Change: #375 投稿を編集して拡張ドメインブロックの条件にひっかかる状態になった場合、対象サーバーには投稿削除のActivity…

…を送信する (#495) * Change: #375 投稿を編集して拡張ドメインブロックの条件にひっかかる状態になった場合、対象サーバーには投稿削除のActivityを送信する * Fix test * Add test
kmycode · Jan 24, 2024 · fcd13a6 · fcd13a6
1 parent e437514
commit fcd13a6
Show file tree

Hide file tree

Showing 8 changed files with 146 additions and 12 deletions.
diff --git a/app/lib/status_reach_finder.rb b/app/lib/status_reach_finder.rb
@@ -31,6 +31,10 @@ def inboxes_for_limited
     )
   end
 
+  def inboxes_diff_for_sending_domain_block
+    (reached_account_inboxes_for_sending_domain_block + followers_inboxes_for_sending_domain_block).uniq
+  end
+
   def all_inboxes
     (inboxes + inboxes_for_misskey + inboxes_for_friend).uniq
   end
@@ -58,6 +62,14 @@ def reached_account_inboxes_for_friend
     end
   end
 
+  def reached_account_inboxes_for_sending_domain_block
+    if @status.reblog? || @status.limited_visibility?
+      []
+    else
+      Account.where(id: reached_account_ids, domain: banned_domains_of_status(@status)).inboxes
+    end
+  end
+
   def reached_account_ids
     # When the status is a reblog, there are no interactions with it
     # directly, we assume all interactions are with the original one
@@ -144,6 +156,10 @@ def followers_inboxes_for_friend
     end
   end
 
+  def followers_inboxes_for_sending_domain_block
+    @status.account.followers.where(domain: banned_domains_of_status(@status)).inboxes
+  end
+
   def relay_inboxes
     if @status.public_visibility?
       Relay.enabled.pluck(:inbox_url)
@@ -192,9 +208,15 @@ def banned_domains
   end
 
   def banned_domains_of_status(status)
+    return [] unless status.sending_sensitive?
+    return @banned_domains_of_status if defined?(@banned_domains_of_status) && status.id == @status.id
+
     blocks = DomainBlock.where(domain: nil)
-    blocks = blocks.or(DomainBlock.where(reject_send_sensitive: true)) if (status.with_media? && status.sensitive) || status.spoiler_text?
-    blocks.pluck(:domain).uniq
+    blocks = blocks.or(DomainBlock.where(reject_send_sensitive: true)) if status.sending_sensitive?
+    domains = blocks.pluck(:domain).uniq
+
+    @banned_domains_of_status = domains if status.id == @status.id
+    domains
   end
 
   def banned_domains_for_misskey

diff --git a/app/models/concerns/status/domain_block_concern.rb b/app/models/concerns/status/domain_block_concern.rb
@@ -6,7 +6,7 @@ module Status::DomainBlockConcern
   def sending_sensitive?
     return false unless local?
 
-    (with_media? && sensitive) || spoiler_text?
+    sensitive
   end
 
   def sending_maybe_compromised_privacy?

diff --git a/app/services/post_status_service.rb b/app/services/post_status_service.rb
@@ -68,11 +68,7 @@ def call(account, options = {})
   private
 
   def preprocess_attributes!
-    @sensitive    = (if @options[:sensitive].nil?
-                       @media.any? ? @account.user&.setting_default_sensitive : false
-                     else
-                       @options[:sensitive]
-                     end) || @options[:spoiler_text].present?
+    @sensitive    = (@options[:sensitive].nil? ? @account.user&.setting_default_sensitive : @options[:sensitive]) || @options[:spoiler_text].present?
     @text         = @options.delete(:spoiler_text) if @text.blank? && @options[:spoiler_text].present?
     @visibility   = @options[:visibility]&.to_sym || @account.user&.setting_default_privacy&.to_sym
     @visibility   = :limited if %w(mutual circle reply).include?(@options[:visibility])

diff --git a/app/services/update_status_service.rb b/app/services/update_status_service.rb
@@ -24,6 +24,7 @@ def call(status, account_id, options = {})
     @account_id                = account_id
     @media_attachments_changed = false
     @poll_changed              = false
+    @old_sensitive             = sensitive?
 
