From: Felix Ableitner Date: Mon, 9 Nov 2020 16:06:54 +0000 (+0100) Subject: Enforce post lock in federation inbox X-Git-Url: http://these/git/%7B%60%24%7BwebArchiveUrl%7D/%22%7B%7D/%24%7B%60data:application/%22https:/hacktivis.me/README.zh.hans.md?a=commitdiff_plain;h=3b4c3ec07478f994ef810a315edf6e122b0accda;p=lemmy.git Enforce post lock in federation inbox --- diff --git a/lemmy_apub/src/activities/receive/comment.rs b/lemmy_apub/src/activities/receive/comment.rs index b60d4c95..d104d5e1 100644 --- a/lemmy_apub/src/activities/receive/comment.rs +++ b/lemmy_apub/src/activities/receive/comment.rs @@ -9,7 +9,7 @@ use activitystreams::{ base::ExtendsExt, object::Note, }; -use anyhow::Context; +use anyhow::{anyhow, Context}; use lemmy_db::{ comment::{Comment, CommentForm, CommentLike, CommentLikeForm}, comment_view::CommentView, @@ -33,12 +33,15 @@ pub(crate) async fn receive_create_comment( let comment = CommentForm::from_apub(¬e, context, Some(user.actor_id()?), request_counter).await?; + let post_id = comment.post_id; + let post = blocking(context.pool(), move |conn| Post::read(conn, post_id)).await??; + if post.locked { + return Err(anyhow!("Post is locked").into()); + } + let inserted_comment = blocking(context.pool(), move |conn| Comment::upsert(conn, &comment)).await??; - let post_id = inserted_comment.post_id; - let post = blocking(context.pool(), move |conn| Post::read(conn, post_id)).await??; - // Note: // Although mentions could be gotten from the post tags (they are included there), or the ccs, // Its much easier to scrape them from the comment body, since the API has to do that diff --git a/lemmy_apub/src/fetcher.rs b/lemmy_apub/src/fetcher.rs index ff3b03d3..acf94ec9 100644 --- a/lemmy_apub/src/fetcher.rs +++ b/lemmy_apub/src/fetcher.rs @@ -497,6 +497,12 @@ pub(crate) async fn get_or_fetch_and_insert_comment( ) .await?; + let post_id = comment_form.post_id; + let post = blocking(context.pool(), move |conn| Post::read(conn, post_id)).await??; + if post.locked { + return Err(anyhow!("Post is locked").into()); + } + let comment = blocking(context.pool(), move |conn| { Comment::upsert(conn, &comment_form) })