lemmy/crates/apub/src/activities/block/block_user.rs

use crate::{
  activities::{
    block::{generate_cc, SiteOrCommunity},
    community::send_activity_in_community,
    generate_activity_id,
    send_lemmy_activity,
    verify_is_public,
    verify_mod_action,
    verify_person_in_community,
  },
  activity_lists::AnnouncableActivities,
  insert_received_activity,
  objects::person::ApubPerson,
  protocol::activities::block::block_user::BlockUser,
};
use activitypub_federation::{
  config::Data,
  kinds::{activity::BlockType, public},
  protocol::verification::verify_domains_match,
  traits::{ActivityHandler, Actor},
};
use anyhow::anyhow;
use chrono::{DateTime, Utc};
use lemmy_api_common::{
  context::LemmyContext,
  utils::{remove_user_data, remove_user_data_in_community, sanitize_html_federation_opt},
};
use lemmy_db_schema::{
  source::{
    activity::ActivitySendTargets,
    community::{
      CommunityFollower,
      CommunityFollowerForm,
      CommunityPersonBan,
      CommunityPersonBanForm,
    },
    moderator::{ModBan, ModBanForm, ModBanFromCommunity, ModBanFromCommunityForm},
    person::{Person, PersonUpdateForm},
  },
  traits::{Bannable, Crud, Followable},
};
use lemmy_utils::error::LemmyError;
use url::Url;

impl BlockUser {
  pub(in crate::activities::block) async fn new(
    target: &SiteOrCommunity,
    user: &ApubPerson,
    mod_: &ApubPerson,
    remove_data: Option<bool>,
    reason: Option<String>,
    expires: Option<DateTime<Utc>>,
    context: &Data<LemmyContext>,
  ) -> Result<BlockUser, LemmyError> {
    let audience = if let SiteOrCommunity::Community(c) = target {
      Some(c.id().into())
    } else {
      None
    };
    Ok(BlockUser {
      actor: mod_.id().into(),
      to: vec![public()],
      object: user.id().into(),
      cc: generate_cc(target, &mut context.pool()).await?,
      target: target.id(),
      kind: BlockType::Block,
      remove_data,
      summary: reason,
      id: generate_activity_id(
        BlockType::Block,
        &context.settings().get_protocol_and_hostname(),
      )?,
      audience,
      expires,
    })
  }

  #[tracing::instrument(skip_all)]
  pub async fn send(
    target: &SiteOrCommunity,
    user: &ApubPerson,
    mod_: &ApubPerson,
    remove_data: bool,
    reason: Option<String>,
    expires: Option<DateTime<Utc>>,
    context: &Data<LemmyContext>,
  ) -> Result<(), LemmyError> {
    let block = BlockUser::new(
      target,
      user,
      mod_,
      Some(remove_data),
      reason,
      expires,
      context,
    )
    .await?;

    match target {
      SiteOrCommunity::Site(_) => {
        let inboxes = ActivitySendTargets::to_all_instances();
        send_lemmy_activity(context, block, mod_, inboxes, false).await
      }
      SiteOrCommunity::Community(c) => {
        let activity = AnnouncableActivities::BlockUser(block);
        let inboxes = ActivitySendTargets::to_inbox(user.shared_inbox_or_inbox());
        send_activity_in_community(activity, mod_, c, inboxes, true, context).await
      }
    }
  }
}

#[async_trait::async_trait]
impl ActivityHandler for BlockUser {
  type DataType = LemmyContext;
  type Error = LemmyError;

  fn id(&self) -> &Url {
    &self.id
  }

  fn actor(&self) -> &Url {
    self.actor.inner()
  }

  #[tracing::instrument(skip_all)]
  async fn verify(&self, context: &Data<LemmyContext>) -> Result<(), LemmyError> {
    insert_received_activity(&self.id, context).await?;
    verify_is_public(&self.to, &self.cc)?;
    match self.target.dereference(context).await? {
      SiteOrCommunity::Site(site) => {
        let domain = self.object.inner().domain().expect("url needs domain");
        if context.settings().hostname == domain {
          return Err(
            anyhow!("Site bans from remote instance can't affect user's home instance").into(),
          );
        }
        // site ban can only target a user who is on the same instance as the actor (admin)
        verify_domains_match(&site.id(), self.actor.inner())?;
        verify_domains_match(&site.id(), self.object.inner())?;
      }
      SiteOrCommunity::Community(community) => {
        verify_person_in_community(&self.actor, &community, context).await?;
        verify_mod_action(&self.actor, self.object.inner(), community.id, context).await?;
      }
    }
    Ok(())
  }

  #[tracing::instrument(skip_all)]
  async fn receive(self, context: &Data<LemmyContext>) -> Result<(), LemmyError> {
    let expires = self.expires.map(Into::into);
    let mod_person = self.actor.dereference(context).await?;
    let blocked_person = self.object.dereference(context).await?;
    let target = self.target.dereference(context).await?;
    match target {
      SiteOrCommunity::Site(_site) => {
        let blocked_person = Person::update(
          &mut context.pool(),
          blocked_person.id,
          &PersonUpdateForm {
            banned: Some(true),
            ban_expires: Some(expires),
            ..Default::default()
          },
        )
        .await?;
        if self.remove_data.unwrap_or(false) {
          remove_user_data(blocked_person.id, context).await?;
        }

        // write mod log
        let form = ModBanForm {
          mod_person_id: mod_person.id,
          other_person_id: blocked_person.id,
          reason: sanitize_html_federation_opt(&self.summary),
          banned: Some(true),
          expires,
        };
        ModBan::create(&mut context.pool(), &form).await?;
      }
      SiteOrCommunity::Community(community) => {
        let community_user_ban_form = CommunityPersonBanForm {
          community_id: community.id,
          person_id: blocked_person.id,
          expires: Some(expires),
        };
        CommunityPersonBan::ban(&mut context.pool(), &community_user_ban_form).await?;

        // Also unsubscribe them from the community, if they are subscribed
        let community_follower_form = CommunityFollowerForm {
          community_id: community.id,
          person_id: blocked_person.id,
          pending: false,
        };
        CommunityFollower::unfollow(&mut context.pool(), &community_follower_form)
          .await
          .ok();

        if self.remove_data.unwrap_or(false) {
          remove_user_data_in_community(community.id, blocked_person.id, &mut context.pool())
            .await?;
        }

        // write to mod log
        let form = ModBanFromCommunityForm {
          mod_person_id: mod_person.id,
          other_person_id: blocked_person.id,
          community_id: community.id,
          reason: sanitize_html_federation_opt(&self.summary),
          banned: Some(true),
          expires,
        };
        ModBanFromCommunity::create(&mut context.pool(), &form).await?;
      }
    }

    Ok(())
  }
}