From d7a3d8a08335d6a0a7c3751d880e256edba7a64e Mon Sep 17 00:00:00 2001 From: Mike Macgirvin Date: Tue, 19 Dec 2023 21:08:08 +1100 Subject: [PATCH 1/5] initialise container branch --- Code/Daemon/Notifier.php | 4 +- Code/Lib/Activity.php | 93 ++++++---------------------------------- Code/Lib/ActivityPub.php | 2 +- Code/Module/Activity.php | 2 +- Code/Module/Inspect.php | 2 +- Code/Module/Like.php | 2 +- include/items.php | 2 +- 7 files changed, 19 insertions(+), 88 deletions(-) diff --git a/Code/Daemon/Notifier.php b/Code/Daemon/Notifier.php index a3b5dfad1..f080313a0 100644 --- a/Code/Daemon/Notifier.php +++ b/Code/Daemon/Notifier.php @@ -370,13 +370,13 @@ class Notifier implements DaemonInterface } $m = ($cmd === 'edit_post') ? '' : ObjCache::Get($target_item['mid'] . '.nomad'); - + // Re-use existing signature unless the activity type changed to a Tombstone, which won't verify. if ($m && (! intval($target_item['item_deleted']))) { self::$encoded_item = json_decode($m, true); } else { - self::$encoded_item = array_merge(Activity::ap_context(), Activity::encode_activity($target_item, true, Activity::isContainer($target_item))); + self::$encoded_item = array_merge(Activity::ap_context(), Activity::encode_activity($target_item, true)); self::$encoded_item['signature'] = LDSignatures::sign(self::$encoded_item, self::$channel); } logger('target_item: ' . print_r($target_item, true), LOGGER_DEBUG); diff --git a/Code/Lib/Activity.php b/Code/Lib/Activity.php index c9b728360..0b84e2b25 100644 --- a/Code/Lib/Activity.php +++ b/Code/Lib/Activity.php @@ -276,7 +276,7 @@ class Activity xchan_query($r); $r = fetch_post_tags($r); if (in_array($r[0]['verb'], ['Invite', 'Undo'])) { - return self::encode_activity($r[0], $activitypub, self::isContainer($r[0])); + return self::encode_activity($r[0], $activitypub); } return self::encode_item($r[0], $activitypub); } @@ -359,7 +359,7 @@ class Activity if ($m) { $t = json_decode($m, true); } else { - $t = self::encode_activity($i, $activitypub, self::isContainer($i)); + $t = self::encode_activity($i, $activitypub); } if ($t) { $x[] = $t; @@ -747,18 +747,13 @@ class Activity dbesc($item['owner_xchan']), intval($item['uid']) ); - $isContainer = (bool) $query; - if (! Config::Get('system', '2024')) { - $isContainer = false; - } - return $isContainer; + return (bool) $query; } // the $recurse flag encodes the original non-deleted object of a deleted activity - public static function encode_activity($item, $activitypub = false, $isContainer = false, $recurse = false) + public static function encode_activity($item, $activitypub = false, $recurse = false) { - $new = Config::Get('system', '2024'); $activity = []; if (intval($item['item_deleted']) && (!$recurse)) { @@ -780,7 +775,7 @@ class Activity return []; } - $obj = (($is_response) ? self::encode_activity($item, $activitypub, $isContainer, true) : self::encode_item($item, $activitypub)); + $obj = (($is_response) ? self::encode_activity($item, $activitypub, true) : self::encode_item($item, $activitypub)); if ($obj) { if (array_path_exists('object/id', $obj)) { $obj['object'] = $obj['object']['id']; @@ -796,7 +791,7 @@ class Activity return $activity; } - $activity['type'] = ($isContainer) ? 'Add' : self::activity_mapper($item['verb']); + $activity['type'] = self::activity_mapper($item['verb']); if (str_contains($item['mid'], z_root() . '/item/')) { $activity['id'] = str_replace('/item/', '/activity/', $item['mid']); @@ -805,9 +800,6 @@ class Activity } else { $activity['id'] = $item['mid']; } - if ($isContainer) { - $activity['id'] .