From 64b00ee850ce6da92eb3b35a0079b7e03ab71885 Mon Sep 17 00:00:00 2001 From: Dessalines Date: Wed, 25 Oct 2023 10:14:12 -0400 Subject: [PATCH] Dont allow bots to vote. Fixes #3940 (#4100) * Dont allow bots to vote. Fixes #3940 * Removing pointless function. --- crates/api/src/comment/like.rs | 3 ++- crates/api/src/post/like.rs | 8 +++++++- crates/api_common/src/utils.rs | 10 ++++++++++ crates/apub/src/activities/voting/vote.rs | 5 ++++- crates/utils/src/error.rs | 1 + 5 files changed, 24 insertions(+), 3 deletions(-) diff --git a/crates/api/src/comment/like.rs b/crates/api/src/comment/like.rs index e11a3e155..514c571ca 100644 --- a/crates/api/src/comment/like.rs +++ b/crates/api/src/comment/like.rs @@ -5,7 +5,7 @@ use lemmy_api_common::{ comment::{CommentResponse, CreateCommentLike}, context::LemmyContext, send_activity::{ActivityChannel, SendActivityData}, - utils::{check_community_user_action, check_downvotes_enabled}, + utils::{check_bot_account, check_community_user_action, check_downvotes_enabled}, }; use lemmy_db_schema::{ newtypes::LocalUserId, @@ -32,6 +32,7 @@ pub async fn like_comment( // Don't do a downvote if site has downvotes disabled check_downvotes_enabled(data.score, &local_site)?; + check_bot_account(&local_user_view.person)?; let comment_id = data.comment_id; let orig_comment = CommentView::read(&mut context.pool(), comment_id, None).await?; diff --git a/crates/api/src/post/like.rs b/crates/api/src/post/like.rs index 751d1b9e5..176eaae16 100644 --- a/crates/api/src/post/like.rs +++ b/crates/api/src/post/like.rs @@ -5,7 +5,12 @@ use lemmy_api_common::{ context::LemmyContext, post::{CreatePostLike, PostResponse}, send_activity::{ActivityChannel, SendActivityData}, - utils::{check_community_user_action, check_downvotes_enabled, mark_post_as_read}, + utils::{ + check_bot_account, + check_community_user_action, + check_downvotes_enabled, + mark_post_as_read, + }, }; use lemmy_db_schema::{ source::{ @@ -29,6 +34,7 @@ pub async fn like_post( // Don't do a downvote if site has downvotes disabled check_downvotes_enabled(data.score, &local_site)?; + check_bot_account(&local_user_view.person)?; // Check for a community ban let post_id = data.post_id; diff --git a/crates/api_common/src/utils.rs b/crates/api_common/src/utils.rs index 5ba9a34c3..5060f2983 100644 --- a/crates/api_common/src/utils.rs +++ b/crates/api_common/src/utils.rs @@ -247,6 +247,16 @@ pub fn check_downvotes_enabled(score: i16, local_site: &LocalSite) -> Result<(), } } +/// Dont allow bots to do certain actions, like voting +#[tracing::instrument(skip_all)] +pub fn check_bot_account(person: &Person) -> Result<(), LemmyError> { + if person.bot_account { + Err(LemmyErrorType::InvalidBotAction)? + } else { + Ok(()) + } +} + #[tracing::instrument(skip_all)] pub fn check_private_instance( local_user_view: &Option, diff --git a/crates/apub/src/activities/voting/vote.rs b/crates/apub/src/activities/voting/vote.rs index 926c29302..3dfd46fbf 100644 --- a/crates/apub/src/activities/voting/vote.rs +++ b/crates/apub/src/activities/voting/vote.rs @@ -18,7 +18,7 @@ use activitypub_federation::{ traits::{ActivityHandler, Actor}, }; use anyhow::anyhow; -use lemmy_api_common::context::LemmyContext; +use lemmy_api_common::{context::LemmyContext, utils::check_bot_account}; use lemmy_db_schema::source::local_site::LocalSite; use lemmy_utils::error::LemmyError; use url::Url; @@ -74,6 +74,9 @@ impl ActivityHandler for Vote { async fn receive(self, context: &Data) -> Result<(), LemmyError> { let actor = self.actor.dereference(context).await?; let object = self.object.dereference(context).await?; + + check_bot_account(&actor.0)?; + match object { PostOrComment::Post(p) => vote_post(&self.kind, actor, &p, context).await, PostOrComment::Comment(c) => vote_comment(&self.kind, actor, &c, context).await, diff --git a/crates/utils/src/error.rs b/crates/utils/src/error.rs index 9fa6bc508..9eddb67e8 100644 --- a/crates/utils/src/error.rs +++ b/crates/utils/src/error.rs @@ -226,6 +226,7 @@ pub enum LemmyErrorType { CommunityHasNoFollowers, BanExpirationInPast, InvalidUnixTime, + InvalidBotAction, Unknown(String), }