Distinguish between Mastodon account deletes and content deletes

2025-01-23 19:36:56 -08:00 · 2024-11-29 15:22:40 +00:00 · 2024-11-29 15:22:40 +00:00 · 3b800e7e96
commit 3b800e7e96
parent 921c2e78b1
1 changed files with 42 additions and 44 deletions
--- a/app/activitypub/routes.py
+++ b/app/activitypub/routes.py
@ -422,7 +422,7 @@ def shared_inbox():
            return '', 200
    redis_client = get_redis_connection()
-    if redis_client.exists(id):                 # Something is sending same activity multiple times, or Announcing as well as sending the same content
+    if redis_client.exists(id):                 # Something is sending same activity multiple times
        log_incoming_ap(id, APLOG_DUPLICATE, APLOG_IGNORED, request_json if store_ap_json else None, 'Unnecessary retry attempt')
        return '', 200
    redis_client.set(id, 1, ex=90)              # Save the activity ID into redis, to avoid duplicate activities
@ -432,19 +432,19 @@ def shared_inbox():
        log_incoming_ap(request_json['id'], APLOG_PT_VIEW, APLOG_IGNORED, request_json if store_ap_json else None, 'PeerTube View or CacheFile activity')
        return ''
-    # Ignore delete requests from uses that do not already exist here
+    # Ignore account deletion requests from users that do not already exist here
-    if request_json['type'] == 'Delete':
+    account_deletion = False
-        if (request_json['id'].endswith('#delete') or                                                                                       # Mastodon / PieFed
+    if (request_json['type'] == 'Delete' and
-            ('object' in request_json and isinstance(request_json['object'], str) and request_json['actor'] == request_json['object'])):    # Lemmy
+        'object' in request_json and isinstance(request_json['object'], str) and
-            actor = User.query.filter_by(ap_profile_id=request_json['actor'].lower()).first()
+        request_json['actor'] == request_json['object']):
-            if not actor:
+        account_deletion = True
-                log_incoming_ap(request_json['id'], APLOG_DELETE, APLOG_IGNORED, request_json if store_ap_json else None, 'Does not exist here')
+        actor = User.query.filter_by(ap_profile_id=request_json['actor'].lower()).first()
-                return '', 200
+        if not actor:
-            else:
+            log_incoming_ap(request_json['id'], APLOG_DELETE, APLOG_IGNORED, request_json if store_ap_json else None, 'Does not exist here')
-                actor.ap_fetched_at = utcnow()                  # use stored pubkey, don't try to re-fetch for next step (signature verification)
+            return '', 200
-                db.session.commit()
+    else:
        actor = find_actor_or_create(request_json['actor'])
    actor = find_actor_or_create(request_json['actor'])
    if not actor:
        actor_name = request_json['actor']
        log_incoming_ap(request_json['id'], APLOG_NOTYPE, APLOG_FAILURE, request_json if store_ap_json else None, f'Actor could not be found 1: {actor_name}')
@ -453,13 +453,13 @@ def shared_inbox():
    if actor.is_local():        # should be impossible (can be Announced back, but not sent without access to privkey)
        log_incoming_ap(request_json['id'], APLOG_NOTYPE, APLOG_FAILURE, request_json if store_ap_json else None, 'ActivityPub activity from a local actor')
        return '', 200
-    else:
+
-        actor.instance.last_seen = utcnow()
+    actor.instance.last_seen = utcnow()
-        actor.instance.dormant = False
+    actor.instance.dormant = False
-        actor.instance.gone_forever = False
+    actor.instance.gone_forever = False
-        actor.instance.failures = 0
+    actor.instance.failures = 0
-        actor.instance.ip_address = ip_address()
+    actor.instance.ip_address = ip_address()
-        db.session.commit()
+    db.session.commit()
    try:
        HttpSignature.verify_request(request, actor.public_key, skip_date=True)
@ -475,15 +475,13 @@ def shared_inbox():
            return '', 400
    # When a user is deleted, the only way to be fairly sure they get deleted everywhere is to tell the whole fediverse.
-    # Earlier check means this is only for users that already exist, repeating it here means that http signature will have been verified
+    # Earlier check means this is only for users that already exist, processing it here means that http signature will have been verified
-    if request_json['type'] == 'Delete':
+    if account_deletion == True:
-        if (request_json['id'].endswith('#delete') or                                                                                       # Mastodon / PieFed
+        if current_app.debug:
-            ('object' in request_json and isinstance(request_json['object'], str) and request_json['actor'] == request_json['object'])):    # Lemmy
+            process_delete_request(request_json, store_ap_json)
-            if current_app.debug:
+        else:
-                process_delete_request(request_json, store_ap_json)
+            process_delete_request.delay(request_json, store_ap_json)
-            else:
+        return ''
                process_delete_request.delay(request_json, store_ap_json)
            return ''
    if current_app.debug:
        process_inbox_request(request_json, store_ap_json)
@ -531,16 +529,19 @@ def replay_inbox_request(request_json):
        log_incoming_ap(request_json['id'], APLOG_PT_VIEW, APLOG_IGNORED, request_json, 'REPLAY: PeerTube View or CacheFile activity')
        return
-    # Ignore delete requests from uses that do not already exist here
+    # Ignore account deletion requests from users that do not already exist here
-    if request_json['type'] == 'Delete':
+    account_deletion = False
-        if (request_json['id'].endswith('#delete') or                                                                                       # Mastodon / PieFed
+    if (request_json['type'] == 'Delete' and
-            ('object' in request_json and isinstance(request_json['object'], str) and request_json['actor'] == request_json['object'])):    # Lemmy
+        'object' in request_json and isinstance(request_json['object'], str) and
-            actor = User.query.filter_by(ap_profile_id=request_json['actor'].lower()).first()
+        request_json['actor'] == request_json['object']):
-            if not actor:
+        account_deletion = True
-                log_incoming_ap(request_json['id'], APLOG_DELETE, APLOG_IGNORED, request_json, 'REPLAY: Does not exist here')
+        actor = User.query.filter_by(ap_profile_id=request_json['actor'].lower()).first()
-                return
+        if not actor:
            log_incoming_ap(request_json['id'], APLOG_DELETE, APLOG_IGNORED, request_json, 'REPLAY: Does not exist here')
            return
    else:
        actor = find_actor_or_create(request_json['actor'])
    actor = find_actor_or_create(request_json['actor'])
    if not actor:
        actor_name = request_json['actor']
        log_incoming_ap(request_json['id'], APLOG_NOTYPE, APLOG_FAILURE, request_json, f'REPLAY: Actor could not be found 1: {actor_name}')
@ -551,12 +552,9 @@ def replay_inbox_request(request_json):
        return
    # When a user is deleted, the only way to be fairly sure they get deleted everywhere is to tell the whole fediverse.
-    # Earlier check means this is only for users that already exist, repeating it here means that http signature will have been verified
+    if account_deletion == True:
-    if request_json['type'] == 'Delete':
+        process_delete_request(request_json, True)
-        if (request_json['id'].endswith('#delete') or                                                                                       # Mastodon / PieFed
+        return
            ('object' in request_json and isinstance(request_json['object'], str) and request_json['actor'] == request_json['object'])):    # Lemmy
            process_delete_request(request_json, True)
            return
    process_inbox_request(request_json, True)