]> Untitled Git - lemmy.git/commitdiff
Security/fix permission bugs (#966)
authorryexandra <68085235+ryexandra@users.noreply.github.com>
Tue, 14 Jul 2020 13:17:25 +0000 (07:17 -0600)
committerGitHub <noreply@github.com>
Tue, 14 Jul 2020 13:17:25 +0000 (09:17 -0400)
* secure the `EditPost` API endpoint

* Check user is moderator in BanFromCommunity

* secure the `EditComment` API endpoint

* pass orig `read` prob when not explicitly updating it.

* Block random users from adding mods.

* use cleaner logic from `EditPost`

* prevent editing a community by a mod from transfering ownership to them

* secure `read` action in `EditPrivateMessage`

* Add check in UserMention

* only let the indended recipient mark as read

* simplify booleans to satisfy clippy

* requested changes + cargo +nightly fmt

* fix to pass federation tests for deleting comments and posts

Co-authored-by: chiminh <chiminh.tutanota.com>
Co-authored-by: Hex Bear <buildadangtrain@protonmail.com>
15 files changed:
server/lemmy_db/src/lib.rs
server/lemmy_utils/src/settings.rs
server/src/api/comment.rs
server/src/api/community.rs
server/src/api/post.rs
server/src/api/user.rs
server/src/apub/comment.rs
server/src/apub/community.rs
server/src/apub/fetcher.rs
server/src/apub/mod.rs
server/src/apub/post.rs
server/src/apub/private_message.rs
server/src/apub/shared_inbox.rs
server/src/apub/user.rs
server/src/apub/user_inbox.rs

index 5cf20bb3c898f0e36331cf73decd8843e535bb31..2eead841d7dc25f3e22170d1fdbf8416f5704731 100644 (file)
@@ -181,7 +181,10 @@ mod tests {
   pub fn establish_unpooled_connection() -> PgConnection {
     let db_url = match get_database_url_from_env() {
       Ok(url) => url,
-      Err(e) => panic!("Failed to read database URL from env var LEMMY_DATABASE_URL: {}", e),
+      Err(e) => panic!(
+        "Failed to read database URL from env var LEMMY_DATABASE_URL: {}",
+        e
+      ),
     };
     PgConnection::establish(&db_url).unwrap_or_else(|_| panic!("Error connecting to {}", db_url))
   }
index 0607974f94f25e1d02c766201535ee07cb78c989..097063b6a55bcdc168737b5f94237cdd053a7525 100644 (file)
@@ -1,7 +1,6 @@
 use config::{Config, ConfigError, Environment, File};
 use serde::Deserialize;
-use std::{fs, io::Error, net::IpAddr, sync::RwLock};
-use std::env;
+use std::{env, fs, io::Error, net::IpAddr, sync::RwLock};
 
 static CONFIG_FILE_DEFAULTS: &str = "config/defaults.hjson";
 static CONFIG_FILE: &str = "config/config.hjson";
index 2007542fa63d81832c660c4462d887b772172345..f8bdf5d5b17f3f708de2b72a05373ea5cdf8036b 100644 (file)
@@ -243,28 +243,28 @@ impl Perform for Oper<EditComment> {
     let orig_comment =
       blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??;
 
+    let mut editors: Vec<i32> = vec![orig_comment.creator_id];
+    let mut moderators: Vec<i32> = vec![];
+
+    let community_id = orig_comment.community_id;
+    moderators.append(
+      &mut blocking(pool, move |conn| {
+        CommunityModeratorView::for_community(&conn, community_id)
+          .map(|v| v.into_iter().map(|m| m.user_id).collect())
+      })
+      .await??,
+    );
+    moderators.append(
+      &mut blocking(pool, move |conn| {
+        UserView::admins(conn).map(|v| v.into_iter().map(|a| a.id).collect())
+      })
+      .await??,
+    );
+
+    editors.extend(&moderators);
     // You are allowed to mark the comment as read even if you're banned.
     if data.read.is_none() {
       // Verify its the creator or a mod, or an admin
-      let mut editors: Vec<i32> = vec![data.creator_id];
-      let community_id = orig_comment.community_id;
-      editors.append(
-        &mut blocking(pool, move |conn| {
-          Ok(
-            CommunityModeratorView::for_community(&conn, community_id)?
-              .into_iter()
-              .map(|m| m.user_id)
-              .collect(),
-          ) as Result<_, LemmyError>
-        })
-        .await??,
-      );
-      editors.append(
-        &mut blocking(pool, move |conn| {
-          Ok(UserView::admins(conn)?.into_iter().map(|a| a.id).collect()) as Result<_, LemmyError>
-        })
-        .await??,
-      );
 
