Merge remote-tracking branch 'origin/kb_development' into kbtopic-add…

…-block-non-follower

app/helpers/follow_helper.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module FollowHelper
+  def request_pending_follow?(source_account, target_account)
+    target_account.locked? || source_account.silenced? || block_straight_follow?(source_account) ||
+      ((source_account.bot? || proxy_account?(source_account)) && target_account.user&.setting_lock_follow_from_bot)
+  end
+
+  def block_straight_follow?(account)
+    return false if account.local?
+
+    DomainBlock.reject_straight_follow?(account.domain)
+  end
+
+  def proxy_account?(account)
+    (account.username.downcase.include?('_proxy') ||
+     account.username.downcase.end_with?('proxy') ||
+     account.username.downcase.include?('_bot_') ||
+     account.username.downcase.end_with?('bot') ||
+     account.display_name&.downcase&.include?('proxy') ||
+     account.display_name&.include?('プロキシ') ||
+     account.note&.include?('プロキシ')) &&
+      (account.following_count.zero? || account.following_count > account.followers_count) &&
+      proxyable_software?(account)
+  end
+
+  def proxyable_software?(account)
+    return false if account.local?
+
+    info = InstanceInfo.find_by(domain: account.domain)
+    return false if info.nil?
+
+    %w(misskey calckey firefish meisskey cherrypick sharkey).include?(info.software)
+  end
+end

app/lib/activitypub/activity/follow.rb

@@ -2,6 +2,7 @@
 
 class ActivityPub::Activity::Follow < ActivityPub::Activity
   include Payloadable
+  include FollowHelper
 
   def perform
     return request_follow_for_friend if friend_follow?
@@ -11,7 +12,7 @@ def perform
     return if target_account.nil? || !target_account.local? || delete_arrived_first?(@json['id'])
 
     # Update id of already-existing follow requests
-    existing_follow_request = ::FollowRequest.find_by(account: @account, target_account: target_account)
+    existing_follow_request = ::FollowRequest.find_by(account: @account, target_account: target_account) || PendingFollowRequest.find_by(account: @account, target_account: target_account)
     unless existing_follow_request.nil?
       existing_follow_request.update!(uri: @json['id'])
       return
@@ -30,9 +31,16 @@ def perform
       return
     end
 
+    if @account.suspended? && @account.remote_pending?
+      PendingFollowRequest.create!(account: @account, target_account: target_account, uri: @json['id'])
+      return
+    elsif @account.suspended?
+      return
+    end
+
     follow_request = FollowRequest.create!(account: @account, target_account: target_account, uri: @json['id'])
 
-    if target_account.locked? || @account.silenced? || block_straight_follow? || ((@account.bot? || proxy_account?) && target_account.user&.setting_lock_follow_from_bot)
+    if request_pending_follow?(@account, target_account)
       LocalNotificationWorker.perform_async(target_account.id, follow_request.id, 'FollowRequest', 'follow_request')
     else
       AuthorizeFollowService.new.call(@account, target_account)
@@ -79,37 +87,10 @@ def block_friend?
     @block_friend ||= DomainBlock.reject_friend?(@account.domain) || DomainBlock.blocked?(@account.domain)
   end
 
-  def block_straight_follow?
-    @block_straight_follow ||= DomainBlock.reject_straight_follow?(@account.domain)
-  end
-
   def block_new_follow?
     @block_new_follow ||= DomainBlock.reject_new_follow?(@account.domain)
   end
 
-  def proxy_account?
-    (@account.username.downcase.include?('_proxy') ||
-     @account.username.downcase.end_with?('proxy') ||
-     @account.username.downcase.include?('_bot_') ||
-     @account.username.downcase.end_with?('bot') ||
-     @account.display_name&.downcase&.include?('proxy') ||
-     @account.display_name&.include?('プロキシ') ||
-     @account.note&.include?('プロキシ')) &&
-      (@account.following_count.zero? || @account.following_count > @account.followers_count) &&
-      proxyable_software?
-  end
-
-  def proxyable_software?
-    info = instance_info
-    return false if info.nil?
-
-    %w(misskey calckey firefish meisskey cherrypick sharkey).include?(info.software)
-  end
-
-  def instance_info
-    @instance_info ||= InstanceInfo.find_by(domain: @account.domain)
-  end
-
   def notify_staff_about_pending_friend_server!
     User.those_who_can(:manage_federation).includes(:account).find_each do |u|
       next unless u.allows_pending_friend_server_emails?

app/models/account.rb

@@ -300,10 +300,13 @@ def unsuspend!
   def approve_remote!
     update!(remote_pending: false)
     unsuspend!
+    EnableFollowRequestsWorker.perform_async(id)
   end
 
   def reject_remote!
     update!(remote_pending: false, suspension_origin: :local)
+    pending_follow_requests.destroy_all
+    suspend!
   end
 
   def sensitized?

