19 files changed, 239 insertions, 58 deletions

diff --git a/lib/pleroma/constants.ex b/lib/pleroma/constants.ex
index 3a5e35301..5268ebe7a 100644
--- a/lib/pleroma/constants.ex
+++ b/lib/pleroma/constants.ex
@@ -85,6 +85,36 @@ defmodule Pleroma.Constants do
     ]
   )
 
+  const(activity_types,
+    do: [
+      "Create",
+      "Update",
+      "Delete",
+      "Follow",
+      "Accept",
+      "Reject",
+      "Add",
+      "Remove",
+      "Like",
+      "Announce",
+      "Undo",
+      "Flag",
+      "EmojiReact"
+    ]
+  )
+
+  const(allowed_activity_types_from_strangers,
+    do: [
+      "Block",
+      "Create",
+      "Flag",
+      "Follow",
+      "Like",
+      "EmojiReact",
+      "Announce"
+    ]
+  )
+
   # basic regex, just there to weed out potential mistakes
   # https://datatracker.ietf.org/doc/html/rfc2045#section-5.1
   const(mime_regex,
diff --git a/lib/pleroma/object/fetcher.ex b/lib/pleroma/object/fetcher.ex
index 9d9a201ca..69a5f3268 100644
--- a/lib/pleroma/object/fetcher.ex
+++ b/lib/pleroma/object/fetcher.ex
@@ -58,8 +58,12 @@ defmodule Pleroma.Object.Fetcher do
     end
   end
 
+  @typep fetcher_errors ::
+           :error | :reject | :allowed_depth | :fetch | :containment | :transmogrifier
+
   # Note: will create a Create activity, which we need internally at the moment.
-  @spec fetch_object_from_id(String.t(), list()) :: {:ok, Object.t()} | {:error | :reject, any()}
+  @spec fetch_object_from_id(String.t(), list()) ::
+          {:ok, Object.t()} | {fetcher_errors(), any()} | Pipeline.errors()
   def fetch_object_from_id(id, options \\ []) do
     with {_, nil} <- {:fetch_object, Object.get_cached_by_ap_id(id)},
          {_, true} <- {:allowed_depth, Federator.allowed_thread_distance?(options[:depth])},
diff --git a/lib/pleroma/user/backup.ex b/lib/pleroma/user/backup.ex
index 7feaa22bf..d77d49890 100644
--- a/lib/pleroma/user/backup.ex
+++ b/lib/pleroma/user/backup.ex
@@ -92,9 +92,6 @@ defmodule Pleroma.User.Backup do
     else
       true ->
         {:error, "Backup is missing id. Please insert it into the Repo first."}
-
-      e ->
-        {:error, e}
     end
   end
 
@@ -121,14 +118,13 @@ defmodule Pleroma.User.Backup do
   end
 
   defp permitted?(user) do
-    with {_, %__MODULE__{inserted_at: inserted_at}} <- {:last, get_last(user)},
-         days = Config.get([__MODULE__, :limit_days]),
-         diff = Timex.diff(NaiveDateTime.utc_now(), inserted_at, :days),
-         {_, true} <- {:diff, diff > days} do
-      true
+    with {_, %__MODULE__{inserted_at: inserted_at}} <- {:last, get_last(user)} do
+      days = Config.get([__MODULE__, :limit_days])
+      diff = Timex.diff(NaiveDateTime.utc_now(), inserted_at, :days)
+
+      diff > days
     else
       {:last, nil} -> true
-      {:diff, false} -> false
     end
   end
 
@@ -297,9 +293,6 @@ defmodule Pleroma.User.Backup do
               )
 
               acc
-
-            _ ->
-              acc
           end
         end)
 
diff --git a/lib/pleroma/user/import.ex b/lib/pleroma/user/import.ex
index b79fa88eb..ab6bdb8d4 100644
--- a/lib/pleroma/user/import.ex
+++ b/lib/pleroma/user/import.ex
@@ -12,7 +12,7 @@ defmodule Pleroma.User.Import do
 
