Adding local site settings to reject federated upvotes or downvotes.

- Should help defend against downvote spamming instances.
- Fixes #4086

crates/api_common/src/site.rs

@@ -204,6 +204,8 @@ pub struct CreateSite {
   pub registration_mode: Option<RegistrationMode>,
   pub oauth_registration: Option<bool>,
   pub content_warning: Option<String>,
+  pub reject_federated_upvotes: Option<bool>,
+  pub reject_federated_downvotes: Option<bool>,
 }
 
 #[skip_serializing_none]
@@ -287,13 +289,17 @@ pub struct EditSite {
   /// A list of blocked URLs
   pub blocked_urls: Option<Vec<String>>,
   pub registration_mode: Option<RegistrationMode>,
-  /// Whether or not external auth methods can auto-register users.
-  pub oauth_registration: Option<bool>,
   /// Whether to email admins for new reports.
   pub reports_email_admins: Option<bool>,
   /// If present, nsfw content is visible by default. Should be displayed by frontends/clients
   /// when the site is first opened by a user.
   pub content_warning: Option<String>,
+  /// Whether or not external auth methods can auto-register users.
+  pub oauth_registration: Option<bool>,
+  /// If enabled, your site rejects federated upvotes.
+  pub reject_federated_upvotes: Option<bool>,
+  /// If enabled, your site rejects federated downvotes.
+  pub reject_federated_downvotes: Option<bool>,
 }
 
 #[derive(Debug, Serialize, Deserialize, Clone)]

crates/api_crud/src/site/create.rs

@@ -110,6 +110,8 @@ pub async fn create_site(
     captcha_enabled: data.captcha_enabled,
     captcha_difficulty: data.captcha_difficulty.clone(),
     default_post_listing_mode: data.default_post_listing_mode,
+    reject_federated_upvotes: data.reject_federated_upvotes,
+    reject_federated_downvotes: data.reject_federated_downvotes,
     ..Default::default()
   };
 

crates/api_crud/src/site/update.rs

@@ -121,6 +121,8 @@ pub async fn update_site(
     reports_email_admins: data.reports_email_admins,
     default_post_listing_mode: data.default_post_listing_mode,
     oauth_registration: data.oauth_registration,
+    reject_federated_upvotes: data.reject_federated_upvotes,
+    reject_federated_downvotes: data.reject_federated_downvotes,
     ..Default::default()
   };
 

crates/apub/src/activities/voting/vote.rs

@@ -68,12 +68,23 @@ impl ActivityHandler for Vote {
 
     check_bot_account(&actor.0)?;
 
-    let enable_downvotes = LocalSite::read(&mut context.pool())
-      .await
-      .map(|l| l.enable_downvotes)
+    // Check for enabled federation votes
+    let local_site = LocalSite::read(&mut context.pool()).await;
+    let enable_federated_downvotes = local_site
+      .as_ref()
+      .map(|l| l.enable_downvotes && !l.reject_federated_downvotes)
       .unwrap_or(true);
-    if self.kind == VoteType::Dislike && !enable_downvotes {
-      // If this is a downvote but downvotes are ignored, only undo any existing vote
+
+    let enable_federated_upvotes = local_site
+      .as_ref()
+      .map(|l| !l.reject_federated_upvotes)
+      .unwrap_or(true);
+
+    let reject_vote_check = (self.kind == VoteType::Dislike && !enable_federated_downvotes)
+      || (self.kind == VoteType::Like && !enable_federated_upvotes);
+
+    if reject_vote_check {
+      // If this is a rejection, undo the vote
       match object {
         PostOrComment::Post(p) => undo_vote_post(actor, &p, context).await,
         PostOrComment::Comment(c) => undo_vote_comment(actor, &c, context).await,

crates/db_schema/src/schema.rs

@@ -398,6 +398,8 @@ diesel::table! {
         default_post_sort_type -> PostSortTypeEnum,
         default_comment_sort_type -> CommentSortTypeEnum,
         oauth_registration -> Bool,
+        reject_federated_upvotes -> Bool,
+        reject_federated_downvotes -> Bool,
     }
 }
 

crates/db_schema/src/source/local_site.rs

@@ -72,6 +72,10 @@ pub struct LocalSite {
   pub default_comment_sort_type: CommentSortType,
   /// Whether or not external auth methods can auto-register users.
   pub oauth_registration: bool,
+  /// If enabled, your site rejects federated upvotes.
+  pub reject_federated_upvotes: bool,
+  /// If enabled, your site rejects federated downvotes.
+  pub reject_federated_downvotes: bool,
 }
 
 #[derive(Clone, derive_new::new)]
@@ -114,8 +118,6 @@ pub struct LocalSiteInsertForm {
   #[new(default)]
   pub registration_mode: Option<RegistrationMode>,
   #[new(default)]
-  pub oauth_registration: Option<bool>,
-  #[new(default)]
   pub reports_email_admins: Option<bool>,
   #[new(default)]
   pub federation_signed_fetch: Option<bool>,
@@ -125,6 +127,12 @@ pub struct LocalSiteInsertForm {
   pub default_post_sort_type: Option<PostSortType>,
   #[new(default)]
   pub default_comment_sort_type: Option<CommentSortType>,
+  #[new(default)]
+  pub oauth_registration: Option<bool>,
+  #[new(default)]
+  pub reject_federated_upvotes: Option<bool>,
+  #[new(default)]
+  pub reject_federated_downvotes: Option<bool>,
 }
 
 #[derive(Clone, Default)]
@@ -148,11 +156,13 @@ pub struct LocalSiteUpdateForm {
   pub captcha_enabled: Option<bool>,
   pub captcha_difficulty: Option<String>,
   pub registration_mode: Option<RegistrationMode>,
-  pub oauth_registration: Option<bool>,
   pub reports_email_admins: Option<bool>,
   pub updated: Option<Option<DateTime<Utc>>>,
   pub federation_signed_fetch: Option<bool>,
   pub default_post_listing_mode: Option<PostListingMode>,
   pub default_post_sort_type: Option<PostSortType>,
   pub default_comment_sort_type: Option<CommentSortType>,
+  pub oauth_registration: Option<bool>,
+  pub reject_federated_upvotes: Option<bool>,
+  pub reject_federated_downvotes: Option<bool>,
 }

migrations/2024-09-20-134838_add_federation_vote_rejection/down.sql

@@ -0,0 +1,4 @@
+ALTER TABLE local_site
+    DROP COLUMN reject_federated_upvotes,
+    DROP COLUMN reject_federated_downvotes;
+

migrations/2024-09-20-134838_add_federation_vote_rejection/up.sql

@@ -0,0 +1,4 @@
+ALTER TABLE local_site
+    ADD COLUMN reject_federated_upvotes boolean DEFAULT FALSE NOT NULL,
+    ADD COLUMN reject_federated_downvotes boolean DEFAULT FALSE NOT NULL;
+