diff --git a/app/services/activitypub/prepare_followers_synchronization_service.rb b/app/services/activitypub/prepare_followers_synchronization_service.rb index 56ec0e44bf..058089e7f8 100644 --- a/app/services/activitypub/prepare_followers_synchronization_service.rb +++ b/app/services/activitypub/prepare_followers_synchronization_service.rb @@ -8,6 +8,6 @@ class ActivityPub::PrepareFollowersSynchronizationService < BaseService return if params['collectionId'] != @account.followers_url || non_matching_uri_hosts?(@account.uri, params['url']) || @account.local_followers_hash == params['digest'] - ActivityPub::FollowersSynchronizationWorker.perform_async(@account.id, params['url']) + ActivityPub::FollowersSynchronizationWorker.perform_async(@account.id, params['url'], params['digest']) end end diff --git a/app/services/activitypub/synchronize_followers_service.rb b/app/services/activitypub/synchronize_followers_service.rb index 5b58a025cb..8f7c59f582 100644 --- a/app/services/activitypub/synchronize_followers_service.rb +++ b/app/services/activitypub/synchronize_followers_service.rb @@ -6,13 +6,15 @@ class ActivityPub::SynchronizeFollowersService < BaseService MAX_COLLECTION_PAGES = 10 - def call(account, partial_collection_url) + def call(account, partial_collection_url, expected_digest = nil) @account = account @expected_followers_ids = [] + @digest = [expected_digest].pack('H*') if expected_digest.present? return unless process_collection!(partial_collection_url) - remove_unexpected_local_followers! + # Only remove followers if the digests match, as it is a destructive operation + remove_unexpected_local_followers! if expected_digest.blank? || @digest == "\x00" * 32 end private @@ -21,6 +23,8 @@ class ActivityPub::SynchronizeFollowersService < BaseService page_expected_followers = extract_local_followers(items) @expected_followers_ids.concat(page_expected_followers.pluck(:id)) + items.each { |uri| Xorcist.xor!(@digest, Digest::SHA256.digest(uri)) } if @digest.present? + handle_unexpected_outgoing_follows!(page_expected_followers) end diff --git a/app/workers/activitypub/followers_synchronization_worker.rb b/app/workers/activitypub/followers_synchronization_worker.rb index 35a3ef0b96..e6c62e0cfb 100644 --- a/app/workers/activitypub/followers_synchronization_worker.rb +++ b/app/workers/activitypub/followers_synchronization_worker.rb @@ -5,10 +5,10 @@ class ActivityPub::FollowersSynchronizationWorker sidekiq_options queue: 'push', lock: :until_executed - def perform(account_id, url) + def perform(account_id, url, expected_digest = nil) @account = Account.find_by(id: account_id) return true if @account.nil? - ActivityPub::SynchronizeFollowersService.new.call(@account, url) + ActivityPub::SynchronizeFollowersService.new.call(@account, url, expected_digest) end end diff --git a/spec/services/activitypub/synchronize_followers_service_spec.rb b/spec/services/activitypub/synchronize_followers_service_spec.rb index 70f27627e1..b0bd02dac8 100644 --- a/spec/services/activitypub/synchronize_followers_service_spec.rb +++ b/spec/services/activitypub/synchronize_followers_service_spec.rb @@ -35,7 +35,7 @@ RSpec.describe ActivityPub::SynchronizeFollowersService do shared_examples 'synchronizes followers' do before do - subject.call(actor, collection_uri) + subject.call(actor, collection_uri, expected_digest) end it 'maintains following records and sends Undo Follow to actor' do @@ -51,6 +51,8 @@ RSpec.describe ActivityPub::SynchronizeFollowersService do end describe '#call' do + let(:expected_digest) { nil } + context 'when the endpoint is a Collection of actor URIs' do before do stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) @@ -197,5 +199,131 @@ RSpec.describe ActivityPub::SynchronizeFollowersService do .to be_following(actor) end end + + context 'when passing a matching expected_digest' do + let(:expected_digest) do + digest = "\x00" * 32 + + items.each do |uri| + Xorcist.xor!(digest, Digest::SHA256.digest(uri)) + end + + digest.unpack1('H*') + end + + context 'when the endpoint is a Collection of actor URIs' do + before do + stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) + end + + it_behaves_like 'synchronizes followers' + end + + context 'when the endpoint is an OrderedCollection of actor URIs' do + let(:payload) do + { + '@context': 'https://www.w3.org/ns/activitystreams', + type: 'OrderedCollection', + id: collection_uri, + orderedItems: items, + }.with_indifferent_access + end + + before do + stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) + end + + it_behaves_like 'synchronizes followers' + end + + context 'when the endpoint is a single-page paginated Collection of actor URIs' do + let(:payload) do + { + '@context': 'https://www.w3.org/ns/activitystreams', + type: 'Collection', + id: collection_uri, + first: { + type: 'CollectionPage', + partOf: collection_uri, + items: items, + }, + }.with_indifferent_access + end + + before do + stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) + end + + it_behaves_like 'synchronizes followers' + end + end + + context 'when passing a non-matching expected_digest' do + let(:expected_digest) { '123456789' } + + context 'when the endpoint is a Collection of actor URIs' do + before do + stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) + end + + it 'does not remove followers' do + follower_ids = actor.followers.reload.pluck(:id) + + subject.call(actor, collection_uri, expected_digest) + + expect(follower_ids - actor.followers.reload.pluck(:id)).to be_empty + end + end + + context 'when the endpoint is an OrderedCollection of actor URIs' do + let(:payload) do + { + '@context': 'https://www.w3.org/ns/activitystreams', + type: 'OrderedCollection', + id: collection_uri, + orderedItems: items, + }.with_indifferent_access + end + + before do + stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) + end + + it 'does not remove followers' do + follower_ids = actor.followers.reload.pluck(:id) + + subject.call(actor, collection_uri, expected_digest) + + expect(follower_ids - actor.followers.reload.pluck(:id)).to be_empty + end + end + + context 'when the endpoint is a single-page paginated Collection of actor URIs' do + let(:payload) do + { + '@context': 'https://www.w3.org/ns/activitystreams', + type: 'Collection', + id: collection_uri, + first: { + type: 'CollectionPage', + partOf: collection_uri, + items: items, + }, + }.with_indifferent_access + end + + before do + stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) + end + + it 'does not remove followers' do + follower_ids = actor.followers.reload.pluck(:id) + + subject.call(actor, collection_uri, expected_digest) + + expect(follower_ids - actor.followers.reload.pluck(:id)).to be_empty + end + end + end end end diff --git a/spec/workers/activitypub/followers_synchronization_worker_spec.rb b/spec/workers/activitypub/followers_synchronization_worker_spec.rb index 0847b247e3..046a3e87ab 100644 --- a/spec/workers/activitypub/followers_synchronization_worker_spec.rb +++ b/spec/workers/activitypub/followers_synchronization_worker_spec.rb @@ -15,7 +15,13 @@ RSpec.describe ActivityPub::FollowersSynchronizationWorker do it 'sends the status to the service' do worker.perform(account.id, url) - expect(service).to have_received(:call).with(account, url) + expect(service).to have_received(:call).with(account, url, nil) + end + + it 'sends the status to the service with the passed digest' do + worker.perform(account.id, url, 'digest-123') + + expect(service).to have_received(:call).with(account, url, 'digest-123') end it 'returns nil for non-existent record' do