Improved recipient handling for clarity and added better inbox support

.github/changelog/2210-from-description

@@ -0,0 +1,4 @@
+Significance: minor
+Type: changed
+
+Improved recipient handling for clarity and added better inbox support.

includes/functions.php

@@ -525,40 +525,32 @@ function extract_recipients_from_activity( $data ) {
 	$recipient_items = array();
 
 	foreach ( array( 'to', 'bto', 'cc', 'bcc', 'audience' ) as $i ) {
-		if ( array_key_exists( $i, $data ) ) {
-			if ( is_array( $data[ $i ] ) ) {
-				$recipient = $data[ $i ];
-			} else {
-				$recipient = array( $data[ $i ] );
-			}
-			$recipient_items = array_merge( $recipient_items, $recipient );
-		}
-
-		if ( is_array( $data['object'] ) && array_key_exists( $i, $data['object'] ) ) {
-			if ( is_array( $data['object'][ $i ] ) ) {
-				$recipient = $data['object'][ $i ];
-			} else {
-				$recipient = array( $data['object'][ $i ] );
-			}
-			$recipient_items = array_merge( $recipient_items, $recipient );
-		}
+		$recipient_items = \array_merge( $recipient_items, extract_recipients_from_activity_property( $i, $data ) );
 	}
 
+	return \array_unique( $recipient_items );
+}
+
+/**
+ * Extract recipient URLs from a specific property of an Activity object.
+ *
+ * @param string $property The property to extract recipients from (e.g., 'to', 'cc').
+ * @param array  $data     The Activity object as array.
+ *
+ * @return array The list of user URLs.
+ */
+function extract_recipients_from_activity_property( $property, $data ) {
 	$recipients = array();
 
-	// Flatten array.
-	foreach ( $recipient_items as $recipient ) {
-		if ( is_array( $recipient ) ) {
-			// Check if recipient is an object.
-			if ( array_key_exists( 'id', $recipient ) ) {
-				$recipients[] = $recipient['id'];
-			}
-		} else {
-			$recipients[] = $recipient;
-		}
+	if ( ! empty( $data[ $property ] ) ) {
+		$recipients = $data[ $property ];
+	} elseif ( ! empty( $data['object'][ $property ] ) ) {
+		$recipients = $data['object'][ $property ];
 	}
 
-	return array_unique( $recipients );
+	$recipients = \array_map( '\Activitypub\object_to_uri', (array) $recipients );
+
+	return \array_unique( \array_filter( $recipients ) );
 }
 
 /**
@@ -696,7 +688,7 @@ function url_to_commentid( $url ) {
  *
  * @param array|string $data The ActivityPub object.
  *
- * @return string The URI of the ActivityPub object
+ * @return string|false The URI of the ActivityPub object or false if not found.
  */
 function object_to_uri( $data ) {
 	// Check whether it is already simple.
@@ -733,10 +725,10 @@ function object_to_uri( $data ) {
 			$data = object_to_uri( $data['url'] );
 			break;
 		case 'Link':
-			$data = $data['href'];
+			$data = $data['href'] ?? false;
 			break;
 		default:
-			$data = $data['id'];
+			$data = $data['id'] ?? $data['url'] ?? false;
 			break;
 	}
 

includes/handler/class-create.php

@@ -9,7 +9,6 @@
 
 use Activitypub\Collection\Interactions;
 
-use function Activitypub\is_activity_public;
 use function Activitypub\is_activity_reply;
 use function Activitypub\is_self_ping;
 use function Activitypub\object_id_to_comment;
@@ -22,19 +21,8 @@ class Create {
 	 * Initialize the class, registering WordPress hooks.
 	 */
 	public static function init() {
-		\add_action(
-			'activitypub_inbox_create',
-			array( self::class, 'handle_create' ),
-			10,
-			3
-		);
-
-		\add_filter(
-			'activitypub_validate_object',
-			array( self::class, 'validate_object' ),
-			10,
-			3
-		);
+		\add_action( 'activitypub_inbox_create', array( self::class, 'handle_create' ), 10, 4 );
+		\add_filter( 'activitypub_validate_object', array( self::class, 'validate_object' ), 10, 3 );
 	}
 