       if !editors.contains(&user_id) {
         return Err(APIError::err("no_comment_edit_allowed").into());
@@ -282,6 +282,25 @@ impl Perform for Oper<EditComment> {
       if user.banned {
         return Err(APIError::err("site_ban").into());
       }
+    } else {
+      // check that user can mark as read
+      let parent_id = orig_comment.parent_id;
+      match parent_id {
+        Some(pid) => {
+          let parent_comment =
+            blocking(pool, move |conn| CommentView::read(&conn, pid, None)).await??;
+          if user_id != parent_comment.creator_id {
+            return Err(APIError::err("no_comment_edit_allowed").into());
+          }
+        }
+        None => {
+          let parent_post_id = orig_comment.post_id;
+          let parent_post = blocking(pool, move |conn| Post::read(conn, parent_post_id)).await??;
+          if user_id != parent_post.creator_id {
+            return Err(APIError::err("no_comment_edit_allowed").into());
+          }
+        }
+      }
     }
 
     let content_slurs_removed = remove_slurs(&data.content.to_owned());
@@ -289,22 +308,45 @@ impl Perform for Oper<EditComment> {
     let edit_id = data.edit_id;
     let read_comment = blocking(pool, move |conn| Comment::read(conn, edit_id)).await??;
 
-    let comment_form = CommentForm {
-      content: content_slurs_removed,
-      parent_id: data.parent_id,
-      post_id: data.post_id,
-      creator_id: data.creator_id,
-      removed: data.removed.to_owned(),
-      deleted: data.deleted.to_owned(),
-      read: data.read.to_owned(),
-      published: None,
-      updated: if data.read.is_some() {
-        orig_comment.updated
+    let comment_form = {
+      if data.read.is_none() {
+        // the ban etc checks should been made and have passed
+        // the comment can be properly edited
+        let post_removed = if moderators.contains(&user_id) {
+          data.removed
+        } else {
+          Some(read_comment.removed)
+        };
+
+        CommentForm {
+          content: content_slurs_removed,
+          parent_id: read_comment.parent_id,
+          post_id: read_comment.post_id,
+          creator_id: read_comment.creator_id,
+          removed: post_removed.to_owned(),
+          deleted: data.deleted.to_owned(),
+          read: Some(read_comment.read),
+          published: None,
+          updated: Some(naive_now()),
+          ap_id: read_comment.ap_id,
+          local: read_comment.local,
+        }
       } else {
-        Some(naive_now())
-      },
-      ap_id: read_comment.ap_id,
-      local: read_comment.local,
+        // the only field that can be updated it the read field
+        CommentForm {
+          content: read_comment.content,
+          parent_id: read_comment.parent_id,
+          post_id: read_comment.post_id,
+          creator_id: read_comment.creator_id,
+          removed: Some(read_comment.removed).to_owned(),
+          deleted: Some(read_comment.deleted).to_owned(),
+          read: data.read.to_owned(),
+          published: None,
+          updated: orig_comment.updated,
+          ap_id: read_comment.ap_id,
+          local: read_comment.local,
+        }
+      }
     };
 
     let edit_id = data.edit_id;
@@ -318,30 +360,47 @@ impl Perform for Oper<EditComment> {
       Err(_e) => return Err(APIError::err("couldnt_update_comment").into()),
     };
 
