Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F21908425
containment.ex
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Award Token
Flag For Later
Size
2 KB
Referenced Files
None
Subscribers
None
containment.ex
View Options
# Pleroma: A lightweight social networking server
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule
Pleroma.Object.Containment
do
@moduledoc
"""
This module contains some useful functions for containing objects to specific
origins and determining those origins. They previously lived in the
ActivityPub `Transmogrifier` module.
Object containment is an important step in validating remote objects to prevent
spoofing, therefore removal of object containment functions is NOT recommended.
"""
def
get_actor
(%{
"actor"
=>
actor
})
when
is_binary
(
actor
)
do
actor
end
def
get_actor
(%{
"actor"
=>
actor
})
when
is_list
(
actor
)
do
if
is_binary
(
Enum
.
at
(
actor
,
0
))
do
Enum
.
at
(
actor
,
0
)
else
Enum
.
find
(
actor
,
fn
%{
"type"
=>
type
}
->
type
in
[
"Person"
,
"Service"
,
"Application"
]
end
)
|>
Map
.
get
(
"id"
)
end
end
def
get_actor
(%{
"actor"
=>
%{
"id"
=>
id
}})
when
is_bitstring
(
id
)
do
id
end
def
get_actor
(%{
"actor"
=>
nil
,
"attributedTo"
=>
actor
})
when
not
is_nil
(
actor
)
do
get_actor
(%{
"actor"
=>
actor
})
end
@doc
"""
Checks that an imported AP object's actor matches the domain it came from.
"""
def
contain_origin
(
_id
,
%{
"actor"
=>
nil
}),
do
:
:error
def
contain_origin
(
id
,
%{
"actor"
=>
_actor
}
=
params
)
do
id_uri
=
URI
.
parse
(
id
)
actor_uri
=
URI
.
parse
(
get_actor
(
params
))
if
id_uri
.
host
==
actor_uri
.
host
||
id_uri
.
scheme
==
"tag"
do
:ok
else
:error
end
end
def
contain_origin
(
id
,
%{
"attributedTo"
=>
actor
}
=
params
),
do
:
contain_origin
(
id
,
Map
.
put
(
params
,
"actor"
,
actor
))
def
contain_origin_from_id
(
_id
,
%{
"id"
=>
nil
}),
do
:
:error
def
contain_origin_from_id
(
id
,
%{
"id"
=>
other_id
}
=
_params
)
do
id_uri
=
URI
.
parse
(
id
)
other_uri
=
URI
.
parse
(
other_id
)
# We explicitly allow 'tag' URIs through, due to legacy OStatus objects
# being present in the ActivityPub network.
if
id_uri
.
host
==
other_uri
.
host
||
other_uri
.
scheme
==
"tag"
do
:ok
else
:error
end
end
def
contain_child
(%{
"object"
=>
%{
"id"
=>
id
,
"attributedTo"
=>
_
}
=
object
}),
do
:
contain_origin
(
id
,
object
)
def
contain_child
(
_
),
do
:
:ok
end
File Metadata
Details
Attached
Mime Type
text/x-ruby
Expires
Sun, Dec 28, 1:43 AM (13 m, 10 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
839306
Default Alt Text
containment.ex (2 KB)
Attached To
Mode
rPUBE pleroma-upstream
Attached
Detach File
Event Timeline
Log In to Comment