Fix: LD Signaturesで署名された投稿の検索許可（検索範囲）が改竄できる問題

app/lib/activitypub/activity/create.rb

@@ -507,15 +507,15 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
   end
 
   def searchability_from_audience
-    if audience_searchable_by.nil?
-      nil
-    elsif audience_searchable_by.any? { |uri| ActivityPub::TagManager.instance.public_collection?(uri) }
+    return nil if audience_searchable_by.blank?
+
+    if audience_searchable_by.any? { |uri| ActivityPub::TagManager.instance.public_collection?(uri) }
       :public
     elsif audience_searchable_by.include?('kmyblue:Limited') || audience_searchable_by.include?('as:Limited')
       :limited
     elsif audience_searchable_by.include?(@account.followers_url)
       :private
-    else
+    elsif audience_searchable_by.include?(@account.uri) || audience_searchable_by.include?(@account.url)
       :direct
     end
   end

app/lib/activitypub/tag_manager.rb

@@ -237,12 +237,10 @@ class ActivityPub::TagManager
         [COLLECTIONS[:public]]
       when 'private'
         [account_followers_url(status.account)]
-      when 'direct'
-        status.conversation_id.present? ? [uri_for(status.conversation)] : []
       when 'limited'
         ['as:Limited', 'kmyblue:Limited']
       else
-        []
+        status.conversation_id.present? ? [uri_for(status.conversation), account_url(status.account)] : [account_url(status.account)]
       end
 
     searchable_by.concat(mentions_uris(status)).compact
@@ -257,7 +255,7 @@ class ActivityPub::TagManager
     when 'limited'
       ['as:Limited', 'kmyblue:Limited']
     else
-      []
+      [account_url(account)]
     end
   end