app/models/concerns/account/interactions.rb

@@ -74,6 +74,7 @@ def follow_mapping(query, field)
   included do
     # Follow relations
     has_many :follow_requests, dependent: :destroy
+    has_many :pending_follow_requests, dependent: :destroy
 
     with_options class_name: 'Follow', dependent: :destroy do
       has_many :active_relationships,  foreign_key: 'account_id', inverse_of: :account

app/models/form/admin_settings.rb

@@ -66,6 +66,7 @@ class Form::AdminSettings
     emoji_reaction_disallow_domains
     permit_new_account_domains
     block_unfollow_account_mention
+    hold_remote_new_accounts
   ).freeze
 
   INTEGER_KEYS = %i(
@@ -109,6 +110,7 @@ class Form::AdminSettings
     enable_local_timeline
     delete_content_cache_without_reaction
     block_unfollow_account_mention
+    hold_remote_new_accounts
   ).freeze
 
   UPLOAD_KEYS = %i(

app/models/pending_follow_request.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+# == Schema Information
+#
+# Table name: pending_follow_requests
+#
+#  id                :bigint(8)        not null, primary key
+#  account_id        :bigint(8)        not null
+#  target_account_id :bigint(8)        not null
+#  uri               :string           not null
+#  created_at        :datetime         not null
+#  updated_at        :datetime         not null
+#
+class PendingFollowRequest < ApplicationRecord
+  belongs_to :account
+  belongs_to :target_account, class_name: 'Account'
+
+  validates :account_id, uniqueness: { scope: :target_account_id }
+end

app/services/activitypub/process_account_service.rb

@@ -140,6 +140,7 @@ def set_immediate_attributes!
   end
 
   def blocking_new_account?
+    return false unless Setting.hold_remote_new_accounts
     return false if permit_new_account_domains.blank?
 
     permit_new_account_domains.exclude?(@domain)

app/services/activitypub/process_collection_service.rb

@@ -48,13 +48,17 @@ def different_actor?
   end
 
   def suspended_actor?
-    @account.suspended? && !activity_allowed_while_suspended?
+    @account.suspended? && (@account.remote_pending ? !activity_allowed_while_remote_pending? : !activity_allowed_while_suspended?)
   end
 
   def activity_allowed_while_suspended?
     %w(Delete Reject Undo Update).include?(@json['type'])
   end
 
+  def activity_allowed_while_remote_pending?
+    %w(Follow).include?(@json['type']) || activity_allowed_while_suspended?
+  end
+
   def process_items(items)
     items.reverse_each.filter_map { |item| process_item(item) }
   end

app/services/delete_account_service.rb

@@ -28,6 +28,7 @@ class DeleteAccountService < BaseService
     notifications
     owned_lists
     passive_relationships
+    pending_follow_requests
     report_notes
     scheduled_statuses
     scheduled_expiration_statuses
@@ -57,6 +58,7 @@ class DeleteAccountService < BaseService
     muted_by_relationships
     notifications
     owned_lists
+    pending_follow_requests
     scheduled_statuses
     scheduled_expiration_statuses
     status_pins

app/services/enable_follow_requests_service.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+class EnableFollowRequestsService < BaseService
+  include Payloadable
+  include FollowHelper
+
+  def call(account)
+    @account = account
+
+    PendingFollowRequest.transaction do
+      PendingFollowRequest.where(account: account).find_each do |follow_request|
+        approve_follow!(follow_request)
+      end
+    end
+  end
+
+  private
+
+  def approve_follow!(pending)
+    follow_request = FollowRequest.create!(account: @account, target_account: pending.target_account, uri: pending.uri)
+    pending.destroy!
+
+    target_account = follow_request.target_account
+
+    if request_pending_follow?(@account, target_account)
+      LocalNotificationWorker.perform_async(target_account.id, follow_request.id, 'FollowRequest', 'follow_request')
+    else
+      AuthorizeFollowService.new.call(@account, target_account)
+      LocalNotificationWorker.perform_async(target_account.id, ::Follow.find_by(account: @account, target_account: target_account).id, 'Follow', 'follow')
+    end
+  end
+end

app/views/admin/ng_words/show.html.haml

@@ -39,6 +39,9 @@
     = t 'admin.ng_words.remote_approval_hint'
     = link_to t('admin.ng_words.remote_approval_list'), admin_accounts_path(status: 'remote_pending', origin: 'remote')
 