 	/**
@@ -43,11 +31,12 @@ public static function init() {
 	 * @param array                          $activity        The activity-object.
 	 * @param int                            $user_id         The id of the local blog-user.
 	 * @param \Activitypub\Activity\Activity $activity_object Optional. The activity object. Default null.
+	 * @param string                         $visibility      The visibility of the activity.
 	 */
-	public static function handle_create( $activity, $user_id, $activity_object = null ) {
+	public static function handle_create( $activity, $user_id, $activity_object = null, $visibility = ACTIVITYPUB_CONTENT_VISIBILITY_PRIVATE ) {
 		// Check if Activity is public or not.
 		if (
-			! is_activity_public( $activity ) ||
+			ACTIVITYPUB_CONTENT_VISIBILITY_PRIVATE === $visibility ||
 			! is_activity_reply( $activity )
 		) {
 			return;

includes/rest/class-actors-inbox-controller.php

@@ -23,6 +23,7 @@
  */
 class Actors_Inbox_Controller extends Actors_Controller {
 	use Collection;
+	use Audience;
 
 	/**
 	 * Register routes.
@@ -177,24 +178,28 @@ public function create_item( $request ) {
 			 */
 			do_action( 'activitypub_rest_inbox_disallowed', $data, $user_id, $type, $activity );
 		} else {
+			$visibility = $this->determine_visibility( $data );
+
 			/**
 			 * ActivityPub inbox action.
 			 *
-			 * @param array              $data     The data array.
-			 * @param int|null           $user_id  The user ID.
-			 * @param string             $type     The type of the activity.
-			 * @param Activity|\WP_Error $activity The Activity object.
+			 * @param array              $data       The data array.
+			 * @param int|null           $user_id    The user ID.
+			 * @param string             $type       The type of the activity.
+			 * @param Activity|\WP_Error $activity   The Activity object.
+			 * @param string             $visibility The visibility of the activity.
 			 */
-			\do_action( 'activitypub_inbox', $data, $user_id, $type, $activity );
+			\do_action( 'activitypub_inbox', $data, $user_id, $type, $activity, $visibility );
 
 			/**
 			 * ActivityPub inbox action for specific activity types.
 			 *
-			 * @param array              $data     The data array.
-			 * @param int|null           $user_id  The user ID.
-			 * @param Activity|\WP_Error $activity The Activity object.
+			 * @param array              $data       The data array.
+			 * @param int|null           $user_id    The user ID.
+			 * @param Activity|\WP_Error $activity   The Activity object.
+			 * @param string             $visibility The visibility of the activity.
 			 */
-			\do_action( 'activitypub_inbox_' . $type, $data, $user_id, $activity );
+			\do_action( 'activitypub_inbox_' . $type, $data, $user_id, $activity, $visibility );
 		}
 
 		$response = \rest_ensure_response(

includes/rest/class-inbox-controller.php

@@ -8,13 +8,8 @@
 namespace Activitypub\Rest;
 
 use Activitypub\Activity\Activity;
-use Activitypub\Collection\Actors;
 use Activitypub\Moderation;
 
-use function Activitypub\extract_recipients_from_activity;
-use function Activitypub\is_same_domain;
-use function Activitypub\user_can_activitypub;
-
 /**
  * Inbox_Controller class.
  *
@@ -23,6 +18,8 @@
  * @see https://www.w3.org/TR/activitypub/#inbox
  */
 class Inbox_Controller extends \WP_REST_Controller {
+	use Audience;
+
 	/**
 	 * The namespace of this controller's route.
 	 *
@@ -149,25 +146,12 @@ public function create_item( $request ) {
 			 */
 			do_action( 'activitypub_rest_inbox_disallowed', $data, null, $type, $activity );
 		} else {
-			$recipients = extract_recipients_from_activity( $data );
+			$recipients = $this->determine_local_recipients( $data );
+			$visibility = $this->determine_visibility( $data );
 
 			foreach ( $recipients as $recipient ) {
-				if ( ! is_same_domain( $recipient ) ) {
-					continue;
-				}
-
-				$user_id = Actors::get_id_by_various( $recipient );
-
-				if ( \is_wp_error( $user_id ) ) {
-					continue;
-				}
-
-				if ( ! user_can_activitypub( $user_id ) ) {
-					continue;
-				}
-
 				// Check user-specific blocks for this recipient.
-				if ( Moderation::activity_is_blocked_for_user( $activity, $user_id ) ) {
+				if ( Moderation::activity_is_blocked_for_user( $activity, $recipient ) ) {
 					/**
 					 * ActivityPub inbox disallowed activity for specific user.
 					 *
@@ -176,28 +160,30 @@ public function create_item( $request ) {
 					 * @param string             $type     The type of the activity.
 					 * @param Activity|\WP_Error $activity The Activity object.
 					 */
-					\do_action( 'activitypub_rest_inbox_disallowed', $data, $user_id, $type, $activity );
+					\do_action( 'activitypub_rest_inbox_disallowed', $data, $recipient, $type, $activity );
 					continue;
 				}
 