     clear_histories! if @options[:no_history]
 
@@ -189,7 +190,7 @@ def process_mentions_service
 
   def broadcast_updates!
     DistributionWorker.perform_async(@status.id, { 'update' => true })
-    ActivityPub::StatusUpdateDistributionWorker.perform_async(@status.id)
+    ActivityPub::StatusUpdateDistributionWorker.perform_async(@status.id, { 'sensitive' => sensitive?, 'sensitive_changed' => @old_sensitive != sensitive? && sensitive? })
   end
 
   def queue_poll_notifications!
@@ -227,4 +228,8 @@ def clear_histories!
     @status.edited_at = nil
     @status.save!
   end
+
+  def sensitive?
+    @status.sensitive
+  end
 end
diff --git a/app/workers/activitypub/status_update_distribution_worker.rb b/app/workers/activitypub/status_update_distribution_worker.rb
@@ -12,13 +12,25 @@ def perform(status_id, options = {})
       distribute_limited!
     else
       distribute!
+      distribute_delete_activity!
     end
   rescue ActiveRecord::RecordNotFound
     true
   end
 
   protected
 
+  def inboxes
+    return super if @status.limited_visibility?
+    return super unless sensitive?
+
+    super - inboxes_diff_for_sending_domain_block
+  end
+
+  def inboxes_diff_for_sending_domain_block
+    status_reach_finder.inboxes_diff_for_sending_domain_block
+  end
+
   def inboxes_for_limited
     @inboxes_for_limited ||= @status.mentioned_accounts.inboxes
   end
@@ -47,7 +59,30 @@ def activity_for_friend
     build_activity(for_friend: true)
   end
 
+  def delete_activity
+    @delete_activity ||= Oj.dump(serialize_payload(@status, ActivityPub::DeleteSerializer, signer: @account))
+  end
+
+  def distribute_delete_activity!
+    return unless sensitive_changed?
+
+    target_inboxes = inboxes_diff_for_sending_domain_block
+    return if target_inboxes.empty?
+
+    ActivityPub::DeliveryWorker.push_bulk(target_inboxes, limit: 1_000) do |inbox_url|
+      [delete_activity, @account.id, inbox_url, {}]
+    end
+  end
+
   def always_sign
     @status.limited_visibility?
   end
+
+  def sensitive?
+    @options[:sensitive]
+  end
+
+  def sensitive_changed?
+    @options[:sensitive_changed]
+  end
 end
diff --git a/spec/lib/activitypub/activity/update_spec.rb b/spec/lib/activitypub/activity/update_spec.rb
@@ -117,6 +117,33 @@
       end
     end
 
+    context 'when the status is not existing' do
+      let(:json) do
+        {
+          '@context': 'https://www.w3.org/ns/activitystreams',
+          id: 'foo',
+          type: 'Update',
+          actor: sender.uri,
+          signature: 'foo',
+          object: {
+            type: 'Note',
+            id: 'https://example.com/note',
+            content: 'Ohagi is tsubuan',
+          },
+        }.with_indifferent_access
+      end
+
+      before do
+        stub_request(:post, 'https://example.com/inbox').to_return(status: 200)
+        subject.perform
+      end
+
+      it 'does not create a new status', :sidekiq_inline do
+        status = Status.find_by(uri: 'https://example.com/note')
+        expect(status).to be_nil
+      end
+    end
+
     context 'when the status is limited post and has conversation' do
       let(:status) { Fabricate(:status, visibility: :limited, account: sender, uri: 'https://example.com/note', text: 'Ohagi is koshian') }
       let(:conversation) { Fabricate(:conversation, ancestor_status: status) }

diff --git a/spec/lib/status_reach_finder_spec.rb b/spec/lib/status_reach_finder_spec.rb
@@ -379,15 +379,15 @@
       let(:visibility) { :public }
       let(:searchability) { :public }
       let(:dissubscribable) { false }
-      let(:spoiler_text) { '' }
-      let(:status) { Fabricate(:status, account: alice, visibility: visibility, searchability: searchability, spoiler_text: spoiler_text) }
+      let(:sensitive) { false }
+      let(:status) { Fabricate(:status, account: alice, visibility: visibility, searchability: searchability, sensitive: sensitive) }
       let(:alice) { Fabricate(:account, username: 'alice', master_settings: { subscription_policy: dissubscribable ? 'block' : 'allow' }) }
       let(:bob) { Fabricate(:account, username: 'bob', domain: 'example.com', protocol: :activitypub, uri: 'https://example.com/', inbox_url: 'https://example.com/inbox') }
       let(:tom) { Fabricate(:account, username: 'tom', domain: 'tom.com', protocol: :activitypub, uri: 'https://tom.com/', inbox_url: 'https://tom.com/inbox') }
 