-    if let Some(deleted) = data.deleted.to_owned() {
-      if deleted {
-        updated_comment
-          .send_delete(&user, &self.client, pool)
-          .await?;
+    if data.read.is_none() {
+      if let Some(deleted) = data.deleted.to_owned() {
+        if deleted {
+          updated_comment
+            .send_delete(&user, &self.client, pool)
+            .await?;
+        } else {
+          updated_comment
+            .send_undo_delete(&user, &self.client, pool)
+            .await?;
+        }
+      } else if let Some(removed) = data.removed.to_owned() {
+        if moderators.contains(&user_id) {
+          if removed {
+            updated_comment
+              .send_remove(&user, &self.client, pool)
+              .await?;
+          } else {
+            updated_comment
+              .send_undo_remove(&user, &self.client, pool)
+              .await?;
+          }
+        }
       } else {
         updated_comment
-          .send_undo_delete(&user, &self.client, pool)
+          .send_update(&user, &self.client, pool)
           .await?;
       }
-    } else if let Some(removed) = data.removed.to_owned() {
-      if removed {
-        updated_comment
-          .send_remove(&user, &self.client, pool)
-          .await?;
-      } else {
-        updated_comment
-          .send_undo_remove(&user, &self.client, pool)
-          .await?;
+
+      // Mod tables
+      if moderators.contains(&user_id) {
+        if let Some(removed) = data.removed.to_owned() {
+          let form = ModRemoveCommentForm {
+            mod_user_id: user_id,
+            comment_id: data.edit_id,
+            removed: Some(removed),
+            reason: data.reason.to_owned(),
+          };
+          blocking(pool, move |conn| ModRemoveComment::create(conn, &form)).await??;
+        }
       }
-    } else {
-      updated_comment
-        .send_update(&user, &self.client, pool)
-        .await?;
     }
 
     let post_id = data.post_id;
@@ -350,17 +409,6 @@ impl Perform for Oper<EditComment> {
     let mentions = scrape_text_for_mentions(&comment_form.content);
     let recipient_ids = send_local_notifs(mentions, updated_comment, user, post, pool).await?;
 
-    // Mod tables
-    if let Some(removed) = data.removed.to_owned() {
-      let form = ModRemoveCommentForm {
-        mod_user_id: user_id,
-        comment_id: data.edit_id,
-        removed: Some(removed),
-        reason: data.reason.to_owned(),
-      };
-      blocking(pool, move |conn| ModRemoveComment::create(conn, &form)).await??;
-    }
-
     let edit_id = data.edit_id;
     let comment_view = blocking(pool, move |conn| {
       CommentView::read(conn, edit_id, Some(user_id))
index e703dcf4138b5a0fa7cb2b69bb9108bba55e9ab7..e5063e0ff0af6093704387674a6d36f235ee6891 100644 (file)
@@ -392,7 +392,7 @@ impl Perform for Oper<EditCommunity> {
       title: data.title.to_owned(),
       description: data.description.to_owned(),
       category_id: data.category_id.to_owned(),
-      creator_id: user_id,
+      creator_id: read_community.creator_id,
       removed: data.removed.to_owned(),
       deleted: data.deleted.to_owned(),
       nsfw: data.nsfw,
@@ -652,6 +652,28 @@ impl Perform for Oper<BanFromCommunity> {
 
     let user_id = claims.id;
 
+    let mut community_moderators: Vec<i32> = vec![];
+
+    let community_id = data.community_id;
+
+    community_moderators.append(
+      &mut blocking(pool, move |conn| {
+        CommunityModeratorView::for_community(&conn, community_id)
+          .map(|v| v.into_iter().map(|m| m.user_id).collect())
+      })
+      .await??,
+    );
+    community_moderators.append(
+      &mut blocking(pool, move |conn| {
+        UserView::admins(conn).map(|v| v.into_iter().map(|a| a.id).collect())
+      })
+      .await??,
+    );
+
+    if !community_moderators.contains(&user_id) {
+      return Err(APIError::err("couldnt_update_community").into());
+    }
+
     let community_user_ban_form = CommunityUserBanForm {
       community_id: data.community_id,
       user_id: data.user_id,
@@ -729,6 +751,28 @@ impl Perform for Oper<AddModToCommunity> {
       user_id: data.user_id,
     };
 
