app/Util/ActivityPub/Helpers.php
@@ -141,7 +141,19 @@ class Helpers {
 
 		$valid = filter_var($url, FILTER_VALIDATE_URL);
 
-		if(in_array(parse_url($valid, PHP_URL_HOST), $localhosts)) {
+		if(!$valid) {
+			return false;
+		}
+
+		$host = parse_url($valid, PHP_URL_HOST);
+
+		if(config('costar.enabled') == true) {
+			if(in_array($host, config('costar.domain.block')) == true) {
+				return false;
+			}
+		}
+
+		if(in_array($host, $localhosts)) {
 			return false;
 		}
 

From 04a2c93096b1f4071b17f638fc7d37c0ddb2079f Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Thu, 4 Apr 2019 19:57:31 -0600
Subject: [PATCH 3/7] Add CostarTest

---
 tests/Unit/CostarTest.php | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 tests/Unit/CostarTest.php

diff --git a/tests/Unit/CostarTest.php b/tests/Unit/CostarTest.php
new file mode 100644
index 000000000..3e4961b43
--- /dev/null
+++ b/tests/Unit/CostarTest.php
@@ -0,0 +1,24 @@
+<?php
+
+namespace Tests\Unit;
+
+use App\Util\ActivityPub\Helpers;
+use Tests\TestCase;
+use Illuminate\Foundation\Testing\WithFaker;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+
+class CostarTest extends TestCase
+{
+    /** @test */
+    public function blockedDomain()
+    {
+    	$domains = config('costar.domain.block');
+        $this->assertTrue(in_array('example.net', $domains));
+
+        $blockedDomain = 'https://example.org/user/replyGuy';
+        $this->assertFalse(Helpers::validateUrl($blockedDomain));
+
+        $unblockedDomain = 'https://pixelfed.org/user/pixelfed';
+        $this->assertEquals(Helpers::validateUrl($unblockedDomain), $unblockedDomain);
+    }
+}

From b67a1c69307c1aaf15dc7a2e40109ac3149d9918 Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Thu, 4 Apr 2019 20:04:51 -0600
Subject: [PATCH 4/7] Update .env.testing

---
 .env.testing | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.env.testing b/.env.testing
index 77037af17..82f28be00 100644
--- a/.env.testing
+++ b/.env.testing
@@ -56,3 +56,7 @@ MIX_API_SEARCH="${API_SEARCH}"
 
 TELESCOPE_ENABLED=false
 PF_MAX_USERS=1000
+
+CS_BLOCKED_DOMAINS='example.org,example.net,example.com'
+CS_CW_DOMAINS='example.org,example.net,example.com'
+CS_UNLISTED_DOMAINS='example.org,example.net,example.com'

From 73a9da15f6d073245837326bcf98eae6ba7b8444 Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Thu, 4 Apr 2019 20:53:57 -0600
Subject: [PATCH 5/7] Update COSTAR config

---
 config/costar.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/config/costar.php b/config/costar.php
index 979ae5049..29af954ec 100644
--- a/config/costar.php
+++ b/config/costar.php
@@ -18,4 +18,16 @@ return [
 		'unlisted' => env('CS_UNLISTED_DOMAINS', null) ? explode(',', env('CS_UNLISTED_DOMAINS')) : null,
 	],
 
+	'keyword' => [
+		'block' => env('CS_BLOCKED_KEYWORDS', null) ? explode(',', env('CS_BLOCKED_KEYWORDS')) : null,
+		'cw' => env('CS_CW_KEYWORDS', null) ? explode(',', env('CS_CW_KEYWORDS')) : null,
+		'unlisted' => env('CS_UNLISTED_KEYWORDS', null) ? explode(',', env('CS_UNLISTED_KEYWORDS')) : null,
+	],
+
+	'actor' => [
+		'block' => env('CS_BLOCKED_ACTOR', null) ? explode(',', env('CS_BLOCKED_ACTOR')) : null,
+		'cw' => env('CS_CW_ACTOR', null) ? explode(',', env('CS_CW_ACTOR')) : null,
+		'unlisted' => env('CS_UNLISTED_ACTOR', null) ? explode(',', env('CS_UNLISTED_ACTOR')) : null,
+	]
+
 ];
\ No newline at end of file

From a07184db583bee351a9a0aab07afef2ced054061 Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Thu, 4 Apr 2019 21:26:10 -0600
Subject: [PATCH 6/7] Update AP Helpers