 				/**
 				 * ActivityPub inbox action.
 				 *
-				 * @param array              $data     The data array.
-				 * @param int                $user_id  The user ID.
-				 * @param string             $type     The type of the activity.
-				 * @param Activity|\WP_Error $activity The Activity object.
+				 * @param array              $data       The data array.
+				 * @param int                $user_id    The user ID.
+				 * @param string             $type       The type of the activity.
+				 * @param Activity|\WP_Error $activity   The Activity object.
+				 * @param string             $visibility The visibility of the activity.
 				 */
-				\do_action( 'activitypub_inbox', $data, $user_id, $type, $activity );
+				\do_action( 'activitypub_inbox', $data, $recipient, $type, $activity, $visibility );
 
 				/**
 				 * ActivityPub inbox action for specific activity types.
 				 *
-				 * @param array              $data     The data array.
-				 * @param int                $user_id  The user ID.
-				 * @param Activity|\WP_Error $activity The Activity object.
+				 * @param array              $data       The data array.
+				 * @param int                $user_id    The user ID.
+				 * @param Activity|\WP_Error $activity   The Activity object.
+				 * @param string             $visibility The visibility of the activity.
 				 */
-				\do_action( 'activitypub_inbox_' . $type, $data, $user_id, $activity );
+				\do_action( 'activitypub_inbox_' . $type, $data, $recipient, $activity, $visibility );
 			}
 		}
 

includes/rest/trait-audience.php

@@ -0,0 +1,83 @@
+<?php
+/**
+ * Audience Trait file.
+ *
+ * @package Activitypub
+ */
+
+namespace Activitypub\Rest;
+
+use Activitypub\Collection\Actors;
+
+use function Activitypub\extract_recipients_from_activity;
+use function Activitypub\extract_recipients_from_activity_property;
+use function Activitypub\is_same_domain;
+use function Activitypub\user_can_activitypub;
+
+/**
+ * Audience Trait.
+ *
+ * Provides methods for handling ActivityPub audience and recipient extraction.
+ */
+trait Audience {
+	/**
+	 * Extract recipients from the given Activity.
+	 *
+	 * @param array $activity The activity data.
+	 *
+	 * @return array An array of user IDs who are the recipients of the activity.
+	 */
+	public function determine_local_recipients( $activity ) {
+		$recipients = extract_recipients_from_activity( $activity );
+		$user_ids   = array();
+
+		foreach ( $recipients as $recipient ) {
+
+			if ( ! is_same_domain( $recipient ) ) {
+				continue;
+			}
+
+			$user_id = Actors::get_id_by_resource( $recipient );
+
+			if ( \is_wp_error( $user_id ) ) {
+				continue;
+			}
+
+			if ( ! user_can_activitypub( $user_id ) ) {
+				continue;
+			}
+
+			$user_ids[] = $user_id;
+		}
+
+		return $user_ids;
+	}
+
+	/**
+	 * Determine the visibility of the activity based on its recipients.
+	 *
+	 * @param array $activity The activity data.
+	 *
+	 * @return string The visibility level: 'public', 'private', or 'direct'.
+	 */
+	public function determine_visibility( $activity ) {
+		// Set default visibility for specific activity types.
+		if ( in_array( $activity['type'], array( 'Accept', 'Delete', 'Follow', 'Reject', 'Undo' ), true ) ) {
+			return ACTIVITYPUB_CONTENT_VISIBILITY_PRIVATE;
+		}
+
+		// Check 'to' field for public visibility.
+		$to = extract_recipients_from_activity_property( 'to', $activity );
+		if ( ! empty( array_intersect( $to, ACTIVITYPUB_PUBLIC_AUDIENCE_IDENTIFIERS ) ) ) {
+			return ACTIVITYPUB_CONTENT_VISIBILITY_PUBLIC;
+		}
+
+		// Check 'cc' field for quiet public visibility.
+		$cc = extract_recipients_from_activity_property( 'cc', $activity );
+		if ( ! empty( array_intersect( $cc, ACTIVITYPUB_PUBLIC_AUDIENCE_IDENTIFIERS ) ) ) {
+			return ACTIVITYPUB_CONTENT_VISIBILITY_QUIET_PUBLIC;
+		}
+
+		return ACTIVITYPUB_CONTENT_VISIBILITY_PRIVATE;
+	}
+}