diff --git a/public/language/en-GB/error.json b/public/language/en-GB/error.json index 19b1d689df..78945d68a7 100644 --- a/public/language/en-GB/error.json +++ b/public/language/en-GB/error.json @@ -283,5 +283,6 @@ "activitypub.get-failed": "Unable to retrieve the specified resource.", "activitypub.pubKey-not-found": "Unable to resolve public key, so payload verification cannot take place.", "activitypub.origin-mismatch": "The received object's origin does not match the sender's origin", - "activitypub.actor-mismatch": "The received activity is being carried out by an actor that is different from expected." + "activitypub.actor-mismatch": "The received activity is being carried out by an actor that is different from expected.", + "activitypub.not-implemented": "The request was denied because it or an aspect of it is not implemented by the recipient server" } diff --git a/src/activitypub/inbox.js b/src/activitypub/inbox.js index 4308d1c9de..30c0fc5fe4 100644 --- a/src/activitypub/inbox.js +++ b/src/activitypub/inbox.js @@ -19,6 +19,11 @@ inbox.create = async (req) => { const { object } = req.body; const postData = await activitypub.mocks.post(object); + // Temporary, reject non-public notes. + if (![...postData._activitypub.to, ...postData._activitypub.cc].includes(activitypub._constants.publicAddress)) { + throw new Error('[[error:activitypub.not-implemented]]'); + } + if (postData) { await activitypub.notes.assert(0, [postData]); const tid = await activitypub.notes.assertTopic(0, postData.pid); diff --git a/src/controllers/activitypub/index.js b/src/controllers/activitypub/index.js index b110b9d80b..72165ad7f0 100644 --- a/src/controllers/activitypub/index.js +++ b/src/controllers/activitypub/index.js @@ -4,6 +4,7 @@ const nconf = require('nconf'); const user = require('../../user'); const activitypub = require('../../activitypub'); +const helpers = require('../helpers'); const Controller = module.exports; @@ -117,6 +118,10 @@ Controller.postInbox = async (req, res) => { return res.sendStatus(501); } - await activitypub.inbox[method](req); - res.sendStatus(200); + try { + await activitypub.inbox[method](req); + helpers.formatApiResponse(200, res); + } catch (e) { + helpers.formatApiResponse(500, res, e); + } };