From fb0bb9a34f63b58eb2729e3fc0ddbec8e26c2068 Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Thu, 15 Feb 2024 20:58:43 -0700
Subject: [PATCH] Update Federation, use proper Content-Type headers for
 following/follower collections

---
 app/Http/Controllers/FederationController.php |  4 ++--
 app/Util/ActivityPub/Helpers.php              | 18 ++++++++++++++++++
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/FederationController.php b/app/Http/Controllers/FederationController.php
index 6faea7050..55c7b4393 100644
--- a/app/Http/Controllers/FederationController.php
+++ b/app/Http/Controllers/FederationController.php
@@ -253,7 +253,7 @@ class FederationController extends Controller
             'type'     => 'OrderedCollection',
             'totalItems' => $account['following_count'] ?? 0,
         ];
-        return response()->json($obj);
+        return response()->json($obj)->header('Content-Type', 'application/activity+json');
     }
 
     public function userFollowers(Request $request, $username)
@@ -269,6 +269,6 @@ class FederationController extends Controller
             'type'     => 'OrderedCollection',
             'totalItems' => $account['followers_count'] ?? 0,
         ];
-        return response()->json($obj);
+        return response()->json($obj)->header('Content-Type', 'application/activity+json');
     }
 }
diff --git a/app/Util/ActivityPub/Helpers.php b/app/Util/ActivityPub/Helpers.php
index 5819dc0bc..6f5b8ae11 100644
--- a/app/Util/ActivityPub/Helpers.php
+++ b/app/Util/ActivityPub/Helpers.php
@@ -372,6 +372,10 @@ class Helpers {
         $idDomain = parse_url($id, PHP_URL_HOST);
         $urlDomain = parse_url($url, PHP_URL_HOST);
 
+        if($idDomain && $urlDomain && strtolower($idDomain) !== strtolower($urlDomain)) {
+            return;
+        }
+
         if(!self::validateUrl($id)) {
             return;
         }
@@ -455,14 +459,21 @@ class Helpers {
 
     public static function storeStatus($url, $profile, $activity)
     {
+        $originalUrl = $url;
         $id = isset($activity['id']) ? self::pluckval($activity['id']) : self::pluckval($activity['url']);
         $url = isset($activity['url']) && is_string($activity['url']) ? self::pluckval($activity['url']) : self::pluckval($id);
         $idDomain = parse_url($id, PHP_URL_HOST);
         $urlDomain = parse_url($url, PHP_URL_HOST);
+        $originalUrlDomain = parse_url($originalUrl, PHP_URL_HOST);
         if(!self::validateUrl($id) || !self::validateUrl($url)) {
             return;
         }
 
+        if( strtolower($originalUrlDomain) !== strtolower($idDomain) ||
+            strtolower($originalUrlDomain) !== strtolower($urlDomain) ) {
+            return;
+        }
+
         $reply_to = self::getReplyTo($activity);
 
         $ts = self::pluckval($activity['published']);
@@ -763,7 +774,11 @@ class Helpers {
         if(!$res || isset($res['id']) == false) {
             return;
         }
+        $urlDomain = parse_url($url, PHP_URL_HOST);
         $domain = parse_url($res['id'], PHP_URL_HOST);
+        if(strtolower($urlDomain) !== strtolower($domain)) {
+            return;
+        }
         if(!isset($res['preferredUsername']) && !isset($res['nickname'])) {
             return;
         }
@@ -831,6 +846,9 @@ class Helpers {
 
     public static function sendSignedObject($profile, $url, $body)
     {
+        if(app()->environment() !== 'production') {
+            return;
+        }
         ActivityPubDeliveryService::queue()
             ->from($profile)
             ->to($url)