= '?operation=add'; - } if ($item['title']) { $activity['name'] = $item['title']; @@ -846,15 +838,11 @@ class Activity $place->setLatitude(isset($item['lat']) ? $item['lat'] : 0) ->setLongitude(isset($item['lon']) ? $item['lon'] : 0); } - if (!$new) { - $activity['location'] = $place->toArray(); - } + $activity['location'] = $place->toArray(); } if ($item['mid'] === $item['parent_mid']) { - if (!$new) { - $activity['isContainedConversation'] = true; - } + $activity['isContainedConversation'] = true; } else { // inReplyTo needs to be set in the activity for followup actions (Like, Dislike, Announce, etc.), @@ -891,16 +879,13 @@ class Activity $cnv = str_replace(['/item/', '/activity/'], ['/conversation/', '/conversation/'], $cnv); } $activity['context'] = $cnv; - if (!$new) { - $activity['conversation'] = $cnv; - } } if (intval($item['item_private']) === 2) { $activity['directMessage'] = true; } - $actor = self::encode_person(($isContainer) ? $item['owner'] : $item['author'], false); + $actor = self::encode_person(($item['author'], false); if ($actor) { $activity['actor'] = $actor; } else { @@ -908,7 +893,7 @@ class Activity } $replyTo = unserialise($item['replyto']); - if ($replyTo && !$new) { + if ($replyTo) { $activity['replyTo'] = $replyTo; $activity['audience'] = $replyTo; } @@ -992,10 +977,6 @@ class Activity $activity['target'] = $tgt; } } - if ($isContainer) { - $activity['target'] = $activity['context']; - } - $t = self::encode_taxonomy($item); if ($t) { foreach($t as $tag) { @@ -1127,8 +1108,6 @@ class Activity public static function encode_item($item, $activitypub = false) { - - $new = Config::Get('system', '2024'); $activity = []; $bbopts = (($activitypub) ? 'activitypub' : 'export'); @@ -1231,9 +1210,6 @@ class Activity $activity['attributedTo'] = self::encode_person($item['author'],false); if ($item['mid'] === $item['parent_mid']) { - if (!$new) { - $activity['isContainedConversation'] = true; - } if (in_array($activity['commentPolicy'], ['public', 'authenticated'])) { $activity['canReply'] = ACTIVITY_PUBLIC_INBOX; } elseif (in_array($activity['commentPolicy'], ['contacts', 'specific'])) { @@ -1242,9 +1218,6 @@ class Activity $activity['canReply'] = []; } } - if ($new) { - unset($activity['commentPolicy']); - } if ($item['mid'] !== $item['parent_mid']) { if ($item['approved']) { @@ -1267,9 +1240,6 @@ class Activity $cnv = str_replace(['/item/', '/activity/'], ['/conversation/', '/conversation/'], $cnv); } $activity['context'] = $cnv; - if(!$new) { - $activity['conversation'] = $cnv; - } } // provide ocap access token for private media. @@ -1319,7 +1289,7 @@ class Activity } $replyTo = unserialise($item['replyto']); - if ($replyTo && !$new) { + if ($replyTo) { $activity['replyTo'] = $replyTo; $activity['audience'] = $replyTo; } @@ -4889,69 +4859,30 @@ class Activity // $contextType is reserved for future use so that the caller can specify // a limited subset of the entire schema definition for particular activities. - if (Config::Get('system','2024')) { - return [ - 'nomad' => z_root() . '/apschema#', - 'toot' => 'http://joinmastodon.org/ns#', - 'litepub' => 'http://litepub.social/ns#', - 'manuallyApprovesFollowers' => 'as:manuallyApprovesFollowers', - 'oauthRegistrationEndpoint' => 'litepub:oauthRegistrationEndpoint', - 'sensitive' => 'as:sensitive', - 'movedTo' => 'as:movedTo', - 'discoverable' => 'toot:discoverable', - 'indexable' => 'toot:indexable', - 