commit 9265a09a656196e2a94c73e32c7b79399411a79e
parent b56dae8120d43b9acd3d3ed4d40100ffab7b972a
Author: Adelie Paull <1208865+i-am-a-paull@users.noreply.github.com>
Date: Mon, 2 May 2022 09:23:37 -0400
[bugfix] Allow self-boosting for any visibility but direct (#510)
* create visibility filter for boostability and allow self-boosting for any visbility but direct messages
* add a followers-only status to local_account_2
* fix typo in comment
* add license header, unwrap errors, be explicit about non-boostable visibility settings to avoid rogue boosting from miscoded clients, use ID compare for checking if self-boosting
* add tests for statusboostable filter
* fix tests that were affected by adding a new status to the test data
* fix the rest of tests affected by adding a status to the textrig data
Diffstat:
9 files changed, 268 insertions(+), 22 deletions(-)
diff --git a/internal/db/bundb/basic_test.go b/internal/db/bundb/basic_test.go
@@ -43,7 +43,7 @@ func (suite *BasicTestSuite) TestGetAllStatuses() {
s := []*gtsmodel.Status{}
err := suite.db.GetAll(context.Background(), &s)
suite.NoError(err)
- suite.Len(s, 15)
+ suite.Len(s, 16)
}
func (suite *BasicTestSuite) TestGetAllNotNull() {
diff --git a/internal/processing/status/boost.go b/internal/processing/status/boost.go
@@ -39,14 +39,11 @@ func (p *processor) Boost(ctx context.Context, requestingAccount *gtsmodel.Accou
return nil, gtserror.NewErrorNotFound(fmt.Errorf("no status owner for status %s", targetStatusID))
}
- visible, err := p.filter.StatusVisible(ctx, targetStatus, requestingAccount)
+ boostable, err := p.filter.StatusBoostable(ctx, targetStatus, requestingAccount)
if err != nil {
- return nil, gtserror.NewErrorNotFound(fmt.Errorf("error seeing if status %s is visible: %s", targetStatus.ID, err))
+ return nil, gtserror.NewErrorNotFound(fmt.Errorf("error seeing if status %s is boostable: %s", targetStatus.ID, err))
}
- if !visible {
- return nil, gtserror.NewErrorNotFound(errors.New("status is not visible"))
- }
- if !targetStatus.Boostable {
+ if !boostable {
return nil, gtserror.NewErrorForbidden(errors.New("status is not boostable"))
}
diff --git a/internal/timeline/get_test.go b/internal/timeline/get_test.go
@@ -84,8 +84,8 @@ func (suite *GetTestSuite) TestGetDefault() {
suite.FailNow(err.Error())
}
- // we only have 15 statuses in the test suite
- suite.Len(statuses, 15)
+ // we only have 16 statuses in the test suite
+ suite.Len(statuses, 16)
// statuses should be sorted highest to lowest ID
var highest string
@@ -177,8 +177,8 @@ func (suite *GetTestSuite) TestGetMinID() {
suite.FailNow(err.Error())
}
- // we should only get 8 statuses back, since we asked for a min ID that excludes some of our entries
- suite.Len(statuses, 8)
+ // we should only get 9 statuses back, since we asked for a min ID that excludes some of our entries
+ suite.Len(statuses, 9)
// statuses should be sorted highest to lowest ID
var highest string
@@ -199,8 +199,8 @@ func (suite *GetTestSuite) TestGetSinceID() {
suite.FailNow(err.Error())
}
- // we should only get 8 statuses back, since we asked for a since ID that excludes some of our entries
- suite.Len(statuses, 8)
+ // we should only get 9 statuses back, since we asked for a since ID that excludes some of our entries
+ suite.Len(statuses, 9)
// statuses should be sorted highest to lowest ID
var highest string
@@ -221,8 +221,8 @@ func (suite *GetTestSuite) TestGetSinceIDPrepareNext() {
suite.FailNow(err.Error())
}
- // we should only get 8 statuses back, since we asked for a since ID that excludes some of our entries
- suite.Len(statuses, 8)
