From 9669b2c017e42763ec87dd2a2c72faa73b1bd4fe Mon Sep 17 00:00:00 2001
From: Jeremy Dormitzer <jdormitzer@hubspot.com>
Date: Thu, 20 Sep 2018 18:48:40 -0400
Subject: [PATCH] Implement delete for inbox

---
 inc/activities/delete.php | 52 +++++++++++++++++++++++++++++++++++++--
 inc/inbox.php             |  3 +++
 2 files changed, 53 insertions(+), 2 deletions(-)

diff --git a/inc/activities/delete.php b/inc/activities/delete.php
index 90187d8..cf4fa69 100644
--- a/inc/activities/delete.php
+++ b/inc/activities/delete.php
@@ -7,8 +7,8 @@ function handle_outbox( $actor, $activity ) {
     if ( !array_key_exists( 'object', $activity ) ) {
         return new \WP_Error(
             'invalid_activity',
-            __( 'Expected an object', 'activitypub' ),
-            array( 'status' => 40 )
+            __( 'Expected an object', 'pterotype' ),
+            array( 'status' => 400 )
         );
     }
     $object = $activity['object'];
@@ -18,4 +18,52 @@ function handle_outbox( $actor, $activity ) {
     }
     return $activity;
 }
+
+function handle_inbox( $actor_slug, $activity ) {
+    if ( !array_key_exists( 'object', $activity ) ) {
+        return new \WP_Error(
+            'invalid_activity',
+            __( 'Expected an object', 'pterotype' ),
+            array( 'status' => 400 )
+        );
+    }
+    if ( !array_key_exists( 'id', $activity ) ) {
+        return new \WP_Error(
+            'invalid_activity',
+            __( 'Expected an id', 'pterotype' ),
+            array( 'status' => 400 )
+        );
+    }
+    $object = $activity['object'];
+    if ( !array_key_exists( 'id', $object ) ) {
+        return new \WP_Error(
+            'invalid_activity',
+            __( 'Expected an id', 'pterotype' ),
+            array( 'status' => 400 )
+        );
+    }
+    $authorized = check_authorization( $activity );
+    if ( is_wp_error( $authorized ) ) {
+        return $authorized;
+    }
+    $res = \objects\delete_object( $object );
+    if ( is_wp_error( $res ) ) {
+        return $res;
+    }
+    return $activity;
+}
+
+function check_authorization( $activity ) {
+    $object = $activity['object'];
+    $activity_origin = parse_url( $activity['id'] )['host'];
+    $object_origin = parse_url( $object['id'] )['host'];
+    if ( ( !$activity_origin || !$object_origin ) || $activity_origin !== $object_origin ) {
+        return new \WP_Error(
+            'unauthorized',
+            __( 'Unauthorized Update activity', 'pterotype' ),
+            array( 'status' => 403 )
+        );
+    }
+    return true;
+}
 ?>
diff --git a/inc/inbox.php b/inc/inbox.php
index cf42cf0..69e9308 100644
--- a/inc/inbox.php
+++ b/inc/inbox.php
@@ -11,6 +11,8 @@ namespace inbox;
 
 require_once plugin_dir_path( __FILE__ ) . '/activities.php';
 require_once plugin_dir_path( __FILE__ ) . '/activities/create.php';
+require_once plugin_dir_path( __FILE__ ) . '/activities/update.php';
+require_once plugin_dir_path( __FILE__ ) . '/activities/delete.php';
 
 function handle_activity( $actor_slug, $activity ) {
     if ( !array_key_exists( 'type', $activity ) ) {
@@ -29,6 +31,7 @@ function handle_activity( $actor_slug, $activity ) {
         $activity = \update\handle_inbox( $actor_slug, $activity );
         break;
     case 'Delete':
+        $activity = \delete\handle_inbox( $actor_slug, $activity );
         break;
     case 'Follow':
         break;