From 4745a41393cddd9bbc5a14affa77595204488b8f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?marcin=20miko=C5=82ajczak?= <git@mkljczk.pl>
Date: Thu, 10 Aug 2023 23:03:19 +0200
Subject: Allow to specify post language
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
---
 lib/pleroma/constants.ex                           |  6 +-
 .../article_note_page_validator.ex                 |  1 +
 .../object_validators/common_fields.ex             |  1 +
 lib/pleroma/web/activity_pub/transmogrifier.ex     | 78 ++++++++++++++++++++--
 lib/pleroma/web/activity_pub/utils.ex              | 11 ++-
 lib/pleroma/web/activity_pub/views/object_view.ex  |  6 +-
 lib/pleroma/web/common_api/activity_draft.ex       | 13 ++++
 lib/pleroma/web/common_api/utils.ex                | 16 +++++
 lib/pleroma/web/mastodon_api/views/status_view.ex  |  4 +-
 9 files changed, 121 insertions(+), 15 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/constants.ex b/lib/pleroma/constants.ex
index 6befc6897..c2e577b49 100644
--- a/lib/pleroma/constants.ex
+++ b/lib/pleroma/constants.ex
@@ -19,7 +19,8 @@ defmodule Pleroma.Constants do
       "context_id",
       "deleted_activity_id",
       "pleroma_internal",
-      "generator"
+      "generator",
+      "language"
     ]
   )
 
@@ -38,7 +39,8 @@ defmodule Pleroma.Constants do
       "summary",
       "sensitive",
       "attachment",
-      "generator"
+      "generator",
+      "language"
     ]
   )
 
diff --git a/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex b/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex
index 2670e3f17..73101f20f 100644
--- a/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex
@@ -86,6 +86,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNotePageValidator do
     |> fix_attachments()
     |> Transmogrifier.fix_emoji()
     |> Transmogrifier.fix_content_map()
+    |> Transmogrifier.maybe_add_language()
   end
 
   def changeset(struct, data) do
diff --git a/lib/pleroma/web/activity_pub/object_validators/common_fields.ex b/lib/pleroma/web/activity_pub/object_validators/common_fields.ex
index d580208df..5ed3ea023 100644
--- a/lib/pleroma/web/activity_pub/object_validators/common_fields.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/common_fields.ex
@@ -57,6 +57,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CommonFields do
       field(:replies_count, :integer, default: 0)
       field(:like_count, :integer, default: 0)
       field(:announcement_count, :integer, default: 0)
+      field(:language, :string)
       field(:inReplyTo, ObjectValidators.ObjectID)
       field(:url, ObjectValidators.BareUri)
 
diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex
index 0e6c429f9..732d878c4 100644
--- a/lib/pleroma/web/activity_pub/transmogrifier.ex
+++ b/lib/pleroma/web/activity_pub/transmogrifier.ex
@@ -22,6 +22,8 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
   alias Pleroma.Web.Federator
 
   import Ecto.Query
+  import Pleroma.Web.CommonAPI.Utils, only: [is_good_locale_code?: 1]
+  import Pleroma.Web.Utils.Guards, only: [not_empty_string: 1]
 
   require Logger
   require Pleroma.Constants
@@ -42,6 +44,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     |> fix_content_map()
     |> fix_addressing()
     |> fix_summary()
+    |> maybe_add_language()
   end
 
   def fix_summary(%{"summary" => nil} = object) do
@@ -318,6 +321,8 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
 
   def fix_tag(object), do: object
 
+  def fix_content_map(%{"content" => content} = object) when not_empty_string(content), do: object
+
   # content map usually only has one language so this will do for now.
   def fix_content_map(%{"contentMap" => content_map} = object) do
     content_groups = Map.to_list(content_map)
@@ -454,6 +459,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
       |> strip_internal_fields()
       |> fix_type(fetch_options)
       |> fix_in_reply_to(fetch_options)
+      |> maybe_add_language_from_activity(data)
 
     data = Map.put(data, "object", object)
     options = Keyword.put(options, :local, false)
@@ -679,6 +685,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     |> add_mention_tags
     |> add_emoji_tags
     |> add_attributed_to
+    |> maybe_add_content_map
     |> prepare_attachments
     |> set_conversation
     |> set_reply_to_uri
@@ -722,7 +729,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     data =
       data
       |> Map.put("object", object)
-      |> Map.merge(Utils.make_json_ld_header())
+      |> Map.merge(Utils.make_json_ld_header(data))
       |> Map.delete("bcc")
 
     {:ok, data}
@@ -737,7 +744,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     data =
       data
       |> Map.put("object", object)
-      |> Map.merge(Utils.make_json_ld_header())
+      |> Map.merge(Utils.make_json_ld_header(data))
       |> Map.delete("bcc")
 
     {:ok, data}
@@ -758,7 +765,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     data =
       data
       |> strip_internal_fields
-      |> Map.merge(Utils.make_json_ld_header())
+      |> Map.merge(Utils.make_json_ld_header(data))
       |> Map.delete("bcc")
 
     {:ok, data}
@@ -778,7 +785,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
       data =
         data
         |> Map.put("object", object)
-        |> Map.merge(Utils.make_json_ld_header())
+        |> Map.merge(Utils.make_json_ld_header(data))
 
       {:ok, data}
     end
@@ -796,7 +803,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
       data =
         data
         |> Map.put("object", object)
-        |> Map.merge(Utils.make_json_ld_header())
+        |> Map.merge(Utils.make_json_ld_header(data))
 
       {:ok, data}
     end
@@ -807,7 +814,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
       data
       |> strip_internal_fields
       |> maybe_fix_object_url
-      |> Map.merge(Utils.make_json_ld_header())
+      |> Map.merge(Utils.make_json_ld_header(data))
 
     {:ok, data}
   end
@@ -952,4 +959,63 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
   def maybe_fix_user_url(data), do: data
 
   def maybe_fix_user_object(data), do: maybe_fix_user_url(data)
+
+  defp maybe_add_content_map(%{"language" => language, "content" => content} = object)
+       when not_empty_string(language) do
+    Map.put(object, "contentMap", Map.put(%{}, language, content))
+  end
+
+  defp maybe_add_content_map(object), do: object
+
+  def maybe_add_language(object) do
+    language =
+      [
+        get_language_from_context(object),
+        get_language_from_content_map(object),
+        get_language_from_content(object)
+      ]
+      |> Enum.find(&is_good_locale_code?(&1))
+
+    if language do
+      Map.put(object, "language", language)
+    else
+      object
+    end
+  end
+
+  def maybe_add_language_from_activity(object, activity) do
+    language = get_language_from_context(activity)
+
+    if is_good_locale_code?(language) do
+      Map.put(object, "language", language)
+    else
+      object
+    end
+  end
+
+  defp get_language_from_context(%{"@context" => context}) when is_list(context) do
+    case context
+         |> Enum.find(fn
+           %{"@language" => language} -> language != "und"
+           _ -> nil
+         end) do
+      %{"@language" => language} -> language
+      _ -> nil
+    end
+  end
+
+  defp get_language_from_context(_), do: nil
+
+  defp get_language_from_content_map(%{"contentMap" => content_map, "content" => source_content}) do
+    content_groups = Map.to_list(content_map)
+
+    case Enum.find(content_groups, fn {_, content} -> content == source_content end) do
+      {language, _} -> language
+      _ -> nil
+    end
+  end
+
+  defp get_language_from_content_map(_), do: nil
+
+  defp get_language_from_content(_), do: nil
 end
diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex
index 437220077..2866cf2ce 100644
--- a/lib/pleroma/web/activity_pub/utils.ex
+++ b/lib/pleroma/web/activity_pub/utils.ex
@@ -19,6 +19,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do
   alias Pleroma.Web.Router.Helpers
 
   import Ecto.Query
+  import Pleroma.Web.Utils.Guards, only: [not_empty_string: 1]
 
   require Logger
   require Pleroma.Constants
@@ -108,18 +109,24 @@ defmodule Pleroma.Web.ActivityPub.Utils do
     end
   end
 
-  def make_json_ld_header do
+  def make_json_ld_header(data \\ %{}) do
     %{
       "@context" => [
         "https://www.w3.org/ns/activitystreams",
         "#{Endpoint.url()}/schemas/litepub-0.1.jsonld",
         %{
-          "@language" => "und"
+          "@language" => get_language(data)
         }
       ]
     }
   end
 
+  defp get_language(%{"language" => language}) when not_empty_string(language) do
+    language
+  end
+
+  defp get_language(_), do: "und"
+
   def make_date do
     DateTime.utc_now() |> DateTime.to_iso8601()
   end
diff --git a/lib/pleroma/web/activity_pub/views/object_view.ex b/lib/pleroma/web/activity_pub/views/object_view.ex
index 63caa915c..13b5b2542 100644
--- a/lib/pleroma/web/activity_pub/views/object_view.ex
+++ b/lib/pleroma/web/activity_pub/views/object_view.ex
@@ -9,7 +9,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectView do
   alias Pleroma.Web.ActivityPub.Transmogrifier
 
   def render("object.json", %{object: %Object{} = object}) do
-    base = Pleroma.Web.ActivityPub.Utils.make_json_ld_header()
+    base = Pleroma.Web.ActivityPub.Utils.make_json_ld_header(object.data)
 
     additional = Transmogrifier.prepare_object(object.data)
     Map.merge(base, additional)
@@ -17,7 +17,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectView do
 
   def render("object.json", %{object: %Activity{data: %{"type" => activity_type}} = activity})
       when activity_type in ["Create", "Listen"] do
-    base = Pleroma.Web.ActivityPub.Utils.make_json_ld_header()
+    base = Pleroma.Web.ActivityPub.Utils.make_json_ld_header(activity.data)
     object = Object.normalize(activity, fetch: false)
 
     additional =
@@ -28,7 +28,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectView do
   end
 
   def render("object.json", %{object: %Activity{} = activity}) do
-    base = Pleroma.Web.ActivityPub.Utils.make_json_ld_header()
+    base = Pleroma.Web.ActivityPub.Utils.make_json_ld_header(activity.data)
     object_id = Object.normalize(activity, id_only: true)
 
     additional =
diff --git a/lib/pleroma/web/common_api/activity_draft.ex b/lib/pleroma/web/common_api/activity_draft.ex
index 9af635da8..bcbb134bb 100644
--- a/lib/pleroma/web/common_api/activity_draft.ex
+++ b/lib/pleroma/web/common_api/activity_draft.ex
@@ -33,6 +33,7 @@ defmodule Pleroma.Web.CommonAPI.ActivityDraft do
             cc: [],
             context: nil,
             sensitive: false,
+            language: nil,
             object: nil,
             preview?: false,
             changes: %{}
@@ -57,6 +58,7 @@ defmodule Pleroma.Web.CommonAPI.ActivityDraft do
     |> content()
     |> with_valid(&to_and_cc/1)
     |> with_valid(&context/1)
+    |> with_valid(&language/1)
     |> sensitive()
     |> with_valid(&object/1)
     |> preview?()
@@ -190,6 +192,16 @@ defmodule Pleroma.Web.CommonAPI.ActivityDraft do
     %__MODULE__{draft | sensitive: sensitive}
   end
 
+  defp language(draft) do
+    language = draft.params[:language]
+
+    if Utils.is_good_locale_code?(language) do
+      %__MODULE__{draft | language: language}
+    else
+      draft
+    end
+  end
+
   defp object(draft) do
     emoji = Map.merge(Pleroma.Emoji.Formatter.get_emoji_map(draft.full_payload), draft.emoji)
 
@@ -229,6 +241,7 @@ defmodule Pleroma.Web.CommonAPI.ActivityDraft do
         "mediaType" => Utils.get_content_type(draft.params[:content_type])
       })
       |> Map.put("generator", draft.params[:generator])
+      |> Map.put("language", draft.language)
 
     %__MODULE__{draft | object: object}
   end
diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex
index b9fe0224c..28553c35a 100644
--- a/lib/pleroma/web/common_api/utils.ex
+++ b/lib/pleroma/web/common_api/utils.ex
@@ -494,4 +494,20 @@ defmodule Pleroma.Web.CommonAPI.Utils do
       {:error, dgettext("errors", "Too many attachments")}
     end
   end
+
+  def is_good_locale_code?(code) when is_binary(code) do
+    code
+    |> String.codepoints()
+    |> Enum.all?(&valid_char?/1)
+  end
+
+  def is_good_locale_code?(_code), do: false
+
+  # [a-zA-Z0-9-]
+  defp valid_char?(char) do
+    ("a" <= char and char <= "z") or
+      ("A" <= char and char <= "Z") or
+      ("0" <= char and char <= "9") or
+      char == "-"
+  end
 end
diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex
index dea22f9c2..50d8ebde9 100644
--- a/lib/pleroma/web/mastodon_api/views/status_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/status_view.ex
@@ -200,7 +200,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
       mentions: mentions,
       tags: reblogged[:tags] || [],
       application: build_application(object.data["generator"]),
-      language: nil,
+      language: object.data["language"],
       emojis: [],
       pleroma: %{
         local: activity.local,
@@ -391,7 +391,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
       mentions: mentions,
       tags: build_tags(tags),
       application: build_application(object.data["generator"]),
-      language: nil,
+      language: object.data["language"],
       emojis: build_emojis(object.data["emoji"]),
       pleroma: %{
         local: activity.local,
-- 
cgit v1.2.3


From 049045cf2ac90dcca074be9b5cf2d8264828f834 Mon Sep 17 00:00:00 2001
From: Haelwenn <contact+git.pleroma.social@hacktivis.me>
Date: Fri, 11 Aug 2023 11:44:13 +0000
Subject: Apply lanodan's suggestion

---
 lib/pleroma/web/common_api/utils.ex | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex
index 28553c35a..229e13504 100644
--- a/lib/pleroma/web/common_api/utils.ex
+++ b/lib/pleroma/web/common_api/utils.ex
@@ -494,20 +494,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do
       {:error, dgettext("errors", "Too many attachments")}
     end
   end
-
-  def is_good_locale_code?(code) when is_binary(code) do
-    code
-    |> String.codepoints()
-    |> Enum.all?(&valid_char?/1)
-  end
+  def is_good_locale_code?(code) when is_binary(code), do: code =~ ~r<[A-zA-Z0-9\-]+>
 
   def is_good_locale_code?(_code), do: false
-
-  # [a-zA-Z0-9-]
-  defp valid_char?(char) do
-    ("a" <= char and char <= "z") or
-      ("A" <= char and char <= "Z") or
-      ("0" <= char and char <= "9") or
-      char == "-"
-  end
 end
-- 
cgit v1.2.3


From 04c8f6b4d1e2a9a30f66b0ffb99d7a17a1510a3e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?marcin=20miko=C5=82ajczak?= <git@mkljczk.pl>
Date: Fri, 11 Aug 2023 13:44:30 +0200
Subject: Add ObjectValidators.LanguageCode type
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
---
 .../object_validators/language_code.ex             | 25 ++++++++++++++++++++++
 .../object_validators/common_fields.ex             |  2 +-
 2 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 lib/pleroma/ecto_type/activity_pub/object_validators/language_code.ex

(limited to 'lib')

diff --git a/lib/pleroma/ecto_type/activity_pub/object_validators/language_code.ex b/lib/pleroma/ecto_type/activity_pub/object_validators/language_code.ex
new file mode 100644
index 000000000..327279bf8
--- /dev/null
+++ b/lib/pleroma/ecto_type/activity_pub/object_validators/language_code.ex
@@ -0,0 +1,25 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2023 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.EctoType.ActivityPub.ObjectValidators.LanguageCode do
+  use Ecto.Type
+
+  import Pleroma.Web.CommonAPI.Utils, only: [is_good_locale_code?: 1]
+
+  def type, do: :string
+
+  def cast(language) when is_binary(language) do
+    if is_good_locale_code?(language) do
+      {:ok, language}
+    else
+      {:error, :invalid_language}
+    end
+  end
+
+  def cast(_), do: :error
+
+  def dump(data), do: {:ok, data}
+
+  def load(data), do: {:ok, data}
+end
diff --git a/lib/pleroma/web/activity_pub/object_validators/common_fields.ex b/lib/pleroma/web/activity_pub/object_validators/common_fields.ex
index 5ed3ea023..7ba393270 100644
--- a/lib/pleroma/web/activity_pub/object_validators/common_fields.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/common_fields.ex
@@ -57,7 +57,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CommonFields do
       field(:replies_count, :integer, default: 0)
       field(:like_count, :integer, default: 0)
       field(:announcement_count, :integer, default: 0)
-      field(:language, :string)
+      field(:language, ObjectValidators.LanguageCode)
       field(:inReplyTo, ObjectValidators.ObjectID)
       field(:url, ObjectValidators.BareUri)
 
-- 
cgit v1.2.3


From 366559c5a33c30de181782418cd1b52f65d0ca5a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?marcin=20miko=C5=82ajczak?= <git@mkljczk.pl>
Date: Fri, 11 Aug 2023 14:59:58 +0200
Subject: Make status.language == nil for 'und' value
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
---
 lib/pleroma/web/mastodon_api/views/status_view.ex | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex
index 50d8ebde9..2ae5e14aa 100644
--- a/lib/pleroma/web/mastodon_api/views/status_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/status_view.ex
@@ -200,7 +200,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
       mentions: mentions,
       tags: reblogged[:tags] || [],
       application: build_application(object.data["generator"]),
-      language: object.data["language"],
+      language: get_language(object),
       emojis: [],
       pleroma: %{
         local: activity.local,
@@ -391,7 +391,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
       mentions: mentions,
       tags: build_tags(tags),
       application: build_application(object.data["generator"]),
-      language: object.data["language"],
+      language: get_language(object),
       emojis: build_emojis(object.data["emoji"]),
       pleroma: %{
         local: activity.local,
@@ -756,4 +756,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
   defp get_source_content_type(_source) do
     Utils.get_content_type(nil)
   end
+
+  defp get_language(%{data: %{"language" => "und"}}), do: nil
+
+  defp get_language(object), do: object.data["language"]
 end
-- 
cgit v1.2.3


From b430b805c469b33b9862d8f402fa8e63e6bdee8a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?marcin=20miko=C5=82ajczak?= <git@mkljczk.pl>
Date: Fri, 11 Aug 2023 16:44:13 +0200
Subject: Lint
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
---
 lib/pleroma/web/common_api/utils.ex | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex
index 229e13504..05a5b818e 100644
--- a/lib/pleroma/web/common_api/utils.ex
+++ b/lib/pleroma/web/common_api/utils.ex
@@ -494,7 +494,8 @@ defmodule Pleroma.Web.CommonAPI.Utils do
       {:error, dgettext("errors", "Too many attachments")}
     end
   end
-  def is_good_locale_code?(code) when is_binary(code), do: code =~ ~r<[A-zA-Z0-9\-]+>
+
+  def is_good_locale_code?(code) when is_binary(code), do: code =~ ~r<^[a-zA-Z0-9\-]+$>
 
   def is_good_locale_code?(_code), do: false
 end
-- 
cgit v1.2.3


From edc8689d9176e0134dc9d3a45dae5b530f8950e9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?marcin=20miko=C5=82ajczak?= <git@mkljczk.pl>
Date: Sat, 19 Aug 2023 15:28:19 +0200
Subject: Move `maybe_add_language` to CommonFixes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
---
 lib/pleroma/web/activity_pub/object_validator.ex   | 27 ++++++-----
 .../article_note_page_validator.ex                 | 20 ++++----
 .../activity_pub/object_validators/common_fixes.ex | 42 +++++++++++++++++
 lib/pleroma/web/activity_pub/transmogrifier.ex     | 55 ----------------------
 4 files changed, 67 insertions(+), 77 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/activity_pub/object_validator.ex b/lib/pleroma/web/activity_pub/object_validator.ex
index 5e0d1aa8e..4ef036f34 100644
--- a/lib/pleroma/web/activity_pub/object_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validator.ex
@@ -103,7 +103,8 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidator do
         meta
       )
       when objtype in ~w[Question Answer Audio Video Image Event Article Note Page] do
-    with {:ok, object_data} <- cast_and_apply_and_stringify_with_history(object),
+    with {:ok, object_data} <-
+           cast_and_apply_and_stringify_with_history(object, activity_data: create_activity),
          meta = Keyword.put(meta, :object_data, object_data),
          {:ok, create_activity} <-
            create_activity
@@ -213,40 +214,42 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidator do
 
   def validate(o, m), do: {:error, {:validator_not_set, {o, m}}}
 
-  def cast_and_apply_and_stringify_with_history(object) do
+  def cast_and_apply_and_stringify_with_history(object, meta \\ []) do
     do_separate_with_history(object, fn object ->
-      with {:ok, object_data} <- cast_and_apply(object),
+      with {:ok, object_data} <- cast_and_apply(object, meta),
            object_data <- object_data |> stringify_keys() do
         {:ok, object_data}
       end
     end)
   end
 
