Remove bto & bcc before serving ActivityStream object
このコミットが含まれているのは:
コミット
2764b67c7e
|
@ -5,6 +5,7 @@ import (
|
|||
"crypto"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"github.com/go-fed/activity/vocab"
|
||||
"github.com/go-fed/httpsig"
|
||||
"net/http"
|
||||
"net/url"
|
||||
|
@ -109,6 +110,9 @@ func serveActivityPubObject(c context.Context, a Application, clock Clock, w htt
|
|||
if err != nil {
|
||||
return
|
||||
}
|
||||
if obj, ok := pObj.(vocab.ObjectType); ok {
|
||||
clearSensitiveFields(obj)
|
||||
}
|
||||
var m map[string]interface{}
|
||||
m, err = pObj.Serialize()
|
||||
if err != nil {
|
||||
|
|
|
@ -140,6 +140,43 @@ func TestServeActivityPubObject(t *testing.T) {
|
|||
expectedCode: http.StatusForbidden,
|
||||
expectHandled: true,
|
||||
},
|
||||
{
|
||||
name: "remove bto & bcc",
|
||||
app: &MockApplication{
|
||||
t: t,
|
||||
get: func(c context.Context, id *url.URL, rw RWType) (PubObject, error) {
|
||||
if rw != Read {
|
||||
t.Fatalf("expected RWType of %d, got %d", Read, rw)
|
||||
} else if s := id.String(); s != noteURIString {
|
||||
t.Fatalf("expected %s, got %s", noteURIString, s)
|
||||
}
|
||||
testNote = &vocab.Note{}
|
||||
testNote.SetId(noteIRI)
|
||||
testNote.AppendNameString(noteName)
|
||||
testNote.AppendContentString("This is a simple note")
|
||||
testNote.AppendBtoIRI(samIRI)
|
||||
testNote.AppendBccIRI(sallyIRI)
|
||||
return testNote, nil
|
||||
},
|
||||
owns: func(c context.Context, id *url.URL) bool {
|
||||
if s := id.String(); s != noteURIString {
|
||||
t.Fatalf("expected %s, got %s", noteURIString, s)
|
||||
}
|
||||
return true
|
||||
},
|
||||
},
|
||||
clock: &MockClock{now},
|
||||
input: ActivityPubRequest(httptest.NewRequest("GET", noteURIString, nil)),
|
||||
expectedCode: http.StatusOK,
|
||||
expectedObjFn: func() vocab.Serializer {
|
||||
testNote = &vocab.Note{}
|
||||
testNote.SetId(noteIRI)
|
||||
testNote.AppendNameString(noteName)
|
||||
testNote.AppendContentString("This is a simple note")
|
||||
return testNote
|
||||
},
|
||||
expectHandled: true,
|
||||
},
|
||||
}
|
||||
for _, test := range tests {
|
||||
t.Logf("Running table test case %q", test.name)
|
||||
|
@ -515,6 +552,43 @@ func TestServeActivityPubObjectWithVerificationMethod(t *testing.T) {
|
|||
expectedCode: http.StatusBadRequest,
|
||||
expectHandled: true,
|
||||
},
|
||||
{
|
||||
name: "remove bto & bcc",
|
||||
app: &MockApplication{
|
||||
t: t,
|
||||
get: func(c context.Context, id *url.URL, rw RWType) (PubObject, error) {
|
||||
if rw != Read {
|
||||
t.Fatalf("expected RWType of %d, got %d", Read, rw)
|
||||
} else if s := id.String(); s != noteURIString {
|
||||
t.Fatalf("expected %s, got %s", noteURIString, s)
|
||||
}
|
||||
testNote = &vocab.Note{}
|
||||
testNote.SetId(noteIRI)
|
||||
testNote.AppendNameString(noteName)
|
||||
testNote.AppendContentString("This is a simple note")
|
||||
testNote.AppendBtoIRI(samIRI)
|
||||
testNote.AppendBccIRI(sallyIRI)
|
||||
return testNote, nil
|
||||
},
|
||||
owns: func(c context.Context, id *url.URL) bool {
|
||||
if s := id.String(); s != noteURIString {
|
||||
t.Fatalf("expected %s, got %s", noteURIString, s)
|
||||
}
|
||||
return true
|
||||
},
|
||||
},
|
||||
clock: &MockClock{now},
|
||||
input: ActivityPubRequest(httptest.NewRequest("GET", noteURIString, nil)),
|
||||
expectedCode: http.StatusOK,
|
||||
expectedObjFn: func() vocab.Serializer {
|
||||
testNote = &vocab.Note{}
|
||||
testNote.SetId(noteIRI)
|
||||
testNote.AppendNameString(noteName)
|
||||
testNote.AppendContentString("This is a simple note")
|
||||
return testNote
|
||||
},
|
||||
expectHandled: true,
|
||||
},
|
||||
}
|
||||
for _, test := range tests {
|
||||
t.Logf("Running table test case %q", test.name)
|
||||
|
|
|
@ -2103,6 +2103,27 @@ func getIRISetFromOrderedItems(c vocab.OrderedCollectionType) (map[string]bool,
|
|||
return r, nil
|
||||
}
|
||||
|
||||
func clearSensitiveFields(obj vocab.ObjectType) {
|
||||
for i := 0; i < obj.BtoLen(); i++ {
|
||||
if obj.IsBtoObject(0) {
|
||||
obj.RemoveBtoObject(0)
|
||||
} else if obj.IsBtoLink(0) {
|
||||
obj.RemoveBtoLink(0)
|
||||
} else if obj.IsBtoIRI(0) {
|
||||
obj.RemoveBtoIRI(0)
|
||||
}
|
||||
}
|
||||
for i := 0; i < obj.BccLen(); i++ {
|
||||
if obj.IsBccObject(0) {
|
||||
obj.RemoveBccObject(0)
|
||||
} else if obj.IsBccLink(0) {
|
||||
obj.RemoveBccLink(0)
|
||||
} else if obj.IsBccIRI(0) {
|
||||
obj.RemoveBccIRI(0)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// TODO: Move this to vocab package.
|
||||
var activityTypes = []string{"Accept", "Add", "Announce", "Arrive", "Block", "Create", "Delete", "Dislike", "Flag", "Follow", "Ignore", "Invite", "Join", "Leave", "Like", "Listen", "Move", "Offer", "Question", "Reject", "Read", "Remove", "TentativeReject", "TentativeAccept", "Travel", "Undo", "Update", "View"}
|
||||
|
||||
|
|
読み込み中…
新しいイシューから参照