mirror
/
activitypub-single-php-file
kopia lustrzana https://gitlab.com/edent/activitypub-single-php-file
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Better logic for ignoring spurious posts

merge-requests/5/head
Terence Eden 2024-03-14 22:08:16 +00:00
rodzic 37368caf72
commit ccdcca3dae
1 zmienionych plików z 96 dodań i 80 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

116
index.php
Wyświetl plik

@ -247,61 +247,14 @@
// Get the message, type, and ID // Get the message, type, and ID
$inbox_message = $body; $inbox_message = $body;
$inbox_type = $inbox_message["type"]; $inbox_type = $inbox_message["type"];
$inbox_id = $inbox_message["id"];
// If this is an Undo, Delete, or Update message, try to process it
if ( "Undo" == $inbox_type || "Delete" == $inbox_type || "Update" == $inbox_type ) {
undo( $inbox_message );
die();
}
// Messages to ignore.
// Some servers are very chatty. They send lots of irrelevant messages.
// Before even bothering to validate them, we can delete them.
// Messages from accounts which aren't being followed.
// Some servers send delete messages about users we don't follow.
// Lemmy sends messages even after unfollowing or blocking a channel
// Get a list of every account we follow
// Get all the files
$following_files = glob( $directories["following"] . "/*.json");
// Create a list of all accounts being followed
$following_ids = array();
foreach ( $following_files as $following_file ) {
$following = json_decode( file_get_contents( $following_file ), true );
$following_ids[] = $following["id"];
}
// Is this from someone we follow?
in_array( $inbox_message["actor"], $following_ids ) ? $from_following = true: $from_following = false;
// Has the user has been specifically CC'd?
if ( isset( $inbox_message["cc"] ) ) {
$reply = in_array( "https://{$server}/{$username}", $inbox_message["cc"] );
} else {
$reply = false;
}
if ( !$reply && !$from_following ) {
// Don't bother processing it at all.
die();
}
// Validate HTTP Message Signature
if ( !verifyHTTPSignature() ) { die(); }
// If the message is valid, save the message in `/data/inbox/`
$uuid = uuid( $inbox_message );
$inbox_filename = $uuid . "." . urlencode( $inbox_type ) . ".json";
file_put_contents( $directories["inbox"] . "/{$inbox_filename}", json_encode( $inbox_message ) );
// This inbox only sends responses to follow requests. // This inbox only sends responses to follow requests.
// A remote server sends the inbox a follow request which is a JSON file saying who they are. // A remote server sends the inbox a follow request which is a JSON file saying who they are.
// The details of the remote user's server is saved to a file so that future messages can be delivered to the follower. // The details of the remote user's server is saved to a file so that future messages can be delivered to the follower.
// An accept request is cryptographically signed and POST'd back to the remote server. // An accept request is cryptographically signed and POST'd back to the remote server.
if ( "Follow" != $inbox_type ) { die(); } if ( "Follow" == $inbox_type ) {
// Validate HTTP Message Signature
if ( !verifyHTTPSignature() ) { die(); }
// Get the parameters // Get the parameters
$follower_id = $inbox_message["id"]; // E.g. https://mastodon.social/(unique id) $follower_id = $inbox_message["id"]; // E.g. https://mastodon.social/(unique id)
@ -338,6 +291,69 @@
// The Accept is POSTed to the inbox on the server of the user who requested the follow // The Accept is POSTed to the inbox on the server of the user who requested the follow
sendMessageToSingle( $follower_inbox, $message ); sendMessageToSingle( $follower_inbox, $message );
} else {
// Messages to ignore.
// Some servers are very chatty. They send lots of irrelevant messages.
// Before even bothering to validate them, we can delete them.
// Messages from accounts which aren't being followed.
// Some servers send delete messages about users we don't follow.
// Lemmy sends messages even after unfollowing or blocking a channel
// Get a list of every account we follow
// Get all the files
$following_files = glob( $directories["following"] . "/*.json");
// Create a list of all accounts being followed
$following_ids = array();
foreach ( $following_files as $following_file ) {
$following = json_decode( file_get_contents( $following_file ), true );
$following_ids[] = $following["id"];
}
// Is this from someone we follow?
in_array( $inbox_message["actor"], $following_ids ) ? $from_following = true: $from_following = false;
// Get a list of every account following us
// Get all the files
$followers_files = glob( $directories["followers"] . "/*.json");
// Create a list of all accounts being followed
$followers_ids = array();
foreach ( $followers_files as $follower_file ) {
$follower = json_decode( file_get_contents( $follower_file ), true );
$followers_ids[] = $follower["id"];
}
// Is this from someone following us?
in_array( $inbox_message["actor"], $followers_ids ) ? $from_follower = true: $from_follower = false;
// Has the user has been specifically CC'd?
if ( isset( $inbox_message["cc"] ) ) {
$reply = in_array( "https://{$server}/{$username}", $inbox_message["cc"] );
} else {
$reply = false;
}
if ( !$reply && !$from_following && !$from_follower ) {
// Don't bother processing it at all.
die();
}
// If this is an Undo, Delete, or Update message, try to process it
if ( "Undo" == $inbox_type || "Delete" == $inbox_type || "Update" == $inbox_type ) {
undo( $inbox_message );
}
// Validate HTTP Message Signature
if ( !verifyHTTPSignature() ) { die(); }
}
// If the message is valid, save the message in `/data/inbox/`
$uuid = uuid( $inbox_message );
$inbox_filename = $uuid . "." . urlencode( $inbox_type ) . ".json";
file_put_contents( $directories["inbox"] . "/{$inbox_filename}", json_encode( $inbox_message ) );
die(); die();
} }