-  def cast_and_apply(%{"type" => "ChatMessage"} = object) do
+  def cast_and_apply(object, meta \\ [])
+
+  def cast_and_apply(%{"type" => "ChatMessage"} = object, _) do
     ChatMessageValidator.cast_and_apply(object)
   end
 
-  def cast_and_apply(%{"type" => "Question"} = object) do
+  def cast_and_apply(%{"type" => "Question"} = object, _) do
     QuestionValidator.cast_and_apply(object)
   end
 
-  def cast_and_apply(%{"type" => "Answer"} = object) do
+  def cast_and_apply(%{"type" => "Answer"} = object, _) do
     AnswerValidator.cast_and_apply(object)
   end
 
-  def cast_and_apply(%{"type" => type} = object) when type in ~w[Audio Image Video] do
+  def cast_and_apply(%{"type" => type} = object, _) when type in ~w[Audio Image Video] do
     AudioImageVideoValidator.cast_and_apply(object)
   end
 
-  def cast_and_apply(%{"type" => "Event"} = object) do
-    EventValidator.cast_and_apply(object)
+  def cast_and_apply(%{"type" => "Event"} = object, meta) do
+    EventValidator.cast_and_apply(object, meta)
   end
 
-  def cast_and_apply(%{"type" => type} = object) when type in ~w[Article Note Page] do
-    ArticleNotePageValidator.cast_and_apply(object)
+  def cast_and_apply(%{"type" => type} = object, meta) when type in ~w[Article Note Page] do
+    ArticleNotePageValidator.cast_and_apply(object, meta)
   end
 
-  def cast_and_apply(o), do: {:error, {:validator_not_set, o}}
+  def cast_and_apply(o, _), do: {:error, {:validator_not_set, o}}
 
   def stringify_keys(object) when is_struct(object) do
     object
diff --git a/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex b/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex
index 73101f20f..9e6a1b0fb 100644
--- a/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex
@@ -28,21 +28,21 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNotePageValidator do
     field(:replies, {:array, ObjectValidators.ObjectID}, default: [])
   end
 
-  def cast_and_apply(data) do
+  def cast_and_apply(data, meta \\ []) do
     data
-    |> cast_data
+    |> cast_data(meta)
     |> apply_action(:insert)
   end
 
-  def cast_and_validate(data) do
+  def cast_and_validate(data, meta \\ []) do
     data
-    |> cast_data()
+    |> cast_data(meta)
     |> validate_data()
   end
 
-  def cast_data(data) do
+  def cast_data(data, meta \\ []) do
     %__MODULE__{}
-    |> changeset(data)
+    |> changeset(data, meta)
   end
 
   defp fix_url(%{"url" => url} = data) when is_bitstring(url), do: data
@@ -76,7 +76,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNotePageValidator do
 
   def fix_attachments(data), do: data
 
-  defp fix(data) do
+  defp fix(data, meta) do
     data
     |> CommonFixes.fix_actor()
     |> CommonFixes.fix_object_defaults()
@@ -86,11 +86,11 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNotePageValidator do
     |> fix_attachments()
     |> Transmogrifier.fix_emoji()
     |> Transmogrifier.fix_content_map()
-    |> Transmogrifier.maybe_add_language()
+    |> CommonFixes.maybe_add_language(meta)
   end
 
-  def changeset(struct, data) do
-    data = fix(data)
+  def changeset(struct, data, meta \\ []) do
+    data = fix(data, meta)
 
     struct
     |> cast(data, __schema__(:fields) -- [:attachment, :tag])
diff --git a/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex b/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex
index add46d561..66e44afe6 100644
--- a/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex
@@ -10,6 +10,8 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes do
   alias Pleroma.Web.ActivityPub.Transmogrifier
   alias Pleroma.Web.ActivityPub.Utils
 
+  import Pleroma.Web.CommonAPI.Utils, only: [is_good_locale_code?: 1]
+
   def cast_and_filter_recipients(message, field, follower_collection, field_fallback \\ []) do
     {:ok, data} = ObjectValidators.Recipients.cast(message[field] || field_fallback)
 
@@ -76,4 +78,44 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes do
 
     Map.put(data, "to", to)
   end
+
+  def maybe_add_language(object, meta \\ []) do
+    language =
+      [
+        get_language_from_context(object),
+        get_language_from_context(Keyword.get(meta, :activity_data)),
+        get_language_from_content_map(object)
+      ]
+      |> Enum.find(&is_good_locale_code?(&1))
+
+    if language do
+      Map.put(object, "language", language)
+    else
+      object
+    end
+  end
+
+  defp get_language_from_context(%{"@context" => context}) when is_list(context) do
+    case context
+         |> Enum.find(fn
+           %{"@language" => language} -> language != "und"
+           _ -> nil
+         end) do
+      %{"@language" => language} -> language
+      _ -> nil
+    end
+  end
+
+  defp get_language_from_context(_), do: nil
+
+  defp get_language_from_content_map(%{"contentMap" => content_map, "content" => source_content}) do
+    content_groups = Map.to_list(content_map)
+
+    case Enum.find(content_groups, fn {_, content} -> content == source_content end) do
+      {language, _} -> language
+      _ -> nil
+    end
+  end
+
+  defp get_language_from_content_map(_), do: nil
 end
diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex
index 732d878c4..fd7059dea 100644
--- a/lib/pleroma/web/activity_pub/transmogrifier.ex
+++ b/lib/pleroma/web/activity_pub/transmogrifier.ex
@@ -22,7 +22,6 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
   alias Pleroma.Web.Federator
 
   import Ecto.Query
-  import Pleroma.Web.CommonAPI.Utils, only: [is_good_locale_code?: 1]
   import Pleroma.Web.Utils.Guards, only: [not_empty_string: 1]
 
   require Logger
@@ -44,7 +43,6 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     |> fix_content_map()
     |> fix_addressing()
     |> fix_summary()
-    |> maybe_add_language()
   end
 
   def fix_summary(%{"summary" => nil} = object) do
@@ -459,7 +457,6 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
       |> strip_internal_fields()
       |> fix_type(fetch_options)
       |> fix_in_reply_to(fetch_options)
-      |> maybe_add_language_from_activity(data)
 
     data = Map.put(data, "object", object)
     options = Keyword.put(options, :local, false)
@@ -966,56 +963,4 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
   end
 
   defp maybe_add_content_map(object), do: object
-
-  def maybe_add_language(object) do
-    language =
-      [
-        get_language_from_context(object),
-        get_language_from_content_map(object),
-        get_language_from_content(object)
-      ]
-      |> Enum.find(&is_good_locale_code?(&1))
-
-    if language do
-      Map.put(object, "language", language)
-    else
-      object
-    end
-  end
-
-  def maybe_add_language_from_activity(object, activity) do
-    language = get_language_from_context(activity)
-
-    if is_good_locale_code?(language) do
-      Map.put(object, "language", language)
-    else
-      object
-    end
-  end
-
-  defp get_language_from_context(%{"@context" => context}) when is_list(context) do
-    case context
-         |> Enum.find(fn
-           %{"@language" => language} -> language != "und"
-           _ -> nil
-         end) do
-      %{"@language" => language} -> language
-      _ -> nil
-    end
-  end
-
-  defp get_language_from_context(_), do: nil
-
-  defp get_language_from_content_map(%{"contentMap" => content_map, "content" => source_content}) do
-    content_groups = Map.to_list(content_map)
-
-    case Enum.find(content_groups, fn {_, content} -> content == source_content end) do
-      {language, _} -> language
-      _ -> nil
-    end
-  end
-
-  defp get_language_from_content_map(_), do: nil
-
-  defp get_language_from_content(_), do: nil
 end
-- 
cgit v1.2.3


From 62340b50b57eeab0b7ab4093e07d05080991bfc4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?marcin=20miko=C5=82ajczak?= <git@mkljczk.pl>
Date: Sat, 19 Aug 2023 19:03:25 +0200
Subject: Move maybe_add_content_map out of Transmogrifier, use code from
 tusooa's branch for MapOfString
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
---
 .../object_validators/map_of_string.ex             | 48 ++++++++++++++++++++++
 .../article_note_page_validator.ex                 |  1 +
 .../object_validators/common_fields.ex             |  1 +
 .../activity_pub/object_validators/common_fixes.ex |  8 ++++
 .../object_validators/event_validator.ex           | 20 +++++----
 lib/pleroma/web/activity_pub/transmogrifier.ex     |  8 ----
 6 files changed, 69 insertions(+), 17 deletions(-)
 create mode 100644 lib/pleroma/ecto_type/activity_pub/object_validators/map_of_string.ex

(limited to 'lib')

diff --git a/lib/pleroma/ecto_type/activity_pub/object_validators/map_of_string.ex b/lib/pleroma/ecto_type/activity_pub/object_validators/map_of_string.ex
new file mode 100644
index 000000000..e86275f92
--- /dev/null
+++ b/lib/pleroma/ecto_type/activity_pub/object_validators/map_of_string.ex
@@ -0,0 +1,48 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.EctoType.ActivityPub.ObjectValidators.MapOfString do
+  use Ecto.Type
+
+  import Pleroma.Web.CommonAPI.Utils, only: [is_good_locale_code?: 1]
+
+  def type, do: :map
+
+  def cast(%{} = object) do
+    with {status, %{} = data} when status in [:modified, :ok] <- validate_map(object) do
+      {:ok, data}
+    else
+      {_, nil} -> {:ok, nil}
+      {:error, _} -> :error
+    end
+  end
+
+  def cast(_), do: :error
+
+  def dump(data), do: {:ok, data}
+
+  def load(data), do: {:ok, data}
+
+  defp validate_map(%{} = object) do
+    {status, data} =
+      object
+      |> Enum.reduce({:ok, %{}}, fn
+        {lang, value}, {status, acc} when is_binary(lang) and is_binary(value) ->
+          if is_good_locale_code?(lang) do
+            {status, Map.put(acc, lang, value)}
+          else
+            {:modified, acc}
+          end
+
+        _, {_status, acc} ->
+          {:modified, acc}
+      end)
+
+    if data == %{} do
+      {status, nil}
+    else
+      {status, data}
+    end
+  end
+end
diff --git a/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex b/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex
index 9e6a1b0fb..0c7aa769b 100644
--- a/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex
@@ -87,6 +87,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNotePageValidator do
     |> Transmogrifier.fix_emoji()
     |> Transmogrifier.fix_content_map()
     |> CommonFixes.maybe_add_language(meta)
+    |> CommonFixes.maybe_add_content_map()
   end
 
   def changeset(struct, data, meta \\ []) do
diff --git a/lib/pleroma/web/activity_pub/object_validators/common_fields.ex b/lib/pleroma/web/activity_pub/object_validators/common_fields.ex
index 7ba393270..0cef5b533 100644
--- a/lib/pleroma/web/activity_pub/object_validators/common_fields.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/common_fields.ex
@@ -31,6 +31,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CommonFields do
   defmacro object_fields do
     quote bind_quoted: binding() do
       field(:content, :string)
+      field(:contentMap, ObjectValidators.MapOfString)
 
       field(:published, ObjectValidators.DateTime)
       field(:updated, ObjectValidators.DateTime)
diff --git a/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex b/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex
index 66e44afe6..b141cc74c 100644
--- a/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex
@@ -11,6 +11,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes do
   alias Pleroma.Web.ActivityPub.Utils
 
   import Pleroma.Web.CommonAPI.Utils, only: [is_good_locale_code?: 1]
+  import Pleroma.Web.Utils.Guards, only: [not_empty_string: 1]
 
   def cast_and_filter_recipients(message, field, follower_collection, field_fallback \\ []) do
     {:ok, data} = ObjectValidators.Recipients.cast(message[field] || field_fallback)
@@ -118,4 +119,11 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes do
   end
 
   defp get_language_from_content_map(_), do: nil
+
+  def maybe_add_content_map(%{"language" => language, "content" => content} = object)
+       when not_empty_string(language) do
+    Map.put(object, "contentMap", Map.put(%{}, language, content))
+  end
+
+  def maybe_add_content_map(object), do: object
 end
diff --git a/lib/pleroma/web/activity_pub/object_validators/event_validator.ex b/lib/pleroma/web/activity_pub/object_validators/event_validator.ex
index ab204f69a..56ca6fe40 100644
--- a/lib/pleroma/web/activity_pub/object_validators/event_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/event_validator.ex
@@ -26,32 +26,34 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.EventValidator do
     end
   end
 
-  def cast_and_apply(data) do
+  def cast_and_apply(data, meta \\ []) do
     data
-    |> cast_data
+    |> cast_data(meta)
     |> apply_action(:insert)
   end
 
-  def cast_and_validate(data) do
+  def cast_and_validate(data, meta \\ []) do
     data
-    |> cast_data()
+    |> cast_data(meta)
     |> validate_data()
   end
 
-  def cast_data(data) do
+  def cast_data(data, meta \\ []) do
     %__MODULE__{}
-    |> changeset(data)
+    |> changeset(data, meta)
   end
 
-  defp fix(data) do
+  defp fix(data, meta) do
     data
     |> CommonFixes.fix_actor()
     |> CommonFixes.fix_object_defaults()
     |> Transmogrifier.fix_emoji()
+    |> CommonFixes.maybe_add_language(meta)
+    |> CommonFixes.maybe_add_content_map()
   end
 
-  def changeset(struct, data) do
-    data = fix(data)
+  def changeset(struct, data, meta \\ []) do
+    data = fix(data, meta)
 
     struct
     |> cast(data, __schema__(:fields) -- [:attachment, :tag])
diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex
index fd7059dea..a60e98c28 100644
--- a/lib/pleroma/web/activity_pub/transmogrifier.ex
+++ b/lib/pleroma/web/activity_pub/transmogrifier.ex
@@ -682,7 +682,6 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     |> add_mention_tags
     |> add_emoji_tags
     |> add_attributed_to
-    |> maybe_add_content_map
     |> prepare_attachments
     |> set_conversation
     |> set_reply_to_uri
@@ -956,11 +955,4 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
   def maybe_fix_user_url(data), do: data
 
   def maybe_fix_user_object(data), do: maybe_fix_user_url(data)
-
-  defp maybe_add_content_map(%{"language" => language, "content" => content} = object)
-       when not_empty_string(language) do
-    Map.put(object, "contentMap", Map.put(%{}, language, content))
-  end
-
-  defp maybe_add_content_map(object), do: object
 end
-- 
cgit v1.2.3


From c160ef7b6a4c8d214a7abbb5054993341ee66b2c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?marcin=20miko=C5=82ajczak?= <git@mkljczk.pl>
Date: Sat, 19 Aug 2023 20:33:42 +0200
Subject: Remove test
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
---
 lib/pleroma/ecto_type/activity_pub/object_validators/map_of_string.ex | 2 +-
 lib/pleroma/web/activity_pub/object_validators/common_fixes.ex        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/ecto_type/activity_pub/object_validators/map_of_string.ex b/lib/pleroma/ecto_type/activity_pub/object_validators/map_of_string.ex
index e86275f92..96b7f2da6 100644
--- a/lib/pleroma/ecto_type/activity_pub/object_validators/map_of_string.ex
+++ b/lib/pleroma/ecto_type/activity_pub/object_validators/map_of_string.ex
@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2023 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.EctoType.ActivityPub.ObjectValidators.MapOfString do
diff --git a/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex b/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex
index b141cc74c..ccc76beed 100644
--- a/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex
@@ -121,7 +121,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes do
   defp get_language_from_content_map(_), do: nil
 
   def maybe_add_content_map(%{"language" => language, "content" => content} = object)
-       when not_empty_string(language) do
+      when not_empty_string(language) do
     Map.put(object, "contentMap", Map.put(%{}, language, content))
   end
 
-- 
cgit v1.2.3


From b52d189fcca13088531002ef0bdc0dc5e5df6569 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?marcin=20miko=C5=82ajczak?= <git@mkljczk.pl>
Date: Thu, 31 Aug 2023 11:35:09 +0200
Subject: Move is_good_locale_code? to object validator
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
---
 .../ecto_type/activity_pub/object_validators/language_code.ex       | 6 ++++--
 .../ecto_type/activity_pub/object_validators/map_of_string.ex       | 3 ++-
 lib/pleroma/web/activity_pub/object_validators/common_fixes.ex      | 4 +++-
 lib/pleroma/web/common_api/activity_draft.ex                        | 5 ++++-
 lib/pleroma/web/common_api/utils.ex                                 | 4 ----
 5 files changed, 13 insertions(+), 9 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/ecto_type/activity_pub/object_validators/language_code.ex b/lib/pleroma/ecto_type/activity_pub/object_validators/language_code.ex
index 327279bf8..b15e9ec5e 100644
--- a/lib/pleroma/ecto_type/activity_pub/object_validators/language_code.ex
+++ b/lib/pleroma/ecto_type/activity_pub/object_validators/language_code.ex
@@ -5,8 +5,6 @@
 defmodule Pleroma.EctoType.ActivityPub.ObjectValidators.LanguageCode do
   use Ecto.Type
 
-  import Pleroma.Web.CommonAPI.Utils, only: [is_good_locale_code?: 1]
-
   def type, do: :string
 
   def cast(language) when is_binary(language) do
@@ -22,4 +20,8 @@ defmodule Pleroma.EctoType.ActivityPub.ObjectValidators.LanguageCode do
   def dump(data), do: {:ok, data}
 
   def load(data), do: {:ok, data}
+
+  def is_good_locale_code?(code) when is_binary(code), do: code =~ ~r<^[a-zA-Z0-9\-]+$>
+
+  def is_good_locale_code?(_code), do: false
 end
diff --git a/lib/pleroma/ecto_type/activity_pub/object_validators/map_of_string.ex b/lib/pleroma/ecto_type/activity_pub/object_validators/map_of_string.ex
index 96b7f2da6..2228edd24 100644
--- a/lib/pleroma/ecto_type/activity_pub/object_validators/map_of_string.ex
+++ b/lib/pleroma/ecto_type/activity_pub/object_validators/map_of_string.ex
@@ -5,7 +5,8 @@
 defmodule Pleroma.EctoType.ActivityPub.ObjectValidators.MapOfString do
   use Ecto.Type
 
-  import Pleroma.Web.CommonAPI.Utils, only: [is_good_locale_code?: 1]
+  import Pleroma.EctoType.ActivityPub.ObjectValidators.LanguageCode,
+    only: [is_good_locale_code?: 1]
 
   def type, do: :map
 
diff --git a/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex b/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex
index ccc76beed..fa581eba4 100644
--- a/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex
@@ -10,7 +10,9 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes do
   alias Pleroma.Web.ActivityPub.Transmogrifier
   alias Pleroma.Web.ActivityPub.Utils
 
-  import Pleroma.Web.CommonAPI.Utils, only: [is_good_locale_code?: 1]
+  import Pleroma.EctoType.ActivityPub.ObjectValidators.LanguageCode,
+    only: [is_good_locale_code?: 1]
+
   import Pleroma.Web.Utils.Guards, only: [not_empty_string: 1]
 
   def cast_and_filter_recipients(message, field, follower_collection, field_fallback \\ []) do
diff --git a/lib/pleroma/web/common_api/activity_draft.ex b/lib/pleroma/web/common_api/activity_draft.ex
index bcbb134bb..1b6118cf8 100644
--- a/lib/pleroma/web/common_api/activity_draft.ex
+++ b/lib/pleroma/web/common_api/activity_draft.ex
@@ -10,6 +10,9 @@ defmodule Pleroma.Web.CommonAPI.ActivityDraft do
   alias Pleroma.Web.CommonAPI
   alias Pleroma.Web.CommonAPI.Utils
 
+  import Pleroma.EctoType.ActivityPub.ObjectValidators.LanguageCode,
+    only: [is_good_locale_code?: 1]
+
   import Pleroma.Web.Gettext
 
   defstruct valid?: true,
@@ -195,7 +198,7 @@ defmodule Pleroma.Web.CommonAPI.ActivityDraft do
   defp language(draft) do
     language = draft.params[:language]
 
-    if Utils.is_good_locale_code?(language) do
+    if is_good_locale_code?(language) do
       %__MODULE__{draft | language: language}
     else
       draft
diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex
index 05a5b818e..b9fe0224c 100644
--- a/lib/pleroma/web/common_api/utils.ex
+++ b/lib/pleroma/web/common_api/utils.ex
@@ -494,8 +494,4 @@ defmodule Pleroma.Web.CommonAPI.Utils do
       {:error, dgettext("errors", "Too many attachments")}
     end
   end
-
-  def is_good_locale_code?(code) when is_binary(code), do: code =~ ~r<^[a-zA-Z0-9\-]+$>
-
-  def is_good_locale_code?(_code), do: false
 end
-- 
cgit v1.2.3


From c5ed684273fa329bc955c59dbc7beed9804fb0f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?marcin=20miko=C5=82ajczak?= <git@mkljczk.pl>
Date: Thu, 7 Sep 2023 15:12:15 +0200
Subject: Rename MapOfString to ContentLanguageMap
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
---
 .../object_validators/map_of_string.ex             | 49 ----------------------
 .../object_validators/common_fields.ex             |  2 +-
 2 files changed, 1 insertion(+), 50 deletions(-)
 delete mode 100644 lib/pleroma/ecto_type/activity_pub/object_validators/map_of_string.ex