+  .fields-group
+    = f.input :hold_remote_new_accounts, wrapper: :with_label, as: :boolean, label: t('admin.ng_words.hold_remote_new_accounts')
+
   .fields-group
     = f.input :permit_new_account_domains, wrapper: :with_label, as: :text, kmyblue: true, input_html: { rows: 6 }, label: t('admin.ng_words.permit_new_account_domains')
 

app/workers/enable_follow_requests_worker.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class EnableFollowRequestsWorker
+  include Sidekiq::Worker
+
+  def perform(account_id)
+    account = Account.find_by(id: account_id)
+    return true if account.nil?
+    return true if account.suspended?
+
+    EnableFollowRequestsService.new.call(account)
+  end
+end

config/locales/en.yml

@@ -651,6 +651,7 @@ en:
       block_unfollow_account_mention: Reject all mentions/references from all accounts that do not have followers on your server
       hide_local_users_for_anonymous: Hide timeline local user posts from anonymous
       history_hint: We recommend that you regularly check your NG words to make sure that you have not specified the NG words incorrectly.
+      hold_remote_new_accounts: Hold new remote accounts
       keywords: Reject keywords
       keywords_for_stranger_mention: Reject keywords when mention/reply/reference/quote from strangers
       keywords_for_stranger_mention_hint: This words are checked posts from other servers only.

config/locales/ja.yml

@@ -644,6 +644,7 @@ ja:
       block_unfollow_account_mention: 自分のサーバーのフォロワーを持たない全てのアカウントからのメンション・参照を全て拒否する
       hide_local_users_for_anonymous: ログインしていない状態でローカルユーザーの投稿をタイムラインから取得できないようにする
       history_hint: 設定されたNGワードによって実際に拒否された投稿などは、履歴より確認できます。NGワードの指定に誤りがないか定期的に確認することをおすすめします。
+      hold_remote_new_accounts: リモートの新規アカウントを保留する
       keywords: 投稿できないキーワード
       keywords_for_stranger_mention: フォローしていないアカウントへのメンションや参照で利用できないキーワード
       keywords_for_stranger_mention_hint: フォローしていないアカウントへのメンション、参照、引用にのみ適用されます

db/migrate/20240217230006_create_pending_follow_requests.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class CreatePendingFollowRequests < ActiveRecord::Migration[7.1]
+  disable_ddl_transaction!
+
+  def change
+    create_table :pending_follow_requests do |t|
+      t.references :account, null: false, foreign_key: { on_delete: :cascade }, index: false
+      t.references :target_account, null: false, foreign_key: { to_table: 'accounts', on_delete: :cascade }
+      t.string :uri, null: false, index: { unique: true }
+
+      t.timestamps
+    end
+
+    add_index :pending_follow_requests, [:account_id, :target_account_id], unique: true
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.1].define(version: 2024_02_17_215134) do
+ActiveRecord::Schema[7.1].define(version: 2024_02_17_230006) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 
@@ -954,6 +954,17 @@
     t.index ["key_id"], name: "index_one_time_keys_on_key_id"
   end
 
+  create_table "pending_follow_requests", force: :cascade do |t|
+    t.bigint "account_id", null: false
+    t.bigint "target_account_id", null: false
+    t.string "uri", null: false
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["account_id", "target_account_id"], name: "idx_on_account_id_target_account_id_46f2a00f12", unique: true
+    t.index ["target_account_id"], name: "index_pending_follow_requests_on_target_account_id"
+    t.index ["uri"], name: "index_pending_follow_requests_on_uri", unique: true
+  end
+
   create_table "pghero_space_stats", force: :cascade do |t|
     t.text "database"
     t.text "schema"
@@ -1544,6 +1555,8 @@
   add_foreign_key "oauth_access_tokens", "users", column: "resource_owner_id", name: "fk_e84df68546", on_delete: :cascade
   add_foreign_key "oauth_applications", "users", column: "owner_id", name: "fk_b0988c7c0a", on_delete: :cascade
   add_foreign_key "one_time_keys", "devices", on_delete: :cascade
+  add_foreign_key "pending_follow_requests", "accounts", column: "target_account_id", on_delete: :cascade
+  add_foreign_key "pending_follow_requests", "accounts", on_delete: :cascade
   add_foreign_key "poll_votes", "accounts", on_delete: :cascade
   add_foreign_key "poll_votes", "polls", on_delete: :cascade
   add_foreign_key "polls", "accounts", on_delete: :cascade

lib/tasks/dangerous.rake

@@ -87,6 +87,7 @@ namespace :dangerous do
       20240216042730
       20240217022038
       20240217093511
+      20240217230006
     )
     # Removed: account_groups
     target_tables = %w(
@@ -104,6 +105,7 @@ namespace :dangerous do
       instance_infos
       list_statuses
       ngword_histories
+      pending_follow_requests
       scheduled_expiration_statuses
       status_capability_tokens
       status_references

spec/fabricators/pending_follow_request_fabricator.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+Fabricator(:pending_follow_request) do
+  account { Fabricate.build(:account) }
+  target_account { Fabricate.build(:account, locked: true) }
+  uri 'https://example.com/follow'
+end