   require Logger
 
-  @spec perform(atom(), User.t(), list()) :: :ok | list() | {:error, any()}
+  @spec perform(atom(), User.t(), String.t()) :: :ok | {:error, any()}
   def perform(:mute_import, %User{} = user, actor) do
     with {:ok, %User{} = muted_user} <- User.get_or_fetch(actor),
          {_, false} <- {:existing_mute, User.mutes_user?(user, muted_user)},
@@ -49,7 +49,7 @@ defmodule Pleroma.User.Import do
 
   defp handle_error(op, user_id, error) do
     Logger.debug("#{op} failed for #{user_id} with: #{inspect(error)}")
-    error
+    {:error, error}
   end
 
   def blocks_import(%User{} = user, [_ | _] = actors) do
diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
index cdd054e1a..a08eda5f4 100644
--- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
@@ -311,7 +311,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
       post_inbox_relayed_create(conn, params)
     else
       conn
-      |> put_status(:bad_request)
+      |> put_status(403)
       |> json("Not federating")
     end
   end
diff --git a/lib/pleroma/web/activity_pub/pipeline.ex b/lib/pleroma/web/activity_pub/pipeline.ex
index 7f11a4d67..fc36935d5 100644
--- a/lib/pleroma/web/activity_pub/pipeline.ex
+++ b/lib/pleroma/web/activity_pub/pipeline.ex
@@ -22,22 +22,27 @@ defmodule Pleroma.Web.ActivityPub.Pipeline do
   defp activity_pub, do: Config.get([:pipeline, :activity_pub], ActivityPub)
   defp config, do: Config.get([:pipeline, :config], Config)
 
-  @spec common_pipeline(map(), keyword()) ::
-          {:ok, Activity.t() | Object.t(), keyword()} | {:error | :reject, any()}
+  @type results :: {:ok, Activity.t() | Object.t(), keyword()}
+  @type errors :: {:error | :reject, any()}
+
+  # The Repo.transaction will wrap the result in an {:ok, _}
+  # and only returns an {:error, _} if the error encountered was related
+  # to the SQL transaction
+  @spec common_pipeline(map(), keyword()) :: results() | errors()
   def common_pipeline(object, meta) do
     case Repo.transaction(fn -> do_common_pipeline(object, meta) end, Utils.query_timeout()) do
       {:ok, {:ok, activity, meta}} ->
         side_effects().handle_after_transaction(meta)
         {:ok, activity, meta}
 
-      {:ok, value} ->
-        value
+      {:ok, {:error, _} = error} ->
+        error
+
+      {:ok, {:reject, _} = error} ->
+        error
 
       {:error, e} ->
         {:error, e}
-
-      {:reject, e} ->
-        {:reject, e}
     end
   end
 
diff --git a/lib/pleroma/web/common_api.ex b/lib/pleroma/web/common_api.ex
index 921e414c3..412424dae 100644
--- a/lib/pleroma/web/common_api.ex
+++ b/lib/pleroma/web/common_api.ex
@@ -26,7 +26,7 @@ defmodule Pleroma.Web.CommonAPI do
   require Pleroma.Constants
   require Logger
 
-  @spec block(User.t(), User.t()) :: {:ok, Activity.t()} | {:error, any()}
+  @spec block(User.t(), User.t()) :: {:ok, Activity.t()} | Pipeline.errors()
   def block(blocked, blocker) do
     with {:ok, block_data, _} <- Builder.block(blocker, blocked),
          {:ok, block, _} <- Pipeline.common_pipeline(block_data, local: true) do
@@ -35,7 +35,7 @@ defmodule Pleroma.Web.CommonAPI do
   end
 
   @spec post_chat_message(User.t(), User.t(), String.t(), list()) ::
-          {:ok, Activity.t()} | {:error, any()}
+          {:ok, Activity.t()} | Pipeline.errors()
   def post_chat_message(%User{} = user, %User{} = recipient, content, opts \\ []) do
     with maybe_attachment <- opts[:media_id] && Object.get_by_id(opts[:media_id]),
          :ok <- validate_chat_attachment_attribution(maybe_attachment, user),
@@ -58,7 +58,7 @@ defmodule Pleroma.Web.CommonAPI do
             )} do
       {:ok, activity}
     else
-      {:common_pipeline, {:reject, _} = e} -> e
+      {:common_pipeline, e} -> e
       e -> e
     end
   end
@@ -99,7 +99,8 @@ defmodule Pleroma.Web.CommonAPI do
     end
   end
 