(limited to 'lib')

diff --git a/lib/pleroma/ecto_type/activity_pub/object_validators/map_of_string.ex b/lib/pleroma/ecto_type/activity_pub/object_validators/map_of_string.ex
deleted file mode 100644
index 2228edd24..000000000
--- a/lib/pleroma/ecto_type/activity_pub/object_validators/map_of_string.ex
+++ /dev/null
@@ -1,49 +0,0 @@
-# Pleroma: A lightweight social networking server
-# Copyright © 2017-2023 Pleroma Authors <https://pleroma.social/>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-defmodule Pleroma.EctoType.ActivityPub.ObjectValidators.MapOfString do
-  use Ecto.Type
-
-  import Pleroma.EctoType.ActivityPub.ObjectValidators.LanguageCode,
-    only: [is_good_locale_code?: 1]
-
-  def type, do: :map
-
-  def cast(%{} = object) do
-    with {status, %{} = data} when status in [:modified, :ok] <- validate_map(object) do
-      {:ok, data}
-    else
-      {_, nil} -> {:ok, nil}
-      {:error, _} -> :error
-    end
-  end
-
-  def cast(_), do: :error
-
-  def dump(data), do: {:ok, data}
-
-  def load(data), do: {:ok, data}
-
-  defp validate_map(%{} = object) do
-    {status, data} =
-      object
-      |> Enum.reduce({:ok, %{}}, fn
-        {lang, value}, {status, acc} when is_binary(lang) and is_binary(value) ->
-          if is_good_locale_code?(lang) do
-            {status, Map.put(acc, lang, value)}
-          else
-            {:modified, acc}
-          end
-
-        _, {_status, acc} ->
-          {:modified, acc}
-      end)
-
-    if data == %{} do
-      {status, nil}
-    else
-      {status, data}
-    end
-  end
-end
diff --git a/lib/pleroma/web/activity_pub/object_validators/common_fields.ex b/lib/pleroma/web/activity_pub/object_validators/common_fields.ex
index 0cef5b533..4a385633a 100644
--- a/lib/pleroma/web/activity_pub/object_validators/common_fields.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/common_fields.ex
@@ -31,7 +31,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CommonFields do
   defmacro object_fields do
     quote bind_quoted: binding() do
       field(:content, :string)
-      field(:contentMap, ObjectValidators.MapOfString)
+      field(:contentMap, ObjectValidators.ContentLanguageMap)
 
       field(:published, ObjectValidators.DateTime)
       field(:updated, ObjectValidators.DateTime)
-- 
cgit v1.2.3


From a3b17dac0bf5da57cbd08335379ddfe4f8919bc3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?marcin=20miko=C5=82ajczak?= <git@mkljczk.pl>
Date: Thu, 7 Sep 2023 15:14:18 +0200
Subject: Rename test
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
---
 .../object_validators/content_language_map.ex      | 49 ++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 lib/pleroma/ecto_type/activity_pub/object_validators/content_language_map.ex

(limited to 'lib')

diff --git a/lib/pleroma/ecto_type/activity_pub/object_validators/content_language_map.ex b/lib/pleroma/ecto_type/activity_pub/object_validators/content_language_map.ex
new file mode 100644
index 000000000..2cc0fda00
--- /dev/null
+++ b/lib/pleroma/ecto_type/activity_pub/object_validators/content_language_map.ex
@@ -0,0 +1,49 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2023 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.EctoType.ActivityPub.ObjectValidators.ContentLanguageMap do
+  use Ecto.Type
+
+  import Pleroma.EctoType.ActivityPub.ObjectValidators.LanguageCode,
+    only: [is_good_locale_code?: 1]
+
+  def type, do: :map
+
+  def cast(%{} = object) do
+    with {status, %{} = data} when status in [:modified, :ok] <- validate_map(object) do
+      {:ok, data}
+    else
+      {_, nil} -> {:ok, nil}
+      {:error, _} -> :error
+    end
+  end
+
+  def cast(_), do: :error
+
+  def dump(data), do: {:ok, data}
+
+  def load(data), do: {:ok, data}
+
+  defp validate_map(%{} = object) do
+    {status, data} =
+      object
+      |> Enum.reduce({:ok, %{}}, fn
+        {lang, value}, {status, acc} when is_binary(lang) and is_binary(value) ->
+          if is_good_locale_code?(lang) do
+            {status, Map.put(acc, lang, value)}
+          else
+            {:modified, acc}
+          end
+
+        _, {_status, acc} ->
+          {:modified, acc}
+      end)
+
+    if data == %{} do
+      {status, nil}
+    else
+      {status, data}
+    end
+  end
+end
-- 
cgit v1.2.3


From 51aef6b78dcf709872de32a02533e943f08858d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?marcin=20miko=C5=82ajczak?= <git@mkljczk.pl>
Date: Thu, 28 Dec 2023 15:52:59 +0100
Subject: Add language from activity context in ObjectValidator
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
---
 lib/pleroma/web/activity_pub/object_validator.ex   | 35 ++++++++++++----------
 .../article_note_page_validator.ex                 | 20 ++++++-------
 .../activity_pub/object_validators/common_fixes.ex | 13 ++++++--
 .../object_validators/event_validator.ex           | 21 ++++++-------
 4 files changed, 52 insertions(+), 37 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/activity_pub/object_validator.ex b/lib/pleroma/web/activity_pub/object_validator.ex
index 4ef036f34..61d896a5b 100644
--- a/lib/pleroma/web/activity_pub/object_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validator.ex
@@ -24,6 +24,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidator do
   alias Pleroma.Web.ActivityPub.ObjectValidators.AudioImageVideoValidator
   alias Pleroma.Web.ActivityPub.ObjectValidators.BlockValidator
   alias Pleroma.Web.ActivityPub.ObjectValidators.ChatMessageValidator
+  alias Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes
   alias Pleroma.Web.ActivityPub.ObjectValidators.CreateChatMessageValidator
   alias Pleroma.Web.ActivityPub.ObjectValidators.CreateGenericValidator
   alias Pleroma.Web.ActivityPub.ObjectValidators.DeleteValidator
@@ -104,7 +105,9 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidator do
       )
       when objtype in ~w[Question Answer Audio Video Image Event Article Note Page] do
     with {:ok, object_data} <-
-           cast_and_apply_and_stringify_with_history(object, activity_data: create_activity),
+           object
+           |> CommonFixes.maybe_add_language_from_activity(create_activity)
+           |> cast_and_apply_and_stringify_with_history(),
          meta = Keyword.put(meta, :object_data, object_data),
          {:ok, create_activity} <-
            create_activity
@@ -154,7 +157,11 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidator do
       )
       when objtype in ~w[Question Answer Audio Video Event Article Note Page] do
     with {_, false} <- {:local, Access.get(meta, :local, false)},
-         {_, {:ok, object_data, _}} <- {:object_validation, validate(object, meta)},
+         {_, {:ok, object_data, _}} <-
+           {:object_validation,
+            object
+            |> CommonFixes.maybe_add_language_from_activity(update_activity)
+            |> validate(meta)},
          meta = Keyword.put(meta, :object_data, object_data),
          {:ok, update_activity} <-
            update_activity
@@ -214,42 +221,40 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidator do
 
   def validate(o, m), do: {:error, {:validator_not_set, {o, m}}}
 
-  def cast_and_apply_and_stringify_with_history(object, meta \\ []) do
+  def cast_and_apply_and_stringify_with_history(object) do
     do_separate_with_history(object, fn object ->
-      with {:ok, object_data} <- cast_and_apply(object, meta),
+      with {:ok, object_data} <- cast_and_apply(object),
            object_data <- object_data |> stringify_keys() do
         {:ok, object_data}
       end
     end)
   end
 
-  def cast_and_apply(object, meta \\ [])
-
-  def cast_and_apply(%{"type" => "ChatMessage"} = object, _) do
+  def cast_and_apply(%{"type" => "ChatMessage"} = object) do
     ChatMessageValidator.cast_and_apply(object)
   end
 
-  def cast_and_apply(%{"type" => "Question"} = object, _) do
+  def cast_and_apply(%{"type" => "Question"} = object) do
     QuestionValidator.cast_and_apply(object)
   end
 
-  def cast_and_apply(%{"type" => "Answer"} = object, _) do
+  def cast_and_apply(%{"type" => "Answer"} = object) do
     AnswerValidator.cast_and_apply(object)
   end
 
-  def cast_and_apply(%{"type" => type} = object, _) when type in ~w[Audio Image Video] do
+  def cast_and_apply(%{"type" => type} = object) when type in ~w[Audio Image Video] do
     AudioImageVideoValidator.cast_and_apply(object)
   end
 
-  def cast_and_apply(%{"type" => "Event"} = object, meta) do
-    EventValidator.cast_and_apply(object, meta)
+  def cast_and_apply(%{"type" => "Event"} = object) do
+    EventValidator.cast_and_apply(object)
   end
 
-  def cast_and_apply(%{"type" => type} = object, meta) when type in ~w[Article Note Page] do
-    ArticleNotePageValidator.cast_and_apply(object, meta)
+  def cast_and_apply(%{"type" => type} = object) when type in ~w[Article Note Page] do
+    ArticleNotePageValidator.cast_and_apply(object)
   end
 
-  def cast_and_apply(o, _), do: {:error, {:validator_not_set, o}}
+  def cast_and_apply(o), do: {:error, {:validator_not_set, o}}
 
   def stringify_keys(object) when is_struct(object) do
     object
diff --git a/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex b/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex
index 417f04312..4e27284aa 100644
--- a/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex
@@ -28,21 +28,21 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNotePageValidator do
     field(:replies, {:array, ObjectValidators.ObjectID}, default: [])
   end
 
-  def cast_and_apply(data, meta \\ []) do
+  def cast_and_apply(data) do
     data
-    |> cast_data(meta)
+    |> cast_data()
     |> apply_action(:insert)
   end
 
-  def cast_and_validate(data, meta \\ []) do
+  def cast_and_validate(data) do
     data
-    |> cast_data(meta)
+    |> cast_data()
     |> validate_data()
   end
 
-  def cast_data(data, meta \\ []) do
+  def cast_data(data) do
     %__MODULE__{}
-    |> changeset(data, meta)
+    |> changeset(data)
   end
 
   defp fix_url(%{"url" => url} = data) when is_bitstring(url), do: data
@@ -76,7 +76,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNotePageValidator do
 
   def fix_attachments(data), do: data
 
-  defp fix(data, meta) do
+  defp fix(data) do
     data
     |> CommonFixes.fix_actor()
     |> CommonFixes.fix_object_defaults()
@@ -87,12 +87,12 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNotePageValidator do
     |> CommonFixes.fix_quote_url()
     |> Transmogrifier.fix_emoji()
     |> Transmogrifier.fix_content_map()
-    |> CommonFixes.maybe_add_language(meta)
+    |> CommonFixes.maybe_add_language()
     |> CommonFixes.maybe_add_content_map()
   end
 
-  def changeset(struct, data, meta \\ []) do
-    data = fix(data, meta)
+  def changeset(struct, data) do
+    data = fix(data)
 
     struct
     |> cast(data, __schema__(:fields) -- [:attachment, :tag])
diff --git a/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex b/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex
index 218342136..e732a6430 100644
--- a/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex
@@ -128,11 +128,20 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes do
 
   def is_object_link_tag(_), do: false
 
-  def maybe_add_language(object, meta \\ []) do
+  def maybe_add_language_from_activity(object, activity) do
+    language = get_language_from_context(activity)
+
+    if language do
+      Map.put(object, "language", language)
+    else
+      object
+    end
+  end
+
+  def maybe_add_language(object) do
     language =
       [
         get_language_from_context(object),
-        get_language_from_context(Keyword.get(meta, :activity_data)),
         get_language_from_content_map(object)
       ]
       |> Enum.find(&is_good_locale_code?(&1))
diff --git a/lib/pleroma/web/activity_pub/object_validators/event_validator.ex b/lib/pleroma/web/activity_pub/object_validators/event_validator.ex
index 56ca6fe40..ec23770ad 100644
--- a/lib/pleroma/web/activity_pub/object_validators/event_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/event_validator.ex
@@ -26,34 +26,35 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.EventValidator do
     end
   end
 
-  def cast_and_apply(data, meta \\ []) do
+  def cast_and_apply(data) do
     data
-    |> cast_data(meta)
+    |> cast_data()
     |> apply_action(:insert)
   end
 
-  def cast_and_validate(data, meta \\ []) do
+  def cast_and_validate(data) do
     data
-    |> cast_data(meta)
+    |> cast_data()
     |> validate_data()
   end
 
-  def cast_data(data, meta \\ []) do
+  @spec cast_data(map()) :: map()
+  def cast_data(data) do
     %__MODULE__{}
-    |> changeset(data, meta)
+    |> changeset(data)
   end
 
-  defp fix(data, meta) do
+  defp fix(data) do
     data
     |> CommonFixes.fix_actor()
     |> CommonFixes.fix_object_defaults()
     |> Transmogrifier.fix_emoji()
-    |> CommonFixes.maybe_add_language(meta)
+    |> CommonFixes.maybe_add_language()
     |> CommonFixes.maybe_add_content_map()
   end
 
-  def changeset(struct, data, meta \\ []) do
-    data = fix(data, meta)
+  def changeset(struct, data) do
+    data = fix(data)
 
     struct
     |> cast(data, __schema__(:fields) -- [:attachment, :tag])
-- 
cgit v1.2.3


From a6e066a77d5ce65b034cd62775614d5902d29d85 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?marcin=20miko=C5=82ajczak?= <git@mkljczk.pl>
Date: Thu, 7 Mar 2024 14:05:45 +0100
Subject: Fix adding language to json ld header, add transmogrifier test
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
---
 lib/pleroma/web/activity_pub/transmogrifier.ex | 19 +++++++------------
 1 file changed, 7 insertions(+), 12 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex
index 169ba5db9..b3a3777a2 100644
--- a/lib/pleroma/web/activity_pub/transmogrifier.ex
+++ b/lib/pleroma/web/activity_pub/transmogrifier.ex
@@ -751,12 +751,11 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
       object_id
       |> Object.normalize(fetch: false)
       |> Map.get(:data)
-      |> prepare_object
 
     data =
       data
-      |> Map.put("object", object)
-      |> Map.merge(Utils.make_json_ld_header(data))
+      |> Map.put("object", prepare_object(object))
+      |> Map.merge(Utils.make_json_ld_header(object))
       |> Map.delete("bcc")
 
     {:ok, data}
@@ -764,14 +763,10 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
 
   def prepare_outgoing(%{"type" => "Update", "object" => %{"type" => objtype} = object} = data)
       when objtype in Pleroma.Constants.updatable_object_types() do
-    object =
-      object
-      |> prepare_object
-
     data =
       data
-      |> Map.put("object", object)
-      |> Map.merge(Utils.make_json_ld_header(data))
+      |> Map.put("object", prepare_object(object))
+      |> Map.merge(Utils.make_json_ld_header(object))
       |> Map.delete("bcc")
 
     {:ok, data}
@@ -792,7 +787,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     data =
       data
       |> strip_internal_fields
-      |> Map.merge(Utils.make_json_ld_header(data))
+      |> Map.merge(Utils.make_json_ld_header())
       |> Map.delete("bcc")
 
     {:ok, data}
@@ -812,7 +807,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
       data =
         data
         |> Map.put("object", object)
-        |> Map.merge(Utils.make_json_ld_header(data))
+        |> Map.merge(Utils.make_json_ld_header())
 
       {:ok, data}
     end
@@ -830,7 +825,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
       data =
         data
         |> Map.put("object", object)
-        |> Map.merge(Utils.make_json_ld_header(data))
+        |> Map.merge(Utils.make_json_ld_header())
 
       {:ok, data}
     end
-- 
cgit v1.2.3


From a40bf5d24fb75b246b9e11908b24cdcedabcb3af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?marcin=20miko=C5=82ajczak?= <git@mkljczk.pl>
Date: Sun, 28 Jul 2024 13:44:17 +0200
Subject: Fix good_locale_code?/1 regex
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
---
 lib/pleroma/ecto_type/activity_pub/object_validators/language_code.ex | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/pleroma/ecto_type/activity_pub/object_validators/language_code.ex b/lib/pleroma/ecto_type/activity_pub/object_validators/language_code.ex
index 3135af1fa..4779deeb0 100644
--- a/lib/pleroma/ecto_type/activity_pub/object_validators/language_code.ex
+++ b/lib/pleroma/ecto_type/activity_pub/object_validators/language_code.ex
@@ -21,7 +21,7 @@ defmodule Pleroma.EctoType.ActivityPub.ObjectValidators.LanguageCode do
 
   def load(data), do: {:ok, data}
 
-  def good_locale_code?(code) when is_binary(code), do: code =~ ~r<^[a-zA-Z0-9\-]+$>
+  def good_locale_code?(code) when is_binary(code), do: code =~ ~r<^[a-zA-Z0-9\-]+\z$>
 
   def good_locale_code?(_code), do: false
 end
-- 
cgit v1.2.3


From ad953143bb00d67eb981806981f8ef3e35c437e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?marcin=20miko=C5=82ajczak?= <git@mkljczk.pl>
Date: Sun, 15 Sep 2024 14:59:06 +0200
Subject: Require HTTP signatures (if enabled) for routes used by both C2S and
 S2S AP API
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
---
 lib/pleroma/web/plugs/http_signature_plug.ex | 12 ++++++++++--
 lib/pleroma/web/router.ex                    | 17 +++++++++++++++--
 2 files changed, 25 insertions(+), 4 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/plugs/http_signature_plug.ex b/lib/pleroma/web/plugs/http_signature_plug.ex
index 67974599a..2e16212ce 100644
--- a/lib/pleroma/web/plugs/http_signature_plug.ex
+++ b/lib/pleroma/web/plugs/http_signature_plug.ex
@@ -19,8 +19,16 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
     options
   end
 
-  def call(%{assigns: %{valid_signature: true}} = conn, _opts) do
-    conn
+  def call(%{assigns: %{valid_signature: true}} = conn, _opts), do: conn
+
+  # skip for C2S requests from authenticated users
+  def call(%{assigns: %{user: %Pleroma.User{}}} = conn, _opts) do
+    if get_format(conn) in ["json", "activity+json"] do
+      # ensure access token is provided for 2FA
+      Pleroma.Web.Plugs.EnsureAuthenticatedPlug.call(conn, %{})
+    else
+      conn
+    end
   end
 
   def call(conn, _opts) do
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 0423ca9e2..ad8529a30 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -907,17 +907,30 @@ defmodule Pleroma.Web.Router do
     plug(:after_auth)
   end
 
+  # AP interactions used by both S2S and C2S
+  pipeline :activitypub_server_or_client do
+    plug(:ap_service_actor)
+    plug(:fetch_session)
+    plug(:authenticate)
+    plug(:after_auth)
+    plug(:http_signature)
+  end
+
   scope "/", Pleroma.Web.ActivityPub do
     pipe_through([:activitypub_client])
 
     get("/api/ap/whoami", ActivityPubController, :whoami)
     get("/users/:nickname/inbox", ActivityPubController, :read_inbox)
 
-    get("/users/:nickname/outbox", ActivityPubController, :outbox)
     post("/users/:nickname/outbox", ActivityPubController, :update_outbox)
     post("/api/ap/upload_media", ActivityPubController, :upload_media)
+  end
+
+  scope "/", Pleroma.Web.ActivityPub do
+    pipe_through([:activitypub_server_or_client])
+
+    get("/users/:nickname/outbox", ActivityPubController, :outbox)
 
-    # The following two are S2S as well, see `ActivityPub.fetch_follow_information_for_user/1`:
     get("/users/:nickname/followers", ActivityPubController, :followers)
     get("/users/:nickname/following", ActivityPubController, :following)
     get("/users/:nickname/collections/featured", ActivityPubController, :pinned)
-- 
cgit v1.2.3


From 309d22aca2ec0557b27c8e3d8d12b088061e0142 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?marcin=20miko=C5=82ajczak?= <git@mkljczk.pl>
Date: Mon, 16 Sep 2024 13:33:56 +0200
Subject: Allow disabling C2S ActivityPub API
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
---
 .../web/plugs/ap_client_api_enabled_plug.ex        | 34 ++++++++++++++++++++++
 lib/pleroma/web/router.ex                          |  2 ++
 2 files changed, 36 insertions(+)
 create mode 100644 lib/pleroma/web/plugs/ap_client_api_enabled_plug.ex