'capabilities' => 'litepub:capabilities', - 'acceptsJoins' => 'litepub:acceptsJoins', - 'Hashtag' => 'as:Hashtag', - 'canReply' => 'toot:canReply', - 'canSearch' => 'nomad:canSearch', - 'approval' => 'toot:approval', - 'expires' => 'nomad:expires', - 'directMessage' => 'nomad:directMessage', - 'Category' => 'nomad:Category', - 'copiedTo' => 'nomad:copiedTo', - 'canSearch' => 'nomad:canSearch', - 'searchContent' => 'nomad:searchContent', - 'searchTags' => 'nomad:searchTags', - ]; - } - return [ 'nomad' => z_root() . '/apschema#', 'toot' => 'http://joinmastodon.org/ns#', 'litepub' => 'http://litepub.social/ns#', - 'sm' => 'http://smithereen.software/ns#', - // 'fep' => 'https://codeberg.org/fediverse/fep#', 'manuallyApprovesFollowers' => 'as:manuallyApprovesFollowers', 'oauthRegistrationEndpoint' => 'litepub:oauthRegistrationEndpoint', 'sensitive' => 'as:sensitive', 'movedTo' => 'as:movedTo', - // 'EmojiReact' => 'as:EmojiReact', 'discoverable' => 'toot:discoverable', 'indexable' => 'toot:indexable', - 'wall' => 'sm:wall', 'capabilities' => 'litepub:capabilities', 'acceptsJoins' => 'litepub:acceptsJoins', - 'nomadicLocations' => 'nomad:nomadicLocations', 'Hashtag' => 'as:Hashtag', 'canReply' => 'toot:canReply', 'canSearch' => 'nomad:canSearch', 'approval' => 'toot:approval', - 'Identity' => 'fep:Identity', - 'isContainedConversation' => 'nomad:isContainedConversation', - 'conversation' => 'nomad:conversation', - 'commentPolicy' => 'nomad:commentPolicy', - 'eventRepeat' => 'nomad:eventRepeat', - 'emojiReaction' => 'nomad:emojiReaction', 'expires' => 'nomad:expires', 'directMessage' => 'nomad:directMessage', 'Category' => 'nomad:Category', - 'replyTo' => 'nomad:replyTo', 'copiedTo' => 'nomad:copiedTo', - 'canSearch' => 'nomad:canSearch', 'searchContent' => 'nomad:searchContent', 'searchTags' => 'nomad:searchTags', ]; + } public static function get_quote($url, $item) { diff --git a/Code/Lib/ActivityPub.php b/Code/Lib/ActivityPub.php index 693b198f4..01ab144a3 100644 --- a/Code/Lib/ActivityPub.php +++ b/Code/Lib/ActivityPub.php @@ -101,7 +101,7 @@ class ActivityPub Activity::rewrite_mentions_sub($target_item, 1, $target_item['obj']); - $ti = Activity::encode_activity($target_item, true, Activity::isContainer($target_item)); + $ti = Activity::encode_activity($target_item, true); if (!$ti) { return; diff --git a/Code/Module/Activity.php b/Code/Module/Activity.php index 2cf336298..803c0daa3 100644 --- a/Code/Module/Activity.php +++ b/Code/Module/Activity.php @@ -122,7 +122,7 @@ class Activity extends Controller $isContainer = !empty($operation) && $operation === 'add'; $channel = Channel::from_id($items[0]['uid']); - as_return_and_die(ZlibActivity::encode_activity($items[0], true), $channel, $isContainer); + as_return_and_die(ZlibActivity::encode_activity($items[0], true), $channel); } if (Libzot::is_nomad_request()) { diff --git a/Code/Module/Inspect.php b/Code/Module/Inspect.php index 02eaeb1e5..cd18a8364 100644 --- a/Code/Module/Inspect.php +++ b/Code/Module/Inspect.php @@ -60,7 +60,7 @@ class Inspect extends Controller $output .= '
' . print_array($item) . '
' . EOL . EOL; - $output .= '(encode_activity)' . EOL . '
' . escape_tags(json_encode(Activity::encode_activity($item, true, Activity::isContainer($item)),
+                $output .= '(encode_activity)' . EOL . '
' . escape_tags(json_encode(Activity::encode_activity($item, true),
                             JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES)) . '
' . EOL . EOL;
 