-  @spec unblock(User.t(), User.t()) :: {:ok, Activity.t()} | {:error, any()}
+  @spec unblock(User.t(), User.t()) ::
+          {:ok, Activity.t()} | {:ok, :no_activity} | Pipeline.errors() | {:error, :not_blocking}
   def unblock(blocked, blocker) do
     with {_, %Activity{} = block} <- {:fetch_block, Utils.fetch_latest_block(blocker, blocked)},
          {:ok, unblock_data, _} <- Builder.undo(blocker, block),
@@ -120,7 +121,9 @@ defmodule Pleroma.Web.CommonAPI do
   end
 
   @spec follow(User.t(), User.t()) ::
-          {:ok, User.t(), User.t(), Activity.t() | Object.t()} | {:error, :rejected}
+          {:ok, User.t(), User.t(), Activity.t() | Object.t()}
+          | {:error, :rejected}
+          | Pipeline.errors()
   def follow(followed, follower) do
     timeout = Pleroma.Config.get([:activitypub, :follow_handshake_timeout])
 
@@ -145,7 +148,7 @@ defmodule Pleroma.Web.CommonAPI do
     end
   end
 
-  @spec accept_follow_request(User.t(), User.t()) :: {:ok, User.t()} | {:error, any()}
+  @spec accept_follow_request(User.t(), User.t()) :: {:ok, User.t()} | Pipeline.errors()
   def accept_follow_request(follower, followed) do
     with %Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed),
          {:ok, accept_data, _} <- Builder.accept(followed, follow_activity),
@@ -154,7 +157,7 @@ defmodule Pleroma.Web.CommonAPI do
     end
   end
 
-  @spec reject_follow_request(User.t(), User.t()) :: {:ok, User.t()} | {:error, any()} | nil
+  @spec reject_follow_request(User.t(), User.t()) :: {:ok, User.t()} | Pipeline.errors() | nil
   def reject_follow_request(follower, followed) do
     with %Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed),
          {:ok, reject_data, _} <- Builder.reject(followed, follow_activity),
@@ -163,7 +166,8 @@ defmodule Pleroma.Web.CommonAPI do
     end
   end
 
-  @spec delete(String.t(), User.t()) :: {:ok, Activity.t()} | {:error, any()}
+  @spec delete(String.t(), User.t()) ::
+          {:ok, Activity.t()} | Pipeline.errors() | {:error, :not_found | String.t()}
   def delete(activity_id, user) do
     with {_, %Activity{data: %{"object" => _, "type" => "Create"}} = activity} <-
            {:find_activity, Activity.get_by_id(activity_id, filter: [])},
@@ -213,7 +217,7 @@ defmodule Pleroma.Web.CommonAPI do
     end
   end
 
-  @spec repeat(String.t(), User.t(), map()) :: {:ok, Activity.t()} | {:error, any()}
+  @spec repeat(String.t(), User.t(), map()) :: {:ok, Activity.t()} | {:error, :not_found}
   def repeat(id, user, params \\ %{}) do
     with %Activity{data: %{"type" => "Create"}} = activity <- Activity.get_by_id(id),
          object = %Object{} <- Object.normalize(activity, fetch: false),
@@ -231,7 +235,7 @@ defmodule Pleroma.Web.CommonAPI do
     end
   end
 
-  @spec unrepeat(String.t(), User.t()) :: {:ok, Activity.t()} | {:error, any()}
+  @spec unrepeat(String.t(), User.t()) :: {:ok, Activity.t()} | {:error, :not_found | String.t()}
   def unrepeat(id, user) do
     with {_, %Activity{data: %{"type" => "Create"}} = activity} <-
            {:find_activity, Activity.get_by_id(id)},
@@ -247,7 +251,8 @@ defmodule Pleroma.Web.CommonAPI do
     end
   end
 