(limited to 'lib')

diff --git a/lib/pleroma/web/plugs/ap_client_api_enabled_plug.ex b/lib/pleroma/web/plugs/ap_client_api_enabled_plug.ex
new file mode 100644
index 000000000..6807673f9
--- /dev/null
+++ b/lib/pleroma/web/plugs/ap_client_api_enabled_plug.ex
@@ -0,0 +1,34 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2024 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Plugs.APClientApiEnabledPlug do
+  import Plug.Conn
+  import Phoenix.Controller, only: [text: 2]
+
+  @config_impl Application.compile_env(:pleroma, [__MODULE__, :config_impl], Pleroma.Config)
+  @enabled_path [:activitypub, :client_api_enabled]
+
+  def init(options \\ []), do: Map.new(options)
+
+  def call(conn, %{allow_server: true}) do
+    if @config_impl.get(@enabled_path, false) do
+      conn
+    else
+      conn
+      |> assign(:user, nil)
+      |> assign(:token, nil)
+    end
+  end
+
+  def call(conn, _) do
+    if @config_impl.get(@enabled_path, false) do
+      conn
+    else
+      conn
+      |> put_status(:forbidden)
+      |> text("C2S not enabled")
+      |> halt()
+    end
+  end
+end
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index ad8529a30..d78a6aef4 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -902,6 +902,7 @@ defmodule Pleroma.Web.Router do
   # Client to Server (C2S) AP interactions
   pipeline :activitypub_client do
     plug(:ap_service_actor)
+    plug(Pleroma.Web.Plugs.APClientApiEnabledPlug)
     plug(:fetch_session)
     plug(:authenticate)
     plug(:after_auth)
@@ -912,6 +913,7 @@ defmodule Pleroma.Web.Router do
     plug(:ap_service_actor)
     plug(:fetch_session)
     plug(:authenticate)
+    plug(Pleroma.Web.Plugs.APClientApiEnabledPlug, allow_server: true)
     plug(:after_auth)
     plug(:http_signature)
   end
-- 
cgit v1.2.3


From c94c6eac22663a46d8c2822953e3b8b959a3d1fb Mon Sep 17 00:00:00 2001
From: floatingghost <hannah@coffee-and-dreams.uk>
Date: Mon, 5 Dec 2022 12:58:48 +0000
Subject: Remerge of hashtag following (#341)

this time with less idiot

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/341
Signed-off-by: mkljczk <git@mkljczk.pl>
---
 lib/pleroma/hashtag.ex                             | 27 +++++++++
 lib/pleroma/user.ex                                | 58 +++++++++++++++++++
 lib/pleroma/user/hashtag_follow.ex                 | 49 ++++++++++++++++
 lib/pleroma/web/activity_pub/activity_pub.ex       | 27 ++++++++-
 .../web/api_spec/operations/tag_operation.ex       | 65 ++++++++++++++++++++++
 lib/pleroma/web/api_spec/schemas/tag.ex            |  7 ++-
 .../web/mastodon_api/controllers/tag_controller.ex | 47 ++++++++++++++++
 .../controllers/timeline_controller.ex             |  6 ++
 lib/pleroma/web/mastodon_api/views/tag_view.ex     | 21 +++++++
 lib/pleroma/web/router.ex                          |  4 ++
 lib/pleroma/web/streamer.ex                        | 13 ++++-
 11 files changed, 321 insertions(+), 3 deletions(-)
 create mode 100644 lib/pleroma/user/hashtag_follow.ex
 create mode 100644 lib/pleroma/web/api_spec/operations/tag_operation.ex
 create mode 100644 lib/pleroma/web/mastodon_api/controllers/tag_controller.ex
 create mode 100644 lib/pleroma/web/mastodon_api/views/tag_view.ex

(limited to 'lib')

diff --git a/lib/pleroma/hashtag.ex b/lib/pleroma/hashtag.ex
index a43d88220..29e95e3a0 100644
--- a/lib/pleroma/hashtag.ex
+++ b/lib/pleroma/hashtag.ex
@@ -10,6 +10,7 @@ defmodule Pleroma.Hashtag do
 
   alias Ecto.Multi
   alias Pleroma.Hashtag
+  alias Pleroma.User.HashtagFollow
   alias Pleroma.Object
   alias Pleroma.Repo
 
@@ -27,6 +28,14 @@ defmodule Pleroma.Hashtag do
     |> String.trim()
   end
 
+  def get_by_id(id) do
+    Repo.get(Hashtag, id)
+  end
+
+  def get_by_name(name) do
+    Repo.get_by(Hashtag, name: normalize_name(name))
+  end
+
   def get_or_create_by_name(name) do
     changeset = changeset(%Hashtag{}, %{name: name})
 
@@ -103,4 +112,22 @@ defmodule Pleroma.Hashtag do
       {:ok, deleted_count}
     end
   end
+
+  def get_followers(%Hashtag{id: hashtag_id}) do
+    from(hf in HashtagFollow)
+    |> where([hf], hf.hashtag_id == ^hashtag_id)
+    |> join(:inner, [hf], u in assoc(hf, :user))
+    |> select([hf, u], u.id)
+    |> Repo.all()
+  end
+
+  def get_recipients_for_activity(%Pleroma.Activity{object: %{hashtags: tags}})
+      when is_list(tags) do
+    tags
+    |> Enum.map(&get_followers/1)
+    |> List.flatten()
+    |> Enum.uniq()
+  end
+
+  def get_recipients_for_activity(_activity), do: []
 end
diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index 7a36ece77..ed9421c44 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -19,6 +19,8 @@ defmodule Pleroma.User do
   alias Pleroma.Emoji
   alias Pleroma.FollowingRelationship
   alias Pleroma.Formatter
+  alias Pleroma.Hashtag
+  alias Pleroma.User.HashtagFollow
   alias Pleroma.HTML
   alias Pleroma.Keys
   alias Pleroma.MFA
@@ -174,6 +176,12 @@ defmodule Pleroma.User do
     has_many(:outgoing_relationships, UserRelationship, foreign_key: :source_id)
     has_many(:incoming_relationships, UserRelationship, foreign_key: :target_id)
 
+    many_to_many(:followed_hashtags, Hashtag,
+      on_replace: :delete,
+      on_delete: :delete_all,
+      join_through: HashtagFollow
+    )
+
     for {relationship_type,
          [
            {outgoing_relation, outgoing_relation_target},
@@ -2861,4 +2869,54 @@ defmodule Pleroma.User do
       birthday_month: month
     })
   end
+
+  defp maybe_load_followed_hashtags(%User{followed_hashtags: follows} = user)
+       when is_list(follows),
+       do: user
+
+  defp maybe_load_followed_hashtags(%User{} = user) do
+    followed_hashtags = HashtagFollow.get_by_user(user)
+    %{user | followed_hashtags: followed_hashtags}
+  end
+
+  def followed_hashtags(%User{followed_hashtags: follows})
+      when is_list(follows),
+      do: follows
+
+  def followed_hashtags(%User{} = user) do
+    {:ok, user} =
+      user
+      |> maybe_load_followed_hashtags()
+      |> set_cache()
+
+    user.followed_hashtags
+  end
+
+  def follow_hashtag(%User{} = user, %Hashtag{} = hashtag) do
+    Logger.debug("Follow hashtag #{hashtag.name} for user #{user.nickname}")
+    user = maybe_load_followed_hashtags(user)
+
+    with {:ok, _} <- HashtagFollow.new(user, hashtag),
+         follows <- HashtagFollow.get_by_user(user),
+         %User{} = user <- user |> Map.put(:followed_hashtags, follows) do
+      user
+      |> set_cache()
+    end
+  end
+
+  def unfollow_hashtag(%User{} = user, %Hashtag{} = hashtag) do
+    Logger.debug("Unfollow hashtag #{hashtag.name} for user #{user.nickname}")
+    user = maybe_load_followed_hashtags(user)
+
+    with {:ok, _} <- HashtagFollow.delete(user, hashtag),
+         follows <- HashtagFollow.get_by_user(user),
+         %User{} = user <- user |> Map.put(:followed_hashtags, follows) do
+      user
+      |> set_cache()
+    end
+  end
+
+  def following_hashtag?(%User{} = user, %Hashtag{} = hashtag) do
+    not is_nil(HashtagFollow.get(user, hashtag))
+  end
 end
diff --git a/lib/pleroma/user/hashtag_follow.ex b/lib/pleroma/user/hashtag_follow.ex
new file mode 100644
index 000000000..43ed93f4d
--- /dev/null
+++ b/lib/pleroma/user/hashtag_follow.ex
@@ -0,0 +1,49 @@
+defmodule Pleroma.User.HashtagFollow do
+  use Ecto.Schema
+  import Ecto.Query
+  import Ecto.Changeset
+
+  alias Pleroma.User
+  alias Pleroma.Hashtag
+  alias Pleroma.Repo
+
+  schema "user_follows_hashtag" do
+    belongs_to(:user, User, type: FlakeId.Ecto.CompatType)
+    belongs_to(:hashtag, Hashtag)
+  end
+
+  def changeset(%__MODULE__{} = user_hashtag_follow, attrs) do
+    user_hashtag_follow
+    |> cast(attrs, [:user_id, :hashtag_id])
+    |> unique_constraint(:hashtag_id,
+      name: :user_hashtag_follows_user_id_hashtag_id_index,
+      message: "already following"
+    )
+    |> validate_required([:user_id, :hashtag_id])
+  end
+
+  def new(%User{} = user, %Hashtag{} = hashtag) do
+    %__MODULE__{}
+    |> changeset(%{user_id: user.id, hashtag_id: hashtag.id})
+    |> Repo.insert(on_conflict: :nothing)
+  end
+
+  def delete(%User{} = user, %Hashtag{} = hashtag) do
+    with %__MODULE__{} = user_hashtag_follow <- get(user, hashtag) do
+      Repo.delete(user_hashtag_follow)
+    else
+      _ -> {:ok, nil}
+    end
+  end
+
+  def get(%User{} = user, %Hashtag{} = hashtag) do
+    from(hf in __MODULE__)
+    |> where([hf], hf.user_id == ^user.id and hf.hashtag_id == ^hashtag.id)
+    |> Repo.one()
+  end
+
+  def get_by_user(%User{} = user) do
+    Ecto.assoc(user, :followed_hashtags)
+    |> Repo.all()
+  end
+end
diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex
index df8795fe4..62c7a7b31 100644
--- a/lib/pleroma/web/activity_pub/activity_pub.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub.ex
@@ -924,6 +924,31 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
     )
   end
 
+  # Essentially, either look for activities addressed to `recipients`, _OR_ ones
+  # that reference a hashtag that the user follows
+  # Firstly, two fallbacks in case there's no hashtag constraint, or the user doesn't
+  # follow any
+  defp restrict_recipients_or_hashtags(query, recipients, user, nil) do
+    restrict_recipients(query, recipients, user)
+  end
+
+  defp restrict_recipients_or_hashtags(query, recipients, user, []) do
+    restrict_recipients(query, recipients, user)
+  end
+
+  defp restrict_recipients_or_hashtags(query, recipients, _user, hashtag_ids) do
+    from([activity, object] in query)
+    |> join(:left, [activity, object], hto in "hashtags_objects",
+      on: hto.object_id == object.id,
+      as: :hto
+    )
+    |> where(
+      [activity, object, hto: hto],
+      (hto.hashtag_id in ^hashtag_ids and ^Constants.as_public() in activity.recipients) or
+        fragment("? && ?", ^recipients, activity.recipients)
+    )
+  end
+
   defp restrict_local(query, %{local_only: true}) do
     from(activity in query, where: activity.local == true)
   end
@@ -1414,7 +1439,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
       |> maybe_preload_report_notes(opts)
       |> maybe_set_thread_muted_field(opts)
       |> maybe_order(opts)
-      |> restrict_recipients(recipients, opts[:user])
+      |> restrict_recipients_or_hashtags(recipients, opts[:user], opts[:followed_hashtags])
       |> restrict_replies(opts)
       |> restrict_since(opts)
       |> restrict_local(opts)
diff --git a/lib/pleroma/web/api_spec/operations/tag_operation.ex b/lib/pleroma/web/api_spec/operations/tag_operation.ex
new file mode 100644
index 000000000..e22457159
--- /dev/null
+++ b/lib/pleroma/web/api_spec/operations/tag_operation.ex
@@ -0,0 +1,65 @@
+defmodule Pleroma.Web.ApiSpec.TagOperation do
+  alias OpenApiSpex.Operation
+  alias OpenApiSpex.Schema
+  alias Pleroma.Web.ApiSpec.Schemas.ApiError
+  alias Pleroma.Web.ApiSpec.Schemas.Tag
+
+  def open_api_operation(action) do
+    operation = String.to_existing_atom("#{action}_operation")
+    apply(__MODULE__, operation, [])
+  end
+
+  def show_operation do
+    %Operation{
+      tags: ["Tags"],
+      summary: "Hashtag",
+      description: "View a hashtag",
+      security: [%{"oAuth" => ["read"]}],
+      parameters: [id_param()],
+      operationId: "TagController.show",
+      responses: %{
+        200 => Operation.response("Hashtag", "application/json", Tag),
+        404 => Operation.response("Not Found", "application/json", ApiError)
+      }
+    }
+  end
+
+  def follow_operation do
+    %Operation{
+      tags: ["Tags"],
+      summary: "Follow a hashtag",
+      description: "Follow a hashtag",
+      security: [%{"oAuth" => ["write:follows"]}],
+      parameters: [id_param()],
+      operationId: "TagController.follow",
+      responses: %{
+        200 => Operation.response("Hashtag", "application/json", Tag),
+        404 => Operation.response("Not Found", "application/json", ApiError)
+      }
+    }
+  end
+
+  def unfollow_operation do
+    %Operation{
+      tags: ["Tags"],
+      summary: "Unfollow a hashtag",
+      description: "Unfollow a hashtag",
+      security: [%{"oAuth" => ["write:follow"]}],
+      parameters: [id_param()],
+      operationId: "TagController.unfollow",
+      responses: %{
+        200 => Operation.response("Hashtag", "application/json", Tag),
+        404 => Operation.response("Not Found", "application/json", ApiError)
+      }
+    }
+  end
+
+  defp id_param do
+    Operation.parameter(
+      :id,
+      :path,
+      %Schema{type: :string},
+      "Name of the hashtag"
+    )
+  end
+end
diff --git a/lib/pleroma/web/api_spec/schemas/tag.ex b/lib/pleroma/web/api_spec/schemas/tag.ex
index 66bf0ca71..f68dc3f2a 100644
--- a/lib/pleroma/web/api_spec/schemas/tag.ex
+++ b/lib/pleroma/web/api_spec/schemas/tag.ex
@@ -17,11 +17,16 @@ defmodule Pleroma.Web.ApiSpec.Schemas.Tag do
         type: :string,
         format: :uri,
         description: "A link to the hashtag on the instance"
+      },
+      following: %Schema{
+        type: :boolean,
+        description: "Whether the authenticated user is following the hashtag"
       }
     },
     example: %{
       name: "cofe",
-      url: "https://lain.com/tag/cofe"
+      url: "https://lain.com/tag/cofe",
+      following: false
     }
   })
 end
diff --git a/lib/pleroma/web/mastodon_api/controllers/tag_controller.ex b/lib/pleroma/web/mastodon_api/controllers/tag_controller.ex
new file mode 100644
index 000000000..b8995eb00
--- /dev/null
+++ b/lib/pleroma/web/mastodon_api/controllers/tag_controller.ex
@@ -0,0 +1,47 @@
+defmodule Pleroma.Web.MastodonAPI.TagController do
+  @moduledoc "Hashtag routes for mastodon API"
+  use Pleroma.Web, :controller
+
+  alias Pleroma.User
+  alias Pleroma.Hashtag
+
+  plug(Pleroma.Web.ApiSpec.CastAndValidate)
+  plug(Pleroma.Web.Plugs.OAuthScopesPlug, %{scopes: ["read"]} when action in [:show])
+
+  plug(
+    Pleroma.Web.Plugs.OAuthScopesPlug,
+    %{scopes: ["write:follows"]} when action in [:follow, :unfollow]
+  )
+
+  defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.TagOperation
+
+  def show(conn, %{id: id}) do
+    with %Hashtag{} = hashtag <- Hashtag.get_by_name(id) do
+      render(conn, "show.json", tag: hashtag, for_user: conn.assigns.user)
+    else
+      _ -> conn |> render_error(:not_found, "Hashtag not found")
+    end
+  end
+
+  def follow(conn, %{id: id}) do
+    with %Hashtag{} = hashtag <- Hashtag.get_by_name(id),
+         %User{} = user <- conn.assigns.user,
+         {:ok, _} <-
+           User.follow_hashtag(user, hashtag) do
+      render(conn, "show.json", tag: hashtag, for_user: user)
+    else
+      _ -> render_error(conn, :not_found, "Hashtag not found")
+    end
+  end
+
+  def unfollow(conn, %{id: id}) do
+    with %Hashtag{} = hashtag <- Hashtag.get_by_name(id),
+         %User{} = user <- conn.assigns.user,
+         {:ok, _} <-
+           User.unfollow_hashtag(user, hashtag) do
+      render(conn, "show.json", tag: hashtag, for_user: user)
+    else
+      _ -> render_error(conn, :not_found, "Hashtag not found")
+    end
+  end
+end
diff --git a/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex b/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
index 293c61b41..5ee74a80e 100644
--- a/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
@@ -40,6 +40,11 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
 
   # GET /api/v1/timelines/home
   def home(%{assigns: %{user: user}} = conn, params) do
+    followed_hashtags =
+      user
+      |> User.followed_hashtags()
+      |> Enum.map(& &1.id)
+
     params =
       params
       |> Map.put(:type, ["Create", "Announce"])
@@ -49,6 +54,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
       |> Map.put(:announce_filtering_user, user)
       |> Map.put(:user, user)
       |> Map.put(:local_only, params[:local])
+      |> Map.put(:followed_hashtags, followed_hashtags)
       |> Map.delete(:local)
 
     activities =
diff --git a/lib/pleroma/web/mastodon_api/views/tag_view.ex b/lib/pleroma/web/mastodon_api/views/tag_view.ex
new file mode 100644
index 000000000..6e491c261
--- /dev/null
+++ b/lib/pleroma/web/mastodon_api/views/tag_view.ex
@@ -0,0 +1,21 @@
+defmodule Pleroma.Web.MastodonAPI.TagView do
+  use Pleroma.Web, :view
+  alias Pleroma.User
+  alias Pleroma.Web.Router.Helpers
+
+  def render("show.json", %{tag: tag, for_user: user}) do
+    following =
+      with %User{} <- user do
+        User.following_hashtag?(user, tag)
+      else
+        _ -> false
+      end
+
+    %{
+      name: tag.name,
+      url: Helpers.tag_feed_url(Pleroma.Web.Endpoint, :feed, tag.name),
+      history: [],
+      following: following
+    }
+  end
+end
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 0423ca9e2..4bbddbef7 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -755,6 +755,10 @@ defmodule Pleroma.Web.Router do
 
     get("/announcements", AnnouncementController, :index)
     post("/announcements/:id/dismiss", AnnouncementController, :mark_read)
+
+    get("/tags/:id", TagController, :show)
+    post("/tags/:id/follow", TagController, :follow)
+    post("/tags/:id/unfollow", TagController, :unfollow)
   end
 
   scope "/api/v1", Pleroma.Web.MastodonAPI do
diff --git a/lib/pleroma/web/streamer.ex b/lib/pleroma/web/streamer.ex
index 76dc0f42d..cc149e04c 100644
--- a/lib/pleroma/web/streamer.ex
+++ b/lib/pleroma/web/streamer.ex
@@ -19,6 +19,7 @@ defmodule Pleroma.Web.Streamer do
   alias Pleroma.Web.OAuth.Token
   alias Pleroma.Web.Plugs.OAuthScopesPlug
   alias Pleroma.Web.StreamerView
+  require Pleroma.Constants
 
   @registry Pleroma.Web.StreamerRegistry
 
@@ -305,7 +306,17 @@ defmodule Pleroma.Web.Streamer do
       User.get_recipients_from_activity(item)
       |> Enum.map(fn %{id: id} -> "user:#{id}" end)
 
-    Enum.each(recipient_topics, fn topic ->
+    hashtag_recipients =
+      if Pleroma.Constants.as_public() in item.recipients do
+        Pleroma.Hashtag.get_recipients_for_activity(item)
+        |> Enum.map(fn id -> "user:#{id}" end)
+      else
+        []
+      end
+
+    all_recipients = Enum.uniq(recipient_topics ++ hashtag_recipients)
+
+    Enum.each(all_recipients, fn topic ->
       push_to_socket(topic, item)
     end)
   end
-- 
cgit v1.2.3


From bdb9f888d731e9ac59fe17457eacc49d81c2a54c Mon Sep 17 00:00:00 2001
From: FloatingGhost <hannah@coffee-and-dreams.uk>
Date: Sat, 31 Dec 2022 18:05:21 +0000
Subject: Add /api/v1/followed_tags