                 $nomad = ObjCache::Get($item['mid'] . '.nomad');
diff --git a/Code/Module/Like.php b/Code/Module/Like.php
index e3fc27732..ee1df8c61 100644
--- a/Code/Module/Like.php
+++ b/Code/Module/Like.php
@@ -146,7 +146,7 @@ class Like extends Controller
             xchan_query($r, true);
             $r = fetch_post_tags($r);
             $r[0]['obj'] = json_decode($r[0]['obj'], true);
-            $object = Activity::encode_activity($r[0], true, Activity::isContainer($r[0]));
+            $object = Activity::encode_activity($r[0], true);
 
             // do not do either a federated or hard delete on the original reaction
             // as we are going to send an Undo to perform this task
diff --git a/include/items.php b/include/items.php
index 9d13c4480..a864600ec 100644
--- a/include/items.php
+++ b/include/items.php
@@ -4030,7 +4030,7 @@ function zot_feed($uid, $observer_hash, $arr) {
         if($encoding === 'zot')
             $result[] = encode_item($item);
         elseif($encoding === 'activitystreams')
-            $result[] = Activity::encode_activity($item, true, Activity::isContainer($item));
+            $result[] = Activity::encode_activity($item, true);
     }
 
     return $result;

From fffbb3b789f037cd6f240e84a4edcf4641ae41a3 Mon Sep 17 00:00:00 2001
From: Mike Macgirvin 
Date: Wed, 20 Dec 2023 09:49:54 +1100
Subject: [PATCH 2/5] Change default settings for more privacy

---
 Code/Lib/Activity.php          | 2 +-
 Code/Module/Admin/Security.php | 2 +-
 Code/Module/Album.php          | 2 +-
 Code/Module/Channel.php        | 7 ++++---
 Code/Module/Item.php           | 4 ++--
 Code/Module/Lists.php          | 2 +-
 Code/Module/New_channel.php    | 4 ++--
 Code/Module/Outbox.php         | 2 +-
 Code/Module/Photo.php          | 2 +-
 9 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/Code/Lib/Activity.php b/Code/Lib/Activity.php
index 0b84e2b25..749259c8e 100644
--- a/Code/Lib/Activity.php
+++ b/Code/Lib/Activity.php
@@ -885,7 +885,7 @@ class Activity
             $activity['directMessage'] = true;
         }
 
-        $actor = self::encode_person(($item['author'], false);
+        $actor = self::encode_person($item['author'], false);
         if ($actor) {
             $activity['actor'] = $actor;
         } else {
diff --git a/Code/Module/Admin/Security.php b/Code/Module/Admin/Security.php
index 35044211c..f714cf408 100644
--- a/Code/Module/Admin/Security.php
+++ b/Code/Module/Admin/Security.php
@@ -151,7 +151,7 @@ class Security
             '$title' => t('Administration'),
             '$page' => t('Security'),
             '$form_security_token' => get_form_security_token('admin_security'),
-            '$require_authenticated_fetch' => ['require_authenticated_fetch', t('Require signed fetch requests'), Config::Get('system','require_authenticated_fetch'), ''],
+            '$require_authenticated_fetch' => ['require_authenticated_fetch', t('Require signed fetch requests'), Config::Get('system','require_authenticated_fetch', true), ''],
             '$accept_unsigned_relay' => ['accept_unsigned_relay', t('Accept unsigned relayed activities'), Config::Get('system','accept_unsigned_relay'),''],
             '$block_public_search' => array('block_public_search', t("Block public search"), get_config('system', 'block_public_search', 1), t("Prevent access to search content unless you are currently authenticated.")),
             '$block_public_dir' => ['block_public_directory', t('Block directory from visitors'), get_config('system', 'block_public_directory', true), t('Only allow authenticated access to directory.')],
diff --git a/Code/Module/Album.php b/Code/Module/Album.php
index 33f05901c..ac36b17ca 100644
--- a/Code/Module/Album.php
+++ b/Code/Module/Album.php
@@ -34,7 +34,7 @@ class Album extends Controller
                     http_status_exit(403, 'Permission denied');
                 }
                 observer_auth($portable_id);
-            } elseif (Config::get('system', 'require_authenticated_fetch', false)) {
+            } elseif (Config::Get('system', 'require_authenticated_fetch', true)) {
                 http_status_exit(403, 'Permission denied');
             }
 
