From 1545e37cdb5b868094eb6e9bb0f3cd38955e55b5 Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Sun, 7 Aug 2022 20:59:36 -0600
Subject: [PATCH] Enforce blocks on incoming likes, shares, replies and follows

---
 app/Http/Controllers/Api/ApiV1Controller.php  | 12 ++++++++++++
 app/Http/Controllers/LikeController.php       |  3 +++
 app/Jobs/StatusPipeline/StatusEntityLexer.php |  5 +++++
 app/Util/ActivityPub/Helpers.php              |  7 +++++++
 app/Util/ActivityPub/Inbox.php                | 18 ++++++++++++++++++
 5 files changed, 45 insertions(+)

diff --git a/app/Http/Controllers/Api/ApiV1Controller.php b/app/Http/Controllers/Api/ApiV1Controller.php
index b324c9d73..72f76f25d 100644
--- a/app/Http/Controllers/Api/ApiV1Controller.php
+++ b/app/Http/Controllers/Api/ApiV1Controller.php
@@ -1089,6 +1089,11 @@ class ApiV1Controller extends Controller
 			429
 		);
 
+		$blocks = UserFilterService::blocks($spid);
+		if($blocks && in_array($user->profile_id, $blocks)) {
+			abort(422);
+		}
+
 		$like = Like::firstOrCreate([
 			'profile_id' => $user->profile_id,
 			'status_id' => $status['id']
@@ -2494,6 +2499,8 @@ class ApiV1Controller extends Controller
 
 		if($in_reply_to_id) {
 			$parent = Status::findOrFail($in_reply_to_id);
+			$blocks = UserFilterService::blocks($parent->profile_id);
+			abort_if(in_array($profile->id, $blocks), 422, 'Cannot reply to this post at this time.');
 
 			$status = new Status;
 			$status->caption = $content;
@@ -2625,6 +2632,11 @@ class ApiV1Controller extends Controller
 			} else {
 				abort_if(!in_array($status->scope, ['public','unlisted']), 403);
 			}
+
+			$blocks = UserFilterService::blocks($status->profile_id);
+			if($blocks && in_array($user->profile_id, $blocks)) {
+				abort(422);
+			}
 		}
 
 		$share = Status::firstOrCreate([
diff --git a/app/Http/Controllers/LikeController.php b/app/Http/Controllers/LikeController.php
index c17b61663..5e23e0d36 100644
--- a/app/Http/Controllers/LikeController.php
+++ b/app/Http/Controllers/LikeController.php
@@ -25,6 +25,9 @@ class LikeController extends Controller
 			'item'    => 'required|integer|min:1',
 		]);
 
+		// API deprecated
+		return;
+
 		$user = Auth::user();
 		$profile = $user->profile;
 		$status = Status::findOrFail($request->input('item'));
diff --git a/app/Jobs/StatusPipeline/StatusEntityLexer.php b/app/Jobs/StatusPipeline/StatusEntityLexer.php
index b0ef84ee6..6762e76e4 100644
--- a/app/Jobs/StatusPipeline/StatusEntityLexer.php
+++ b/app/Jobs/StatusPipeline/StatusEntityLexer.php
@@ -18,6 +18,7 @@ use Illuminate\Contracts\Queue\ShouldQueue;
 use Illuminate\Foundation\Bus\Dispatchable;
 use Illuminate\Queue\InteractsWithQueue;
 use Illuminate\Queue\SerializesModels;
+use App\Services\UserFilterService;
 
 class StatusEntityLexer implements ShouldQueue
 {
@@ -134,6 +135,10 @@ class StatusEntityLexer implements ShouldQueue
 			if (empty($mentioned) || !isset($mentioned->id)) {
 				continue;
 			}
+            $blocks = UserFilterService::blocks($mentioned->id);
+            if($blocks && in_array($status->profile_id, $blocks)) {
+                continue;
+            }
 
 			DB::transaction(function () use ($status, $mentioned) {
 				$m = new Mention();
diff --git a/app/Util/ActivityPub/Helpers.php b/app/Util/ActivityPub/Helpers.php
index e00f618ff..1a210b056 100644
--- a/app/Util/ActivityPub/Helpers.php
+++ b/app/Util/ActivityPub/Helpers.php
@@ -40,6 +40,7 @@ use App\Models\Poll;
 use Illuminate\Contracts\Cache\LockTimeoutException;
 use App\Jobs\ProfilePipeline\IncrementPostCount;
 use App\Jobs\ProfilePipeline\DecrementPostCount;
+use App\Services\UserFilterService;
 
 class Helpers {
 
@@ -398,6 +399,12 @@ class Helpers {
 		$profile = self::profileFirstOrNew($attributedTo);
 		if(isset($activity['object']['inReplyTo']) && !empty($activity['object']['inReplyTo']) || $replyTo == true) {
 			$reply_to = self::statusFirstOrFetch(self::pluckval($activity['object']['inReplyTo']), false);
+			if($reply_to) {
+				$blocks = UserFilterService::blocks($reply_to->profile_id);
+				if(in_array($profile->id, $blocks)) {
+					return;
+				}
+			}
 			$reply_to = optional($reply_to)->id;
 		} else {
 			$reply_to = null;
diff --git a/app/Util/ActivityPub/Inbox.php b/app/Util/ActivityPub/Inbox.php
index a5046a529..85583e0cc 100644
--- a/app/Util/ActivityPub/Inbox.php
+++ b/app/Util/ActivityPub/Inbox.php
@@ -37,6 +37,7 @@ use App\Util\ActivityPub\Validator\UndoFollow as UndoFollowValidator;
 use App\Services\PollService;
 use App\Services\FollowerService;
 use App\Services\StatusService;
+use App\Services\UserFilterService;
 use App\Models\Conversation;
 use App\Jobs\ProfilePipeline\IncrementPostCount;
 use App\Jobs\ProfilePipeline\DecrementPostCount;
@@ -475,6 +476,12 @@ class Inbox
 		) {
 			return;
 		}
+
+        $blocks = UserFilterService::blocks($target->id);
+        if($blocks && in_array($actor->id, $blocks)) {
+            return;
+        }
+
 		if($target->is_private == true) {
 			FollowRequest::updateOrCreate([
 				'follower_id' => $actor->id,
@@ -532,6 +539,11 @@ class Inbox
 			return;
 		}
 
+        $blocks = UserFilterService::blocks($parent->profile_id);
+        if($blocks && in_array($actor->id, $blocks)) {
+            return;
+        }
+
 		$status = Status::firstOrCreate([
 			'profile_id' => $actor->id,
 			'reblog_of_id' => $parent->id,
@@ -693,6 +705,12 @@ class Inbox
 		if(!$status || !$profile) {
 			return;
 		}
+
+        $blocks = UserFilterService::blocks($status->profile_id);
+        if($blocks && in_array($actor->id, $blocks)) {
+            return;
+        }
+
 		$like = Like::firstOrCreate([
 			'profile_id' => $profile->id,
 			'status_id' => $status->id
-- 
GitLab