+ // we should only get 9 statuses back, since we asked for a since ID that excludes some of our entries
+ suite.Len(statuses, 9)
// statuses should be sorted highest to lowest ID
var highest string
diff --git a/internal/timeline/index_test.go b/internal/timeline/index_test.go
@@ -76,7 +76,7 @@ func (suite *IndexTestSuite) TestIndexBeforeLowID() {
postID, err := suite.timeline.OldestIndexedItemID(context.Background())
suite.NoError(err)
- suite.Equal("01F8MHBBN8120SYH7D5S050MGK", postID)
+ suite.Equal("01F8MHBQCBTDKN6X5VHGMMN4MA", postID)
indexLength := suite.timeline.ItemIndexLength(context.Background())
suite.Equal(9, indexLength)
@@ -105,7 +105,7 @@ func (suite *IndexTestSuite) TestIndexBehindHighID() {
// the newest indexed post should be the highest one we have in our testrig
postID, err := suite.timeline.NewestIndexedItemID(context.Background())
suite.NoError(err)
- suite.Equal("01FN3VJGFH10KR7S2PB0GFJZYG", postID)
+ suite.Equal("01G20ZM733MGN8J344T4ZDDFY1", postID)
// indexLength should be 9 because that's all this user has hometimelineable
indexLength := suite.timeline.ItemIndexLength(context.Background())
diff --git a/internal/timeline/manager_test.go b/internal/timeline/manager_test.go
@@ -77,9 +77,9 @@ func (suite *ManagerTestSuite) TestManagerIntegration() {
err = suite.manager.PrepareXFromTop(context.Background(), testAccount.ID, 20)
suite.NoError(err)
- // local_account_1 can see 14 statuses out of the testrig statuses in its home timeline
+ // local_account_1 can see 15 statuses out of the testrig statuses in its home timeline
indexedLen = suite.manager.GetIndexedLength(context.Background(), testAccount.ID)
- suite.Equal(14, indexedLen)
+ suite.Equal(15, indexedLen)
// oldest should now be set
oldestIndexed, err = suite.manager.GetOldestIndexedID(context.Background(), testAccount.ID)
@@ -89,7 +89,7 @@ func (suite *ManagerTestSuite) TestManagerIntegration() {
// get hometimeline
statuses, err := suite.manager.GetTimeline(context.Background(), testAccount.ID, "", "", "", 20, false)
suite.NoError(err)
- suite.Len(statuses, 14)
+ suite.Len(statuses, 15)
// now wipe the last status from all timelines, as though it had been deleted by the owner
err = suite.manager.WipeItemFromAllTimelines(context.Background(), "01F8MH75CBF9JFX4ZAD54N0W0R")
@@ -97,7 +97,7 @@ func (suite *ManagerTestSuite) TestManagerIntegration() {
// timeline should be shorter
indexedLen = suite.manager.GetIndexedLength(context.Background(), testAccount.ID)
- suite.Equal(13, indexedLen)
+ suite.Equal(14, indexedLen)
// oldest should now be different
oldestIndexed, err = suite.manager.GetOldestIndexedID(context.Background(), testAccount.ID)
@@ -111,7 +111,7 @@ func (suite *ManagerTestSuite) TestManagerIntegration() {
// timeline should be shorter
indexedLen = suite.manager.GetIndexedLength(context.Background(), testAccount.ID)
- suite.Equal(12, indexedLen)
+ suite.Equal(13, indexedLen)
// oldest should now be different
oldestIndexed, err = suite.manager.GetOldestIndexedID(context.Background(), testAccount.ID)
diff --git a/internal/visibility/filter.go b/internal/visibility/filter.go
@@ -45,6 +45,11 @@ type Filter interface {
//
// This function will call StatusVisible internally, so it's not necessary to call it beforehand.
StatusPublictimelineable(ctx context.Context, targetStatus *gtsmodel.Status, timelineOwnerAccount *gtsmodel.Account) (bool, error)
+
+ // StatusBoostable returns true if targetStatus can be boosted by the requesting account.
+ //
+ // this function will call StatusVisible internally so it's not necessary to call it beforehand.