Signed-off-by: mkljczk <git@mkljczk.pl>
---
 lib/pleroma/pagination.ex                          |  6 ++--
 lib/pleroma/user/hashtag_follow.ex                 |  8 ++++-
 .../web/api_spec/operations/tag_operation.ex       | 40 +++++++++++++++++++++-
 lib/pleroma/web/api_spec/schemas/tag.ex            |  6 ++++
 .../web/mastodon_api/controllers/tag_controller.ex | 32 ++++++++++++++++-
 lib/pleroma/web/mastodon_api/views/tag_view.ex     |  4 +++
 lib/pleroma/web/router.ex                          |  1 +
 7 files changed, 91 insertions(+), 6 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/pagination.ex b/lib/pleroma/pagination.ex
index 8db732cc9..66812b17b 100644
--- a/lib/pleroma/pagination.ex
+++ b/lib/pleroma/pagination.ex
@@ -89,9 +89,9 @@ defmodule Pleroma.Pagination do
 
   defp cast_params(params) do
     param_types = %{
-      min_id: :string,
-      since_id: :string,
-      max_id: :string,
+      min_id: params[:id_type] || :string,
+      since_id: params[:id_type] || :string,
+      max_id: params[:id_type] || :string,
       offset: :integer,
       limit: :integer,
       skip_extra_order: :boolean,
diff --git a/lib/pleroma/user/hashtag_follow.ex b/lib/pleroma/user/hashtag_follow.ex
index 43ed93f4d..dd0254ef4 100644
--- a/lib/pleroma/user/hashtag_follow.ex
+++ b/lib/pleroma/user/hashtag_follow.ex
@@ -43,7 +43,13 @@ defmodule Pleroma.User.HashtagFollow do
   end
 
   def get_by_user(%User{} = user) do
-    Ecto.assoc(user, :followed_hashtags)
+    user
+    |> followed_hashtags_query()
     |> Repo.all()
   end
+
+  def followed_hashtags_query(%User{} = user) do
+    Ecto.assoc(user, :followed_hashtags)
+    |> Ecto.Query.order_by([h], desc: h.id)
+  end
 end
diff --git a/lib/pleroma/web/api_spec/operations/tag_operation.ex b/lib/pleroma/web/api_spec/operations/tag_operation.ex
index e22457159..ce4f4ad5b 100644
--- a/lib/pleroma/web/api_spec/operations/tag_operation.ex
+++ b/lib/pleroma/web/api_spec/operations/tag_operation.ex
@@ -44,7 +44,7 @@ defmodule Pleroma.Web.ApiSpec.TagOperation do
       tags: ["Tags"],
       summary: "Unfollow a hashtag",
       description: "Unfollow a hashtag",
-      security: [%{"oAuth" => ["write:follow"]}],
+      security: [%{"oAuth" => ["write:follows"]}],
       parameters: [id_param()],
       operationId: "TagController.unfollow",
       responses: %{
@@ -54,6 +54,26 @@ defmodule Pleroma.Web.ApiSpec.TagOperation do
     }
   end
 
+  def show_followed_operation do
+    %Operation{
+      tags: ["Tags"],
+      summary: "Followed hashtags",
+      description: "View a list of hashtags the currently authenticated user is following",
+      parameters: pagination_params(),
+      security: [%{"oAuth" => ["read:follows"]}],
+      operationId: "TagController.show_followed",
+      responses: %{
+        200 =>
+          Operation.response("Hashtags", "application/json", %Schema{
+            type: :array,
+            items: Tag
+          }),
+        403 => Operation.response("Forbidden", "application/json", ApiError),
+        404 => Operation.response("Not Found", "application/json", ApiError)
+      }
+    }
+  end
+
   defp id_param do
     Operation.parameter(
       :id,
@@ -62,4 +82,22 @@ defmodule Pleroma.Web.ApiSpec.TagOperation do
       "Name of the hashtag"
     )
   end
+
+  def pagination_params do
+    [
+      Operation.parameter(:max_id, :query, :integer, "Return items older than this ID"),
+      Operation.parameter(
+        :min_id,
+        :query,
+        :integer,
+        "Return the oldest items newer than this ID"
+      ),
+      Operation.parameter(
+        :limit,
+        :query,
+        %Schema{type: :integer, default: 20},
+        "Maximum number of items to return. Will be ignored if it's more than 40"
+      )
+    ]
+  end
 end
diff --git a/lib/pleroma/web/api_spec/schemas/tag.ex b/lib/pleroma/web/api_spec/schemas/tag.ex
index f68dc3f2a..05ff10cd3 100644
--- a/lib/pleroma/web/api_spec/schemas/tag.ex
+++ b/lib/pleroma/web/api_spec/schemas/tag.ex
@@ -21,6 +21,12 @@ defmodule Pleroma.Web.ApiSpec.Schemas.Tag do
       following: %Schema{
         type: :boolean,
         description: "Whether the authenticated user is following the hashtag"
+      },
+      history: %Schema{
+        type: :array,
+        items: %Schema{type: :string},
+        description:
+          "A list of historical uses of the hashtag (not implemented, for compatibility only)"
       }
     },
     example: %{
diff --git a/lib/pleroma/web/mastodon_api/controllers/tag_controller.ex b/lib/pleroma/web/mastodon_api/controllers/tag_controller.ex
index b8995eb00..ca5ee48ac 100644
--- a/lib/pleroma/web/mastodon_api/controllers/tag_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/tag_controller.ex
@@ -4,9 +4,24 @@ defmodule Pleroma.Web.MastodonAPI.TagController do
 
   alias Pleroma.User
   alias Pleroma.Hashtag
+  alias Pleroma.Pagination
+
+  import Pleroma.Web.ControllerHelper,
+    only: [
+      add_link_headers: 2
+    ]
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
-  plug(Pleroma.Web.Plugs.OAuthScopesPlug, %{scopes: ["read"]} when action in [:show])
+
+  plug(
+    Pleroma.Web.Plugs.OAuthScopesPlug,
+    %{scopes: ["read"]} when action in [:show]
+  )
+
+  plug(
+    Pleroma.Web.Plugs.OAuthScopesPlug,
+    %{scopes: ["read:follows"]} when action in [:show_followed]
+  )
 
   plug(
     Pleroma.Web.Plugs.OAuthScopesPlug,
@@ -44,4 +59,19 @@ defmodule Pleroma.Web.MastodonAPI.TagController do
       _ -> render_error(conn, :not_found, "Hashtag not found")
     end
   end
+
+  def show_followed(conn, params) do
+    with %{assigns: %{user: %User{} = user}} <- conn do
+      params = Map.put(params, :id_type, :integer)
+
+      hashtags =
+        user
+        |> User.HashtagFollow.followed_hashtags_query()
+        |> Pagination.fetch_paginated(params)
+
+      conn
+      |> add_link_headers(hashtags)
+      |> render("index.json", tags: hashtags, for_user: user)
+    end
+  end
 end
diff --git a/lib/pleroma/web/mastodon_api/views/tag_view.ex b/lib/pleroma/web/mastodon_api/views/tag_view.ex
index 6e491c261..e24d423c2 100644
--- a/lib/pleroma/web/mastodon_api/views/tag_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/tag_view.ex
@@ -3,6 +3,10 @@ defmodule Pleroma.Web.MastodonAPI.TagView do
   alias Pleroma.User
   alias Pleroma.Web.Router.Helpers
 
+  def render("index.json", %{tags: tags, for_user: user}) do
+    safe_render_many(tags, __MODULE__, "show.json", %{for_user: user})
+  end
+
   def render("show.json", %{tag: tag, for_user: user}) do
     following =
       with %User{} <- user do
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 4bbddbef7..ca76427ac 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -759,6 +759,7 @@ defmodule Pleroma.Web.Router do
     get("/tags/:id", TagController, :show)
     post("/tags/:id/follow", TagController, :follow)
     post("/tags/:id/unfollow", TagController, :unfollow)
+    get("/followed_tags", TagController, :show_followed)
   end
 
   scope "/api/v1", Pleroma.Web.MastodonAPI do
-- 
cgit v1.2.3


From f565cf2b5b9d13a407e18aa2f7c52fb12588117b Mon Sep 17 00:00:00 2001
From: mkljczk <git@mkljczk.pl>
Date: Mon, 30 Dec 2024 18:11:21 +0100
Subject: update spec

Signed-off-by: mkljczk <git@mkljczk.pl>
---
 lib/pleroma/web/api_spec.ex | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/api_spec.ex b/lib/pleroma/web/api_spec.ex
index 314782818..63409870e 100644
--- a/lib/pleroma/web/api_spec.ex
+++ b/lib/pleroma/web/api_spec.ex
@@ -139,7 +139,8 @@ defmodule Pleroma.Web.ApiSpec do
               "Search",
               "Status actions",
               "Media attachments",
-              "Bookmark folders"
+              "Bookmark folders",
+              "Tags"
             ]
           },
           %{
-- 
cgit v1.2.3


From 36b71733a06e1ab6288c2f74968e6f04a002e7ec Mon Sep 17 00:00:00 2001
From: mkljczk <git@mkljczk.pl>
Date: Mon, 30 Dec 2024 18:43:21 +0100
Subject: fix alias ordering

Signed-off-by: mkljczk <git@mkljczk.pl>
---
 lib/pleroma/hashtag.ex                                     | 2 +-
 lib/pleroma/user.ex                                        | 2 +-
 lib/pleroma/user/hashtag_follow.ex                         | 2 +-
 lib/pleroma/web/mastodon_api/controllers/tag_controller.ex | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/hashtag.ex b/lib/pleroma/hashtag.ex
index 29e95e3a0..3682f0c14 100644
--- a/lib/pleroma/hashtag.ex
+++ b/lib/pleroma/hashtag.ex
@@ -10,9 +10,9 @@ defmodule Pleroma.Hashtag do
 
   alias Ecto.Multi
   alias Pleroma.Hashtag
-  alias Pleroma.User.HashtagFollow
   alias Pleroma.Object
   alias Pleroma.Repo
+  alias Pleroma.User.HashtagFollow
 
   schema "hashtags" do
     field(:name, :string)
diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index ed9421c44..d9da9ede1 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -20,7 +20,6 @@ defmodule Pleroma.User do
   alias Pleroma.FollowingRelationship
   alias Pleroma.Formatter
   alias Pleroma.Hashtag
-  alias Pleroma.User.HashtagFollow
   alias Pleroma.HTML
   alias Pleroma.Keys
   alias Pleroma.MFA
@@ -29,6 +28,7 @@ defmodule Pleroma.User do
   alias Pleroma.Registration
   alias Pleroma.Repo
   alias Pleroma.User
+  alias Pleroma.User.HashtagFollow
   alias Pleroma.UserRelationship
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.ActivityPub.Builder
diff --git a/lib/pleroma/user/hashtag_follow.ex b/lib/pleroma/user/hashtag_follow.ex
index dd0254ef4..3e28b130b 100644
--- a/lib/pleroma/user/hashtag_follow.ex
+++ b/lib/pleroma/user/hashtag_follow.ex
@@ -3,9 +3,9 @@ defmodule Pleroma.User.HashtagFollow do
   import Ecto.Query
   import Ecto.Changeset
 
-  alias Pleroma.User
   alias Pleroma.Hashtag
   alias Pleroma.Repo
+  alias Pleroma.User
 
   schema "user_follows_hashtag" do
     belongs_to(:user, User, type: FlakeId.Ecto.CompatType)
diff --git a/lib/pleroma/web/mastodon_api/controllers/tag_controller.ex b/lib/pleroma/web/mastodon_api/controllers/tag_controller.ex
index ca5ee48ac..21c21e984 100644
--- a/lib/pleroma/web/mastodon_api/controllers/tag_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/tag_controller.ex
@@ -2,9 +2,9 @@ defmodule Pleroma.Web.MastodonAPI.TagController do
   @moduledoc "Hashtag routes for mastodon API"
   use Pleroma.Web, :controller
 
-  alias Pleroma.User
   alias Pleroma.Hashtag
   alias Pleroma.Pagination
+  alias Pleroma.User
 
   import Pleroma.Web.ControllerHelper,
     only: [
-- 
cgit v1.2.3


From 855294bb3d802b801e3ec064341e4134253089a6 Mon Sep 17 00:00:00 2001
From: mkljczk <git@mkljczk.pl>
Date: Thu, 9 Jan 2025 12:58:51 +0100
Subject: Link to exported outbox/followers/following collections in backup
 actor.json

Signed-off-by: mkljczk <git@mkljczk.pl>
---
 lib/pleroma/user/backup.ex | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/pleroma/user/backup.ex b/lib/pleroma/user/backup.ex
index d77d49890..cdff297a9 100644
--- a/lib/pleroma/user/backup.ex
+++ b/lib/pleroma/user/backup.ex
@@ -246,7 +246,13 @@ defmodule Pleroma.User.Backup do
   defp actor(dir, user) do
     with {:ok, json} <-
            UserView.render("user.json", %{user: user})
-           |> Map.merge(%{"likes" => "likes.json", "bookmarks" => "bookmarks.json"})
+           |> Map.merge(%{
+             "bookmarks" => "bookmarks.json",
+             "likes" => "likes.json",
+             "outbox" => "outbox.json",
+             "followers" => "followers.json",
+             "following" => "following.json"
+           })
            |> Jason.encode() do
       File.write(Path.join(dir, "actor.json"), json)
     end
-- 
cgit v1.2.3


From 38b17933e160beb5923283786ca829af1d6b4036 Mon Sep 17 00:00:00 2001
From: mkljczk <git@mkljczk.pl>
Date: Sun, 19 Jan 2025 16:26:46 +0100
Subject: Include "published" in actor view

Signed-off-by: mkljczk <git@mkljczk.pl>
---
 lib/pleroma/web/activity_pub/views/user_view.ex | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex
index cd485ed64..61975387b 100644
--- a/lib/pleroma/web/activity_pub/views/user_view.ex
+++ b/lib/pleroma/web/activity_pub/views/user_view.ex
@@ -127,7 +127,8 @@ defmodule Pleroma.Web.ActivityPub.UserView do
       "capabilities" => capabilities,
       "alsoKnownAs" => user.also_known_as,
       "vcard:bday" => birthday,
-      "webfinger" => "acct:#{User.full_nickname(user)}"
+      "webfinger" => "acct:#{User.full_nickname(user)}",
+      "published" => Pleroma.Web.CommonAPI.Utils.to_masto_date(user.inserted_at)
     }
     |> Map.merge(
       maybe_make_image(
-- 
cgit v1.2.3


From 22261718907d227a521bb9f898e617ea137c502d Mon Sep 17 00:00:00 2001
From: Lain Soykaf <lain@lain.com>
Date: Tue, 21 Jan 2025 11:59:25 +0400
Subject: MediaProxyController: Use 301 for permanent redirects

---
 lib/pleroma/web/media_proxy/media_proxy_controller.ex | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex
index 0b446e0a6..a0aafc32e 100644
--- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex
+++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex
@@ -71,11 +71,15 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do
           drop_static_param_and_redirect(conn)
 
         content_type == "image/gif" ->
-          redirect(conn, external: media_proxy_url)
+          conn
+          |> put_status(301)
+          |> redirect(external: media_proxy_url)
 
         min_content_length_for_preview() > 0 and content_length > 0 and
             content_length < min_content_length_for_preview() ->
-          redirect(conn, external: media_proxy_url)
+          conn
+          |> put_status(301)
+          |> redirect(external: media_proxy_url)
 
         true ->
           handle_preview(content_type, conn, media_proxy_url)
-- 
cgit v1.2.3


From 8cd77168726e2e44d7612c29914c6b6398ff675d Mon Sep 17 00:00:00 2001
From: mkljczk <git@mkljczk.pl>
Date: Tue, 28 Jan 2025 22:28:34 +0100
Subject: Fix Mastodon incoming edits with inlined "likes"

Signed-off-by: mkljczk <git@mkljczk.pl>
---
 .../activity_pub/object_validators/article_note_page_validator.ex  | 1 +
 .../activity_pub/object_validators/audio_image_video_validator.ex  | 1 +
 lib/pleroma/web/activity_pub/object_validators/common_fixes.ex     | 7 +++++++
 lib/pleroma/web/activity_pub/object_validators/event_validator.ex  | 1 +
 .../web/activity_pub/object_validators/question_validator.ex       | 1 +
 5 files changed, 11 insertions(+)

(limited to 'lib')

diff --git a/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex b/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex
index 1b5b2e8fb..ada1a4ea9 100644
--- a/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex
@@ -85,6 +85,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNotePageValidator do
     |> fix_replies()
     |> fix_attachments()
     |> CommonFixes.fix_quote_url()
+    |> CommonFixes.fix_likes()
     |> Transmogrifier.fix_emoji()
     |> Transmogrifier.fix_content_map()
   end
diff --git a/lib/pleroma/web/activity_pub/object_validators/audio_image_video_validator.ex b/lib/pleroma/web/activity_pub/object_validators/audio_image_video_validator.ex
index 65ac6bb93..034c6f33f 100644
--- a/lib/pleroma/web/activity_pub/object_validators/audio_image_video_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/audio_image_video_validator.ex
@@ -100,6 +100,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.AudioImageVideoValidator do
     |> CommonFixes.fix_actor()
     |> CommonFixes.fix_object_defaults()
     |> CommonFixes.fix_quote_url()
+    |> CommonFixes.fix_likes()
     |> Transmogrifier.fix_emoji()
     |> fix_url()
     |> fix_content()
diff --git a/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex b/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex
index 4699029d4..a39110e10 100644
--- a/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex
@@ -114,6 +114,13 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes do
 
   def fix_quote_url(data), do: data
 
+  # On Mastodon, `"likes"` attribute includes an inlined `Collection` with `totalItems`,
+  # not a list of users.
+  # https://github.com/mastodon/mastodon/pull/32007
+  def fix_likes(%{"likes" => %{}} = data), do: Map.drop(data, ["likes"])
+
+  def fix_likes(data), do: data
+
   # https://codeberg.org/fediverse/fep/src/branch/main/fep/e232/fep-e232.md
   def object_link_tag?(%{
         "type" => "Link",
diff --git a/lib/pleroma/web/activity_pub/object_validators/event_validator.ex b/lib/pleroma/web/activity_pub/object_validators/event_validator.ex
index ab204f69a..c87515e80 100644
--- a/lib/pleroma/web/activity_pub/object_validators/event_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/event_validator.ex
@@ -47,6 +47,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.EventValidator do
     data
     |> CommonFixes.fix_actor()
     |> CommonFixes.fix_object_defaults()
+    |> CommonFixes.fix_likes()
     |> Transmogrifier.fix_emoji()
   end
 
diff --git a/lib/pleroma/web/activity_pub/object_validators/question_validator.ex b/lib/pleroma/web/activity_pub/object_validators/question_validator.ex
index 7f9d4d648..21940f4f1 100644
--- a/lib/pleroma/web/activity_pub/object_validators/question_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/question_validator.ex
@@ -64,6 +64,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.QuestionValidator do
     |> CommonFixes.fix_actor()
     |> CommonFixes.fix_object_defaults()
     |> CommonFixes.fix_quote_url()
+    |> CommonFixes.fix_likes()
     |> Transmogrifier.fix_emoji()
     |> fix_closed()
   end
-- 
cgit v1.2.3


From 81ab906466f8e46ac2a16011faa8d0c2bd009957 Mon Sep 17 00:00:00 2001
From: Lain Soykaf <lain@lain.com>
Date: Thu, 30 Jan 2025 12:18:20 +0400
Subject: AnalyzeMetadata: Don't crash on grayscale image blurhash

---
 lib/pleroma/upload/filter/analyze_metadata.ex | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/upload/filter/analyze_metadata.ex b/lib/pleroma/upload/filter/analyze_metadata.ex
index 7ee643277..a8480bf36 100644
--- a/lib/pleroma/upload/filter/analyze_metadata.ex
+++ b/lib/pleroma/upload/filter/analyze_metadata.ex
@@ -90,9 +90,13 @@ defmodule Pleroma.Upload.Filter.AnalyzeMetadata do
       {:ok, rgb} =
         if Image.has_alpha?(resized_image) do
           # remove alpha channel
-          resized_image
-          |> Operation.extract_band!(0, n: 3)
-          |> Image.write_to_binary()
+          case Operation.extract_band(resized_image, 0, n: 3) do
+            {:ok, data} ->
+              Image.write_to_binary(data)
+
+            _ ->
+              Image.write_to_binary(resized_image)
+          end
         else
           Image.write_to_binary(resized_image)
         end
-- 
cgit v1.2.3


From 120fbbc97e4430fb87749ca9271d318889dba7ff Mon Sep 17 00:00:00 2001
From: mkljczk <git@mkljczk.pl>
Date: Mon, 17 Feb 2025 17:55:03 +0100
Subject: Include contentMap in outgoing posts

