From 4e6cf947d733524b41d71325b60e52b65466d0a6 Mon Sep 17 00:00:00 2001 From: Claire Date: Mon, 7 Apr 2025 12:22:00 +0200 Subject: [PATCH] Reject incoming `QuoteRequest` --- app/lib/activitypub/activity.rb | 2 + app/lib/activitypub/activity/quote_request.rb | 29 ++++++++++++ .../activitypub/quote_request_serializer.rb | 26 +++++++++++ .../reject_quote_request_serializer.rb | 19 ++++++++ .../activity/quote_request_spec.rb | 46 +++++++++++++++++++ 5 files changed, 122 insertions(+) create mode 100644 app/lib/activitypub/activity/quote_request.rb create mode 100644 app/serializers/activitypub/quote_request_serializer.rb create mode 100644 app/serializers/activitypub/reject_quote_request_serializer.rb create mode 100644 spec/lib/activitypub/activity/quote_request_spec.rb diff --git a/app/lib/activitypub/activity.rb b/app/lib/activitypub/activity.rb index 0c98651d12c..93b45e80188 100644 --- a/app/lib/activitypub/activity.rb +++ b/app/lib/activitypub/activity.rb @@ -57,6 +57,8 @@ class ActivityPub::Activity ActivityPub::Activity::Remove when 'Move' ActivityPub::Activity::Move + when 'QuoteRequest' + ActivityPub::Activity::QuoteRequest end end end diff --git a/app/lib/activitypub/activity/quote_request.rb b/app/lib/activitypub/activity/quote_request.rb new file mode 100644 index 00000000000..2de03df1580 --- /dev/null +++ b/app/lib/activitypub/activity/quote_request.rb @@ -0,0 +1,29 @@ +# frozen_string_literal: true + +class ActivityPub::Activity::QuoteRequest < ActivityPub::Activity + include Payloadable + + def perform + return if non_matching_uri_hosts?(@account.uri, @json['id']) + + quoted_status = status_from_uri(object_uri) + return if quoted_status.nil? || !quoted_status.account.local? || !quoted_status.distributable? + + # For now, we don't support being quoted by external servers + reject_quote_request!(quoted_status) + end + + private + + def reject_quote_request!(quoted_status) + quote = Quote.new( + quoted_status: quoted_status, + quoted_account: quoted_status.account, + status: Status.new(account: @account, uri: @json['instrument']), + account: @account, + activity_uri: @json['id'] + ) + json = Oj.dump(serialize_payload(quote, ActivityPub::RejectQuoteRequestSerializer)) + ActivityPub::DeliveryWorker.perform_async(json, quoted_status.account_id, @account.inbox_url) + end +end diff --git a/app/serializers/activitypub/quote_request_serializer.rb b/app/serializers/activitypub/quote_request_serializer.rb new file mode 100644 index 00000000000..c08bd67b67a --- /dev/null +++ b/app/serializers/activitypub/quote_request_serializer.rb @@ -0,0 +1,26 @@ +# frozen_string_literal: true + +class ActivityPub::QuoteRequestSerializer < ActivityPub::Serializer + attributes :id, :type, :actor, :instrument + attribute :virtual_object, key: :object + + def id + object.activity_uri || [ActivityPub::TagManager.instance.uri_for(object.target_account), '#quote_requests/', object.id].join + end + + def type + 'QuoteRequest' + end + + def actor + ActivityPub::TagManager.instance.uri_for(object.account) + end + + def virtual_object + ActivityPub::TagManager.instance.uri_for(object.quoted_status) + end + + def instrument + ActivityPub::TagManager.instance.uri_for(object.status) + end +end diff --git a/app/serializers/activitypub/reject_quote_request_serializer.rb b/app/serializers/activitypub/reject_quote_request_serializer.rb new file mode 100644 index 00000000000..791d8d730ed --- /dev/null +++ b/app/serializers/activitypub/reject_quote_request_serializer.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +class ActivityPub::RejectQuoteRequestSerializer < ActivityPub::Serializer + attributes :id, :type, :actor + + has_one :object, serializer: ActivityPub::QuoteRequestSerializer + + def id + [ActivityPub::TagManager.instance.uri_for(object.quoted_account), '#rejects/quote_requests/', object.id].join + end + + def type + 'Reject' + end + + def actor + ActivityPub::TagManager.instance.uri_for(object.quoted_account) + end +end diff --git a/spec/lib/activitypub/activity/quote_request_spec.rb b/spec/lib/activitypub/activity/quote_request_spec.rb new file mode 100644 index 00000000000..c2f218feb41 --- /dev/null +++ b/spec/lib/activitypub/activity/quote_request_spec.rb @@ -0,0 +1,46 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe ActivityPub::Activity::QuoteRequest do + let(:sender) { Fabricate(:account, domain: 'example.com') } + let(:recipient) { Fabricate(:account) } + let(:quoted_post) { Fabricate(:status, account: recipient) } + let(:request_uri) { 'https://example.com/missing-ui' } + let(:quoted_uri) { ActivityPub::TagManager.instance.uri_for(quoted_post) } + + let(:json) do + { + '@context': 'https://www.w3.org/ns/activitystreams', + id: request_uri, + type: 'QuoteRequest', + actor: ActivityPub::TagManager.instance.uri_for(sender), + object: quoted_uri, + instrument: 'https://example.com/unknown-status', + }.with_indifferent_access + end + + describe '#perform' do + subject { described_class.new(json, sender) } + + context 'when trying to quote an unknown status' do + let(:quoted_uri) { 'https://example.com/statuses/1234' } + + it 'does not send anything' do + expect { subject.perform } + .to_not enqueue_sidekiq_job(ActivityPub::DeliveryWorker) + end + end + + context 'when trying to quote an unquotable local status' do + it 'sends a Reject activity' do + expect { subject.perform } + .to enqueue_sidekiq_job(ActivityPub::DeliveryWorker) + .with(satisfying do |body| + outgoing_json = Oj.load(body) + outgoing_json['type'] == 'Reject' && %w(type id actor object instrument).all? { |key| json[key] == outgoing_json['object'][key] } + end, recipient.id, sender.inbox_url) + end + end + end +end