diff --git a/Code/Module/Channel.php b/Code/Module/Channel.php
index 98ac1faa5..603634962 100644
--- a/Code/Module/Channel.php
+++ b/Code/Module/Channel.php
@@ -149,7 +149,7 @@ class Channel extends Controller
 
                 observer_auth($portable_id);
             }
-            elseif (Config::Get('system', 'require_authenticated_fetch', false)) {
+            elseif (Config::Get('system', 'require_authenticated_fetch', true)) {
                 http_status_exit(403, 'Permission denied');
             }
 
@@ -184,8 +184,9 @@ class Channel extends Controller
                 if ($s && $s[0]['hubloc_sitekey'] && $s[0]['site_crypto']) {
                     $data = json_encode(Crypto::encapsulate($data, $s[0]['hubloc_sitekey'], Libzot::best_algorithm($s[0]['site_crypto'])));
                 }
-            } else {
-                if (Config::Get('system', 'require_authenticated_fetch', false)) {
+            }
+            else {
+                if (Config::Get('system', 'require_authenticated_fetch', true)) {
                     http_status_exit(403, 'Permission denied');
                 }
                 $data = json_encode(Libzot::zotinfo(['guid_hash' => $channel['channel_hash']]));
diff --git a/Code/Module/Item.php b/Code/Module/Item.php
index 392b726d7..74cac9ca0 100644
--- a/Code/Module/Item.php
+++ b/Code/Module/Item.php
@@ -99,7 +99,7 @@ class Item extends Controller
                     dbesc($r[0]['parent_mid']),
                     dbesc($portable_id)
                 );
-            } elseif (Config::Get('system', 'require_authenticated_fetch', false)) {
+            } elseif (Config::Get('system', 'require_authenticated_fetch', true)) {
                 http_status_exit(403, 'Permission denied');
             }
             // if we don't have a parent id belonging to the signer see if we can obtain one as a visitor that we have permission to access
@@ -249,7 +249,7 @@ class Item extends Controller
                     dbesc($portable_id)
                 );
             }
-            elseif (Config::Get('system', 'require_authenticated_fetch', false)) {
+            elseif (Config::Get('system', 'require_authenticated_fetch', true)) {
                 http_status_exit(403, 'Permission denied');
             }
 
diff --git a/Code/Module/Lists.php b/Code/Module/Lists.php
index ee55675df..54e9f5294 100644
--- a/Code/Module/Lists.php
+++ b/Code/Module/Lists.php
@@ -56,7 +56,7 @@ class Lists extends Controller
                     http_status_exit(403, 'Permission denied');
                 }
                 observer_auth($portable_id);
-            } elseif (Config::Get('system', 'require_authenticated_fetch')) {
+            } elseif (Config::Get('system', 'require_authenticated_fetch', true)) {
                 http_status_exit(403, 'Permission denied');
             }
 
diff --git a/Code/Module/New_channel.php b/Code/Module/New_channel.php
index 7d071ec6d..309345297 100644
--- a/Code/Module/New_channel.php
+++ b/Code/Module/New_channel.php
@@ -155,7 +155,7 @@ class New_channel extends Controller
                 intval($aid)
             );
             if ($r && (!intval($r[0]['total']))) {
-                $default_role = get_config('system', 'default_permissions_role', 'social');
+                $default_role = get_config('system', 'default_permissions_role', 'social_restricted');
             }
 
             $limit = ServiceClass::account_fetch(get_account_id(), 'total_identities');
@@ -187,7 +187,7 @@ class New_channel extends Controller
 
