First

3 files changed, 621 insertions, 0 deletions

diff --git a/lib/pleroma/object/containment.ex b/lib/pleroma/object/containment.ex
new file mode 100644
index 0000000..f6106cb
--- /dev/null
+++ b/lib/pleroma/object/containment.ex
@@ -0,0 +1,88 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Object.Containment do
+  @moduledoc """
+  This module contains some useful functions for containing objects to specific
+  origins and determining those origins.  They previously lived in the
+  ActivityPub `Transmogrifier` module.
+
+  Object containment is an important step in validating remote objects to prevent
+  spoofing, therefore removal of object containment functions is NOT recommended.
+  """
+  def get_actor(%{"actor" => actor}) when is_binary(actor) do
+    actor
+  end
+
+  def get_actor(%{"actor" => actor}) when is_list(actor) do
+    if is_binary(Enum.at(actor, 0)) do
+      Enum.at(actor, 0)
+    else
+      Enum.find(actor, fn %{"type" => type} -> type in ["Person", "Service", "Application"] end)
+      |> Map.get("id")
+    end
+  end
+
+  def get_actor(%{"actor" => %{"id" => id}}) when is_bitstring(id) do
+    id
+  end
+
+  def get_actor(%{"actor" => nil, "attributedTo" => actor}) when not is_nil(actor) do
+    get_actor(%{"actor" => actor})
+  end
+
+  def get_object(%{"object" => id}) when is_binary(id) do
+    id
+  end
+
+  def get_object(%{"object" => %{"id" => id}}) when is_binary(id) do
+    id
+  end
+
+  def get_object(_) do
+    nil
+  end
+
+  defp compare_uris(%URI{host: host} = _id_uri, %URI{host: host} = _other_uri), do: :ok
+  defp compare_uris(_id_uri, _other_uri), do: :error
+
+  @doc """
+  Checks that an imported AP object's actor matches the host it came from.
+  """
+  def contain_origin(_id, %{"actor" => nil}), do: :error
+
+  def contain_origin(id, %{"actor" => _actor} = params) do
+    id_uri = URI.parse(id)
+    actor_uri = URI.parse(get_actor(params))
+
+    compare_uris(actor_uri, id_uri)
+  end
+
+  def contain_origin(id, %{"attributedTo" => actor} = params),
+    do: contain_origin(id, Map.put(params, "actor", actor))
+
+  def contain_origin(_id, _data), do: :error
+
+  def contain_origin_from_id(id, %{"id" => other_id} = _params) when is_binary(other_id) do
+    id_uri = URI.parse(id)
+    other_uri = URI.parse(other_id)
+
+    compare_uris(id_uri, other_uri)
+  end
+
+  # Mastodon pin activities don't have an id, so we check the object field, which will be pinned.
+  def contain_origin_from_id(id, %{"object" => object}) when is_binary(object) do
+    id_uri = URI.parse(id)
+    object_uri = URI.parse(object)
+
+    compare_uris(id_uri, object_uri)
+  end
+
+  def contain_origin_from_id(_id, _data), do: :error
+
+  def contain_child(%{"object" => %{"id" => id, "attributedTo" => _} = object}),
+    do: contain_origin(id, object)
+
+  def contain_child(_), do: :ok
+end
diff --git a/lib/pleroma/object/fetcher.ex b/lib/pleroma/object/fetcher.ex
new file mode 100644
index 0000000..cc37725
--- /dev/null
+++ b/lib/pleroma/object/fetcher.ex
@@ -0,0 +1,243 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Object.Fetcher do
+  alias Pleroma.HTTP
+  alias Pleroma.Instances
+  alias Pleroma.Maps
+  alias Pleroma.Object
+  alias Pleroma.Object.Containment