+ StatusBoostable(ctx context.Context, targetStatus *gtsmodel.Status, requestingAccount *gtsmodel.Account) (bool, error)
}
type filter struct {
diff --git a/internal/visibility/statusboostable.go b/internal/visibility/statusboostable.go
@@ -0,0 +1,65 @@
+/*
+ GoToSocial
+ Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package visibility
+
+import (
+ "context"
+ "errors"
+ "fmt"
+
+ "github.com/sirupsen/logrus"
+ "github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+)
+
+func (f *filter) StatusBoostable(ctx context.Context, targetStatus *gtsmodel.Status, requestingAccount *gtsmodel.Account) (bool, error) {
+ l := logrus.WithFields(logrus.Fields{
+ "func": "StatusBoostable",
+ })
+
+ // if the status isn't visible, it certainly isn't boostable
+ visible, err := f.StatusVisible(ctx, targetStatus, requestingAccount)
+ if err != nil {
+ return false, fmt.Errorf("error seeing if status %s is visible: %s", targetStatus.ID, err)
+ }
+ if !visible {
+ return false, errors.New("status is not visible")
+ }
+
+ // direct messages are never boostable, even if they're visible
+ if targetStatus.Visibility == gtsmodel.VisibilityDirect {
+ l.Trace("status is not boostable because it is a DM")
+ return false, nil
+ }
+
+ // the original account should always be able to boost its own non-DM statuses
+ if requestingAccount.ID == targetStatus.Account.ID {
+ l.Trace("status is boostable because author is booster")
+ return true, nil
+ }
+
+ // if status is followers-only and not the author's, it is not boostable
+ if targetStatus.Visibility == gtsmodel.VisibilityFollowersOnly {
+ l.Trace("status not boostable because it is followers-only")
+ return false, nil
+ }
+
+ // otherwise, status is as boostable as it says it is
+ l.Trace("defaulting to status.boostable value")
+ return targetStatus.Boostable, nil
+}
diff --git a/internal/visibility/statusboostable_test.go b/internal/visibility/statusboostable_test.go
@@ -0,0 +1,155 @@
+/*
+ GoToSocial
+ Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package visibility_test
+
+import (
+ "context"
+ "testing"
+
+ "github.com/stretchr/testify/suite"
+)
+
+type StatusBoostableTestSuite struct {
+ FilterStandardTestSuite
+}
+
+func (suite *StatusBoostableTestSuite) TestOwnPublicBoostable() {
+ testStatus := suite.testStatuses["local_account_1_status_1"]
+ testAccount := suite.testAccounts["local_account_1"]
+ ctx := context.Background()
+
+ boostable, err := suite.filter.StatusBoostable(ctx, testStatus, testAccount)
+ suite.NoError(err)
+
+ suite.True(boostable)
+}
+
+func (suite *StatusBoostableTestSuite) TestOwnUnlockedBoostable() {
+ testStatus := suite.testStatuses["local_account_1_status_2"]
+ testAccount := suite.testAccounts["local_account_1"]
+ ctx := context.Background()
+
+ boostable, err := suite.filter.StatusBoostable(ctx, testStatus, testAccount)
+ suite.NoError(err)
+
+ suite.True(boostable)
+}
+
+func (suite *StatusBoostableTestSuite) TestOwnMutualsOnlyNonInteractiveBoostable() {
+ testStatus := suite.testStatuses["local_account_1_status_3"]
+ testAccount := suite.testAccounts["local_account_1"]
+ ctx := context.Background()
+
+ boostable, err := suite.filter.StatusBoostable(ctx, testStatus, testAccount)
+ suite.NoError(err)
+
+ suite.True(boostable)
+}
+
+func (suite *StatusBoostableTestSuite) TestOwnMutualsOnlyBoostable() {
+ testStatus := suite.testStatuses["local_account_1_status_4"]
+ testAccount := suite.testAccounts["local_account_1"]
+ ctx := context.Background()
+
+ boostable, err := suite.filter.StatusBoostable(ctx, testStatus, testAccount)
+ suite.NoError(err)
+
+ suite.True(boostable)
+}
+
+func (suite *StatusBoostableTestSuite) TestOwnFollowersOnlyBoostable() {
