misty.cafe/mistykey
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

merge upstream

Browse source
This commit is contained in:
Hazelnoot 2025-03-25 16:14:53 -04:00
commit d8908ef2d8
1065 changed files with 32953 additions and 20092 deletions
Download patch file Download diff file Expand all files Collapse all files

77
packages/backend/src/server/ActivityPubServerService.ts
View file

@ -252,6 +252,11 @@ export class ActivityPubServerService {
@bindThis
private inbox(request: FastifyRequest, reply: FastifyReply) {
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
let signature;
try {
@ -323,6 +328,11 @@ export class ActivityPubServerService {
request: FastifyRequest<{ Params: { user: string; }; Querystring: { cursor?: string; page?: string; }; }>,
reply: FastifyReply,
) {
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const { reject } = await this.checkAuthorizedFetch(request, reply, request.params.user);
if (reject) return;
@ -415,6 +425,11 @@ export class ActivityPubServerService {
request: FastifyRequest<{ Params: { user: string; }; Querystring: { cursor?: string; page?: string; }; }>,
reply: FastifyReply,
) {
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const { reject } = await this.checkAuthorizedFetch(request, reply, request.params.user);
if (reject) return;
@ -504,6 +519,11 @@ export class ActivityPubServerService {
@bindThis
private async featured(request: FastifyRequest<{ Params: { user: string; }; }>, reply: FastifyReply) {
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const { reject } = await this.checkAuthorizedFetch(request, reply, request.params.user);
if (reject) return;
@ -550,6 +570,11 @@ export class ActivityPubServerService {
}>,
reply: FastifyReply,
) {
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const { reject } = await this.checkAuthorizedFetch(request, reply, request.params.user);
if (reject) return;
@ -636,6 +661,11 @@ export class ActivityPubServerService {
@bindThis
private async userInfo(request: FastifyRequest, reply: FastifyReply, user: MiUser | null, redact = false) {
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
if (user == null) {
reply.code(404);
return;
@ -728,6 +758,11 @@ export class ActivityPubServerService {
fastify.get<{ Params: { note: string; } }>('/notes/:note', { constraints: { apOrHtml: 'ap' } }, async (request, reply) => {
vary(reply.raw, 'Accept');
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const note = await this.notesRepository.findOneBy({
id: request.params.note,
visibility: In(['public', 'home']),
@ -762,6 +797,11 @@ export class ActivityPubServerService {
fastify.get<{ Params: { note: string; } }>('/notes/:note/activity', async (request, reply) => {
vary(reply.raw, 'Accept');
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const note = await this.notesRepository.findOneBy({
id: request.params.note,
userHost: IsNull(),
@ -852,6 +892,11 @@ export class ActivityPubServerService {
// publickey
fastify.get<{ Params: { user: string; } }>('/users/:user/publickey', async (request, reply) => {
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const { reject } = await this.checkAuthorizedFetch(request, reply, request.params.user, true);
if (reject) return;
@ -884,6 +929,11 @@ export class ActivityPubServerService {
vary(reply.raw, 'Accept');
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const userId = request.params.user;
const user = await this.usersRepository.findOneBy({
@ -897,6 +947,11 @@ export class ActivityPubServerService {
fastify.get<{ Params: { acct: string; } }>('/@:acct', { constraints: { apOrHtml: 'ap' } }, async (request, reply) => {
vary(reply.raw, 'Accept');
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const acct = Acct.parse(request.params.acct);
const user = await this.usersRepository.findOneBy({
@ -914,6 +969,11 @@ export class ActivityPubServerService {
// emoji
fastify.get<{ Params: { emoji: string; } }>('/emojis/:emoji', async (request, reply) => {
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const { reject } = await this.checkAuthorizedFetch(request, reply);
if (reject) return;
@ -933,6 +993,11 @@ export class ActivityPubServerService {
// like
fastify.get<{ Params: { like: string; } }>('/likes/:like', async (request, reply) => {
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const reaction = await this.noteReactionsRepository.findOneBy({ id: request.params.like });
const { reject } = await this.checkAuthorizedFetch(request, reply, reaction?.userId);
@ -956,6 +1021,11 @@ export class ActivityPubServerService {
// follow
fastify.get<{ Params: { follower: string; followee: string; } }>('/follows/:follower/:followee', async (request, reply) => {
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const { reject } = await this.checkAuthorizedFetch(request, reply, request.params.follower);
if (reject) return;
@ -983,7 +1053,12 @@ export class ActivityPubServerService {
});
// follow
fastify.get<{ Params: { followRequestId: string ; } }>('/follows/:followRequestId', async (request, reply) => {
fastify.get<{ Params: { followRequestId: string; } }>('/follows/:followRequestId', async (request, reply) => {
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
// This may be used before the follow is completed, so we do not
// check if the following exists and only check if the follow request exists.