Signed-off-by: mkljczk <git@mkljczk.pl>
---
 lib/pleroma/constants.ex                       | 1 +
 lib/pleroma/web/activity_pub/transmogrifier.ex | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/pleroma/constants.ex b/lib/pleroma/constants.ex
index 2d08cd7a1..42751940a 100644
--- a/lib/pleroma/constants.ex
+++ b/lib/pleroma/constants.ex
@@ -37,6 +37,7 @@ defmodule Pleroma.Constants do
       "updated",
       "emoji",
       "content",
+      "contentMap",
       "summary",
       "sensitive",
       "attachment",
diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex
index a6f711733..1cea12aa3 100644
--- a/lib/pleroma/web/activity_pub/transmogrifier.ex
+++ b/lib/pleroma/web/activity_pub/transmogrifier.ex
@@ -6,6 +6,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
   @moduledoc """
   A module to handle coding from internal to wire ActivityPub and back.
   """
+  alias Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes
   alias Pleroma.Activity
   alias Pleroma.EctoType.ActivityPub.ObjectValidators
   alias Pleroma.Maps
@@ -167,7 +168,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
 
   def fix_quote_url_and_maybe_fetch(object, options \\ []) do
     quote_url =
-      case Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes.fix_quote_url(object) do
+      case CommonFixes.fix_quote_url(object) do
         %{"quoteUrl" => quote_url} -> quote_url
         _ -> nil
       end
@@ -720,6 +721,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     |> set_reply_to_uri
     |> set_quote_url
     |> set_replies
+    |> CommonFixes.maybe_add_content_map()
     |> strip_internal_fields
     |> strip_internal_tags
     |> set_type
-- 
cgit v1.2.3


From 04af8bfd9c884dde39dd2073402e70cc219d3c6d Mon Sep 17 00:00:00 2001
From: mkljczk <git@mkljczk.pl>
Date: Mon, 17 Feb 2025 18:26:24 +0100
Subject: credo

Signed-off-by: mkljczk <git@mkljczk.pl>
---
 lib/pleroma/web/activity_pub/transmogrifier.ex | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex
index 1cea12aa3..4c9956c7a 100644
--- a/lib/pleroma/web/activity_pub/transmogrifier.ex
+++ b/lib/pleroma/web/activity_pub/transmogrifier.ex
@@ -6,7 +6,6 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
   @moduledoc """
   A module to handle coding from internal to wire ActivityPub and back.
   """
-  alias Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes
   alias Pleroma.Activity
   alias Pleroma.EctoType.ActivityPub.ObjectValidators
   alias Pleroma.Maps
@@ -17,6 +16,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.ActivityPub.Builder
   alias Pleroma.Web.ActivityPub.ObjectValidator
+  alias Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes
   alias Pleroma.Web.ActivityPub.Pipeline
   alias Pleroma.Web.ActivityPub.Utils
   alias Pleroma.Web.ActivityPub.Visibility
-- 
cgit v1.2.3


From d905fa0ad867fa59e89c1e74ebd831d523b7f609 Mon Sep 17 00:00:00 2001
From: mkljczk <git@mkljczk.pl>
Date: Mon, 17 Feb 2025 21:27:32 +0100
Subject: Allow incoming "Listen" activities

Signed-off-by: mkljczk <git@mkljczk.pl>
---
 lib/pleroma/constants.ex | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/pleroma/constants.ex b/lib/pleroma/constants.ex
index 2828c79a9..c11c66f4d 100644
--- a/lib/pleroma/constants.ex
+++ b/lib/pleroma/constants.ex
@@ -100,7 +100,8 @@ defmodule Pleroma.Constants do
       "Announce",
       "Undo",
       "Flag",
-      "EmojiReact"
+      "EmojiReact",
+      "Listen"
     ]
   )
 
-- 
cgit v1.2.3


From f26509bf1621f05e6188df75e5f27d1c8ec77593 Mon Sep 17 00:00:00 2001
From: Mark Felder <feld@feld.me>
Date: Fri, 21 Feb 2025 17:38:55 -0800
Subject: Fix missing check for domain presence in rich media ignore_host
 configuration

---
 lib/pleroma/web/rich_media/card.ex | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/rich_media/card.ex b/lib/pleroma/web/rich_media/card.ex
index abad4957e..6b4bb9555 100644
--- a/lib/pleroma/web/rich_media/card.ex
+++ b/lib/pleroma/web/rich_media/card.ex
@@ -54,7 +54,10 @@ defmodule Pleroma.Web.RichMedia.Card do
 
   @spec get_by_url(String.t() | nil) :: t() | nil | :error
   def get_by_url(url) when is_binary(url) do
-    if @config_impl.get([:rich_media, :enabled]) do
+    host = URI.parse(url).host
+
+    with true <- @config_impl.get([:rich_media, :enabled]),
+         true <- host not in @config_impl.get([:rich_media, :ignore_hosts], []) do
       url_hash = url_to_hash(url)
 
       @cachex.fetch!(:rich_media_cache, url_hash, fn _ ->
@@ -69,7 +72,7 @@ defmodule Pleroma.Web.RichMedia.Card do
         end
       end)
     else
-      :error
+      false -> :error
     end
   end
 
@@ -77,7 +80,10 @@ defmodule Pleroma.Web.RichMedia.Card do
 
   @spec get_or_backfill_by_url(String.t(), keyword()) :: t() | nil
   def get_or_backfill_by_url(url, opts \\ []) do
-    if @config_impl.get([:rich_media, :enabled]) do
+    host = URI.parse(url).host
+
+    with true <- @config_impl.get([:rich_media, :enabled]),
+         true <- host not in @config_impl.get([:rich_media, :ignore_hosts], []) do
       case get_by_url(url) do
         %__MODULE__{} = card ->
           card
@@ -94,7 +100,7 @@ defmodule Pleroma.Web.RichMedia.Card do
           nil
       end
     else
-      nil
+      false -> nil
     end
   end
 
-- 
cgit v1.2.3


From 0f5ac7e86dd36b80016a90fe8aca581a4275b71e Mon Sep 17 00:00:00 2001
From: Oneric <oneric@oneric.stub>
Date: Wed, 30 Oct 2024 23:18:10 +0100
Subject: Add SafeZip module

This will replace all the slightly different safety workarounds at
different ZIP handling sites and ensure safety is actually consistently
enforced everywhere while also making code cleaner and easiert to
follow.
---
 lib/pleroma/safe_zip.ex | 216 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 216 insertions(+)
 create mode 100644 lib/pleroma/safe_zip.ex

(limited to 'lib')

diff --git a/lib/pleroma/safe_zip.ex b/lib/pleroma/safe_zip.ex
new file mode 100644
index 000000000..35fe2be19
--- /dev/null
+++ b/lib/pleroma/safe_zip.ex
@@ -0,0 +1,216 @@
+# Akkoma: Magically expressive social media
+# Copyright © 2024 Akkoma Authors <https://akkoma.dev/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.SafeZip do
+  @moduledoc """
+  Wraps the subset of Erlang's zip module we’d like to use
+  but enforces path-traversal safety everywhere and other checks.
+
+  For convenience almost all functions accept both elixir strings and charlists,
+  but output elixir strings themselves. However, this means the input parameter type
+  can no longer be used to distinguish archive file paths from archive binary data in memory,
+  thus where needed both a _data and _file variant are provided.
+  """
+
+  @type text() :: String.t() | [char()]
+
+  defp is_safe_path?(path) do
+    # Path accepts elixir’s chardata()
+    case Path.safe_relative(path) do
+      {:ok, _} -> true
+      _ -> false
+    end
+  end
+
+  defp is_safe_type?(file_type) do
+    if file_type in [:regular, :directory] do
+      true
+    else
+      false
+    end
+  end
+
+  defp maybe_add_file(_type, _path_charlist, nil), do: nil
+
+  defp maybe_add_file(:regular, path_charlist, file_list),
+    do: [to_string(path_charlist) | file_list]
+
+  defp maybe_add_file(_type, _path_charlist, file_list), do: file_list
+
+  @spec check_safe_archive_and_maybe_list_files(binary() | [char()], [term()], boolean()) ::
+          {:ok, [String.t()]} | {:error, reason :: term()}
+  defp check_safe_archive_and_maybe_list_files(archive, opts, list) do
+    acc = if list, do: [], else: nil
+
+    with {:ok, table} <- :zip.table(archive, opts) do
+      Enum.reduce_while(table, {:ok, acc}, fn
+        # ZIP comment
+        {:zip_comment, _}, acc ->
+          {:cont, acc}
+
+        # File entry
+        {:zip_file, path, info, _comment, _offset, _comp_size}, {:ok, fl} ->
+          with {_, type} <- {:get_type, elem(info, 2)},
+               {_, true} <- {:type, is_safe_type?(type)},
+               {_, true} <- {:safe_path, is_safe_path?(path)} do
+            {:cont, {:ok, maybe_add_file(type, path, fl)}}
+          else
+            {:get_type, e} ->
+              {:halt,
+               {:error, "Couldn't determine file type of ZIP entry at #{path} (#{inspect(e)})"}}
+
+            {:type, _} ->
+              {:halt, {:error, "Potentially unsafe file type in ZIP at: #{path}"}}
+
+            {:safe_path, _} ->
+              {:halt, {:error, "Unsafe path in ZIP: #{path}"}}
+          end
+
+        # new OTP version?
+        _, _acc ->
+          {:halt, {:error, "Unknown ZIP record type"}}
+      end)
+    end
+  end
+
+  @spec check_safe_archive_and_list_files(binary() | [char()], [term()]) ::
+          {:ok, [String.t()]} | {:error, reason :: term()}
+  defp check_safe_archive_and_list_files(archive, opts \\ []) do
+    check_safe_archive_and_maybe_list_files(archive, opts, true)
+  end
+
+  @spec check_safe_archive(binary() | [char()], [term()]) :: :ok | {:error, reason :: term()}
+  defp check_safe_archive(archive, opts \\ []) do
+    case check_safe_archive_and_maybe_list_files(archive, opts, false) do
+      {:ok, _} -> :ok
+      error -> error
+    end
+  end
+
+  @spec check_safe_file_list([text()], text()) :: :ok | {:error, term()}
+  defp check_safe_file_list([], _), do: :ok
+
+  defp check_safe_file_list([path | tail], cwd) do
+    with {_, true} <- {:path, is_safe_path?(path)},
+         {_, {:ok, fstat}} <- {:stat, File.stat(Path.expand(path, cwd))},
+         {_, true} <- {:type, is_safe_type?(fstat.type)} do
+      check_safe_file_list(tail, cwd)
+    else
+      {:path, _} ->
+        {:error, "Unsafe path escaping cwd: #{path}"}
+
+      {:stat, e} ->
+        {:error, "Unable to check file type of #{path}: #{inspect(e)}"}
+
+      {:type, _} ->
+        {:error, "Unsafe type at #{path}"}
+    end
+  end
+
+  defp check_safe_file_list(_, _), do: {:error, "Malformed file_list"}
+
+  @doc """
+  Checks whether the archive data contais file entries for all paths from fset
+
+  Note this really only accepts entries corresponding to regular _files_,
+  if a path is contained as for example an directory, this does not count as a match.
+  """
+  @spec contains_all_data?(binary(), MapSet.t()) :: true | false
+  def contains_all_data?(archive_data, fset) do
+    with {:ok, table} <- :zip.table(archive_data) do
+      remaining =
+        Enum.reduce(table, fset, fn
+          {:zip_file, path, info, _comment, _offset, _comp_size}, fset ->
+            if elem(info, 2) == :regular do
+              MapSet.delete(fset, path)
+            else
+              fset
+            end
+
+          _, _ ->
+            fset
+        end)
+        |> MapSet.size()
+
+      if remaining == 0, do: true, else: false
+    else
+      _ -> false
+    end
+  end
+
+  @doc """
+  List all file entries in ZIP, or error if invalid or unsafe.
+
+  Note this really only lists regular files, no directories, ZIP comments or other types!
+  """
+  @spec list_dir_file(text()) :: {:ok, [String.t()]} | {:error, reason :: term()}
+  def list_dir_file(archive) do
+    path = to_charlist(archive)
+    check_safe_archive_and_list_files(path)
+  end
+
+  defp stringify_zip({:ok, {fname, data}}), do: {:ok, {to_string(fname), data}}
+  defp stringify_zip({:ok, fname}), do: {:ok, to_string(fname)}
+  defp stringify_zip(ret), do: ret
+
+  @spec zip(text(), text(), [text()], boolean()) ::
+          {:ok, file_name :: String.t()}
+          | {:ok, {file_name :: String.t(), file_data :: binary()}}
+          | {:error, reason :: term()}
+  def zip(name, file_list, cwd, memory \\ false) do
+    opts = [{:cwd, to_charlist(cwd)}]
+    opts = if memory, do: [:memory | opts], else: opts
+
+    with :ok <- check_safe_file_list(file_list, cwd) do
+      file_list = for f <- file_list, do: to_charlist(f)
+      name = to_charlist(name)
+      stringify_zip(:zip.zip(name, file_list, opts))
+    end
+  end
+
+  @spec unzip_file(text(), text(), [text()] | nil) ::
+          {:ok, [String.t()]}
+          | {:error, reason :: term()}
+          | {:error, {name :: text(), reason :: term()}}
+  def unzip_file(archive, target_dir, file_list \\ nil) do
+    do_unzip(to_charlist(archive), to_charlist(target_dir), file_list)
+  end
+
+  @spec unzip_data(binary(), text(), [text()] | nil) ::
+          {:ok, [String.t()]}
+          | {:error, reason :: term()}
+          | {:error, {name :: text(), reason :: term()}}
+  def unzip_data(archive, target_dir, file_list \\ nil) do
+    do_unzip(archive, to_charlist(target_dir), file_list)
+  end
+
+  defp stringify_unzip({:ok, [{_fname, _data} | _] = filebinlist}),
+    do: {:ok, Enum.map(filebinlist, fn {fname, data} -> {to_string(fname), data} end)}
+
+  defp stringify_unzip({:ok, [_fname | _] = filelist}),
+    do: {:ok, Enum.map(filelist, fn fname -> to_string(fname) end)}
+
+  defp stringify_unzip({:error, {fname, term}}), do: {:error, {to_string(fname), term}}
+  defp stringify_unzip(ret), do: ret
+
+  @spec do_unzip(binary() | [char()], text(), [text()] | nil) ::
+          {:ok, [String.t()]}
+          | {:error, reason :: term()}
+          | {:error, {name :: text(), reason :: term()}}
+  defp do_unzip(archive, target_dir, file_list) do
+    opts =
+      if file_list != nil do
+        [
+          file_list: for(f <- file_list, do: to_charlist(f)),
+          cwd: target_dir
+        ]
+      else
+        [cwd: target_dir]
+      end
+
+    with :ok <- check_safe_archive(archive) do
+      stringify_unzip(:zip.unzip(archive, opts))
+    end
+  end
+end
-- 
cgit v1.2.3


From 2fcb90f3697d3c15e1aebab89b7eaaa69a315c0b Mon Sep 17 00:00:00 2001
From: Lain Soykaf <lain@lain.com>
Date: Thu, 27 Feb 2025 17:06:15 +0400
Subject: Emoji, Pack, Backup, Frontend: Use SafeZip

---
 lib/mix/tasks/pleroma/emoji.ex |  15 ++----
 lib/pleroma/emoji/pack.ex      | 101 ++++++++++++++++++++++-------------------
 lib/pleroma/frontend.ex        |  22 ++-------
 lib/pleroma/user/backup.ex     |  16 ++++---
 4 files changed, 71 insertions(+), 83 deletions(-)

(limited to 'lib')

diff --git a/lib/mix/tasks/pleroma/emoji.ex b/lib/mix/tasks/pleroma/emoji.ex
index 8b9c921c8..b656f161f 100644
--- a/lib/mix/tasks/pleroma/emoji.ex
+++ b/lib/mix/tasks/pleroma/emoji.ex
@@ -93,6 +93,7 @@ defmodule Mix.Tasks.Pleroma.Emoji do
         )
 
         files = fetch_and_decode!(files_loc)
+        files_to_unzip = for({_, f} <- files, do: f)
 
         IO.puts(IO.ANSI.format(["Unpacking ", :bright, pack_name]))
 
@@ -103,17 +104,7 @@ defmodule Mix.Tasks.Pleroma.Emoji do
             pack_name
           ])
 
-        files_to_unzip =
-          Enum.map(
-            files,
-            fn {_, f} -> to_charlist(f) end
-          )
-
-        {:ok, _} =
-          :zip.unzip(binary_archive,
-            cwd: String.to_charlist(pack_path),
-            file_list: files_to_unzip
-          )
+        {:ok, _} = Pleroma.SafeZip.unzip_data(binary_archive, pack_path, files_to_unzip)
 
         IO.puts(IO.ANSI.format(["Writing pack.json for ", :bright, pack_name]))
 
@@ -201,7 +192,7 @@ defmodule Mix.Tasks.Pleroma.Emoji do
 
     tmp_pack_dir = Path.join(System.tmp_dir!(), "emoji-pack-#{name}")
 
-    {:ok, _} = :zip.unzip(binary_archive, cwd: String.to_charlist(tmp_pack_dir))
+    {:ok, _} = Pleroma.SafeZip.unzip_data(binary_archive, tmp_pack_dir)
 
     emoji_map = Pleroma.Emoji.Loader.make_shortcode_to_file_map(tmp_pack_dir, exts)
 
diff --git a/lib/pleroma/emoji/pack.ex b/lib/pleroma/emoji/pack.ex
index 785fdb8b2..cef12822c 100644
--- a/lib/pleroma/emoji/pack.ex
+++ b/lib/pleroma/emoji/pack.ex
@@ -25,11 +25,12 @@ defmodule Pleroma.Emoji.Pack do
   alias Pleroma.Emoji
   alias Pleroma.Emoji.Pack
   alias Pleroma.Utils
+  alias Pleroma.SafeZip
 
   @spec create(String.t()) :: {:ok, t()} | {:error, File.posix()} | {:error, :empty_values}
   def create(name) do
     with :ok <- validate_not_empty([name]),
-         dir <- Path.join(emoji_path(), name),
+         dir <- path_join_name_safe(emoji_path(), name),
          :ok <- File.mkdir(dir) do
       save_pack(%__MODULE__{pack_file: Path.join(dir, "pack.json")})
     end
@@ -65,43 +66,21 @@ defmodule Pleroma.Emoji.Pack do
           {:ok, [binary()]} | {:error, File.posix(), binary()} | {:error, :empty_values}
   def delete(name) do
     with :ok <- validate_not_empty([name]),
-         pack_path <- Path.join(emoji_path(), name) do
+         pack_path <- path_join_name_safe(emoji_path(), name) do
       File.rm_rf(pack_path)
     end
   end
 
-  @spec unpack_zip_emojies(list(tuple())) :: list(map())
-  defp unpack_zip_emojies(zip_files) do
-    Enum.reduce(zip_files, [], fn
-      {_, path, s, _, _, _}, acc when elem(s, 2) == :regular ->
-        with(
-          filename <- Path.basename(path),
-          shortcode <- Path.basename(filename, Path.extname(filename)),
-          false <- Emoji.exist?(shortcode)
-        ) do
-          [%{path: path, filename: path, shortcode: shortcode} | acc]
-        else
-          _ -> acc
-        end
-
-      _, acc ->
-        acc
-    end)
-  end
-
   @spec add_file(t(), String.t(), Path.t(), Plug.Upload.t()) ::
           {:ok, t()}
           | {:error, File.posix() | atom()}
   def add_file(%Pack{} = pack, _, _, %Plug.Upload{content_type: "application/zip"} = file) do
-    with {:ok, zip_files} <- :zip.table(to_charlist(file.path)),
-         [_ | _] = emojies <- unpack_zip_emojies(zip_files),
+    with {:ok, zip_files} <- SafeZip.list_dir_file(file.path),
+         [_ | _] = emojies <- map_zip_emojies(zip_files),
          {:ok, tmp_dir} <- Utils.tmp_dir("emoji") do
       try do
         {:ok, _emoji_files} =
-          :zip.unzip(
-            to_charlist(file.path),
-            [{:file_list, Enum.map(emojies, & &1[:path])}, {:cwd, String.to_charlist(tmp_dir)}]
-          )
+          SafeZip.unzip_file(file.path, tmp_dir, Enum.map(emojies, & &1[:path]))
 