-  @spec favorite(String.t(), User.t()) :: {:ok, Activity.t()} | {:error, any()}
+  @spec favorite(String.t(), User.t()) ::
+          {:ok, Activity.t()} | {:ok, :already_liked} | {:error, :not_found | String.t()}
   def favorite(id, %User{} = user) do
     case favorite_helper(user, id) do
       {:ok, _} = res ->
@@ -285,7 +290,8 @@ defmodule Pleroma.Web.CommonAPI do
     end
   end
 
-  @spec unfavorite(String.t(), User.t()) :: {:ok, Activity.t()} | {:error, any()}
+  @spec unfavorite(String.t(), User.t()) ::
+          {:ok, Activity.t()} | {:error, :not_found | String.t()}
   def unfavorite(id, user) do
     with {_, %Activity{data: %{"type" => "Create"}} = activity} <-
            {:find_activity, Activity.get_by_id(id)},
@@ -302,7 +308,7 @@ defmodule Pleroma.Web.CommonAPI do
   end
 
   @spec react_with_emoji(String.t(), User.t(), String.t()) ::
-          {:ok, Activity.t()} | {:error, any()}
+          {:ok, Activity.t()} | {:error, String.t()}
   def react_with_emoji(id, user, emoji) do
     with %Activity{} = activity <- Activity.get_by_id(id),
          object <- Object.normalize(activity, fetch: false),
@@ -316,7 +322,7 @@ defmodule Pleroma.Web.CommonAPI do
   end
 
   @spec unreact_with_emoji(String.t(), User.t(), String.t()) ::
-          {:ok, Activity.t()} | {:error, any()}
+          {:ok, Activity.t()} | {:error, String.t()}
   def unreact_with_emoji(id, user, emoji) do
     with %Activity{} = reaction_activity <- Utils.get_latest_reaction(id, user, emoji),
          {_, {:ok, _}} <- {:cancel_jobs, maybe_cancel_jobs(reaction_activity)},
@@ -329,7 +335,7 @@ defmodule Pleroma.Web.CommonAPI do
     end
   end
 
-  @spec vote(Object.t(), User.t(), list()) :: {:ok, list(), Object.t()} | {:error, any()}
+  @spec vote(Object.t(), User.t(), list()) :: {:ok, list(), Object.t()} | Pipeline.errors()
   def vote(%Object{data: %{"type" => "Question"}} = object, %User{} = user, choices) do
     with :ok <- validate_not_author(object, user),
          :ok <- validate_existing_votes(user, object),
@@ -461,7 +467,7 @@ defmodule Pleroma.Web.CommonAPI do
     end
   end
 
-  @spec update(Activity.t(), User.t(), map()) :: {:ok, Activity.t()} | {:error, any()}
+  @spec update(Activity.t(), User.t(), map()) :: {:ok, Activity.t()} | {:error, nil}
   def update(orig_activity, %User{} = user, changes) do
     with orig_object <- Object.normalize(orig_activity),
          {:ok, new_object} <- make_update_data(user, orig_object, changes),
@@ -497,7 +503,7 @@ defmodule Pleroma.Web.CommonAPI do
     end
   end
 
-  @spec pin(String.t(), User.t()) :: {:ok, Activity.t()} | {:error, term()}
+  @spec pin(String.t(), User.t()) :: {:ok, Activity.t()} | Pipeline.errors()
   def pin(id, %User{} = user) do
     with %Activity{} = activity <- create_activity_by_id(id),
          true <- activity_belongs_to_actor(activity, user.ap_id),
@@ -537,7 +543,7 @@ defmodule Pleroma.Web.CommonAPI do
     end
   end
 
-  @spec unpin(String.t(), User.t()) :: {:ok, Activity.t()} | {:error, term()}
+  @spec unpin(String.t(), User.t()) :: {:ok, Activity.t()} | Pipeline.errors()
   def unpin(id, user) do
     with %Activity{} = activity <- create_activity_by_id(id),
          {:ok, unpin_data, _} <- Builder.unpin(user, activity.object),
@@ -552,7 +558,7 @@ defmodule Pleroma.Web.CommonAPI do
     end
   end
 
