From a40bd8408a9115307a540741e41f65052ab962f7 Mon Sep 17 00:00:00 2001
From: Matthias Pfefferle <pfefferle@users.noreply.github.com>
Date: Sat, 21 Oct 2023 11:23:05 +0200
Subject: [PATCH] Various improvements (#527)

* remove unused code

* check if `$data['object']` is a sting

* do not index application user

* this fixes GoToSocial errors

* do not cache errors

* re-added the fragment

See https://github.com/superseriousbusiness/gotosocial/issues/2280

* Fix coding standards

* do not verify signature on head request
---
 includes/collection/class-followers.php   | 10 ++--------
 includes/functions.php                    | 13 +++----------
 includes/model/class-application-user.php |  4 ++++
 includes/rest/class-inbox.php             |  2 +-
 includes/rest/class-server.php            |  4 ++++
 5 files changed, 14 insertions(+), 19 deletions(-)

diff --git a/includes/collection/class-followers.php b/includes/collection/class-followers.php
index a9fe298..c2ad01f 100644
--- a/includes/collection/class-followers.php
+++ b/includes/collection/class-followers.php
@@ -173,8 +173,6 @@ class Followers {
 			return new WP_Error( 'activitypub_invalid_follower', __( 'Invalid Follower', 'activitypub' ), array( 'status' => 400 ) );
 		}
 
-		$error = null;
-
 		$follower = new Follower();
 		$follower->from_array( $meta );
 
@@ -184,14 +182,10 @@ class Followers {
 			return $id;
 		}
 
-		$meta = get_post_meta( $id, 'activitypub_user_id' );
-
-		if ( $error ) {
-			self::add_error( $id, $error );
-		}
+		$post_meta = get_post_meta( $id, 'activitypub_user_id' );
 
 		// phpcs:ignore WordPress.PHP.StrictInArray.MissingTrueStrict
-		if ( is_array( $meta ) && ! in_array( $user_id, $meta ) ) {
+		if ( is_array( $post_meta ) && ! in_array( $user_id, $post_meta ) ) {
 			add_post_meta( $id, 'activitypub_user_id', $user_id );
 			wp_cache_delete( sprintf( self::CACHE_KEY_INBOXES, $user_id ), 'activitypub' );
 		}
diff --git a/includes/functions.php b/includes/functions.php
index 883cd3f..99b433f 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -74,32 +74,25 @@ function get_remote_metadata_by_actor( $actor, $cached = true ) {
 
 	if ( ! \wp_http_validate_url( $actor ) ) {
 		$metadata = new WP_Error( 'activitypub_no_valid_actor_url', \__( 'The "actor" is no valid URL', 'activitypub' ), array( 'status' => 400, 'actor' => $actor ) );
-		\set_transient( $transient_key, $metadata, HOUR_IN_SECONDS ); // Cache the error for a shorter period.
 		return $metadata;
 	}
 
-	$short_timeout = function() {
-		return 10;
-	};
-	add_filter( 'activitypub_remote_get_timeout', $short_timeout );
 	$response = Http::get( $actor );
-	remove_filter( 'activitypub_remote_get_timeout', $short_timeout );
+
 	if ( \is_wp_error( $response ) ) {
-		\set_transient( $transient_key, $response, HOUR_IN_SECONDS ); // Cache the error for a shorter period.
 		return $response;
 	}
 
 	$metadata = \wp_remote_retrieve_body( $response );
 	$metadata = \json_decode( $metadata, true );
 
-	\set_transient( $transient_key, $metadata, WEEK_IN_SECONDS );
-
 	if ( ! $metadata ) {
 		$metadata = new WP_Error( 'activitypub_invalid_json', \__( 'No valid JSON data', 'activitypub' ), array( 'status' => 400, 'actor' => $actor ) );
-		\set_transient( $transient_key, $metadata, HOUR_IN_SECONDS ); // Cache the error for a shorter period.
 		return $metadata;
 	}
 
+	\set_transient( $transient_key, $metadata, WEEK_IN_SECONDS );
+
 	return $metadata;
 }
 
diff --git a/includes/model/class-application-user.php b/includes/model/class-application-user.php
index 1cfcec0..ae8b641 100644
--- a/includes/model/class-application-user.php
+++ b/includes/model/class-application-user.php
@@ -69,4 +69,8 @@ class Application_User extends Blog_User {
 	public function get_moderators() {
 		return null;
 	}
+
+	public function get_indexable() {
+		return false;
+	}
 }
diff --git a/includes/rest/class-inbox.php b/includes/rest/class-inbox.php
index 5d65b9b..9c5961a 100644
--- a/includes/rest/class-inbox.php
+++ b/includes/rest/class-inbox.php
@@ -416,7 +416,7 @@ class Inbox {
 				$recipient_items = array_merge( $recipient_items, $recipient );
 			}
 
-			if ( array_key_exists( $i, $data['object'] ) ) {
+			if ( is_array( $data['object'] ) && array_key_exists( $i, $data['object'] ) ) {
 				if ( is_array( $data['object'][ $i ] ) ) {
 					$recipient = $data['object'][ $i ];
 				} else {
diff --git a/includes/rest/class-server.php b/includes/rest/class-server.php
index e1a1037..19d35b2 100644
--- a/includes/rest/class-server.php
+++ b/includes/rest/class-server.php
@@ -74,6 +74,10 @@ class Server {
 	 * @return mixed|WP_Error The response, error, or modified response.
 	 */
 	public static function authorize_activitypub_requests( $response, $handler, $request ) {
+		if ( 'HEAD' === $request->get_method() ) {
+			return $response;
+		}
+
 		$route = $request->get_route();
 
 		// check if it is an activitypub request and exclude webfinger and nodeinfo endpoints