       context 'when reject_send_sensitive' do
         let(:properties) { { reject_send_sensitive: true } }
-        let(:spoiler_text) { 'CW' }
+        let(:sensitive) { true }
 
         it 'does not include the inbox of blocked domain' do
           expect(subject.inboxes).to_not include 'https://example.com/inbox'

diff --git a/spec/services/update_status_service_spec.rb b/spec/services/update_status_service_spec.rb
@@ -62,6 +62,55 @@
     end
   end
 
+  context 'when content warning changes and has remote user', :sidekiq_inline do
+    let(:remote_follower) { Fabricate(:account, domain: 'example.com', uri: 'https://example.com/actor', protocol: :activitypub, inbox_url: 'https://example.com/inbox') }
+    let(:status) { Fabricate(:status, text: 'Foo', spoiler_text: '', account: Fabricate(:user).account) }
+
+    before do
+      remote_follower.follow!(status.account)
+      stub_request(:post, 'https://example.com/inbox').to_return(status: 200)
+    end
+
+    def match_update_request(req, type)
+      json = JSON.parse(req.body)
+      actor_id = ActivityPub::TagManager.instance.uri_for(status.account)
+      status_id = ActivityPub::TagManager.instance.uri_for(status)
+      json['type'] == type && json['actor'] == actor_id && json['object']['id'] == status_id
+    end
+
+    it 'edit activity is sent' do
+      subject.call(status, status.account_id, text: 'Foo', spoiler_text: 'Bar')
+
+      expect(a_request(:post, 'https://example.com/inbox').with { |req| match_update_request(req, 'Update') }).to have_been_made.once
+      expect(a_request(:post, 'https://example.com/inbox').with { |req| match_update_request(req, 'Delete') }).to_not have_been_made
+    end
+
+    it 'edit activity is sent for target user' do
+      Fabricate(:domain_block, domain: 'example.com', severity: :noop, reject_send_sensitive: true)
+      subject.call(status, status.account_id, text: 'Ohagi')
+
+      expect(a_request(:post, 'https://example.com/inbox').with { |req| match_update_request(req, 'Update') }).to have_been_made.once
+      expect(a_request(:post, 'https://example.com/inbox').with { |req| match_update_request(req, 'Delete') }).to_not have_been_made
+    end
+
+    it 'delete activity is sent when follower is target user' do
+      Fabricate(:domain_block, domain: 'example.com', severity: :noop, reject_send_sensitive: true)
+      subject.call(status, status.account_id, text: 'Foo', spoiler_text: 'Bar')
+
+      expect(a_request(:post, 'https://example.com/inbox').with { |req| match_update_request(req, 'Delete') }).to have_been_made.once
+      expect(a_request(:post, 'https://example.com/inbox').with { |req| match_update_request(req, 'Update') }).to_not have_been_made
+    end
+
+    it 'delete activity is sent and update activity is not sent when follower is target user' do
+      Fabricate(:domain_block, domain: 'example.com', severity: :noop, reject_send_sensitive: true)
+      subject.call(status, status.account_id, text: 'Foo', spoiler_text: 'Bar')
+      subject.call(status, status.account_id, text: 'Ohagi', spoiler_text: 'Bar')
+
+      expect(a_request(:post, 'https://example.com/inbox').with { |req| match_update_request(req, 'Delete') }).to have_been_made.once
+      expect(a_request(:post, 'https://example.com/inbox').with { |req| match_update_request(req, 'Update') }).to_not have_been_made
+    end
+  end
+
   context 'when media attachments change' do
     let!(:status) { Fabricate(:status, text: 'Foo') }
     let!(:detached_media_attachment) { Fabricate(:media_attachment, account: status.account) }