+    let mut community_moderators: Vec<i32> = vec![];
+
+    let community_id = data.community_id;
+
+    community_moderators.append(
+      &mut blocking(pool, move |conn| {
+        CommunityModeratorView::for_community(&conn, community_id)
+          .map(|v| v.into_iter().map(|m| m.user_id).collect())
+      })
+      .await??,
+    );
+    community_moderators.append(
+      &mut blocking(pool, move |conn| {
+        UserView::admins(conn).map(|v| v.into_iter().map(|a| a.id).collect())
+      })
+      .await??,
+    );
+
+    if !community_moderators.contains(&user_id) {
+      return Err(APIError::err("couldnt_update_community").into());
+    }
+
     if data.added {
       let join = move |conn: &'_ _| CommunityModerator::join(conn, &community_moderator_form);
       if blocking(pool, join).await?.is_err() {
index 6710a2cdf35d54bc239aeac54d40854b3eec946c..b9518f0e956f0bad5ba345bf5cb3e0c9c31ddd4d 100644 (file)
@@ -540,28 +540,36 @@ impl Perform for Oper<EditPost> {
 
     let user_id = claims.id;
 
+    let edit_id = data.edit_id;
+    let read_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??;
+
     // Verify its the creator or a mod or admin
-    let community_id = data.community_id;
-    let mut editors: Vec<i32> = vec![data.creator_id];
-    editors.append(
+    let community_id = read_post.community_id;
+    let mut editors: Vec<i32> = vec![read_post.creator_id];
+    let mut moderators: Vec<i32> = vec![];
+
+    moderators.append(
       &mut blocking(pool, move |conn| {
         CommunityModeratorView::for_community(conn, community_id)
           .map(|v| v.into_iter().map(|m| m.user_id).collect())
       })
       .await??,
     );
-    editors.append(
+    moderators.append(
       &mut blocking(pool, move |conn| {
         UserView::admins(conn).map(|v| v.into_iter().map(|a| a.id).collect())
       })
       .await??,
     );
+
+    editors.extend(&moderators);
+
     if !editors.contains(&user_id) {
       return Err(APIError::err("no_post_edit_allowed").into());
     }
 
     // Check for a community ban
-    let community_id = data.community_id;
+    let community_id = read_post.community_id;
     let is_banned =
       move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
     if blocking(pool, is_banned).await? {
@@ -578,28 +586,51 @@ impl Perform for Oper<EditPost> {
     let (iframely_title, iframely_description, iframely_html, pictrs_thumbnail) =
       fetch_iframely_and_pictrs_data(&self.client, data.url.to_owned()).await;
 
-    let edit_id = data.edit_id;
-    let read_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??;
-
-    let post_form = PostForm {
-      name: data.name.trim().to_owned(),
-      url: data.url.to_owned(),
-      body: data.body.to_owned(),
-      creator_id: data.creator_id.to_owned(),
-      community_id: data.community_id,
-      removed: data.removed.to_owned(),
-      deleted: data.deleted.to_owned(),
-      nsfw: data.nsfw,
-      locked: data.locked.to_owned(),
-      stickied: data.stickied.to_owned(),
-      updated: Some(naive_now()),
-      embed_title: iframely_title,
-      embed_description: iframely_description,
-      embed_html: iframely_html,
-      thumbnail_url: pictrs_thumbnail,
-      ap_id: read_post.ap_id,
-      local: read_post.local,
-      published: None,
+    let post_form = {
+      // only modify some properties if they are a moderator
+      if moderators.contains(&user_id) {
+        PostForm {
+          name: data.name.trim().to_owned(),
+          url: data.url.to_owned(),
+          body: data.body.to_owned(),
+          creator_id: read_post.creator_id.to_owned(),
+          community_id: read_post.community_id,
+          removed: data.removed.to_owned(),
+          deleted: data.deleted.to_owned(),
+          nsfw: data.nsfw,
+          locked: data.locked.to_owned(),
+          stickied: data.stickied.to_owned(),
+          updated: Some(naive_now()),
+          embed_title: iframely_title,
+          embed_description: iframely_description,
+          embed_html: iframely_html,
+          thumbnail_url: pictrs_thumbnail,
+          ap_id: read_post.ap_id,
+          local: read_post.local,
+          published: None,
+        }
+      } else {
+        PostForm {
+          name: read_post.name.trim().to_owned(),
+          url: data.url.to_owned(),
+          body: data.body.to_owned(),
+          creator_id: read_post.creator_id.to_owned(),
+          community_id: read_post.community_id,
+          removed: Some(read_post.removed),
+          deleted: data.deleted.to_owned(),
+          nsfw: data.nsfw,
+          locked: Some(read_post.locked),
+          stickied: Some(read_post.stickied),
+          updated: Some(naive_now()),
+          embed_title: iframely_title,
+          embed_description: iframely_description,
+          embed_html: iframely_html,
+          thumbnail_url: pictrs_thumbnail,
+          ap_id: read_post.ap_id,
+          local: read_post.local,
+          published: None,
+        }
+      }
     };
 