         $name = ['name', t('Channel name'), ((x($_REQUEST, 'name')) ? $_REQUEST['name'] : ''), $name_help, "*"];
         $nickname = ['nickname', t('Choose a short nickname'), ((x($_REQUEST, 'nickname')) ? $_REQUEST['nickname'] : ''), $nick_help, "*"];
-        $role = ['permissions_role', t('Channel role and privacy'), ($privacy_role) ?: 'social', t('Select a channel permission role compatible with your usage needs and privacy requirements.'), $perm_roles];
+        $role = ['permissions_role', t('Channel role and privacy'), ($privacy_role) ?: 'social_restricted', t('Select a channel permission role compatible with your usage needs and privacy requirements.'), $perm_roles];
 
         return replace_macros(Theme::get_template('new_channel.tpl'), [
             '$title' => t('Create a Channel'),
diff --git a/Code/Module/Outbox.php b/Code/Module/Outbox.php
index 5b4379b27..ff36e9153 100644
--- a/Code/Module/Outbox.php
+++ b/Code/Module/Outbox.php
@@ -229,7 +229,7 @@ class Outbox extends Controller
                     http_status_exit(403, 'Permission denied');
                 }
                 observer_auth($portable_id);
-            } elseif (Config::Get('system', 'require_authenticated_fetch', false)) {
+            } elseif (Config::Get('system', 'require_authenticated_fetch', true)) {
                 http_status_exit(403, 'Permission denied');
             }
             $observer_hash = get_observer_hash();
diff --git a/Code/Module/Photo.php b/Code/Module/Photo.php
index e0a958c70..739c93040 100644
--- a/Code/Module/Photo.php
+++ b/Code/Module/Photo.php
@@ -33,7 +33,7 @@ class Photo extends Controller
                     http_status_exit(403, 'Permission denied');
                 }
                 observer_auth($portable_id);
-            } elseif (Config::Get('system', 'require_authenticated_fetch', false)) {
+            } elseif (Config::Get('system', 'require_authenticated_fetch', true)) {
                 http_status_exit(403, 'Permission denied');
             }
 

From 4903951fa99946417c7bbb9a55487cc078866a83 Mon Sep 17 00:00:00 2001
From: Mike Macgirvin 
Date: Wed, 20 Dec 2023 14:13:40 +1100
Subject: [PATCH 3/5] create hyperdrive connection permission

---
 Code/Access/PermissionRoles.php |  4 ++--
 Code/Access/Permissions.php     |  1 +
 Code/Lib/Activity.php           |  2 +-
 Code/Lib/Libzot.php             |  1 +
 Code/Update/_1274.php           | 42 +++++++++++++++++++++++++++++++++
 boot.php                        |  2 +-
 6 files changed, 48 insertions(+), 4 deletions(-)
 create mode 100644 Code/Update/_1274.php