+ testStatus := suite.testStatuses["local_account_1_status_5"]
+ testAccount := suite.testAccounts["local_account_1"]
+ ctx := context.Background()
+
+ boostable, err := suite.filter.StatusBoostable(ctx, testStatus, testAccount)
+ suite.NoError(err)
+
+ suite.True(boostable)
+}
+
+func (suite *StatusBoostableTestSuite) TestOwnDirectNotBoostable() {
+ testStatus := suite.testStatuses["local_account_2_status_6"]
+ testAccount := suite.testAccounts["local_account_2"]
+ ctx := context.Background()
+
+ boostable, err := suite.filter.StatusBoostable(ctx, testStatus, testAccount)
+ suite.NoError(err)
+
+ suite.False(boostable)
+}
+
+func (suite *StatusBoostableTestSuite) TestOtherPublicBoostable() {
+ testStatus := suite.testStatuses["local_account_2_status_1"]
+ testAccount := suite.testAccounts["local_account_1"]
+ ctx := context.Background()
+
+ boostable, err := suite.filter.StatusBoostable(ctx, testStatus, testAccount)
+ suite.NoError(err)
+
+ suite.True(boostable)
+}
+
+func (suite *StatusBoostableTestSuite) TestOtherUnlistedBoostable() {
+ testStatus := suite.testStatuses["local_account_1_status_2"]
+ testAccount := suite.testAccounts["local_account_2"]
+ ctx := context.Background()
+
+ boostable, err := suite.filter.StatusBoostable(ctx, testStatus, testAccount)
+ suite.NoError(err)
+
+ suite.True(boostable)
+}
+
+func (suite *StatusBoostableTestSuite) TestOtherFollowersOnlyNotBoostable() {
+ testStatus := suite.testStatuses["local_account_2_status_7"]
+ testAccount := suite.testAccounts["local_account_1"]
+ ctx := context.Background()
+
+ boostable, err := suite.filter.StatusBoostable(ctx, testStatus, testAccount)
+ suite.NoError(err)
+
+ suite.False(boostable)
+}
+
+func (suite *StatusBoostableTestSuite) TestOtherDirectNotBoostable() {
+ testStatus := suite.testStatuses["local_account_2_status_6"]
+ testAccount := suite.testAccounts["local_account_1"]
+ ctx := context.Background()
+
+ boostable, err := suite.filter.StatusBoostable(ctx, testStatus, testAccount)
+ suite.NoError(err)
+
+ suite.False(boostable)
+}
+
+func (suite *StatusBoostableTestSuite) TestRemoteFollowersOnlyNotVisibleError() {
+ testStatus := suite.testStatuses["local_account_1_status_5"]
+ testAccount := suite.testAccounts["remote_account_1"]
+ ctx := context.Background()
+
+ boostable, err := suite.filter.StatusBoostable(ctx, testStatus, testAccount)
+ suite.Assert().Error(err)
+
+ suite.False(boostable)
+}
+
+func TestStatusBoostableTestSuite(t *testing.T) {
+ suite.Run(t, new(StatusBoostableTestSuite))
+}
diff --git a/testrig/testmodels.go b/testrig/testmodels.go
@@ -1263,6 +1263,30 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
Likeable: true,
ActivityStreamsType: ap.ObjectNote,
},
+ "local_account_2_status_7": {
+ ID: "01G20ZM733MGN8J344T4ZDDFY1",
+ URI: "http://localhost:8080/users/1happyturtle/statuses/01G20ZM733MGN8J344T4ZDDFY1",
+ URL: "http://localhost:8080/@1happyturtle/statuses/01G20ZM733MGN8J344T4ZDDFY1",
+ Content: "🐢 hi followers! did u know i'm a turtle? 🐢",
+ AttachmentIDs: []string{},
+ CreatedAt: time.Now().Add(-1 * time.Minute),
+ UpdatedAt: time.Now().Add(-1 * time.Minute),
+ Local: true,
+ AccountURI: "http://localhost:8080/users/1happyturtle",
+ AccountID: "01F8MH5NBDF2MV7CTC4Q5128HF",
+ InReplyToID: "",
+ BoostOfID: "",
+ ContentWarning: "",
+ Visibility: gtsmodel.VisibilityFollowersOnly,
+ Sensitive: false,
+ Language: "en",
+ CreatedWithApplicationID: "01F8MGYG9E893WRHW0TAEXR8GJ",
+ Federated: true,
+ Boostable: true,
+ Replyable: true,
+ Likeable: true,
+ ActivityStreamsType: ap.ObjectNote,
+ },
"remote_account_1_status_1": {
ID: "01FVW7JHQFSFK166WWKR8CBA6M",
URI: "http://fossbros-anonymous.io/users/foss_satan/statuses/01FVW7JHQFSFK166WWKR8CBA6M",