     let edit_id = data.edit_id;
@@ -617,33 +648,35 @@ impl Perform for Oper<EditPost> {
       }
     };
 
-    // Mod tables
-    if let Some(removed) = data.removed.to_owned() {
-      let form = ModRemovePostForm {
-        mod_user_id: user_id,
-        post_id: data.edit_id,
-        removed: Some(removed),
-        reason: data.reason.to_owned(),
-      };
-      blocking(pool, move |conn| ModRemovePost::create(conn, &form)).await??;
-    }
+    if moderators.contains(&user_id) {
+      // Mod tables
+      if let Some(removed) = data.removed.to_owned() {
+        let form = ModRemovePostForm {
+          mod_user_id: user_id,
+          post_id: data.edit_id,
+          removed: Some(removed),
+          reason: data.reason.to_owned(),
+        };
+        blocking(pool, move |conn| ModRemovePost::create(conn, &form)).await??;
+      }
 
-    if let Some(locked) = data.locked.to_owned() {
-      let form = ModLockPostForm {
-        mod_user_id: user_id,
-        post_id: data.edit_id,
-        locked: Some(locked),
-      };
-      blocking(pool, move |conn| ModLockPost::create(conn, &form)).await??;
-    }
+      if let Some(locked) = data.locked.to_owned() {
+        let form = ModLockPostForm {
+          mod_user_id: user_id,
+          post_id: data.edit_id,
+          locked: Some(locked),
+        };
+        blocking(pool, move |conn| ModLockPost::create(conn, &form)).await??;
+      }
 
-    if let Some(stickied) = data.stickied.to_owned() {
-      let form = ModStickyPostForm {
-        mod_user_id: user_id,
-        post_id: data.edit_id,
-        stickied: Some(stickied),
-      };
-      blocking(pool, move |conn| ModStickyPost::create(conn, &form)).await??;
+      if let Some(stickied) = data.stickied.to_owned() {
+        let form = ModStickyPostForm {
+          mod_user_id: user_id,
+          post_id: data.edit_id,
+          stickied: Some(stickied),
+        };
+        blocking(pool, move |conn| ModStickyPost::create(conn, &form)).await??;
+      }
     }
 
     if let Some(deleted) = data.deleted.to_owned() {
@@ -655,12 +688,14 @@ impl Perform for Oper<EditPost> {
           .await?;
       }
     } else if let Some(removed) = data.removed.to_owned() {
-      if removed {
-        updated_post.send_remove(&user, &self.client, pool).await?;
-      } else {
-        updated_post
-          .send_undo_remove(&user, &self.client, pool)
-          .await?;
+      if moderators.contains(&user_id) {
+        if removed {
+          updated_post.send_remove(&user, &self.client, pool).await?;
+        } else {
+          updated_post
+            .send_undo_remove(&user, &self.client, pool)
+            .await?;
+        }
       }
     } else {
       updated_post.send_update(&user, &self.client, pool).await?;
index 9f33843f6b95b73131efc417165cc554c4a5c602..ddcf2ef2eeb77cb499dae1d0b2e7503f312d6fbf 100644 (file)
@@ -880,6 +880,9 @@ impl Perform for Oper<EditUserMention> {
     };
 
     let user_id = claims.id;
+    if user_id != data.user_mention_id {
+      return Err(APIError::err("couldnt_update_comment").into());
+    }
 
     let user_mention_id = data.user_mention_id;
     let user_mention =
@@ -1310,23 +1313,35 @@ impl Perform for Oper<EditPrivateMessage> {
 
     let content_slurs_removed = match &data.content {
       Some(content) => remove_slurs(content),
-      None => orig_private_message.content,
+      None => orig_private_message.content.clone(),
     };
 
