IMproved handling of untrusted posts

src/Protocol/ActivityPub/Processor.php

@@ -466,7 +466,7 @@ class Processor
 	 *
 	 * @return boolean
 	 */
-	private static function isActivityGone(string $url): bool
+	public static function isActivityGone(string $url): bool
 	{
 		$curlResult = HTTPSignature::fetchRaw($url, 0);
 
@@ -1346,6 +1346,7 @@ class Processor
 	{
 		$uid = User::getIdForURL($activity['object_id']);
 		if (empty($uid)) {
+			Queue::remove($activity);
 			return;
 		}
 

src/Protocol/ActivityPub/Receiver.php

@@ -371,6 +371,10 @@ class Receiver
 			$object_data['object_object'] = JsonLD::fetchElement($activity['as:object'], 'as:object');
 			$object_data['object_type'] = JsonLD::fetchElement($activity['as:object'], '@type');
 			$object_data['push'] = $push;
+			if ($type == 'as:Delete') {
+				$apcontact = APContact::getByURL($object_data['object_id'], true);
+				$trust_source = ($apcontact['type'] == 'Tombstone');
+			}
 		} elseif (in_array($type, ['as:Create', 'as:Update', 'as:Announce', 'as:Invite']) || strpos($type, '#emojiReaction')) {
 			// Fetch the content only on activities where this matters
 			// We can receive "#emojiReaction" when fetching content from Hubzilla systems
@@ -425,6 +429,10 @@ class Receiver
 			if (($type == 'as:Undo') && !empty($object_data['object_object'])) {
 				$object_data['object_object_type'] = self::fetchObjectType([], $object_data['object_object'], $fetch_uid);
 			}
+
+			if (($type == 'as:Delete') && in_array($object_data['object_type'], array_merge(['as:Tombstone'], self::CONTENT_TYPES))) {
+				$trust_source = Processor::isActivityGone($object_data['object_id']);
+			}
 		}
 
 		$object_data = self::addActivityFields($object_data, $activity);