From 613e6b8945caa2c8f587b62177fae5b4441b182e Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Thu, 3 Jun 2021 09:33:50 +0100
Subject: [PATCH] Reject self-boosts

These are easily abused by spammers
---
 announce.py | 4 ++++
 inbox.py    | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/announce.py b/announce.py
index 8c8486a98..4e254f7f8 100644
--- a/announce.py
+++ b/announce.py
@@ -32,6 +32,8 @@ def outboxAnnounce(recentPostsCache: {},
     """
     if not messageJson.get('actor'):
         return False
+    if not isinstance(messageJson['actor'], str):
+        return False
     if not messageJson.get('type'):
         return False
     if not messageJson.get('object'):
@@ -39,6 +41,8 @@ def outboxAnnounce(recentPostsCache: {},
     if messageJson['type'] == 'Announce':
         if not isinstance(messageJson['object'], str):
             return False
+        if messageJson['actor'] in messageJson['object']:
+            return False
         nickname = getNicknameFromActor(messageJson['actor'])
         if not nickname:
             print('WARN: no nickname found in ' + messageJson['actor'])
diff --git a/inbox.py b/inbox.py
index 38978dd4e..2ccb07316 100644
--- a/inbox.py
+++ b/inbox.py
@@ -1359,6 +1359,10 @@ def _receiveAnnounce(recentPostsCache: {},
                   '"users" or "profile" missing from actor in ' +
                   messageJson['type'])
         return False
+    if messageJson['actor'] in messageJson['object']:
+        if debug:
+            print('DEBUG: self-boost rejected')
+        return False
     if not hasUsersPath(messageJson['object']):
         if debug:
             print('DEBUG: ' +