-  @spec add_mute(Activity.t(), User.t(), map()) :: {:ok, Activity.t()} | {:error, any()}
+  @spec add_mute(Activity.t(), User.t(), map()) :: {:ok, Activity.t()} | {:error, String.t()}
   def add_mute(activity, user, params \\ %{}) do
     expires_in = Map.get(params, :expires_in, 0)
 
diff --git a/lib/pleroma/web/mastodon_api/controllers/app_controller.ex b/lib/pleroma/web/mastodon_api/controllers/app_controller.ex
index 844673ae0..6cfeb712e 100644
--- a/lib/pleroma/web/mastodon_api/controllers/app_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/app_controller.ex
@@ -19,6 +19,8 @@ defmodule Pleroma.Web.MastodonAPI.AppController do
 
   action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
 
+  plug(Pleroma.Web.Plugs.RateLimiter, [name: :oauth_app_creation] when action == :create)
+
   plug(:skip_auth when action in [:create, :verify_credentials])
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex
index 6976ca6e5..298c73986 100644
--- a/lib/pleroma/web/mastodon_api/views/account_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/account_view.ex
@@ -92,14 +92,13 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
         User.get_follow_state(reading_user, target)
       end
 
-    followed_by =
-      if following_relationships do
-        case FollowingRelationship.find(following_relationships, target, reading_user) do
-          %{state: :follow_accept} -> true
-          _ -> false
-        end
-      else
-        User.following?(target, reading_user)
+    followed_by = FollowingRelationship.following?(target, reading_user)
+    following = FollowingRelationship.following?(reading_user, target)
+
+    requested =
+      cond do
+        following -> false
+        true -> match?(:follow_pending, follow_state)
       end
 
     subscribing =
@@ -114,7 +113,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
     # NOTE: adjust UserRelationship.view_relationships_option/2 on new relation-related flags
     %{
       id: to_string(target.id),
-      following: follow_state == :follow_accept,
+      following: following,
       followed_by: followed_by,
       blocking:
         UserRelationship.exists?(
@@ -150,7 +149,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
         ),
       subscribing: subscribing,
       notifying: subscribing,
-      requested: follow_state == :follow_pending,
+      requested: requested,
       domain_blocking: User.blocks_domain?(reading_user, target),
       showing_reblogs:
         not UserRelationship.exists?(
diff --git a/lib/pleroma/web/o_auth/app.ex b/lib/pleroma/web/o_auth/app.ex
index d1bf6dd18..7661c2566 100644
--- a/lib/pleroma/web/o_auth/app.ex
+++ b/lib/pleroma/web/o_auth/app.ex
@@ -8,6 +8,7 @@ defmodule Pleroma.Web.OAuth.App do
   import Ecto.Query
   alias Pleroma.Repo
   alias Pleroma.User
+  alias Pleroma.Web.OAuth.Token
 
   @type t :: %__MODULE__{}
 
@@ -155,4 +156,29 @@ defmodule Pleroma.Web.OAuth.App do
         Map.put(acc, key, error)
     end)
   end
+
+  @spec maybe_update_owner(Token.t()) :: :ok
+  def maybe_update_owner(%Token{app_id: app_id, user_id: user_id}) when not is_nil(user_id) do
+    __MODULE__.update(app_id, %{user_id: user_id})
+
+    :ok
+  end
+
+  def maybe_update_owner(_), do: :ok
+
+  @spec remove_orphans(pos_integer()) :: :ok
+  def remove_orphans(limit \\ 100) do
+    fifteen_mins_ago = DateTime.add(DateTime.utc_now(), -900, :second)
+
+    Repo.transaction(fn ->
+      from(a in __MODULE__,
+        where: is_nil(a.user_id) and a.inserted_at < ^fifteen_mins_ago,
+        limit: ^limit
+      )
+      |> Repo.all()
+      |> Enum.each(&Repo.delete(&1))
+    end)
+
+    :ok
+  end
 end
diff --git a/lib/pleroma/web/o_auth/o_auth_controller.ex b/lib/pleroma/web/o_auth/o_auth_controller.ex
index 47b03215f..0b3de5481 100644
--- a/lib/pleroma/web/o_auth/o_auth_controller.ex
+++ b/lib/pleroma/web/o_auth/o_auth_controller.ex
@@ -318,6 +318,8 @@ defmodule Pleroma.Web.OAuth.OAuthController do
   def token_exchange(%Plug.Conn{} = conn, params), do: bad_request(conn, params)
 
