2016-12-06 17:41:42 +01:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
class SuspendAccountService < BaseService
|
2020-11-08 00:28:39 +01:00
|
|
|
include Payloadable
|
|
|
|
|
2023-01-05 13:47:21 +01:00
|
|
|
# Carry out the suspension of a recently-suspended account
|
|
|
|
# @param [Account] account Account to suspend
|
2020-09-15 14:37:58 +02:00
|
|
|
def call(account)
|
2023-01-05 13:47:21 +01:00
|
|
|
return unless account.suspended?
|
|
|
|
|
2016-12-06 17:41:42 +01:00
|
|
|
@account = account
|
|
|
|
|
2020-11-08 00:28:39 +01:00
|
|
|
reject_remote_follows!
|
|
|
|
distribute_update_actor!
|
2020-09-15 14:37:58 +02:00
|
|
|
unmerge_from_home_timelines!
|
|
|
|
unmerge_from_list_timelines!
|
|
|
|
privatize_media_attachments!
|
2016-12-06 17:41:42 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
2020-11-08 00:28:39 +01:00
|
|
|
def reject_remote_follows!
|
|
|
|
return if @account.local? || !@account.activitypub?
|
|
|
|
|
|
|
|
# When suspending a remote account, the account obviously doesn't
|
|
|
|
# actually become suspended on its origin server, i.e. unlike a
|
|
|
|
# locally suspended account it continues to have access to its home
|
|
|
|
# feed and other content. To prevent it from being able to continue
|
|
|
|
# to access toots it would receive because it follows local accounts,
|
|
|
|
# we have to force it to unfollow them. Unfortunately, there is no
|
|
|
|
# counterpart to this operation, i.e. you can't then force a remote
|
|
|
|
# account to re-follow you, so this part is not reversible.
|
|
|
|
|
2023-03-15 03:45:15 +01:00
|
|
|
Follow.where(account: @account).find_in_batches do |follows|
|
|
|
|
ActivityPub::DeliveryWorker.push_bulk(follows) do |follow|
|
|
|
|
[Oj.dump(serialize_payload(follow, ActivityPub::RejectFollowSerializer)), follow.target_account_id, @account.inbox_url]
|
|
|
|
end
|
2020-11-08 00:28:39 +01:00
|
|
|
|
2023-03-15 03:45:15 +01:00
|
|
|
follows.each(&:destroy)
|
2020-11-08 00:28:39 +01:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def distribute_update_actor!
|
2021-04-17 14:55:46 +02:00
|
|
|
return unless @account.local?
|
|
|
|
|
|
|
|
account_reach_finder = AccountReachFinder.new(@account)
|
|
|
|
|
2023-03-15 03:45:15 +01:00
|
|
|
ActivityPub::DeliveryWorker.push_bulk(account_reach_finder.inboxes, limit: 1_000) do |inbox_url|
|
2021-04-17 14:55:46 +02:00
|
|
|
[signed_activity_json, @account.id, inbox_url]
|
|
|
|
end
|
2020-11-08 00:28:39 +01:00
|
|
|
end
|
|
|
|
|
2020-09-15 14:37:58 +02:00
|
|
|
def unmerge_from_home_timelines!
|
2023-09-05 15:37:23 +02:00
|
|
|
@account.followers_for_local_distribution.reorder(nil).find_each do |follower|
|
2020-11-07 13:16:00 +01:00
|
|
|
FeedManager.instance.unmerge_from_home(@account, follower)
|
2017-11-07 19:06:44 +01:00
|
|
|
end
|
2017-06-14 18:01:27 +02:00
|
|
|
end
|
|
|
|
|
2020-09-15 14:37:58 +02:00
|
|
|
def unmerge_from_list_timelines!
|
2023-09-05 15:37:23 +02:00
|
|
|
@account.lists_for_local_distribution.reorder(nil).find_each do |list|
|
2020-09-15 14:37:58 +02:00
|
|
|
FeedManager.instance.unmerge_from_list(@account, list)
|
2019-09-11 16:32:44 +02:00
|
|
|
end
|
2016-12-06 17:41:42 +01:00
|
|
|
end
|
|
|
|
|
2020-09-15 14:37:58 +02:00
|
|
|
def privatize_media_attachments!
|
|
|
|
attachment_names = MediaAttachment.attachment_definitions.keys
|
2018-12-03 01:32:08 +01:00
|
|
|
|
2023-11-30 14:30:35 +01:00
|
|
|
@account.media_attachments.find_each do |media_attachment|
|
2020-09-15 14:37:58 +02:00
|
|
|
attachment_names.each do |attachment_name|
|
|
|
|
attachment = media_attachment.public_send(attachment_name)
|
2023-05-04 05:33:55 +02:00
|
|
|
styles = MediaAttachment::DEFAULT_STYLES | attachment.styles.keys
|
2019-09-11 16:32:44 +02:00
|
|
|
|
2020-12-23 07:47:03 +01:00
|
|
|
next if attachment.blank?
|
|
|
|
|
2020-09-15 14:37:58 +02:00
|
|
|
styles.each do |style|
|
|
|
|
case Paperclip::Attachment.default_options[:storage]
|
|
|
|
when :s3
|
2022-12-19 17:55:17 +01:00
|
|
|
# Prevent useless S3 calls if ACLs are disabled
|
|
|
|
next if ENV['S3_PERMISSION'] == ''
|
|
|
|
|
2020-12-24 15:53:45 +01:00
|
|
|
begin
|
|
|
|
attachment.s3_object(style).acl.put(acl: 'private')
|
|
|
|
rescue Aws::S3::Errors::NoSuchKey
|
|
|
|
Rails.logger.warn "Tried to change acl on non-existent key #{attachment.s3_object(style).key}"
|
2022-12-19 17:55:17 +01:00
|
|
|
rescue Aws::S3::Errors::NotImplemented => e
|
|
|
|
Rails.logger.error "Error trying to change ACL on #{attachment.s3_object(style).key}: #{e.message}"
|
2020-12-24 15:53:45 +01:00
|
|
|
end
|
2023-07-27 16:13:45 +02:00
|
|
|
when :fog, :azure
|
2020-09-15 14:37:58 +02:00
|
|
|
# Not supported
|
|
|
|
when :filesystem
|
2020-11-07 13:16:54 +01:00
|
|
|
begin
|
|
|
|
FileUtils.chmod(0o600 & ~File.umask, attachment.path(style)) unless attachment.path(style).nil?
|
|
|
|
rescue Errno::ENOENT
|
|
|
|
Rails.logger.warn "Tried to change permission on non-existent file #{attachment.path(style)}"
|
|
|
|
end
|
2020-09-15 14:37:58 +02:00
|
|
|
end
|
2020-11-19 17:38:06 +01:00
|
|
|
|
|
|
|
CacheBusterWorker.perform_async(attachment.path(style)) if Rails.configuration.x.cache_buster_enabled
|
2020-09-15 14:37:58 +02:00
|
|
|
end
|
|
|
|
end
|
2018-12-03 01:32:08 +01:00
|
|
|
end
|
|
|
|
end
|
2021-04-17 14:55:46 +02:00
|
|
|
|
|
|
|
def signed_activity_json
|
|
|
|
@signed_activity_json ||= Oj.dump(serialize_payload(@account, ActivityPub::UpdateSerializer, signer: @account))
|
|
|
|
end
|
2016-12-06 17:41:42 +01:00
|
|
|
end
|