-    let private_message_form = PrivateMessageForm {
-      content: content_slurs_removed,
-      creator_id: orig_private_message.creator_id,
-      recipient_id: orig_private_message.recipient_id,
-      deleted: data.deleted.to_owned(),
-      read: data.read.to_owned(),
-      updated: if data.read.is_some() {
-        orig_private_message.updated
+    let private_message_form = {
+      if data.read.is_some() {
+        PrivateMessageForm {
+          content: orig_private_message.content.to_owned(),
+          creator_id: orig_private_message.creator_id,
+          recipient_id: orig_private_message.recipient_id,
+          read: data.read.to_owned(),
+          updated: orig_private_message.updated,
+          deleted: Some(orig_private_message.deleted),
+          ap_id: orig_private_message.ap_id,
+          local: orig_private_message.local,
+          published: None,
+        }
       } else {
-        Some(naive_now())
-      },
-      ap_id: orig_private_message.ap_id,
-      local: orig_private_message.local,
-      published: None,
+        PrivateMessageForm {
+          content: content_slurs_removed,
+          creator_id: orig_private_message.creator_id,
+          recipient_id: orig_private_message.recipient_id,
+          deleted: data.deleted.to_owned(),
+          read: Some(orig_private_message.read),
+          updated: Some(naive_now()),
+          ap_id: orig_private_message.ap_id,
+          local: orig_private_message.local,
+          published: None,
+        }
+      }
     };
 
     let edit_id = data.edit_id;
@@ -1339,14 +1354,20 @@ impl Perform for Oper<EditPrivateMessage> {
       Err(_e) => return Err(APIError::err("couldnt_update_private_message").into()),
     };
 