   def after_token_exchange(%Plug.Conn{} = conn, %{token: token} = view_params) do
+    App.maybe_update_owner(token)
+
     conn
     |> AuthHelper.put_session_token(token.token)
     |> json(OAuthView.render("token.json", view_params))
diff --git a/lib/pleroma/web/plugs/inbox_guard_plug.ex b/lib/pleroma/web/plugs/inbox_guard_plug.ex
new file mode 100644
index 000000000..0064cce76
--- /dev/null
+++ b/lib/pleroma/web/plugs/inbox_guard_plug.ex
@@ -0,0 +1,89 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Plugs.InboxGuardPlug do
+  import Plug.Conn
+  import Pleroma.Constants, only: [activity_types: 0, allowed_activity_types_from_strangers: 0]
+
+  alias Pleroma.Config
+  alias Pleroma.User
+
+  def init(options) do
+    options
+  end
+
+  def call(%{assigns: %{valid_signature: true}} = conn, _opts) do
+    with {_, true} <- {:federating, Config.get!([:instance, :federating])} do
+      conn
+      |> filter_activity_types()
+    else
+      {:federating, false} ->
+        conn
+        |> json(403, "Not federating")
+        |> halt()
+    end
+  end
+
+  def call(conn, _opts) do
+    with {_, true} <- {:federating, Config.get!([:instance, :federating])},
+         conn = filter_activity_types(conn),
+         {:known, true} <- {:known, known_actor?(conn)} do
+      conn
+    else
+      {:federating, false} ->
+        conn
+        |> json(403, "Not federating")
+        |> halt()
+
+      {:known, false} ->
+        conn
+        |> filter_from_strangers()
+    end
+  end
+
+  # Early rejection of unrecognized types
+  defp filter_activity_types(%{body_params: %{"type" => type}} = conn) do
+    with true <- type in activity_types() do
+      conn
+    else
+      _ ->
+        conn
+        |> json(400, "Invalid activity type")
+        |> halt()
+    end
+  end
+
+  # If signature failed but we know this actor we should
+  # accept it as we may only need to refetch their public key
+  # during processing
+  defp known_actor?(%{body_params: data}) do
+    case Pleroma.Object.Containment.get_actor(data) |> User.get_cached_by_ap_id() do
+      %User{} -> true
+      _ -> false
+    end
+  end
+
+  # Only permit a subset of activity types from strangers
+  # or else it will add actors you've never interacted with
+  # to the database
+  defp filter_from_strangers(%{body_params: %{"type" => type}} = conn) do
+    with true <- type in allowed_activity_types_from_strangers() do
+      conn
+    else
+      _ ->
+        conn
+        |> json(400, "Invalid activity type for an unknown actor")
+        |> halt()
+    end
+  end
+
+  defp json(conn, status, resp) do
+    json_resp = Jason.encode!(resp)
+
+    conn
+    |> put_resp_content_type("application/json")
+    |> resp(status, json_resp)
+    |> halt()
+  end
+end
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 9e4b403e0..0423ca9e2 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -217,6 +217,10 @@ defmodule Pleroma.Web.Router do
     plug(Pleroma.Web.Plugs.MappedSignatureToIdentityPlug)
   end
 
+  pipeline :inbox_guard do
+    plug(Pleroma.Web.Plugs.InboxGuardPlug)
+  end
+
   pipeline :static_fe do
     plug(Pleroma.Web.Plugs.StaticFEPlug)
   end
@@ -920,7 +924,7 @@ defmodule Pleroma.Web.Router do
   end
 