         {_, updated_pack} =
           Enum.map_reduce(emojies, pack, fn item, emoji_pack ->
@@ -292,7 +271,7 @@ defmodule Pleroma.Emoji.Pack do
   @spec load_pack(String.t()) :: {:ok, t()} | {:error, :file.posix()}
   def load_pack(name) do
     name = Path.basename(name)
-    pack_file = Path.join([emoji_path(), name, "pack.json"])
+    pack_file = path_join_name_safe(emoji_path(), name) |> Path.join("pack.json")
 
     with {:ok, _} <- File.stat(pack_file),
          {:ok, pack_data} <- File.read(pack_file) do
@@ -416,10 +395,9 @@ defmodule Pleroma.Emoji.Pack do
   end
 
   defp create_archive_and_cache(pack, hash) do
-    files = [~c"pack.json" | Enum.map(pack.files, fn {_, file} -> to_charlist(file) end)]
-
-    {:ok, {_, result}} =
-      :zip.zip(~c"#{pack.name}.zip", files, [:memory, cwd: to_charlist(pack.path)])
+    pack_file_list = Enum.into(pack.files, [], fn {_, f} -> f end)
+    files = ["pack.json" | pack_file_list]
+    {:ok, {_, result}} = SafeZip.zip("#{pack.name}.zip", files, pack.path, true)
 
     ttl_per_file = Pleroma.Config.get!([:emoji, :shared_pack_cache_seconds_per_file])
     overall_ttl = :timer.seconds(ttl_per_file * Enum.count(files))
@@ -478,7 +456,7 @@ defmodule Pleroma.Emoji.Pack do
   end
 
   defp save_file(%Plug.Upload{path: upload_path}, pack, filename) do
-    file_path = Path.join(pack.path, filename)
+    file_path = path_join_safe(pack.path, filename)
     create_subdirs(file_path)
 
     with {:ok, _} <- File.copy(upload_path, file_path) do
@@ -497,8 +475,8 @@ defmodule Pleroma.Emoji.Pack do
   end
 
   defp rename_file(pack, filename, new_filename) do
-    old_path = Path.join(pack.path, filename)
-    new_path = Path.join(pack.path, new_filename)
+    old_path = path_join_safe(pack.path, filename)
+    new_path = path_join_safe(pack.path, new_filename)
     create_subdirs(new_path)
 
     with :ok <- File.rename(old_path, new_path) do
@@ -516,7 +494,7 @@ defmodule Pleroma.Emoji.Pack do
 
   defp remove_file(pack, shortcode) do
     with {:ok, filename} <- get_filename(pack, shortcode),
-         emoji <- Path.join(pack.path, filename),
+         emoji <- path_join_safe(pack.path, filename),
          :ok <- File.rm(emoji) do
       remove_dir_if_empty(emoji, filename)
     end
@@ -534,7 +512,7 @@ defmodule Pleroma.Emoji.Pack do
 
   defp get_filename(pack, shortcode) do
     with %{^shortcode => filename} when is_binary(filename) <- pack.files,
-         file_path <- Path.join(pack.path, filename),
+         file_path <- path_join_safe(pack.path, filename),
          {:ok, _} <- File.stat(file_path) do
       {:ok, filename}
     else
@@ -584,11 +562,10 @@ defmodule Pleroma.Emoji.Pack do
 
   defp unzip(archive, pack_info, remote_pack, local_pack) do
     with :ok <- File.mkdir_p!(local_pack.path) do
-      files = Enum.map(remote_pack["files"], fn {_, path} -> to_charlist(path) end)
+      files = Enum.map(remote_pack["files"], fn {_, path} -> path end)
       # Fallback cannot contain a pack.json file
-      files = if pack_info[:fallback], do: files, else: [~c"pack.json" | files]
-
-      :zip.unzip(archive, cwd: to_charlist(local_pack.path), file_list: files)
+      files = if pack_info[:fallback], do: files, else: ["pack.json" | files]
+      SafeZip.unzip_data(archive, local_pack.path, files)
     end
   end
 
@@ -649,13 +626,43 @@ defmodule Pleroma.Emoji.Pack do
   end
 
   defp validate_has_all_files(pack, zip) do
-    with {:ok, f_list} <- :zip.unzip(zip, [:memory]) do
-      # Check if all files from the pack.json are in the archive
-      pack.files
-      |> Enum.all?(fn {_, from_manifest} ->
-        List.keyfind(f_list, to_charlist(from_manifest), 0)
+    # Check if all files from the pack.json are in the archive
+    eset =
+      Enum.reduce(pack.files, MapSet.new(), fn
+        {_, file}, s -> MapSet.put(s, to_charlist(file))
       end)
-      |> if(do: :ok, else: {:error, :incomplete})
+
+    if SafeZip.contains_all_data?(zip, eset),
+      do: :ok,
+      else: {:error, :incomplete}
+  end
+
+  defp path_join_name_safe(dir, name) do
+    if to_string(name) != Path.basename(name) or name in ["..", ".", ""] do
+      raise "Invalid or malicious pack name: #{name}"
+    else
+      Path.join(dir, name)
     end
   end
+
+  defp path_join_safe(dir, path) do
+    {:ok, safe_path} = Path.safe_relative(path)
+    Path.join(dir, safe_path)
+  end
+
+  defp map_zip_emojies(zip_files) do
+    Enum.reduce(zip_files, [], fn path, acc ->
+      with(
+        filename <- Path.basename(path),
+        shortcode <- Path.basename(filename, Path.extname(filename)),
+        # note: this only checks the shortcode, if an emoji already exists on the same path, but
+        #       with a different shortcode, the existing one will be degraded to an alias of the new
+        false <- Emoji.exist?(shortcode)
+      ) do
+        [%{path: path, filename: path, shortcode: shortcode} | acc]
+      else
+        _ -> acc
+      end
+    end)
+  end
 end
diff --git a/lib/pleroma/frontend.ex b/lib/pleroma/frontend.ex
index a4f427ae5..fe7f525ea 100644
--- a/lib/pleroma/frontend.ex
+++ b/lib/pleroma/frontend.ex
@@ -65,24 +65,12 @@ defmodule Pleroma.Frontend do
   end
 
   def unzip(zip, dest) do
-    with {:ok, unzipped} <- :zip.unzip(zip, [:memory]) do
-      File.rm_rf!(dest)
-      File.mkdir_p!(dest)
-
-      Enum.each(unzipped, fn {filename, data} ->
-        path = filename
-
-        new_file_path = Path.join(dest, path)
-
-        path
-        |> Path.dirname()
-        |> then(&Path.join(dest, &1))
-        |> File.mkdir_p!()
+    File.rm_rf!(dest)
+    File.mkdir_p!(dest)
 
-        if not File.dir?(new_file_path) do
-          File.write!(new_file_path, data)
-        end
-      end)
+    case Pleroma.SafeZip.unzip_data(zip, dest) do
+      {:ok, _} -> :ok
+      error -> error
     end
   end
 
diff --git a/lib/pleroma/user/backup.ex b/lib/pleroma/user/backup.ex
index cdff297a9..7e64ae791 100644
--- a/lib/pleroma/user/backup.ex
+++ b/lib/pleroma/user/backup.ex
@@ -22,6 +22,8 @@ defmodule Pleroma.User.Backup do
   alias Pleroma.Web.ActivityPub.Transmogrifier
   alias Pleroma.Web.ActivityPub.UserView
   alias Pleroma.Workers.BackupWorker
+  alias Pleroma.SafeZip
+  alias Pleroma.Upload
 
   @type t :: %__MODULE__{}
 
@@ -179,12 +181,12 @@ defmodule Pleroma.User.Backup do
   end
 
   @files [
-    ~c"actor.json",
-    ~c"outbox.json",
-    ~c"likes.json",
-    ~c"bookmarks.json",
-    ~c"followers.json",
-    ~c"following.json"
+    "actor.json",
+    "outbox.json",
+    "likes.json",
+    "bookmarks.json",
+    "followers.json",
+    "following.json"
   ]
 
   @spec run(t()) :: {:ok, t()} | {:error, :failed}
@@ -200,7 +202,7 @@ defmodule Pleroma.User.Backup do
          {_, :ok} <- {:followers, followers(backup.tempdir, backup.user)},
          {_, :ok} <- {:following, following(backup.tempdir, backup.user)},
          {_, {:ok, _zip_path}} <-
-           {:zip, :zip.create(to_charlist(tempfile), @files, cwd: to_charlist(backup.tempdir))},
+           {:zip, SafeZip.zip(tempfile, @files, backup.tempdir)},
          {_, {:ok, %File.Stat{size: zip_size}}} <- {:filestat, File.stat(tempfile)},
          {:ok, updated_backup} <- update_record(backup, %{file_size: zip_size}) do
       {:ok, updated_backup}
-- 
cgit v1.2.3


From bf134664b437a9b45a193135d708cef8e803595b Mon Sep 17 00:00:00 2001
From: Lain Soykaf <lain@lain.com>
Date: Fri, 28 Feb 2025 12:53:15 +0400
Subject: PackTest: Add test for skipping emoji

---
 lib/pleroma/user/backup.ex | 1 -
 1 file changed, 1 deletion(-)

(limited to 'lib')

diff --git a/lib/pleroma/user/backup.ex b/lib/pleroma/user/backup.ex
index 7e64ae791..4b3092fdb 100644
--- a/lib/pleroma/user/backup.ex
+++ b/lib/pleroma/user/backup.ex
@@ -23,7 +23,6 @@ defmodule Pleroma.User.Backup do
   alias Pleroma.Web.ActivityPub.UserView
   alias Pleroma.Workers.BackupWorker
   alias Pleroma.SafeZip
-  alias Pleroma.Upload
 
   @type t :: %__MODULE__{}
 
-- 
cgit v1.2.3


From 7bdeb9a1e561bd061410a4174d4ee155589943c5 Mon Sep 17 00:00:00 2001
From: Mark Felder <feld@feld.me>
Date: Fri, 28 Feb 2025 13:17:44 -0800
Subject: Fix OpenGraph/TwitterCard meta tag ordering for posts with multiple
 attachments

---
 lib/pleroma/web/metadata/providers/open_graph.ex   | 26 +++++------
 lib/pleroma/web/metadata/providers/twitter_card.ex | 54 +++++++++++-----------
 2 files changed, 40 insertions(+), 40 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/metadata/providers/open_graph.ex b/lib/pleroma/web/metadata/providers/open_graph.ex
index fa5fbe553..604434df2 100644
--- a/lib/pleroma/web/metadata/providers/open_graph.ex
+++ b/lib/pleroma/web/metadata/providers/open_graph.ex
@@ -78,10 +78,10 @@ defmodule Pleroma.Web.Metadata.Providers.OpenGraph do
           # object when a Video or GIF is attached it will display that in Whatsapp Rich Preview.
           case Utils.fetch_media_type(@media_types, url["mediaType"]) do
             "audio" ->
-              [
-                {:meta, [property: "og:audio", content: MediaProxy.url(url["href"])], []}
-                | acc
-              ]
+              acc ++
+                [
+                  {:meta, [property: "og:audio", content: MediaProxy.url(url["href"])], []}
+                ]
 
             # Not using preview_url for this. It saves bandwidth, but the image dimensions will
             # be wrong. We generate it on the fly and have no way to capture or analyze the
@@ -89,18 +89,18 @@ defmodule Pleroma.Web.Metadata.Providers.OpenGraph do
             # in timelines too, but you can get clever with the aspect ratio metadata as a
             # workaround.
             "image" ->
-              [
-                {:meta, [property: "og:image", content: MediaProxy.url(url["href"])], []},
-                {:meta, [property: "og:image:alt", content: attachment["name"]], []}
-                | acc
-              ]
+              (acc ++
+                 [
+                   {:meta, [property: "og:image", content: MediaProxy.url(url["href"])], []},
+                   {:meta, [property: "og:image:alt", content: attachment["name"]], []}
+                 ])
               |> maybe_add_dimensions(url)
 
             "video" ->
-              [
-                {:meta, [property: "og:video", content: MediaProxy.url(url["href"])], []}
-                | acc
-              ]
+              (acc ++
+                 [
+                   {:meta, [property: "og:video", content: MediaProxy.url(url["href"])], []}
+                 ])
               |> maybe_add_dimensions(url)
               |> maybe_add_video_thumbnail(url)
 
diff --git a/lib/pleroma/web/metadata/providers/twitter_card.ex b/lib/pleroma/web/metadata/providers/twitter_card.ex
index 7f50877c3..212fa85ed 100644
--- a/lib/pleroma/web/metadata/providers/twitter_card.ex
+++ b/lib/pleroma/web/metadata/providers/twitter_card.ex
@@ -61,13 +61,13 @@ defmodule Pleroma.Web.Metadata.Providers.TwitterCard do
         Enum.reduce(attachment["url"], [], fn url, acc ->
           case Utils.fetch_media_type(@media_types, url["mediaType"]) do
             "audio" ->
-              [
-                {:meta, [name: "twitter:card", content: "player"], []},
-                {:meta, [name: "twitter:player:width", content: "480"], []},
-                {:meta, [name: "twitter:player:height", content: "80"], []},
-                {:meta, [name: "twitter:player", content: player_url(id)], []}
-                | acc
-              ]
+              acc ++
+                [
+                  {:meta, [name: "twitter:card", content: "player"], []},
+                  {:meta, [name: "twitter:player:width", content: "480"], []},
+                  {:meta, [name: "twitter:player:height", content: "80"], []},
+                  {:meta, [name: "twitter:player", content: player_url(id)], []}
+                ]
 
             # Not using preview_url for this. It saves bandwidth, but the image dimensions will
             # be wrong. We generate it on the fly and have no way to capture or analyze the
@@ -75,16 +75,16 @@ defmodule Pleroma.Web.Metadata.Providers.TwitterCard do
             # in timelines too, but you can get clever with the aspect ratio metadata as a
             # workaround.
             "image" ->
-              [
-                {:meta, [name: "twitter:card", content: "summary_large_image"], []},
-                {:meta,
+              (acc ++
                  [
-                   name: "twitter:image",
-                   content: MediaProxy.url(url["href"])
-                 ], []},
-                {:meta, [name: "twitter:image:alt", content: truncate(attachment["name"])], []}
-                | acc
-              ]
+                   {:meta, [name: "twitter:card", content: "summary_large_image"], []},
+                   {:meta,
+                    [
+                      name: "twitter:image",
+                      content: MediaProxy.url(url["href"])
+                    ], []},
+                   {:meta, [name: "twitter:image:alt", content: truncate(attachment["name"])], []}
+                 ])
               |> maybe_add_dimensions(url)
 
             "video" ->
@@ -92,17 +92,17 @@ defmodule Pleroma.Web.Metadata.Providers.TwitterCard do
               height = url["height"] || 480
               width = url["width"] || 480
 
-              [
-                {:meta, [name: "twitter:card", content: "player"], []},
-                {:meta, [name: "twitter:player", content: player_url(id)], []},
-                {:meta, [name: "twitter:player:width", content: "#{width}"], []},
-                {:meta, [name: "twitter:player:height", content: "#{height}"], []},
-                {:meta, [name: "twitter:player:stream", content: MediaProxy.url(url["href"])],
-                 []},
-                {:meta, [name: "twitter:player:stream:content_type", content: url["mediaType"]],
-                 []}
-                | acc
-              ]
+              acc ++
+                [
+                  {:meta, [name: "twitter:card", content: "player"], []},
+                  {:meta, [name: "twitter:player", content: player_url(id)], []},
+                  {:meta, [name: "twitter:player:width", content: "#{width}"], []},
+                  {:meta, [name: "twitter:player:height", content: "#{height}"], []},
+                  {:meta, [name: "twitter:player:stream", content: MediaProxy.url(url["href"])],
+                   []},
+                  {:meta, [name: "twitter:player:stream:content_type", content: url["mediaType"]],
+                   []}
+                ]
 
             _ ->
               acc
-- 
cgit v1.2.3


From cb073a9cd0ab6e11c2d00ceb200da90c8ce58932 Mon Sep 17 00:00:00 2001
From: Mark Felder <feld@feld.me>
Date: Fri, 28 Feb 2025 15:09:22 -0800
Subject: Rich Media Parser should use first og:image

---
 lib/pleroma/web/rich_media/parsers/meta_tags_parser.ex | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/rich_media/parsers/meta_tags_parser.ex b/lib/pleroma/web/rich_media/parsers/meta_tags_parser.ex
index 320a5f515..c42e2c96b 100644
--- a/lib/pleroma/web/rich_media/parsers/meta_tags_parser.ex
+++ b/lib/pleroma/web/rich_media/parsers/meta_tags_parser.ex
@@ -9,7 +9,7 @@ defmodule Pleroma.Web.RichMedia.Parsers.MetaTagsParser do
     |> Enum.reduce(data, fn el, acc ->
       attributes = normalize_attributes(el, prefix, key_name, value_name)
 
-      Map.merge(acc, attributes)
+      Map.merge(attributes, acc)
     end)
     |> maybe_put_title(html)
   end
-- 
cgit v1.2.3


From 2c9d071aadde88e8ab615be6654e237ae01decb7 Mon Sep 17 00:00:00 2001
From: Mark Felder <feld@feld.me>
Date: Fri, 28 Feb 2025 16:40:38 -0800
Subject: Retire MRFs DNSRBL, FODirectReply, and QuietReply

DNSRBL was a neat experiment which should live out of tree. It works and could be used to coordinate rules across different servers, but Simple Policy will always be better

FODirectReply and QuietReply have reliability issues as implemented in an MRF. If we want to expose this functionality to admins it should be a setting that overrides the chosen scope during CommonAPI.post instead of trying to rewrite the recipients with an MRF.
---
 lib/pleroma/web/activity_pub/mrf/dnsrbl_policy.ex  | 146 ---------------------
 .../web/activity_pub/mrf/fo_direct_reply.ex        |  53 --------
 lib/pleroma/web/activity_pub/mrf/quiet_reply.ex    |  60 ---------
 3 files changed, 259 deletions(-)
 delete mode 100644 lib/pleroma/web/activity_pub/mrf/dnsrbl_policy.ex
 delete mode 100644 lib/pleroma/web/activity_pub/mrf/fo_direct_reply.ex
 delete mode 100644 lib/pleroma/web/activity_pub/mrf/quiet_reply.ex

(limited to 'lib')