diff --git a/Code/Access/PermissionRoles.php b/Code/Access/PermissionRoles.php
index cc4be5c61..a16b24396 100644
--- a/Code/Access/PermissionRoles.php
+++ b/Code/Access/PermissionRoles.php
@@ -40,7 +40,7 @@ class PermissionRoles
                 $ret['online'] = true;
                 $ret['perms_connect'] = [
                     'view_stream', 'search_stream', 'deliver_stream', 'view_profile', 'view_contacts', 'view_storage',
-                    'view_pages', 'send_stream', 'post_mail', 'post_wall', 'post_comments'
+                    'view_pages', 'send_stream', 'hyperdrive', 'post_mail', 'post_wall', 'post_comments'
                 ];
                 $ret['limits'] = PermissionLimits::Std_Limits();
                 break;
@@ -52,7 +52,7 @@ class PermissionRoles
                 $ret['online'] = false;
                 $ret['perms_connect'] = [
                     'view_stream', 'deliver_stream', 'view_profile', 'view_storage',
-                    'view_pages', 'send_stream', 'post_mail', 'post_wall', 'post_comments'
+                    'view_pages', 'send_stream', 'hyperdrive', 'post_mail', 'post_wall', 'post_comments'
                 ];
                 $ret['limits'] = PermissionLimits::Std_Limits();
                 $ret['limits']['view_contacts'] = PERMS_SPECIFIC;
diff --git a/Code/Access/Permissions.php b/Code/Access/Permissions.php
index d2e3a2ed3..a1bee90f8 100644
--- a/Code/Access/Permissions.php
+++ b/Code/Access/Permissions.php
@@ -68,6 +68,7 @@ class Permissions
             'post_wall'      => t('Grant permission to post on your channel (wall) page'),
             'post_mail'      => t('Accept delivery of direct messages and personal mail from'),
             'send_stream'    => t('Accept delivery of posts and conversations from'),
+            'hyperdrive'     => t('Accept delivery of third-party conversations from'),
             'post_comments'  => t('Accept delivery of comments on your posts from'),
             'write_storage'  => t('Grant upload permissions to your file storage and photos'),
             'republish'      => t('Grant permission to republish/mirror your posts'),
diff --git a/Code/Lib/Activity.php b/Code/Lib/Activity.php
index 749259c8e..f902f7d18 100644
--- a/Code/Lib/Activity.php
+++ b/Code/Lib/Activity.php
@@ -4155,7 +4155,7 @@ class Activity
                     return;
                 } else {
                     $fetch = false;
-                    if (intval($channel['channel_system']) || (perm_is_allowed($channel['channel_id'], $observer_hash, 'send_stream') && (PConfig::Get($channel['channel_id'], 'system', 'hyperdrive', true) || $act->type === 'Announce'))) {
+                    if (intval($channel['channel_system']) || (perm_is_allowed($channel['channel_id'], $observer_hash, 'send_stream') && perm_is_allowed($channel['channel_id'], $observer_hash, 'hyperdrive') && (PConfig::Get($channel['channel_id'], 'system', 'hyperdrive', true) || $act->type === 'Announce'))) {
                         $fetch = ($fetch_parents && self::fetch_and_store_parents($channel, $observer_hash, $item));
                     }
                     if ($fetch) {
diff --git a/Code/Lib/Libzot.php b/Code/Lib/Libzot.php
index a998d3012..ccd32f33d 100644
--- a/Code/Lib/Libzot.php
+++ b/Code/Lib/Libzot.php
@@ -1936,6 +1936,7 @@ class Libzot
                     if (
                         (!$relay) && (!$request) && (!$local_public)
                         && perm_is_allowed($channel['channel_id'], $sender, 'send_stream')
+                        && perm_is_allowed($channel['channel_id'], $sender, 'hyperdrive')
                     ) {
                         $reports = self::fetch_conversation($channel, $arr['mid']);
 
diff --git a/Code/Update/_1274.php b/Code/Update/_1274.php
new file mode 100644
index 000000000..66f2d8894
--- /dev/null
+++ b/Code/Update/_1274.php
@@ -0,0 +1,42 @@
+
Date: Wed, 20 Dec 2023 14:23:25 +1100
Subject: [PATCH 4/5] broken migration

---
 Code/Update/_1274.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Code/Update/_1274.php b/Code/Update/_1274.php
index 66f2d8894..d039533df 100644
--- a/Code/Update/_1274.php
+++ b/Code/Update/_1274.php
@@ -26,7 +26,7 @@ class _1274
                             $perms = AbConfig::Get($rv['channel_id'], $abook['abook_xchan'], 'system', 'my_perms', '' );
                             $s = explode(',', $perms);
                             $s[] = 'hyperdrive';
-                            AbConfig::Set($rv['channel_id'], $rv['abook_xchan'], 'system', 'my_perms', implode(',', $s));
+                            AbConfig::Set($rv['channel_id'], $abook['abook_xchan'], 'system', 'my_perms', implode(',', $s));
                         }
                     }
                 }

From bee0b051e20e318880e070dd2b320e600788ac0b Mon Sep 17 00:00:00 2001
From: Mike Macgirvin 
Date: Thu, 21 Dec 2023 09:40:31 +1100
Subject: [PATCH 5/5] completely remove 2024 config

---
 Code/Lib/ActivityPub.php | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/Code/Lib/ActivityPub.php b/Code/Lib/ActivityPub.php
index 01ab144a3..a4478f27b 100644
--- a/Code/Lib/ActivityPub.php
+++ b/Code/Lib/ActivityPub.php
@@ -57,9 +57,6 @@ class ActivityPub
                 logger('relayed post with no signed message');
                 return;
             }
-            if (Config::Get('system','2024') && !$upstream) {
-                unset($signed_msg);
-            }
         }
 
         if ($purge_all) {