   scope "/", Pleroma.Web.ActivityPub do
-    pipe_through(:activitypub)
+    pipe_through([:activitypub, :inbox_guard])
     post("/inbox", ActivityPubController, :inbox)
     post("/users/:nickname/inbox", ActivityPubController, :inbox)
   end
diff --git a/lib/pleroma/workers/cron/app_cleanup_worker.ex b/lib/pleroma/workers/cron/app_cleanup_worker.ex
new file mode 100644
index 000000000..ee71cd7b6
--- /dev/null
+++ b/lib/pleroma/workers/cron/app_cleanup_worker.ex
@@ -0,0 +1,21 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Workers.Cron.AppCleanupWorker do
+  @moduledoc """
+  Cleans up registered apps that were never associated with a user.
+  """
+
+  use Oban.Worker, queue: "background"
+
+  alias Pleroma.Web.OAuth.App
+
+  @impl true
+  def perform(_job) do
+    App.remove_orphans()
+  end
+
+  @impl true
+  def timeout(_job), do: :timer.seconds(30)
+end
diff --git a/lib/pleroma/workers/receiver_worker.ex b/lib/pleroma/workers/receiver_worker.ex
index 0373ec15f..11b672bef 100644
--- a/lib/pleroma/workers/receiver_worker.ex
+++ b/lib/pleroma/workers/receiver_worker.ex
@@ -7,7 +7,7 @@ defmodule Pleroma.Workers.ReceiverWorker do
   alias Pleroma.User
   alias Pleroma.Web.Federator
 
-  use Oban.Worker, queue: :federator_incoming, max_attempts: 5
+  use Oban.Worker, queue: :federator_incoming, max_attempts: 5, unique: [period: :infinity]
 
   @impl true
 
diff --git a/lib/pleroma/workers/remote_fetcher_worker.ex b/lib/pleroma/workers/remote_fetcher_worker.ex
index 9d3f1ec53..aa09362f5 100644
--- a/lib/pleroma/workers/remote_fetcher_worker.ex
+++ b/lib/pleroma/workers/remote_fetcher_worker.ex
@@ -5,7 +5,7 @@
 defmodule Pleroma.Workers.RemoteFetcherWorker do
   alias Pleroma.Object.Fetcher
 
-  use Oban.Worker, queue: :background
+  use Oban.Worker, queue: :background, unique: [period: :infinity]
 
   @impl true
   def perform(%Job{args: %{"op" => "fetch_remote", "id" => id} = args}) do
diff --git a/lib/pleroma/workers/rich_media_worker.ex b/lib/pleroma/workers/rich_media_worker.ex
index d5ba7b63e..e351ecd6e 100644
--- a/lib/pleroma/workers/rich_media_worker.ex
+++ b/lib/pleroma/workers/rich_media_worker.ex
@@ -7,7 +7,7 @@ defmodule Pleroma.Workers.RichMediaWorker do
   alias Pleroma.Web.RichMedia.Backfill
   alias Pleroma.Web.RichMedia.Card
 
-  use Oban.Worker, queue: :background, max_attempts: 3, unique: [period: 300]
+  use Oban.Worker, queue: :background, max_attempts: 3, unique: [period: :infinity]
 
   @impl true
   def perform(%Job{args: %{"op" => "expire", "url" => url} = _args}) do
diff --git a/lib/pleroma/workers/user_refresh_worker.ex b/lib/pleroma/workers/user_refresh_worker.ex
index 222a4a8f7..ee276774b 100644
--- a/lib/pleroma/workers/user_refresh_worker.ex
+++ b/lib/pleroma/workers/user_refresh_worker.ex
@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Workers.UserRefreshWorker do
-  use Oban.Worker, queue: :background, max_attempts: 1, unique: [period: 300]
+  use Oban.Worker, queue: :background, max_attempts: 1, unique: [period: :infinity]
 
   alias Pleroma.User
 
diff --git a/lib/pleroma/workers/web_pusher_worker.ex b/lib/pleroma/workers/web_pusher_worker.ex
index f4232d02a..879b26cc3 100644
--- a/lib/pleroma/workers/web_pusher_worker.ex
+++ b/lib/pleroma/workers/web_pusher_worker.ex
@@ -7,7 +7,7 @@ defmodule Pleroma.Workers.WebPusherWorker do
   alias Pleroma.Repo
   alias Pleroma.Web.Push.Impl
 
-  use Oban.Worker, queue: :web_push
+  use Oban.Worker, queue: :web_push, unique: [period: :infinity]
 
   @impl true
   def perform(%Job{args: %{"op" => "web_push", "notification_id" => notification_id}}) do