-    if let Some(deleted) = data.deleted.to_owned() {
-      if deleted {
-        updated_private_message
-          .send_delete(&user, &self.client, pool)
-          .await?;
+    if data.read.is_none() {
+      if let Some(deleted) = data.deleted.to_owned() {
+        if deleted {
+          updated_private_message
+            .send_delete(&user, &self.client, pool)
+            .await?;
+        } else {
+          updated_private_message
+            .send_undo_delete(&user, &self.client, pool)
+            .await?;
+        }
       } else {
         updated_private_message
-          .send_undo_delete(&user, &self.client, pool)
+          .send_update(&user, &self.client, pool)
           .await?;
       }
     } else {
index 84d11275d2cdb724f6ecca8c608a5ad5f83de486..9e5e53a7b48225238873fecf223dff6884ecfa31 100644 (file)
@@ -1,16 +1,25 @@
 use crate::{
   apub::{
     activities::{populate_object_props, send_activity_to_community},
-    create_apub_response, create_apub_tombstone_response, create_tombstone, fetch_webfinger_url,
+    create_apub_response,
+    create_apub_tombstone_response,
+    create_tombstone,
+    fetch_webfinger_url,
     fetcher::{
-      get_or_fetch_and_insert_remote_comment, get_or_fetch_and_insert_remote_post,
+      get_or_fetch_and_insert_remote_comment,
+      get_or_fetch_and_insert_remote_post,
       get_or_fetch_and_upsert_remote_user,
     },
-    ActorType, ApubLikeableType, ApubObjectType, FromApub, ToApub,
+    ActorType,
+    ApubLikeableType,
+    ApubObjectType,
+    FromApub,
+    ToApub,
   },
   blocking,
   routes::DbPoolParam,
-  DbPool, LemmyError,
+  DbPool,
+  LemmyError,
 };
 use activitystreams::{
   activity::{Create, Delete, Dislike, Like, Remove, Undo, Update},
index 587977a335a8967de5dcae190eef3dd7878e5e81..529039fc0261586ea6e06116c2193596fa30d270 100644 (file)
@@ -1,18 +1,28 @@
 use crate::{
   apub::{
     activities::{populate_object_props, send_activity},
-    create_apub_response, create_apub_tombstone_response, create_tombstone,
+    create_apub_response,
+    create_apub_tombstone_response,
+    create_tombstone,
     extensions::group_extensions::GroupExtension,
     fetcher::get_or_fetch_and_upsert_remote_user,
-    get_shared_inbox, insert_activity, ActorType, FromApub, GroupExt, ToApub,
+    get_shared_inbox,
+    insert_activity,
+    ActorType,
+    FromApub,
+    GroupExt,
+    ToApub,
   },
   blocking,
   routes::DbPoolParam,
-  DbPool, LemmyError,
+  DbPool,
+  LemmyError,
 };
 use activitystreams::{
   activity::{Accept, Announce, Delete, Remove, Undo},
-  Activity, Base, BaseBox,
+  Activity,
+  Base,
+  BaseBox,
 };
 use activitystreams_ext::Ext2;
 use activitystreams_new::{
index 4251cb769478e90c1b9b4a956b4e8c218c794f20..f20c9eabe85882e402d4f596b5e0c9488c8e3877 100644 (file)
@@ -4,7 +4,8 @@ use crate::{
   blocking,
   request::{retry, RecvError},
   routes::nodeinfo::{NodeInfo, NodeInfoWellKnown},
-  DbPool, LemmyError,
+  DbPool,
+  LemmyError,
 };
 use activitystreams::object::Note;
 use activitystreams_new::{base::BaseExt, prelude::*, primitives::XsdAnyUri};
@@ -21,7 +22,9 @@ use lemmy_db::{
   post_view::PostView,
   user::{UserForm, User_},
   user_view::UserView,
-  Crud, Joinable, SearchType,
+  Crud,
+  Joinable,
+  SearchType,
 };
 use lemmy_utils::get_apub_protocol_string;
 use log::debug;
index 499f0352e684c98568b33b6f9d82066ec8dfda5f..cfb539fb169756241016ef955a0be18b8909c24f 100644 (file)
@@ -19,7 +19,8 @@ use crate::{
   blocking,
   request::{retry, RecvError},
   routes::webfinger::WebFingerResponse,
-  DbPool, LemmyError,
+  DbPool,
+  LemmyError,
 };
 use activitystreams::object::Page;
 use activitystreams_ext::{Ext1, Ext2};
index c4e98f117146c3f93eb945a67fe37e0f70540f9b..36922e4f0cc30592159a5a3620f9dc595c23f597 100644 (file)
@@ -1,14 +1,22 @@
 use crate::{
   apub::{
     activities::{populate_object_props, send_activity_to_community},
-    create_apub_response, create_apub_tombstone_response, create_tombstone,
+    create_apub_response,
