4 files changed, 167 insertions, 8 deletions

diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex
index a2a94a0ff..df8795fe4 100644
--- a/lib/pleroma/web/activity_pub/activity_pub.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub.ex
@@ -1542,16 +1542,23 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
 
   defp get_actor_url(_url), do: nil
 
-  defp normalize_image(%{"url" => url}) do
+  defp normalize_image(%{"url" => url} = data) do
     %{
       "type" => "Image",
       "url" => [%{"href" => url}]
     }
+    |> maybe_put_description(data)
   end
 
   defp normalize_image(urls) when is_list(urls), do: urls |> List.first() |> normalize_image()
   defp normalize_image(_), do: nil
 
+  defp maybe_put_description(map, %{"name" => description}) when is_binary(description) do
+    Map.put(map, "name", description)
+  end
+
+  defp maybe_put_description(map, _), do: map
+
   defp object_to_user_data(data, additional) do
     fields =
       data
diff --git a/lib/pleroma/web/activity_pub/mrf/remote_report_policy.ex b/lib/pleroma/web/activity_pub/mrf/remote_report_policy.ex
new file mode 100644
index 000000000..fa0610bf1
--- /dev/null
+++ b/lib/pleroma/web/activity_pub/mrf/remote_report_policy.ex
@@ -0,0 +1,118 @@
+defmodule Pleroma.Web.ActivityPub.MRF.RemoteReportPolicy do
+  @moduledoc "Drop remote reports if they don't contain enough information."
+  @behaviour Pleroma.Web.ActivityPub.MRF.Policy
+
+  alias Pleroma.Config
+
+  @impl true
+  def filter(%{"type" => "Flag"} = object) do
+    with {_, false} <- {:local, local?(object)},
+         {:ok, _} <- maybe_reject_all(object),
+         {:ok, _} <- maybe_reject_anonymous(object),
+         {:ok, _} <- maybe_reject_third_party(object),
+         {:ok, _} <- maybe_reject_empty_message(object) do
+      {:ok, object}
+    else
+      {:local, true} -> {:ok, object}
+      {:reject, message} -> {:reject, message}
+      error -> {:reject, error}
+    end
+  end
+
+  def filter(object), do: {:ok, object}
+
+  defp maybe_reject_all(object) do
+    if Config.get([:mrf_remote_report, :reject_all]) do
+      {:reject, "[RemoteReportPolicy] Remote report"}
+    else
+      {:ok, object}
+    end
+  end
+
+  defp maybe_reject_anonymous(%{"actor" => actor} = object) do
+    with true <- Config.get([:mrf_remote_report, :reject_anonymous]),
+         %URI{path: "/actor"} <- URI.parse(actor) do
+      {:reject, "[RemoteReportPolicy] Anonymous: #{actor}"}
+    else
+      _ -> {:ok, object}
+    end
+  end
+
+  defp maybe_reject_third_party(%{"object" => objects} = object) do
+    {_, to} =
+      case objects do
+        [head | tail] when is_binary(head) -> {tail, head}
+        s when is_binary(s) -> {[], s}
+        _ -> {[], ""}
+      end
+
+    with true <- Config.get([:mrf_remote_report, :reject_third_party]),
+         false <- String.starts_with?(to, Pleroma.Web.Endpoint.url()) do
+      {:reject, "[RemoteReportPolicy] Third-party: #{to}"}
+    else
+      _ -> {:ok, object}
+    end
+  end
+
+  defp maybe_reject_empty_message(%{"content" => content} = object)
+       when is_binary(content) and content != "" do
+    {:ok, object}
+  end
+
+  defp maybe_reject_empty_message(object) do
+    if Config.get([:mrf_remote_report, :reject_empty_message]) do
+      {:reject, ["RemoteReportPolicy] No content"]}
+    else
+      {:ok, object}
+    end
+  end
+
+  defp local?(%{"actor" => actor}) do
+    String.starts_with?(actor, Pleroma.Web.Endpoint.url())
+  end
+
+  @impl true
+  def describe do
+    mrf_remote_report =
+      Config.get(:mrf_remote_report)
+      |> Enum.into(%{})
+
+    {:ok, %{mrf_remote_report: mrf_remote_report}}
+  end
+
+  @impl true
+  def config_description do
+    %{
+      key: :mrf_remote_report,
+      related_policy: "Pleroma.Web.ActivityPub.MRF.RemoteReportPolicy",
+      label: "MRF Remote Report",
+      description: "Drop remote reports if they don't contain enough information.",
+      children: [
+        %{
+          key: :reject_all,
+          type: :boolean,
+          description: "Reject all remote reports? (this option takes precedence)",
+          suggestions: [false]
+        },
+        %{
+          key: :reject_anonymous,
+          type: :boolean,
+          description: "Reject anonymous remote reports?",
+          suggestions: [true]
+        },
+        %{
+          key: :reject_third_party,
+          type: :boolean,
+          description: "Reject reports on users from third-party instances?",
+          suggestions: [true]
+        },
+        %{
+          key: :reject_empty_message,
+          type: :boolean,
+          description: "Reject remote reports with no message?",
+          suggestions: [true]
+        }
+      ]
+    }
+  end
+end
diff --git a/lib/pleroma/web/activity_pub/object_validator.ex b/lib/pleroma/web/activity_pub/object_validator.ex
index b3043b93a..35774d410 100644
--- a/lib/pleroma/web/activity_pub/object_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validator.ex
@@ -11,6 +11,8 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidator do
 