+  alias Pleroma.Signature
+  alias Pleroma.Web.ActivityPub.InternalFetchActor
+  alias Pleroma.Web.ActivityPub.MRF
+  alias Pleroma.Web.ActivityPub.ObjectValidator
+  alias Pleroma.Web.ActivityPub.Pipeline
+  alias Pleroma.Web.ActivityPub.Transmogrifier
+  alias Pleroma.Web.Federator
+
+  require Logger
+  require Pleroma.Constants
+
+  @spec reinject_object(struct(), map()) :: {:ok, Object.t()} | {:error, any()}
+  defp reinject_object(%Object{data: %{}} = object, new_data) do
+    Logger.debug("Reinjecting object #{new_data["id"]}")
+
+    with {:ok, new_data, _} <- ObjectValidator.validate(new_data, %{}),
+         {:ok, new_data} <- MRF.filter(new_data),
+         {:ok, new_object, _} <-
+           Object.Updater.do_update_and_invalidate_cache(
+             object,
+             new_data,
+             _touch_changeset? = true
+           ) do
+      {:ok, new_object}
+    else
+      e ->
+        Logger.error("Error while processing object: #{inspect(e)}")
+        {:error, e}
+    end
+  end
+
+  defp reinject_object(_, new_data) do
+    with {:ok, object, _} <- Pipeline.common_pipeline(new_data, local: false) do
+      {:ok, object}
+    else
+      e -> e
+    end
+  end
+
+  def refetch_object(%Object{data: %{"id" => id}} = object) do
+    with {:local, false} <- {:local, Object.local?(object)},
+         {:ok, new_data} <- fetch_and_contain_remote_object_from_id(id),
+         {:ok, object} <- reinject_object(object, new_data) do
+      {:ok, object}
+    else
+      {:local, true} -> {:ok, object}
+      e -> {:error, e}
+    end
+  end
+
+  # Note: will create a Create activity, which we need internally at the moment.
+  def fetch_object_from_id(id, options \\ []) do
+    with {_, nil} <- {:fetch_object, Object.get_cached_by_ap_id(id)},
+         {_, true} <- {:allowed_depth, Federator.allowed_thread_distance?(options[:depth])},
+         {_, {:ok, data}} <- {:fetch, fetch_and_contain_remote_object_from_id(id)},
+         {_, nil} <- {:normalize, Object.normalize(data, fetch: false)},
+         params <- prepare_activity_params(data),
+         {_, :ok} <- {:containment, Containment.contain_origin(id, params)},
+         {_, {:ok, activity}} <-
+           {:transmogrifier, Transmogrifier.handle_incoming(params, options)},
+         {_, _data, %Object{} = object} <-
+           {:object, data, Object.normalize(activity, fetch: false)} do
+      {:ok, object}
+    else
+      {:allowed_depth, false} ->
+        {:error, "Max thread distance exceeded."}
+
+      {:containment, _} ->
+        {:error, "Object containment failed."}
+
+      {:transmogrifier, {:error, {:reject, e}}} ->
+        {:reject, e}
+
+      {:transmogrifier, {:reject, e}} ->
+        {:reject, e}
+
+      {:transmogrifier, _} = e ->
+        {:error, e}
+
+      {:object, data, nil} ->
+        reinject_object(%Object{}, data)
+
+      {:normalize, object = %Object{}} ->
+        {:ok, object}
+
+      {:fetch_object, %Object{} = object} ->
+        {:ok, object}
+
+      {:fetch, {:error, error}} ->
+        {:error, error}
+
+      e ->
+        e
+    end
+  end
+
+  defp prepare_activity_params(data) do
+    %{
+      "type" => "Create",
+      # Should we seriously keep this attributedTo thing?