+    create_apub_tombstone_response,
+    create_tombstone,
     extensions::page_extension::PageExtension,
     fetcher::{get_or_fetch_and_upsert_remote_community, get_or_fetch_and_upsert_remote_user},
-    ActorType, ApubLikeableType, ApubObjectType, FromApub, PageExt, ToApub,
+    ActorType,
+    ApubLikeableType,
+    ApubObjectType,
+    FromApub,
+    PageExt,
+    ToApub,
   },
   blocking,
   routes::DbPoolParam,
-  DbPool, LemmyError,
+  DbPool,
+  LemmyError,
 };
 use activitystreams::{
   activity::{Create, Delete, Dislike, Like, Remove, Undo, Update},
index 228cc684e7d1a3e7eb4eb2b8f184820da4db75ab..bc685b2382019d1e26cc8027ee89ab060b722d73 100644 (file)
@@ -1,9 +1,16 @@
 use crate::{
   apub::{
-    activities::send_activity, create_tombstone, fetcher::get_or_fetch_and_upsert_remote_user,
-    insert_activity, ApubObjectType, FromApub, ToApub,
+    activities::send_activity,
+    create_tombstone,
+    fetcher::get_or_fetch_and_upsert_remote_user,
+    insert_activity,
+    ApubObjectType,
+    FromApub,
+    ToApub,
   },
-  blocking, DbPool, LemmyError,
+  blocking,
+  DbPool,
+  LemmyError,
 };
 use activitystreams::{
   activity::{Create, Delete, Undo, Update},
index f0f5bbfd6f4a1ef74fdec44c12ee0532fcd59fea..7319f1aee519bac57b64e138008b29c66e614c29 100644 (file)
@@ -8,10 +8,15 @@ use crate::{
     community::do_announce,
     extensions::signatures::verify,
     fetcher::{
-      get_or_fetch_and_insert_remote_comment, get_or_fetch_and_insert_remote_post,
-      get_or_fetch_and_upsert_remote_community, get_or_fetch_and_upsert_remote_user,
+      get_or_fetch_and_insert_remote_comment,
+      get_or_fetch_and_insert_remote_post,
+      get_or_fetch_and_upsert_remote_community,
+      get_or_fetch_and_upsert_remote_user,
     },
-    insert_activity, FromApub, GroupExt, PageExt,
+    insert_activity,
+    FromApub,
+    GroupExt,
+    PageExt,
   },
   blocking,
   routes::{ChatServerParam, DbPoolParam},
@@ -19,12 +24,15 @@ use crate::{
     server::{SendComment, SendCommunityRoomMessage, SendPost},
     UserOperation,
   },
-  DbPool, LemmyError,
+  DbPool,
+  LemmyError,
 };
 use activitystreams::{
   activity::{Announce, Create, Delete, Dislike, Like, Remove, Undo, Update},
   object::Note,
-  Activity, Base, BaseBox,
+  Activity,
+  Base,
+  BaseBox,
 };
 use actix_web::{client::Client, web, HttpRequest, HttpResponse};
 use lemmy_db::{
@@ -35,7 +43,8 @@ use lemmy_db::{
   naive_now,
   post::{Post, PostForm, PostLike, PostLikeForm},
   post_view::PostView,
-  Crud, Likeable,
+  Crud,
+  Likeable,
 };
 use lemmy_utils::scrape_text_for_mentions;
 use log::debug;
index 997c03ea1d37c4b3090d5f5951bc4180d0a7d781..2b02486d17a7a4b43962fd7932141266bdf4f619 100644 (file)
@@ -1,12 +1,18 @@
 use crate::{
   api::claims::Claims,
   apub::{
-    activities::send_activity, create_apub_response, insert_activity, ActorType, FromApub,
-    PersonExt, ToApub,
+    activities::send_activity,
+    create_apub_response,
+    insert_activity,
+    ActorType,
+    FromApub,
+    PersonExt,
+    ToApub,
   },
   blocking,
   routes::DbPoolParam,
-  DbPool, LemmyError,
+  DbPool,
+  LemmyError,
 };
 use activitystreams_ext::Ext1;
 use activitystreams_new::{
index 2bf26957996086422c81b68b5199abb25e575efe..9bc102a74a368433f95d7635ccc9ecb04584a9da 100644 (file)
@@ -3,12 +3,14 @@ use crate::{
   apub::{
     extensions::signatures::verify,
     fetcher::{get_or_fetch_and_upsert_remote_community, get_or_fetch_and_upsert_remote_user},
-    insert_activity, FromApub,
+    insert_activity,
+    FromApub,
   },
   blocking,
   routes::{ChatServerParam, DbPoolParam},
   websocket::{server::SendUserRoomMessage, UserOperation},
-  DbPool, LemmyError,
+  DbPool,
+  LemmyError,
 };
 use activitystreams::{
   activity::{Accept, Create, Delete, Undo, Update},
@@ -21,7 +23,8 @@ use lemmy_db::{
   private_message::{PrivateMessage, PrivateMessageForm},
   private_message_view::PrivateMessageView,
   user::User_,
-  Crud, Followable,
+  Crud,
+  Followable,
 };
 use log::debug;
 use serde::Deserialize;