---
 app/Util/ActivityPub/Helpers.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/app/Util/ActivityPub/Helpers.php b/app/Util/ActivityPub/Helpers.php
index ba972b2b2..8747dd5c8 100644
--- a/app/Util/ActivityPub/Helpers.php
+++ b/app/Util/ActivityPub/Helpers.php
@@ -148,7 +148,10 @@ class Helpers {
 		$host = parse_url($valid, PHP_URL_HOST);
 
 		if(config('costar.enabled') == true) {
-			if(in_array($host, config('costar.domain.block')) == true) {
+			if(
+				(config('costar.domain.block') != null && in_array($host, config('costar.domain.block')) == true) || 
+				(config('costar.actor.block') != null && in_array($url, config('costar.actor.block')) == true)
+			) {
 				return false;
 			}
 		}
@@ -163,7 +166,7 @@ class Helpers {
 	public static function validateLocalUrl($url)
 	{
 		$url = self::validateUrl($url);
-		if($url) {
+		if($url == true) {
 			$domain = config('pixelfed.domain.app');
 			$host = parse_url($url, PHP_URL_HOST);
 			$url = $domain === $host ? $url : false;

From c86f36d53d0fcd90c418559c0c4f1a88cd446552 Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Thu, 4 Apr 2019 22:44:08 -0600
Subject: [PATCH 7/7] Update APHelpers

---
 app/Util/ActivityPub/Helpers.php | 49 ++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/app/Util/ActivityPub/Helpers.php b/app/Util/ActivityPub/Helpers.php
index 8747dd5c8..aa9463953 100644
--- a/app/Util/ActivityPub/Helpers.php
+++ b/app/Util/ActivityPub/Helpers.php
@@ -24,6 +24,7 @@ use App\Jobs\StatusPipeline\NewStatusPipeline;
 use App\Util\HttpSignatures\{GuzzleHttpSignatures, KeyStore, Context, Verifier};
 use Symfony\Bridge\PsrHttpMessage\Factory\DiactorosFactory;
 use App\Util\ActivityPub\HttpSignature;
+use Illuminate\Support\Str;
 
 class Helpers {
 
@@ -232,6 +233,48 @@ class Helpers {
 				$activity = ['object' => $res];
 			}
 
+			if(isset($res['content']) == false) {
+				abort(400, 'Invalid object');
+			}
+
+			$scope = 'private';
+			$cw = isset($activity['sensitive']) ? (bool) $activity['sensitive'] : false;
+
+			if(isset($res['to']) == true && in_array('https://www.w3.org/ns/activitystreams#Public', $res['to'])) {
+				$scope = 'public';
+			}
+
+			if(isset($res['cc']) == true && in_array('https://www.w3.org/ns/activitystreams#Public', $res['cc'])) {
+				$scope = 'unlisted';
+			}
+
+			if(config('costar.enabled') == true) {
+				$blockedKeywords = config('costar.keyword.block');
+				if($blockedKeywords !== null) {
+					$keywords = config('costar.keyword.block');
+					foreach($keywords as $kw) {
+						if(Str::contains($res['content'], $kw) == true) {
+							abort(400, 'Invalid object');
+						}
+					}
+				}
+
+				$unlisted = config('costar.domain.unlisted');
+				if(in_array(parse_url($url, PHP_URL_HOST), $unlisted) == true) {
+					$unlisted = true;
+					$scope = 'unlisted';
+				} else {
+					$unlisted = false;
+				}
+
+				$cw = config('costar.domain.cw');
+				if(in_array(parse_url($url, PHP_URL_HOST), $cw) == true) {
+					$cw = true;
+				} else {
+					$cw = isset($activity['sensitive']) ? (bool) $activity['sensitive'] : false;
+				}
+			}
+
 			$idDomain = parse_url($res['id'], PHP_URL_HOST);
 			$urlDomain = parse_url($url, PHP_URL_HOST);
 			$actorDomain = parse_url($activity['object']['attributedTo'], PHP_URL_HOST);
@@ -261,6 +304,9 @@ class Helpers {
 			$status->created_at = Carbon::parse($ts);
 			$status->in_reply_to_id = $reply_to;
 			$status->local = false;
+			$status->is_nsfw = $cw;
+			$status->scope = $scope;
+			$status->visibility = $scope;
 			$status->save();
 
 			self::importNoteAttachment($res, $status);
@@ -316,6 +362,9 @@ class Helpers {
 	public static function profileFirstOrNew($url, $runJobs = false)
 	{
 		$url = self::validateUrl($url);
+		if($url == false) {
+			abort(400, 'Invalid url');
+		}
 		$host = parse_url($url, PHP_URL_HOST);
 		$local = config('pixelfed.domain.app') == $host ? true : false;