diff --git a/lib/pleroma/web/activity_pub/mrf/dnsrbl_policy.ex b/lib/pleroma/web/activity_pub/mrf/dnsrbl_policy.ex
deleted file mode 100644
index ca41c464c..000000000
--- a/lib/pleroma/web/activity_pub/mrf/dnsrbl_policy.ex
+++ /dev/null
@@ -1,146 +0,0 @@
-# Pleroma: A lightweight social networking server
-# Copyright © 2017-2024 Pleroma Authors <https://pleroma.social/>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-defmodule Pleroma.Web.ActivityPub.MRF.DNSRBLPolicy do
-  @moduledoc """
-  Dynamic activity filtering based on an RBL database
-
-  This MRF makes queries to a custom DNS server which will
-  respond with values indicating the classification of the domain
-  the activity originated from. This method has been widely used
-  in the email anti-spam industry for very fast reputation checks.
-
-  e.g., if the DNS response is 127.0.0.1 or empty, the domain is OK
-  Other values such as 127.0.0.2 may be used for specific classifications.
-
-  Information for why the host is blocked can be stored in a corresponding TXT record.
-
-  This method is fail-open so if the queries fail the activites are accepted.
-
-  An example of software meant for this purpsoe is rbldnsd which can be found
-  at http://www.corpit.ru/mjt/rbldnsd.html or mirrored at
-  https://git.pleroma.social/feld/rbldnsd
-
-  It is highly recommended that you run your own copy of rbldnsd and use an
-  external mechanism to sync/share the contents of the zone file. This is
-  important to keep the latency on the queries as low as possible and prevent
-  your DNS server from being attacked so it fails and content is permitted.
-  """
-
-  @behaviour Pleroma.Web.ActivityPub.MRF.Policy
-
-  alias Pleroma.Config
-
-  require Logger
-
-  @query_retries 1
-  @query_timeout 500
-
-  @impl true
-  def filter(%{"actor" => actor} = activity) do
-    actor_info = URI.parse(actor)
-
-    with {:ok, activity} <- check_rbl(actor_info, activity) do
-      {:ok, activity}
-    else
-      _ -> {:reject, "[DNSRBLPolicy]"}
-    end
-  end
-
-  @impl true
-  def filter(activity), do: {:ok, activity}
-
-  @impl true
-  def describe do
-    mrf_dnsrbl =
-      Config.get(:mrf_dnsrbl)
-      |> Enum.into(%{})
-
-    {:ok, %{mrf_dnsrbl: mrf_dnsrbl}}
-  end
-
-  @impl true
-  def config_description do
-    %{
-      key: :mrf_dnsrbl,
-      related_policy: "Pleroma.Web.ActivityPub.MRF.DNSRBLPolicy",
-      label: "MRF DNSRBL",
-      description: "DNS RealTime Blackhole Policy",
-      children: [
-        %{
-          key: :nameserver,
-          type: {:string},
-          description: "DNSRBL Nameserver to Query (IP or hostame)",
-          suggestions: ["127.0.0.1"]
-        },
-        %{
-          key: :port,
-          type: {:string},
-          description: "Nameserver port",
-          suggestions: ["53"]
-        },
-        %{
-          key: :zone,
-          type: {:string},
-          description: "Root zone for querying",
-          suggestions: ["bl.pleroma.com"]
-        }
-      ]
-    }
-  end
-
-  defp check_rbl(%{host: actor_host}, activity) do
-    with false <- match?(^actor_host, Pleroma.Web.Endpoint.host()),
-         zone when not is_nil(zone) <- Keyword.get(Config.get([:mrf_dnsrbl]), :zone) do
-      query =
-        Enum.join([actor_host, zone], ".")
-        |> String.to_charlist()
-
-      rbl_response = rblquery(query)
-
-      if Enum.empty?(rbl_response) do
-        {:ok, activity}
-      else
-        Task.start(fn ->
-          reason =
-            case rblquery(query, :txt) do
-              [[result]] -> result
-              _ -> "undefined"
-            end
-
-          Logger.warning(
-            "DNSRBL Rejected activity from #{actor_host} for reason: #{inspect(reason)}"
-          )
-        end)
-
-        :error
-      end
-    else
-      _ -> {:ok, activity}
-    end
-  end
-
-  defp get_rblhost_ip(rblhost) do
-    case rblhost |> String.to_charlist() |> :inet_parse.address() do
-      {:ok, _} -> rblhost |> String.to_charlist() |> :inet_parse.address()
-      _ -> {:ok, rblhost |> String.to_charlist() |> :inet_res.lookup(:in, :a) |> Enum.random()}
-    end
-  end
-
-  defp rblquery(query, type \\ :a) do
-    config = Config.get([:mrf_dnsrbl])
-
-    case get_rblhost_ip(config[:nameserver]) do
-      {:ok, rblnsip} ->
-        :inet_res.lookup(query, :in, type,
-          nameservers: [{rblnsip, config[:port]}],
-          timeout: @query_timeout,
-          retry: @query_retries
-        )
-
-      _ ->
-        []
-    end
-  end
-end
diff --git a/lib/pleroma/web/activity_pub/mrf/fo_direct_reply.ex b/lib/pleroma/web/activity_pub/mrf/fo_direct_reply.ex
deleted file mode 100644
index 2cf22745a..000000000
--- a/lib/pleroma/web/activity_pub/mrf/fo_direct_reply.ex
+++ /dev/null
@@ -1,53 +0,0 @@
-# Pleroma: A lightweight social networking server
-# Copyright © 2017-2024 Pleroma Authors <https://pleroma.social/>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-defmodule Pleroma.Web.ActivityPub.MRF.FODirectReply do
-  @moduledoc """
-  FODirectReply alters the scope of replies to activities which are Followers Only to be Direct. The purpose of this policy is to prevent broken threads for followers of the reply author because their response was to a user that they are not also following.
-  """
-
-  alias Pleroma.Object
-  alias Pleroma.User
-  alias Pleroma.Web.ActivityPub.Visibility
-
-  @behaviour Pleroma.Web.ActivityPub.MRF.Policy
-
-  @impl true
-  def filter(
-        %{
-          "type" => "Create",
-          "to" => to,
-          "object" => %{
-            "actor" => actor,
-            "type" => "Note",
-            "inReplyTo" => in_reply_to
-          }
-        } = activity
-      ) do
-    with true <- is_binary(in_reply_to),
-         %User{follower_address: followers_collection, local: true} <- User.get_by_ap_id(actor),
-         %Object{} = in_reply_to_object <- Object.get_by_ap_id(in_reply_to),
-         "private" <- Visibility.get_visibility(in_reply_to_object) do
-      direct_to = to -- [followers_collection]
-
-      updated_activity =
-        activity
-        |> Map.put("cc", [])
-        |> Map.put("to", direct_to)
-        |> Map.put("directMessage", true)
-        |> put_in(["object", "cc"], [])
-        |> put_in(["object", "to"], direct_to)
-
-      {:ok, updated_activity}
-    else
-      _ -> {:ok, activity}
-    end
-  end
-
-  @impl true
-  def filter(activity), do: {:ok, activity}
-
-  @impl true
-  def describe, do: {:ok, %{}}
-end
diff --git a/lib/pleroma/web/activity_pub/mrf/quiet_reply.ex b/lib/pleroma/web/activity_pub/mrf/quiet_reply.ex
deleted file mode 100644
index b07dc3b56..000000000
--- a/lib/pleroma/web/activity_pub/mrf/quiet_reply.ex
+++ /dev/null
@@ -1,60 +0,0 @@
-# Pleroma: A lightweight social networking server
-# Copyright © 2017-2023 Pleroma Authors <https://pleroma.social/>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-defmodule Pleroma.Web.ActivityPub.MRF.QuietReply do
-  @moduledoc """
-  QuietReply alters the scope of activities from local users when replying by enforcing them to be "Unlisted" or "Quiet Public". This delivers the activity to all the expected recipients and instances, but it will not be published in the Federated / The Whole Known Network timelines. It will still be published to the Home timelines of the user's followers and visible to anyone who opens the thread.
-  """
-  require Pleroma.Constants
-
-  alias Pleroma.User
-
-  @behaviour Pleroma.Web.ActivityPub.MRF.Policy
-
-  @impl true
-  def history_awareness, do: :auto
-
-  @impl true
-  def filter(
-        %{
-          "type" => "Create",
-          "to" => to,
-          "cc" => cc,
-          "object" => %{
-            "actor" => actor,
-            "type" => "Note",
-            "inReplyTo" => in_reply_to
-          }
-        } = activity
-      ) do
-    with true <- is_binary(in_reply_to),
-         false <- match?([], cc),
-         %User{follower_address: followers_collection, local: true} <-
-           User.get_by_ap_id(actor) do
-      updated_to =
-        to
-        |> Kernel.++([followers_collection])
-        |> Kernel.--([Pleroma.Constants.as_public()])
-
-      updated_cc = [Pleroma.Constants.as_public()]
-
-      updated_activity =
-        activity
-        |> Map.put("to", updated_to)
-        |> Map.put("cc", updated_cc)
-        |> put_in(["object", "to"], updated_to)
-        |> put_in(["object", "cc"], updated_cc)
-
-      {:ok, updated_activity}
-    else
-      _ -> {:ok, activity}
-    end
-  end
-
-  @impl true
-  def filter(activity), do: {:ok, activity}
-
-  @impl true
-  def describe, do: {:ok, %{}}
-end
-- 
cgit v1.2.3


From ac0882e3483d6ad4d82e9a9ce88c80933bf9efe6 Mon Sep 17 00:00:00 2001
From: Mark Felder <feld@feld.me>
Date: Fri, 28 Feb 2025 16:12:22 -0800
Subject: Filter the parsed OpenGraph/Twittercard tags and only retain the ones
 we intend to use.

---
 lib/pleroma/web/rich_media/parsers/twitter_card.ex | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'lib')

diff --git a/lib/pleroma/web/rich_media/parsers/twitter_card.ex b/lib/pleroma/web/rich_media/parsers/twitter_card.ex
index cc653729d..6f6f8b2ae 100644
--- a/lib/pleroma/web/rich_media/parsers/twitter_card.ex
+++ b/lib/pleroma/web/rich_media/parsers/twitter_card.ex
@@ -11,5 +11,16 @@ defmodule Pleroma.Web.RichMedia.Parsers.TwitterCard do
     |> MetaTagsParser.parse(html, "og", "property")
     |> MetaTagsParser.parse(html, "twitter", "name")
     |> MetaTagsParser.parse(html, "twitter", "property")
+    |> filter_tags()
+  end
+
+  defp filter_tags(tags) do
+    Map.filter(tags, fn {k, _v} ->
+      cond do
+        k in ["card", "description", "image", "title", "ttl", "type", "url"] -> true
+        String.starts_with?(k, "image:") -> true
+        true -> false
+      end
+    end)
   end
 end
-- 
cgit v1.2.3


From 88ee3853022e2e6e71e20cb95e31d645f5a82bec Mon Sep 17 00:00:00 2001
From: Lain Soykaf <lain@lain.com>
Date: Sat, 1 Mar 2025 17:13:47 +0400
Subject: Transmogrifier: Strip internal fields

---
 lib/pleroma/web/activity_pub/transmogrifier.ex | 187 +++++++++++++++----------
 1 file changed, 115 insertions(+), 72 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex
index 4c9956c7a..1e6ee7dc8 100644
--- a/lib/pleroma/web/activity_pub/transmogrifier.ex
+++ b/lib/pleroma/web/activity_pub/transmogrifier.ex
@@ -43,6 +43,38 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     |> fix_content_map()
     |> fix_addressing()
     |> fix_summary()
+    |> fix_history(&fix_object/1)
+  end
+
+  defp maybe_fix_object(%{"attributedTo" => _} = object), do: fix_object(object)
+  defp maybe_fix_object(object), do: object
+
+  defp fix_history(%{"formerRepresentations" => %{"orderedItems" => list}} = obj, fix_fun)
+       when is_list(list) do
+    update_in(obj["formerRepresentations"]["orderedItems"], fn h -> Enum.map(h, fix_fun) end)
+  end
+
+  defp fix_history(obj, _), do: obj
+
+  defp fix_recursive(obj, fun) do
+    # unlike Erlang, Elixir does not support recursive inline functions
+    # which would allow us to avoid reconstructing this on every recursion
+    rec_fun = fn
+      obj when is_map(obj) -> fix_recursive(obj, fun)
+      # there may be simple AP IDs in history (or object field)
+      obj -> obj
+    end
+
+    obj
+    |> fun.()
+    |> fix_history(rec_fun)
+    |> then(fn
+      %{"object" => object} = doc when is_map(object) ->
+        update_in(doc["object"], rec_fun)
+
+      apdoc ->
+        apdoc
+    end)
   end
 
   def fix_summary(%{"summary" => nil} = object) do
@@ -375,11 +407,18 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     end)
   end
 
-  def handle_incoming(data, options \\ [])
+  def handle_incoming(data, options \\ []) do
+    data
+    |> fix_recursive(&strip_internal_fields/1)
+    |> handle_incoming_normalized(options)
+  end
 
   # Flag objects are placed ahead of the ID check because Mastodon 2.8 and earlier send them
   # with nil ID.
-  def handle_incoming(%{"type" => "Flag", "object" => objects, "actor" => actor} = data, _options) do
+  defp handle_incoming_normalized(
+         %{"type" => "Flag", "object" => objects, "actor" => actor} = data,
+         _options
+       ) do
     with context <- data["context"] || Utils.generate_context_id(),
          content <- data["content"] || "",
          %User{} = actor <- User.get_cached_by_ap_id(actor),
@@ -400,16 +439,17 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
   end
 
   # disallow objects with bogus IDs
-  def handle_incoming(%{"id" => nil}, _options), do: :error
-  def handle_incoming(%{"id" => ""}, _options), do: :error
+  defp handle_incoming_normalized(%{"id" => nil}, _options), do: :error
+  defp handle_incoming_normalized(%{"id" => ""}, _options), do: :error
   # length of https:// = 8, should validate better, but good enough for now.
-  def handle_incoming(%{"id" => id}, _options) when is_binary(id) and byte_size(id) < 8,
-    do: :error
-
-  def handle_incoming(
-        %{"type" => "Listen", "object" => %{"type" => "Audio"} = object} = data,
-        options
-      ) do
+  defp handle_incoming_normalized(%{"id" => id}, _options)
+       when is_binary(id) and byte_size(id) < 8,
+       do: :error
+
+  defp handle_incoming_normalized(
+         %{"type" => "Listen", "object" => %{"type" => "Audio"} = object} = data,
+         options
+       ) do
     actor = Containment.get_actor(data)
 
     data =
@@ -451,25 +491,25 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     "star" => "⭐"
   }
 
-  @doc "Rewrite misskey likes into EmojiReacts"
-  def handle_incoming(
-        %{
-          "type" => "Like",
-          "_misskey_reaction" => reaction
-        } = data,
-        options
-      ) do
+  # Rewrite misskey likes into EmojiReacts
+  defp handle_incoming_normalized(
+         %{
+           "type" => "Like",
+           "_misskey_reaction" => reaction
+         } = data,
+         options
+       ) do
     data
     |> Map.put("type", "EmojiReact")
     |> Map.put("content", @misskey_reactions[reaction] || reaction)
-    |> handle_incoming(options)
+    |> handle_incoming_normalized(options)
   end
 
-  def handle_incoming(
-        %{"type" => "Create", "object" => %{"type" => objtype, "id" => obj_id}} = data,
-        options
-      )
-      when objtype in ~w{Question Answer ChatMessage Audio Video Event Article Note Page Image} do
+  defp handle_incoming_normalized(
+         %{"type" => "Create", "object" => %{"type" => objtype, "id" => obj_id}} = data,
+         options
+       )
+       when objtype in ~w{Question Answer ChatMessage Audio Video Event Article Note Page Image} do
     fetch_options = Keyword.put(options, :depth, (options[:depth] || 0) + 1)
 
     object =
@@ -492,8 +532,8 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     end
   end
 
-  def handle_incoming(%{"type" => type} = data, _options)
-      when type in ~w{Like EmojiReact Announce Add Remove} do
+  defp handle_incoming_normalized(%{"type" => type} = data, _options)
+       when type in ~w{Like EmojiReact Announce Add Remove} do
     with :ok <- ObjectValidator.fetch_actor_and_object(data),
          {:ok, activity, _meta} <-
            Pipeline.common_pipeline(data, local: false) do
@@ -503,11 +543,14 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     end
   end
 
-  def handle_incoming(
-        %{"type" => type} = data,
-        _options
-      )
-      when type in ~w{Update Block Follow Accept Reject} do
+  defp handle_incoming_normalized(
+         %{"type" => type} = data,
+         _options
+       )
+       when type in ~w{Update Block Follow Accept Reject} do
+    fixed_obj = maybe_fix_object(data["object"])
+    data = if fixed_obj != nil, do: %{data | "object" => fixed_obj}, else: data
+
     with {:ok, %User{}} <- ObjectValidator.fetch_actor(data),
          {:ok, activity, _} <-
            Pipeline.common_pipeline(data, local: false) do
@@ -515,10 +558,10 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     end
   end
 
-  def handle_incoming(
-        %{"type" => "Delete"} = data,
-        _options
-      ) do
+  defp handle_incoming_normalized(
+         %{"type" => "Delete"} = data,
+         _options
+       ) do
     with {:ok, activity, _} <-
            Pipeline.common_pipeline(data, local: false) do
       {:ok, activity}
@@ -541,15 +584,15 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     end
   end
 
-  def handle_incoming(
-        %{
-          "type" => "Undo",
-          "object" => %{"type" => "Follow", "object" => followed},
-          "actor" => follower,
-          "id" => id
-        } = _data,
-        _options
-      ) do
+  defp handle_incoming_normalized(
+         %{
+           "type" => "Undo",
+           "object" => %{"type" => "Follow", "object" => followed},
+           "actor" => follower,
+           "id" => id
+         } = _data,
+         _options
+       ) do
     with %User{local: true} = followed <- User.get_cached_by_ap_id(followed),
          {:ok, %User{} = follower} <- User.get_or_fetch_by_ap_id(follower),
          {:ok, activity} <- ActivityPub.unfollow(follower, followed, id, false) do
@@ -560,46 +603,46 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     end
   end
 
-  def handle_incoming(
-        %{
-          "type" => "Undo",
-          "object" => %{"type" => type}
-        } = data,
-        _options
-      )
-      when type in ["Like", "EmojiReact", "Announce", "Block"] do
+  defp handle_incoming_normalized(
+         %{
+           "type" => "Undo",
+           "object" => %{"type" => type}
+         } = data,
+         _options
+       )
+       when type in ["Like", "EmojiReact", "Announce", "Block"] do
     with {:ok, activity, _} <- Pipeline.common_pipeline(data, local: false) do
       {:ok, activity}
     end
   end
 
   # For Undos that don't have the complete object attached, try to find it in our database.
-  def handle_incoming(
-        %{
-          "type" => "Undo",
-          "object" => object
-        } = activity,
-        options
-      )
-      when is_binary(object) do
+  defp handle_incoming_normalized(
+         %{
+           "type" => "Undo",
+           "object" => object
+         } = activity,
+         options
+       )
+       when is_binary(object) do
     with %Activity{data: data} <- Activity.get_by_ap_id(object) do
       activity
       |> Map.put("object", data)
-      |> handle_incoming(options)
+      |> handle_incoming_normalized(options)
     else
       _e -> :error
     end
   end
 
-  def handle_incoming(
-        %{
-          "type" => "Move",
-          "actor" => origin_actor,
-          "object" => origin_actor,
-          "target" => target_actor
-        },
-        _options
-      ) do
+  defp handle_incoming_normalized(
+         %{
+           "type" => "Move",
+           "actor" => origin_actor,
+           "object" => origin_actor,
+           "target" => target_actor
+         },
+         _options
+       ) do
     with %User{} = origin_user <- User.get_cached_by_ap_id(origin_actor),
          {:ok, %User{} = target_user} <- User.get_or_fetch_by_ap_id(target_actor),
          true <- origin_actor in target_user.also_known_as do
@@ -609,7 +652,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     end
   end
 
-  def handle_incoming(_, _), do: :error
+  defp handle_incoming_normalized(_, _), do: :error
 
   @spec get_obj_helper(String.t(), Keyword.t()) :: {:ok, Object.t()} | nil
   def get_obj_helper(id, options \\ []) do
-- 
cgit v1.2.3


From 706bfffcda001236cd5df3012b745800d1b88756 Mon Sep 17 00:00:00 2001
From: Lain Soykaf <lain@lain.com>
Date: Sat, 1 Mar 2025 17:16:48 +0400
Subject: Linting

---
 lib/pleroma/emoji/pack.ex  | 2 +-
 lib/pleroma/user/backup.ex | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/emoji/pack.ex b/lib/pleroma/emoji/pack.ex
index cef12822c..c58748d3c 100644
--- a/lib/pleroma/emoji/pack.ex
+++ b/lib/pleroma/emoji/pack.ex
@@ -24,8 +24,8 @@ defmodule Pleroma.Emoji.Pack do
 
   alias Pleroma.Emoji
   alias Pleroma.Emoji.Pack
-  alias Pleroma.Utils
   alias Pleroma.SafeZip
+  alias Pleroma.Utils
 
   @spec create(String.t()) :: {:ok, t()} | {:error, File.posix()} | {:error, :empty_values}
   def create(name) do
diff --git a/lib/pleroma/user/backup.ex b/lib/pleroma/user/backup.ex
index 4b3092fdb..244b08adb 100644
--- a/lib/pleroma/user/backup.ex
+++ b/lib/pleroma/user/backup.ex
@@ -16,13 +16,13 @@ defmodule Pleroma.User.Backup do
   alias Pleroma.Bookmark
   alias Pleroma.Config
   alias Pleroma.Repo
+  alias Pleroma.SafeZip
   alias Pleroma.Uploaders.Uploader
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.ActivityPub.Transmogrifier
   alias Pleroma.Web.ActivityPub.UserView
   alias Pleroma.Workers.BackupWorker
-  alias Pleroma.SafeZip
 
   @type t :: %__MODULE__{}
 
-- 
cgit v1.2.3


From 79cbc74aa9f659df39f4fe346545bfdb3c3e17e0 Mon Sep 17 00:00:00 2001
From: Lain Soykaf <lain@lain.com>
Date: Sat, 1 Mar 2025 19:05:20 +0400
Subject: Linting

---
 lib/pleroma/safe_zip.ex | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/safe_zip.ex b/lib/pleroma/safe_zip.ex
index 35fe2be19..25fe434d6 100644
--- a/lib/pleroma/safe_zip.ex
+++ b/lib/pleroma/safe_zip.ex
@@ -15,7 +15,7 @@ defmodule Pleroma.SafeZip do
 
   @type text() :: String.t() | [char()]
 
-  defp is_safe_path?(path) do
+  defp safe_path?(path) do
     # Path accepts elixir’s chardata()
     case Path.safe_relative(path) do
       {:ok, _} -> true
@@ -23,7 +23,7 @@ defmodule Pleroma.SafeZip do
     end
   end
 
-  defp is_safe_type?(file_type) do
+  defp safe_type?(file_type) do
     if file_type in [:regular, :directory] do
       true
     else
@@ -52,8 +52,8 @@ defmodule Pleroma.SafeZip do
         # File entry
         {:zip_file, path, info, _comment, _offset, _comp_size}, {:ok, fl} ->
           with {_, type} <- {:get_type, elem(info, 2)},
-               {_, true} <- {:type, is_safe_type?(type)},
-               {_, true} <- {:safe_path, is_safe_path?(path)} do
+               {_, true} <- {:type, safe_type?(type)},
+               {_, true} <- {:safe_path, safe_path?(path)} do
             {:cont, {:ok, maybe_add_file(type, path, fl)}}
           else
             {:get_type, e} ->
@@ -92,9 +92,9 @@ defmodule Pleroma.SafeZip do
   defp check_safe_file_list([], _), do: :ok
 
   defp check_safe_file_list([path | tail], cwd) do
-    with {_, true} <- {:path, is_safe_path?(path)},
+    with {_, true} <- {:path, safe_path?(path)},
          {_, {:ok, fstat}} <- {:stat, File.stat(Path.expand(path, cwd))},
-         {_, true} <- {:type, is_safe_type?(fstat.type)} do
+         {_, true} <- {:type, safe_type?(fstat.type)} do
       check_safe_file_list(tail, cwd)
     else
       {:path, _} ->
-- 
cgit v1.2.3