Various improvements (#527)

* remove unused code

* check if `$data['object']` is a sting

* do not index application user

* this fixes GoToSocial errors

* do not cache errors

* re-added the fragment

See https://github.com/superseriousbusiness/gotosocial/issues/2280

* Fix coding standards

* do not verify signature on head request

includes/collection/class-followers.php

@@ -173,8 +173,6 @@ class Followers {
 			return new WP_Error( 'activitypub_invalid_follower', __( 'Invalid Follower', 'activitypub' ), array( 'status' => 400 ) );
 		}
 
-		$error = null;
-
 		$follower = new Follower();
 		$follower->from_array( $meta );
 
@@ -184,14 +182,10 @@ class Followers {
 			return $id;
 		}
 
-		$meta = get_post_meta( $id, 'activitypub_user_id' );
-
-		if ( $error ) {
-			self::add_error( $id, $error );
-		}
+		$post_meta = get_post_meta( $id, 'activitypub_user_id' );
 
 		// phpcs:ignore WordPress.PHP.StrictInArray.MissingTrueStrict
-		if ( is_array( $meta ) && ! in_array( $user_id, $meta ) ) {
+		if ( is_array( $post_meta ) && ! in_array( $user_id, $post_meta ) ) {
 			add_post_meta( $id, 'activitypub_user_id', $user_id );
 			wp_cache_delete( sprintf( self::CACHE_KEY_INBOXES, $user_id ), 'activitypub' );
 		}

includes/functions.php

@@ -74,32 +74,25 @@ function get_remote_metadata_by_actor( $actor, $cached = true ) {
 
 	if ( ! \wp_http_validate_url( $actor ) ) {
 		$metadata = new WP_Error( 'activitypub_no_valid_actor_url', \__( 'The "actor" is no valid URL', 'activitypub' ), array( 'status' => 400, 'actor' => $actor ) );
-		\set_transient( $transient_key, $metadata, HOUR_IN_SECONDS ); // Cache the error for a shorter period.
 		return $metadata;
 	}
 
-	$short_timeout = function() {
-		return 10;
-	};
-	add_filter( 'activitypub_remote_get_timeout', $short_timeout );
 	$response = Http::get( $actor );
-	remove_filter( 'activitypub_remote_get_timeout', $short_timeout );
+
 	if ( \is_wp_error( $response ) ) {
-		\set_transient( $transient_key, $response, HOUR_IN_SECONDS ); // Cache the error for a shorter period.
 		return $response;
 	}
 
 	$metadata = \wp_remote_retrieve_body( $response );
 	$metadata = \json_decode( $metadata, true );
 
-	\set_transient( $transient_key, $metadata, WEEK_IN_SECONDS );
-
 	if ( ! $metadata ) {
 		$metadata = new WP_Error( 'activitypub_invalid_json', \__( 'No valid JSON data', 'activitypub' ), array( 'status' => 400, 'actor' => $actor ) );
-		\set_transient( $transient_key, $metadata, HOUR_IN_SECONDS ); // Cache the error for a shorter period.
 		return $metadata;
 	}
 
+	\set_transient( $transient_key, $metadata, WEEK_IN_SECONDS );
+
 	return $metadata;
 }
 

includes/model/class-application-user.php

@@ -69,4 +69,8 @@ class Application_User extends Blog_User {
 	public function get_moderators() {
 		return null;
 	}
+
+	public function get_indexable() {
+		return false;
+	}
 }

includes/rest/class-inbox.php

@@ -416,7 +416,7 @@ class Inbox {
 				$recipient_items = array_merge( $recipient_items, $recipient );
 			}
 
-			if ( array_key_exists( $i, $data['object'] ) ) {
+			if ( is_array( $data['object'] ) && array_key_exists( $i, $data['object'] ) ) {
 				if ( is_array( $data['object'][ $i ] ) ) {
 					$recipient = $data['object'][ $i ];
 				} else {

includes/rest/class-server.php

@@ -74,6 +74,10 @@ class Server {
 	 * @return mixed|WP_Error The response, error, or modified response.
 	 */
 	public static function authorize_activitypub_requests( $response, $handler, $request ) {
+		if ( 'HEAD' === $request->get_method() ) {
+			return $response;
+		}
+
 		$route = $request->get_route();
 
 		// check if it is an activitypub request and exclude webfinger and nodeinfo endpoints