Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-27 17:16:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: scheduled topics and posts should return 404 on AP request

Browse Source
This commit is contained in:
Julian Lam
2025-02-27 13:34:11 -05:00
parent 01be4d7908
commit 428300de4f
2 changed files with 81 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/controllers/activitypub/actors.js
View File

@@ -55,12 +55,12 @@ Actors.userBySlug = async function (req, res) {
Actors.user(req, res); Actors.user(req, res);
}; };
Actors.note = async function (req, res) { Actors.note = async function (req, res, next) {
// technically a note isn't an actor, but it is here purely for organizational purposes. // technically a note isn't an actor, but it is here purely for organizational purposes.
// but also, wouldn't it be wild if you could follow a note? lol. // but also, wouldn't it be wild if you could follow a note? lol.
const allowed = await privileges.posts.can('topics:read', req.params.pid, activitypub._constants.uid); const allowed = await privileges.posts.can('topics:read', req.params.pid, activitypub._constants.uid);
if (!allowed) { if (!allowed) {
return res.sendStatus(404); return next();
} }
// Handle requests for remote content // Handle requests for remote content
@@ -72,8 +72,8 @@ Actors.note = async function (req, res) {
parse: false, parse: false,
extraFields: ['edited'], extraFields: ['edited'],
})).pop(); })).pop();
if (!post) { if (!post || post.timestamp > Date.now()) {
return res.sendStatus(404); return next();
} }
const payload = await activitypub.mocks.notes.public(post); const payload = await activitypub.mocks.notes.public(post);
@@ -120,8 +120,12 @@ Actors.topic = async function (req, res, next) {
const page = parseInt(req.query.page, 10) || undefined; const page = parseInt(req.query.page, 10) || undefined;
const perPage = meta.config.postsPerPage; const perPage = meta.config.postsPerPage;
const { cid, titleRaw: name, mainPid, slug } = await topics.getTopicFields(req.params.tid, ['cid', 'title', 'mainPid', 'slug']); const { cid, titleRaw: name, mainPid, slug, timestamp } = await topics.getTopicFields(req.params.tid, ['cid', 'title', 'mainPid', 'slug', 'timestamp']);
try { try {
if (timestamp > Date.now()) { // Scheduled topic, no response
return next();
}
let [collection, pids] = await Promise.all([ let [collection, pids] = await Promise.all([
activitypub.helpers.generateCollection({ activitypub.helpers.generateCollection({
set: `tid:${req.params.tid}:posts`, set: `tid:${req.params.tid}:posts`,

77
test/activitypub/actors.js
View File

@@ -253,7 +253,7 @@ describe('Controllers', () => {
}); });
}); });
describe.only('Topic', () => { describe('Topic Collection endpoint', () => {
let cid; let cid;
let uid; let uid;
@@ -265,12 +265,11 @@ describe('Controllers', () => {
describe('Live', () => { describe('Live', () => {
let topicData; let topicData;
let postData;
let response; let response;
let body; let body;
before(async () => { before(async () => {
({ topicData, postData } = await topics.post({ ({ topicData } = await topics.post({
uid, uid,
cid, cid,
title: 'Lorem "Lipsum" Ipsum', title: 'Lorem "Lipsum" Ipsum',
@@ -299,12 +298,11 @@ describe('Controllers', () => {
describe('Scheduled', () => { describe('Scheduled', () => {
let topicData; let topicData;
let postData;
let response; let response;
let body; let body;
before(async () => { before(async () => {
({ topicData, postData } = await topics.post({ ({ topicData } = await topics.post({
uid, uid,
cid, cid,
title: 'Lorem "Lipsum" Ipsum', title: 'Lorem "Lipsum" Ipsum',
@@ -325,4 +323,73 @@ describe('Controllers', () => {
}); });
}); });
}); });
describe('Post Object endpoint', () => {
let cid;
let uid;
before(async () => {
({ cid } = await categories.create({ name: utils.generateUUID().slice(0, 8) }));
const slug = slugify(utils.generateUUID().slice(0, 8));
uid = await user.create({ username: slug });
});
describe('Live', () => {
let postData;
let response;
let body;
before(async () => {
({ postData } = await topics.post({
uid,
cid,
title: 'Lorem "Lipsum" Ipsum',
content: 'Lorem ipsum dolor sit amet',
}));
({ response, body } = await request.get(`${nconf.get('url')}/post/${postData.pid}`, {
headers: {
Accept: 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
},
}));
});
it('should respond properly', async () => {
assert(response);
assert.strictEqual(response.statusCode, 200);
});
it('should return a Note type object', () => {
assert.strictEqual(body.type, 'Note');
});
});
describe('Scheduled', () => {
let topicData;
let postData;
let response;
let body;
before(async () => {
({ topicData, postData } = await topics.post({
uid,
cid,
title: 'Lorem "Lipsum" Ipsum',
content: 'Lorem ipsum dolor sit amet',
timestamp: Date.now() + (1000 * 60 * 60), // 1 hour in the future
}));
({ response, body } = await request.get(`${nconf.get('url')}/post/${postData.pid}`, {
headers: {
Accept: 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
},
}));
});
it('should respond with a 404 Not Found', async () => {
assert(response);
assert.strictEqual(response.statusCode, 404);
});
});
});
}); });