+      "actor" => data["actor"] || data["attributedTo"],
+      "object" => data
+    }
+    |> Maps.put_if_present("to", data["to"])
+    |> Maps.put_if_present("cc", data["cc"])
+    |> Maps.put_if_present("bto", data["bto"])
+    |> Maps.put_if_present("bcc", data["bcc"])
+  end
+
+  def fetch_object_from_id!(id, options \\ []) do
+    with {:ok, object} <- fetch_object_from_id(id, options) do
+      object
+    else
+      {:error, %Tesla.Mock.Error{}} ->
+        nil
+
+      {:error, "Object has been deleted"} ->
+        nil
+
+      {:reject, reason} ->
+        Logger.info("Rejected #{id} while fetching: #{inspect(reason)}")
+        nil
+
+      e ->
+        Logger.error("Error while fetching #{id}: #{inspect(e)}")
+        nil
+    end
+  end
+
+  defp make_signature(id, date) do
+    uri = URI.parse(id)
+
+    signature =
+      InternalFetchActor.get_actor()
+      |> Signature.sign(%{
+        "(request-target)": "get #{uri.path}",
+        host: uri.host,
+        date: date
+      })
+
+    {"signature", signature}
+  end
+
+  defp sign_fetch(headers, id, date) do
+    if Pleroma.Config.get([:activitypub, :sign_object_fetches]) do
+      [make_signature(id, date) | headers]
+    else
+      headers
+    end
+  end
+
+  defp maybe_date_fetch(headers, date) do
+    if Pleroma.Config.get([:activitypub, :sign_object_fetches]) do
+      [{"date", date} | headers]
+    else
+      headers
+    end
+  end
+
+  def fetch_and_contain_remote_object_from_id(id)
+
+  def fetch_and_contain_remote_object_from_id(%{"id" => id}),
+    do: fetch_and_contain_remote_object_from_id(id)
+
+  def fetch_and_contain_remote_object_from_id(id) when is_binary(id) do
+    Logger.debug("Fetching object #{id} via AP")
+
+    with {:scheme, true} <- {:scheme, String.starts_with?(id, "http")},
+         {:ok, body} <- get_object(id),
+         {:ok, data} <- safe_json_decode(body),
+         :ok <- Containment.contain_origin_from_id(id, data) do
+      if not Instances.reachable?(id) do
+        Instances.set_reachable(id)
+      end
+
+      {:ok, data}
+    else
+      {:scheme, _} ->
+        {:error, "Unsupported URI scheme"}
+
+      {:error, e} ->
+        {:error, e}
+
+      e ->
+        {:error, e}
+    end
+  end
+
+  def fetch_and_contain_remote_object_from_id(_id),
+    do: {:error, "id must be a string"}
+
+  defp get_object(id) do
+    date = Pleroma.Signature.signed_date()
+
+    headers =
+      [{"accept", "application/activity+json"}]
+      |> maybe_date_fetch(date)
+      |> sign_fetch(id, date)
+
+    case HTTP.get(id, headers) do
+      {:ok, %{body: body, status: code, headers: headers}} when code in 200..299 ->
+        case List.keyfind(headers, "content-type", 0) do
+          {_, content_type} ->
+            case Plug.Conn.Utils.media_type(content_type) do
+              {:ok, "application", "activity+json", _} ->
+                {:ok, body}
+
+              {:ok, "application", "ld+json",
+               %{"profile" => "https://www.w3.org/ns/activitystreams"}} ->
+                {:ok, body}
+
+              _ ->
+                {:error, {:content_type, content_type}}
+            end
+
+          _ ->
+            {:error, {:content_type, nil}}
+        end
+
+      {:ok, %{status: code}} when code in [404, 410] ->
+        {:error, "Object has been deleted"}
+
+      {:error, e} ->
+        {:error, e}
+
+      e ->
+        {:error, e}
+    end
+  end
+
+  defp safe_json_decode(nil), do: {:ok, nil}
+  defp safe_json_decode(json), do: Jason.decode(json)
+end
diff --git a/lib/pleroma/object/updater.ex b/lib/pleroma/object/updater.ex
new file mode 100644
index 0000000..b1e4870
--- /dev/null
+++ b/lib/pleroma/object/updater.ex
@@ -0,0 +1,290 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Object.Updater do
+  require Pleroma.Constants
+
+  alias Pleroma.Object
+  alias Pleroma.Repo
+
+  def update_content_fields(orig_object_data, updated_object) do
+    Pleroma.Constants.status_updatable_fields()
+    |> Enum.reduce(
+      %{data: orig_object_data, updated: false},
+      fn field, %{data: data, updated: updated} ->
+        updated =
+          updated or
+            (field != "updated" and
+               Map.get(updated_object, field) != Map.get(orig_object_data, field))
+
+        data =
+          if Map.has_key?(updated_object, field) do
+            Map.put(data, field, updated_object[field])
+          else
+            Map.drop(data, [field])
+          end
+
+        %{data: data, updated: updated}
+      end
+    )
+  end
+
+  def maybe_history(object) do
+    with history <- Map.get(object, "formerRepresentations"),
+         true <- is_map(history),
+         "OrderedCollection" <- Map.get(history, "type"),
+         true <- is_list(Map.get(history, "orderedItems")),
+         true <- is_integer(Map.get(history, "totalItems")) do
+      history
+    else
+      _ -> nil
+    end
+  end
+
+  def history_for(object) do
+    with history when not is_nil(history) <- maybe_history(object) do
+      history
+    else
+      _ -> history_skeleton()
+    end
+  end
+
+  defp history_skeleton do
+    %{
+      "type" => "OrderedCollection",
+      "totalItems" => 0,
+      "orderedItems" => []
+    }
+  end
+
+  def maybe_update_history(
+        updated_object,
+        orig_object_data,
+        opts
+      ) do
+    updated = opts[:updated]
+    use_history_in_new_object? = opts[:use_history_in_new_object?]
