From 9db1fb1153eaf12324b94430bcb3df75a440a9be Mon Sep 17 00:00:00 2001
From: KMY <tt@kmycode.net>
Date: Mon, 18 Sep 2023 21:35:47 +0900
Subject: [PATCH] Remove stop deliver to bot setting

---
 app/controllers/api/v1/accounts_controller.rb |  2 +-
 app/lib/activitypub/activity/follow.rb        |  2 +-
 app/models/concerns/has_user_settings.rb      |  4 +++
 app/models/user_settings.rb                   |  1 +
 app/services/follow_service.rb                |  2 +-
 .../settings/preferences/other/show.html.haml |  3 ++
 config/locales/simple_form.en.yml             |  1 +
 config/locales/simple_form.ja.yml             |  1 +
 .../api/v1/accounts_controller_spec.rb        | 29 +++++++++++++++++++
 spec/lib/activitypub/activity/follow_spec.rb  | 22 +++++++++++++-
 10 files changed, 63 insertions(+), 4 deletions(-)

diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb
index ddb94d5ca48691..0addcbe2152f64 100644
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@@ -36,7 +36,7 @@ def create
 
   def follow
     follow  = FollowService.new.call(current_user.account, @account, reblogs: params.key?(:reblogs) ? truthy_param?(:reblogs) : nil, notify: params.key?(:notify) ? truthy_param?(:notify) : nil, languages: params.key?(:languages) ? params[:languages] : nil, with_rate_limit: true)
-    options = @account.locked? || current_user.account.silenced? ? {} : { following_map: { @account.id => { reblogs: follow.show_reblogs?, notify: follow.notify?, languages: follow.languages } }, requested_map: { @account.id => false } }
+    options = @account.locked? || current_user.account.silenced? || (current_user.account.bot? && @account.user&.setting_lock_follow_from_bot) ? {} : { following_map: { @account.id => { reblogs: follow.show_reblogs?, notify: follow.notify?, languages: follow.languages } }, requested_map: { @account.id => false } }
 
     render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships(**options)
   end
diff --git a/app/lib/activitypub/activity/follow.rb b/app/lib/activitypub/activity/follow.rb
index 3714648c01d4d0..a586298eec3225 100644
--- a/app/lib/activitypub/activity/follow.rb
+++ b/app/lib/activitypub/activity/follow.rb
@@ -30,7 +30,7 @@ def perform
 
     follow_request = FollowRequest.create!(account: @account, target_account: target_account, uri: @json['id'])
 
-    if target_account.locked? || @account.silenced? || block_straight_follow?
+    if target_account.locked? || @account.silenced? || block_straight_follow? || (@account.bot? && target_account.user&.setting_lock_follow_from_bot)
       LocalNotificationWorker.perform_async(target_account.id, follow_request.id, 'FollowRequest', 'follow_request')
     else
       AuthorizeFollowService.new.call(@account, target_account)
diff --git a/app/models/concerns/has_user_settings.rb b/app/models/concerns/has_user_settings.rb
index 674804c2956e0a..430fc9c044f32b 100644
--- a/app/models/concerns/has_user_settings.rb
+++ b/app/models/concerns/has_user_settings.rb
@@ -235,6 +235,10 @@ def setting_disallow_unlisted_public_searchability
     settings['disallow_unlisted_public_searchability']
   end
 
+  def setting_lock_follow_from_bot
+    settings['lock_follow_from_bot']
+  end
+
   def allows_report_emails?
     settings['notification_emails.report']
   end
diff --git a/app/models/user_settings.rb b/app/models/user_settings.rb
index b16e89556b9099..b52bf67e7f4577 100644
--- a/app/models/user_settings.rb
+++ b/app/models/user_settings.rb
@@ -40,6 +40,7 @@ class KeyError < Error; end
   setting :unsafe_limited_distribution, default: false
   setting :dtl_force_with_tag, default: :none, in: %w(full searchability none)
   setting :dtl_force_subscribable, default: false
+  setting :lock_follow_from_bot, default: false
 
   setting_inverse_alias :indexable, :noindex
 
diff --git a/app/services/follow_service.rb b/app/services/follow_service.rb
index feea40e3c0a945..fc2868a02fedca 100644
--- a/app/services/follow_service.rb
+++ b/app/services/follow_service.rb
@@ -36,7 +36,7 @@ def call(source_account, target_account, options = {})
     # and the feeds are being merged
     mark_home_feed_as_partial! if @source_account.not_following_anyone?
 
-    if (@target_account.locked? && !@options[:bypass_locked]) || @source_account.silenced? || @target_account.activitypub?
+    if (@target_account.locked? && !@options[:bypass_locked]) || @source_account.silenced? || @target_account.activitypub? || (@source_account.bot? && @target_account.user&.setting_lock_follow_from_bot)
       request_follow!
     elsif @target_account.local?
       direct_follow!
diff --git a/app/views/settings/preferences/other/show.html.haml b/app/views/settings/preferences/other/show.html.haml
index 641efde9dfcc74..353715df01a66e 100644
--- a/app/views/settings/preferences/other/show.html.haml
+++ b/app/views/settings/preferences/other/show.html.haml
@@ -11,6 +11,9 @@
     .fields-group
       = ff.input :aggregate_reblogs, wrapper: :with_label, recommended: true, label: I18n.t('simple_form.labels.defaults.setting_aggregate_reblogs'), hint: I18n.t('simple_form.hints.defaults.setting_aggregate_reblogs')
 