   @behaviour Pleroma.Web.ActivityPub.ObjectValidator.Validating
 
+  import Pleroma.Constants, only: [activity_types: 0, object_types: 0]
+
   alias Pleroma.Activity
   alias Pleroma.EctoType.ActivityPub.ObjectValidators
   alias Pleroma.Object
@@ -38,6 +40,16 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidator do
   @impl true
   def validate(object, meta)
 
+  # This overload works together with the InboxGuardPlug
+  # and ensures that we are not accepting any activity type
+  # that cannot pass InboxGuardPlug.
+  # If we want to support any more activity types, make sure to
+  # add it in Pleroma.Constants's activity_types or object_types,
+  # and, if applicable, allowed_activity_types_from_strangers.
+  def validate(%{"type" => type}, _meta)
+      when type not in activity_types() and type not in object_types(),
+      do: {:error, :not_allowed_object_type}
+
   def validate(%{"type" => "Block"} = block_activity, meta) do
     with {:ok, block_activity} <-
            block_activity
diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex
index 937e4fd67..cd485ed64 100644
--- a/lib/pleroma/web/activity_pub/views/user_view.ex
+++ b/lib/pleroma/web/activity_pub/views/user_view.ex
@@ -129,8 +129,22 @@ defmodule Pleroma.Web.ActivityPub.UserView do
       "vcard:bday" => birthday,
       "webfinger" => "acct:#{User.full_nickname(user)}"
     }
-    |> Map.merge(maybe_make_image(&User.avatar_url/2, "icon", user))
-    |> Map.merge(maybe_make_image(&User.banner_url/2, "image", user))
+    |> Map.merge(
+      maybe_make_image(
+        &User.avatar_url/2,
+        User.image_description(user.avatar, nil),
+        "icon",
+        user
+      )
+    )
+    |> Map.merge(
+      maybe_make_image(
+        &User.banner_url/2,
+        User.image_description(user.banner, nil),
+        "image",
+        user
+      )
+    )
     |> Map.merge(Utils.make_json_ld_header())
   end
 
@@ -305,16 +319,24 @@ defmodule Pleroma.Web.ActivityPub.UserView do
     end
   end
 
-  defp maybe_make_image(func, key, user) do
+  defp maybe_make_image(func, description, key, user) do
     if image = func.(user, no_default: true) do
       %{
-        key => %{
-          "type" => "Image",
-          "url" => image
-        }
+        key =>
+          %{
+            "type" => "Image",
+            "url" => image
+          }
+          |> maybe_put_description(description)
       }
     else
       %{}
     end
   end
+
+  defp maybe_put_description(map, description) when is_binary(description) do
+    Map.put(map, "name", description)
+  end
+
+  defp maybe_put_description(map, _description), do: map
 end