+
+    if not updated do
+      %{updated_object: updated_object, used_history_in_new_object?: false}
+    else
+      # Put edit history
+      # Note that we may have got the edit history by first fetching the object
+      {new_history, used_history_in_new_object?} =
+        with true <- use_history_in_new_object?,
+             updated_history when not is_nil(updated_history) <- maybe_history(opts[:new_data]) do
+          {updated_history, true}
+        else
+          _ ->
+            history = history_for(orig_object_data)
+
+            latest_history_item =
+              orig_object_data
+              |> Map.drop(["id", "formerRepresentations"])
+
+            updated_history =
+              history
+              |> Map.put("orderedItems", [latest_history_item | history["orderedItems"]])
+              |> Map.put("totalItems", history["totalItems"] + 1)
+
+            {updated_history, false}
+        end
+
+      updated_object =
+        updated_object
+        |> Map.put("formerRepresentations", new_history)
+
+      %{updated_object: updated_object, used_history_in_new_object?: used_history_in_new_object?}
+    end
+  end
+
+  defp maybe_update_poll(to_be_updated, updated_object) do
+    choice_key = fn
+      %{"anyOf" => [_ | _]} -> "anyOf"
+      %{"oneOf" => [_ | _]} -> "oneOf"
+      _ -> nil
+    end
+
+    with true <- to_be_updated["type"] == "Question",
+         key when not is_nil(key) <- choice_key.(updated_object),
+         true <- key == choice_key.(to_be_updated),
+         orig_choices <- to_be_updated[key] |> Enum.map(&Map.drop(&1, ["replies"])),
+         new_choices <- updated_object[key] |> Enum.map(&Map.drop(&1, ["replies"])),
+         true <- orig_choices == new_choices do
+      # Choices are the same, but counts are different
+      to_be_updated
+      |> Map.put(key, updated_object[key])
+    else
+      # Choices (or vote type) have changed, do not allow this
+      _ -> to_be_updated
+    end
+  end
+
+  # This calculates the data to be sent as the object of an Update.
+  # new_data's formerRepresentations is not considered.
+  # formerRepresentations is added to the returned data.
+  def make_update_object_data(original_data, new_data, date) do
+    %{data: updated_data, updated: updated} =
+      original_data
+      |> update_content_fields(new_data)
+
+    if not updated do
+      updated_data
+    else
+      %{updated_object: updated_data} =
+        updated_data
+        |> maybe_update_history(original_data, updated: updated, use_history_in_new_object?: false)
+
+      updated_data
+      |> Map.put("updated", date)
+    end
+  end
+
+  # This calculates the data of the new Object from an Update.
+  # new_data's formerRepresentations is considered.