+    .fields-group
+      = ff.input :lock_follow_from_bot, wrapper: :with_label, kmyblue: true, label: I18n.t('simple_form.labels.defaults.setting_lock_follow_from_bot')
+
     %h4= t 'preferences.posting_defaults'
 
     .fields-row
diff --git a/config/locales/simple_form.en.yml b/config/locales/simple_form.en.yml
index 355bdb4809ee93..958f1040f51e4f 100644
--- a/config/locales/simple_form.en.yml
+++ b/config/locales/simple_form.en.yml
@@ -262,6 +262,7 @@ en:
         setting_hide_recent_emojis: Hide recent emojis
         setting_hide_statuses_count: Hide statuses count
         setting_link_preview: Generate post link preview card
+        setting_lock_follow_from_bot: Request approval about bot follow
         setting_noai: Set noai meta tags
         setting_public_post_to_unlisted: Convert public post to public unlisted if not using Web app
         setting_reduce_motion: Reduce motion in animations
diff --git a/config/locales/simple_form.ja.yml b/config/locales/simple_form.ja.yml
index 9c45732db96c88..be5d0e9f6567b8 100644
--- a/config/locales/simple_form.ja.yml
+++ b/config/locales/simple_form.ja.yml
@@ -276,6 +276,7 @@ ja:
         setting_hide_recent_emojis: 絵文字ピッカーで最近使用した絵文字を隠す（リアクションデッキのみを表示する）
         setting_hide_statuses_count: 投稿数を隠す
         setting_link_preview: リンクのプレビューを生成する
+        setting_lock_follow_from_bot: botからのフォローを承認制にする
         setting_stay_privacy: 投稿時に公開範囲を保存する
         setting_noai: 自分のコンテンツのAI学習利用に対して不快感を表明する
         setting_public_post_to_unlisted: サードパーティから公開範囲「公開」で投稿した場合、「ローカル公開」に変更する
diff --git a/spec/controllers/api/v1/accounts_controller_spec.rb b/spec/controllers/api/v1/accounts_controller_spec.rb
index 0daec691a5db77..985e2b947b1cb1 100644
--- a/spec/controllers/api/v1/accounts_controller_spec.rb
+++ b/spec/controllers/api/v1/accounts_controller_spec.rb
@@ -49,10 +49,16 @@
 
   describe 'POST #follow' do
     let(:scopes) { 'write:follows' }
+    let(:my_actor_type) { 'Person' }
+    let(:lock_follow_from_bot) { false }
     let(:other_account) { Fabricate(:account, username: 'bob', locked: locked) }
 
     context 'when posting to an other account' do
       before do
+        other_account.user.settings['lock_follow_from_bot'] = lock_follow_from_bot
+        other_account.user.save!
+        user.account.update!(actor_type: my_actor_type)
+
         post :follow, params: { id: other_account.id }
       end
 
@@ -97,6 +103,29 @@
 
         it_behaves_like 'forbidden for wrong scope', 'read:accounts'
       end
+
+      context 'with unlocked account from bot' do
+        let(:locked) { false }
+        let(:lock_follow_from_bot) { true }
+        let(:my_actor_type) { 'Service' }
+
+        it 'returns http success' do
+          expect(response).to have_http_status(200)
+        end
+
+        it 'returns JSON with following=false and requested=true' do
+          json = body_as_json
+
+          expect(json[:following]).to be false
+          expect(json[:requested]).to be true
+        end
+
+        it 'creates a follow request relation between user and target user' do
+          expect(user.account.requested?(other_account)).to be true
+        end
+
+        it_behaves_like 'forbidden for wrong scope', 'read:accounts'
+      end
     end
 
     context 'when modifying follow options' do
diff --git a/spec/lib/activitypub/activity/follow_spec.rb b/spec/lib/activitypub/activity/follow_spec.rb
index ee007082a7ce38..890ebe27509516 100644
--- a/spec/lib/activitypub/activity/follow_spec.rb
+++ b/spec/lib/activitypub/activity/follow_spec.rb
@@ -3,7 +3,8 @@
 require 'rails_helper'
 
 RSpec.describe ActivityPub::Activity::Follow do
-  let(:sender)    { Fabricate(:account, domain: 'example.com', inbox_url: 'https://example.com/inbox') }
+  let(:actor_type) { 'Person' }
+  let(:sender)    { Fabricate(:account, domain: 'example.com', inbox_url: 'https://example.com/inbox', actor_type: actor_type) }
   let(:recipient) { Fabricate(:account) }
 
   let(:json) do
@@ -83,6 +84,25 @@
         end
       end
 
+      context 'when unlocked account but locked from bot' do
+        let(:actor_type) { 'Service' }
+
+        before do
+          recipient.user.settings['lock_follow_from_bot'] = true
+          recipient.user.save!
+          subject.perform
+        end
+
+        it 'does not create a follow from sender to recipient' do
+          expect(sender.following?(recipient)).to be false
+        end
+
+        it 'creates a follow request' do
+          expect(sender.requested?(recipient)).to be true
+          expect(sender.follow_requests.find_by(target_account: recipient).uri).to eq 'foo'
+        end
+      end
+
       context 'when domain block reject_straight_follow' do
         before do
           Fabricate(:domain_block, domain: 'example.com', reject_straight_follow: true)