diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2340ca3a1a24effd7aa03ebaa8154ad5b6b779ed..a82a8fb39b5d441c708499470d3d11e421ab7ae8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -53,6 +53,7 @@
- Fix email verification requests filtering to gracefully handle deleted accounts and accounts already verified ([b57066d1](https://github.com/pixelfed/pixelfed/commit/b57066d1))
- Add configuration to v1/instance endpoint. Fixes #3605 ([2fb18b7d](https://github.com/pixelfed/pixelfed/commit/2fb18b7d))
- Fix remote account post counts ([149cf9dc](https://github.com/pixelfed/pixelfed/commit/149cf9dc))
+- Enforce blocks on incoming likes, shares, replies and follows on all endpoints ([1545e37c](https://github.com/pixelfed/pixelfed/commit/1545e37c))
- ([](https://github.com/pixelfed/pixelfed/commit/))
## [v0.11.3 (2022-05-09)](https://github.com/pixelfed/pixelfed/compare/v0.11.2...v0.11.3)
diff --git a/app/Http/Controllers/Api/ApiV1Controller.php b/app/Http/Controllers/Api/ApiV1Controller.php
index b324c9d7364699058214dbe9658104cef4b6de34..72f76f25d3d1355bcffc2c50ede74a2dcfbe2a76 100644
--- a/app/Http/Controllers/Api/ApiV1Controller.php
+++ b/app/Http/Controllers/Api/ApiV1Controller.php
@@ -1089,6 +1089,11 @@ class ApiV1Controller extends Controller
429
);
+ $blocks = UserFilterService::blocks($spid);
+ if($blocks && in_array($user->profile_id, $blocks)) {
+ abort(422);
+ }
+
$like = Like::firstOrCreate([
'profile_id' => $user->profile_id,
'status_id' => $status['id']
@@ -2494,6 +2499,8 @@ class ApiV1Controller extends Controller
if($in_reply_to_id) {
$parent = Status::findOrFail($in_reply_to_id);
+ $blocks = UserFilterService::blocks($parent->profile_id);
+ abort_if(in_array($profile->id, $blocks), 422, 'Cannot reply to this post at this time.');
$status = new Status;
$status->caption = $content;
@@ -2625,6 +2632,11 @@ class ApiV1Controller extends Controller
} else {
abort_if(!in_array($status->scope, ['public','unlisted']), 403);
}
+
+ $blocks = UserFilterService::blocks($status->profile_id);
+ if($blocks && in_array($user->profile_id, $blocks)) {
+ abort(422);
+ }
}
$share = Status::firstOrCreate([
diff --git a/app/Http/Controllers/LikeController.php b/app/Http/Controllers/LikeController.php
index c17b61663d5e4b8a4f28f4a622e9a88af1ad0e20..5e23e0d362cf7cf88a4cd5676ef6f934da8d360f 100644
--- a/app/Http/Controllers/LikeController.php
+++ b/app/Http/Controllers/LikeController.php
@@ -25,6 +25,9 @@ class LikeController extends Controller
'item' => 'required|integer|min:1',
]);
+ // API deprecated
+ return;
+
$user = Auth::user();
$profile = $user->profile;
$status = Status::findOrFail($request->input('item'));
diff --git a/app/Jobs/StatusPipeline/StatusEntityLexer.php b/app/Jobs/StatusPipeline/StatusEntityLexer.php
index b0ef84ee61823f43c574ac3708c9de23b5ebd626..6762e76e4a9bc0440370f0969d8d141ad7d78be4 100644
--- a/app/Jobs/StatusPipeline/StatusEntityLexer.php
+++ b/app/Jobs/StatusPipeline/StatusEntityLexer.php
@@ -18,6 +18,7 @@ use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Foundation\Bus\Dispatchable;
use Illuminate\Queue\InteractsWithQueue;
use Illuminate\Queue\SerializesModels;
+use App\Services\UserFilterService;
class StatusEntityLexer implements ShouldQueue
{
@@ -134,6 +135,10 @@ class StatusEntityLexer implements ShouldQueue
if (empty($mentioned) || !isset($mentioned->id)) {
continue;
}
+ $blocks = UserFilterService::blocks($mentioned->id);
+ if($blocks && in_array($status->profile_id, $blocks)) {
+ continue;
+ }
DB::transaction(function () use ($status, $mentioned) {
$m = new Mention();
diff --git a/app/Util/ActivityPub/Helpers.php b/app/Util/ActivityPub/Helpers.php
index e00f618ff67a7b5add7ce0c5a3080e2353c12386..1a210b056f7c7036ede99194cc41ae71c3b1bb20 100644
--- a/app/Util/ActivityPub/Helpers.php
+++ b/app/Util/ActivityPub/Helpers.php
@@ -40,6 +40,7 @@ use App\Models\Poll;
use Illuminate\Contracts\Cache\LockTimeoutException;
use App\Jobs\ProfilePipeline\IncrementPostCount;
use App\Jobs\ProfilePipeline\DecrementPostCount;
+use App\Services\UserFilterService;
class Helpers {
@@ -398,6 +399,12 @@ class Helpers {
$profile = self::profileFirstOrNew($attributedTo);
if(isset($activity['object']['inReplyTo']) && !empty($activity['object']['inReplyTo']) || $replyTo == true) {
$reply_to = self::statusFirstOrFetch(self::pluckval($activity['object']['inReplyTo']), false);
+ if($reply_to) {
+ $blocks = UserFilterService::blocks($reply_to->profile_id);
+ if(in_array($profile->id, $blocks)) {
+ return;
+ }
+ }
$reply_to = optional($reply_to)->id;
} else {
$reply_to = null;
diff --git a/app/Util/ActivityPub/Inbox.php b/app/Util/ActivityPub/Inbox.php
index a5046a52989acc1b2362e2594ab8a451ba49d3d5..0500ebd2f2fe04de5c8c6448b1eb33b07440765d 100644
--- a/app/Util/ActivityPub/Inbox.php
+++ b/app/Util/ActivityPub/Inbox.php
@@ -37,6 +37,7 @@ use App\Util\ActivityPub\Validator\UndoFollow as UndoFollowValidator;
use App\Services\PollService;
use App\Services\FollowerService;
use App\Services\StatusService;
+use App\Services\UserFilterService;
use App\Models\Conversation;
use App\Jobs\ProfilePipeline\IncrementPostCount;
use App\Jobs\ProfilePipeline\DecrementPostCount;
@@ -475,6 +476,12 @@ class Inbox
) {
return;
}
+
+ $blocks = UserFilterService::blocks($target->id);
+ if($blocks && in_array($actor->id, $blocks)) {
+ return;
+ }
+
if($target->is_private == true) {
FollowRequest::updateOrCreate([
'follower_id' => $actor->id,
@@ -532,6 +539,11 @@ class Inbox
return;
}
+ $blocks = UserFilterService::blocks($parent->profile_id);
+ if($blocks && in_array($actor->id, $blocks)) {
+ return;
+ }
+
$status = Status::firstOrCreate([
'profile_id' => $actor->id,
'reblog_of_id' => $parent->id,
@@ -693,6 +705,12 @@ class Inbox
if(!$status || !$profile) {
return;
}
+
+ $blocks = UserFilterService::blocks($status->profile_id);
+ if($blocks && in_array($profile->id, $blocks)) {
+ return;
+ }
+
$like = Like::firstOrCreate([
'profile_id' => $profile->id,
'status_id' => $status->id