+  def make_new_object_data_from_update_object(original_data, new_data) do
+    update_is_reasonable =
+      with {_, updated} when not is_nil(updated) <- {:cur_updated, new_data["updated"]},
+           {_, {:ok, updated_time, _}} <- {:cur_updated, DateTime.from_iso8601(updated)},
+           {_, last_updated} when not is_nil(last_updated) <-
+             {:last_updated, original_data["updated"] || original_data["published"]},
+           {_, {:ok, last_updated_time, _}} <-
+             {:last_updated, DateTime.from_iso8601(last_updated)},
+           :gt <- DateTime.compare(updated_time, last_updated_time) do
+        :update_everything
+      else
+        # only allow poll updates
+        {:cur_updated, _} -> :no_content_update
+        :eq -> :no_content_update
+        # allow all updates
+        {:last_updated, _} -> :update_everything
+        # allow no updates
+        _ -> false
+      end
+
+    %{
+      updated_object: updated_data,
+      used_history_in_new_object?: used_history_in_new_object?,
+      updated: updated
+    } =
+      if update_is_reasonable == :update_everything do
+        %{data: updated_data, updated: updated} =
+          original_data
+          |> update_content_fields(new_data)
+
+        updated_data
+        |> maybe_update_history(original_data,
+          updated: updated,
+          use_history_in_new_object?: true,
+          new_data: new_data
+        )
+        |> Map.put(:updated, updated)
+      else
+        %{
+          updated_object: original_data,
+          used_history_in_new_object?: false,
+          updated: false
+        }
+      end
+
+    updated_data =
+      if update_is_reasonable != false do
+        updated_data
+        |> maybe_update_poll(new_data)
+      else
+        updated_data
+      end
+
+    %{
+      updated_data: updated_data,
+      updated: updated,
+      used_history_in_new_object?: used_history_in_new_object?
+    }
+  end
+
+  def for_each_history_item(%{"orderedItems" => items} = history, _object, fun) do
+    new_items =
+      Enum.map(items, fun)
+      |> Enum.reduce_while(
+        {:ok, []},
+        fn
+          {:ok, item}, {:ok, acc} -> {:cont, {:ok, acc ++ [item]}}
+          e, _acc -> {:halt, e}
+        end
+      )
+
+    case new_items do
+      {:ok, items} -> {:ok, Map.put(history, "orderedItems", items)}
+      e -> e
+    end
+  end
+
+  def for_each_history_item(history, _, _) do
+    {:ok, history}
+  end
+
+  def do_with_history(object, fun) do
+    with history <- object["formerRepresentations"],
+         object <- Map.drop(object, ["formerRepresentations"]),
+         {_, {:ok, object}} <- {:main_body, fun.(object)},
+         {_, {:ok, history}} <- {:history_items, for_each_history_item(history, object, fun)} do
+      object =
+        if history do
+          Map.put(object, "formerRepresentations", history)
+        else
+          object
+        end
+
+      {:ok, object}
+    else
+      {:main_body, e} -> e
+      {:history_items, e} -> e
+    end
+  end
+
+  defp maybe_touch_changeset(changeset, true) do
+    updated_at =
+      NaiveDateTime.utc_now()
+      |> NaiveDateTime.truncate(:second)
+
+    Ecto.Changeset.put_change(changeset, :updated_at, updated_at)
+  end
+
+  defp maybe_touch_changeset(changeset, _), do: changeset
+
+  def do_update_and_invalidate_cache(orig_object, updated_object, touch_changeset? \\ false) do
+    orig_object_ap_id = updated_object["id"]
+    orig_object_data = orig_object.data
+
+    %{
+      updated_data: updated_object_data,
+      updated: updated,
+      used_history_in_new_object?: used_history_in_new_object?
+    } = make_new_object_data_from_update_object(orig_object_data, updated_object)
+
+    changeset =
+      orig_object
+      |> Repo.preload(:hashtags)
+      |> Object.change(%{data: updated_object_data})
+      |> maybe_touch_changeset(touch_changeset?)
+
+    with {:ok, new_object} <- Repo.update(changeset),
+         {:ok, _} <- Object.invalid_object_cache(new_object),
+         {:ok, _} <- Object.set_cache(new_object),
+         # The metadata/utils.ex uses the object id for the cache.
+         {:ok, _} <- Pleroma.Activity.HTML.invalidate_cache_for(new_object.id) do
+      if used_history_in_new_object? do
+        with create_activity when not is_nil(create_activity) <-
+               Pleroma.Activity.get_create_by_object_ap_id(orig_object_ap_id),
+             {:ok, _} <- Pleroma.Activity.HTML.invalidate_cache_for(create_activity.id) do
+          nil
+        else
+          _ -> nil
+        end
+      end
+
+      {:ok, new_object, updated}
+    end
+  end
+end