hamlab/mobilizon-frontend
2
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Improve Federation boundaries

Browse Source
This commit is contained in:
rustra
2020-01-23 21:59:50 +01:00
parent 8ca5c0b320
commit 3577fe42e1
67 changed files with 314 additions and 227 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/federation/activity_pub/transmogrifier.ex
View File

@@ -221,7 +221,7 @@ defmodule Mobilizon.Federation.ActivityPub.Transmogrifier do
%{"type" => "Update", "object" => %{"type" => "Event"} = object, "actor" => _actor} =
update_data
) do
with actor <- Utils.get_actor(update_data),
with actor <- Utils.get_actor(update_data),
{:ok, %Actor{url: actor_url}} <- Actors.get_actor_by_url(actor),
{:ok, %Event{} = old_event} <-
object |> Utils.get_url() |> ActivityPub.fetch_object_from_url(),
@@ -289,7 +289,8 @@ defmodule Mobilizon.Federation.ActivityPub.Transmogrifier do
with actor <- Utils.get_actor(data),
{:ok, %Actor{url: actor_url}} <- Actors.get_actor_by_url(actor),
object_id <- Utils.get_url(object),
{:origin_check, true} <- {:origin_check, Utils.origin_check_from_id?(actor_url, object_id)},
{:origin_check, true} <-
{:origin_check, Utils.origin_check_from_id?(actor_url, object_id)},
{:ok, object} <- ActivityPub.fetch_object_from_url(object_id),
{:ok, activity, object} <- ActivityPub.delete(object, false) do
{:ok, activity, object}

0
lib/federation/activity_stream/converter.ex → lib/federation/activity_stream/converter/converter.ex
View File

140
lib/federation/controllers/activity_pub_controller.ex
View File

@@ -1,140 +0,0 @@
# Portions of this file are derived from Pleroma:
# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social>
# SPDX-License-Identifier: AGPL-3.0-only
# Upstream: https://git.pleroma.social/pleroma/pleroma/blob/develop/lib/pleroma/web/activity_pub/activity_pub_controller.ex
defmodule Mobilizon.Federation.ActivityPubController do
use Mobilizon.Federation, :controller
alias Mobilizon.{Actors, Config}
alias Mobilizon.Actors.Actor
alias Mobilizon.Federation.ActivityPub
alias Mobilizon.Federation.ActivityPub.Federator
alias MobilizonWeb.ActivityPub.ActorView
alias MobilizonWeb.Cache
require Logger
action_fallback(:errors)
plug(Mobilizon.Federation.Plugs.Federating when action in [:inbox, :relay])
plug(:relay_active? when action in [:relay])
def relay_active?(conn, _) do
if Config.get([:instance, :allow_relay]) do
conn
else
conn
|> put_status(404)
|> json("Not found")
|> halt()
end
end
def following(conn, %{"name" => name, "page" => page}) do
with {page, ""} <- Integer.parse(page),
%Actor{} = actor <- Actors.get_local_actor_by_name_with_preload(name) do
conn
|> put_resp_header("content-type", "application/activity+json")
|> json(ActorView.render("following.json", %{actor: actor, page: page}))
end
end
def following(conn, %{"name" => name}) do
with %Actor{} = actor <- Actors.get_local_actor_by_name_with_preload(name) do
conn
|> put_resp_header("content-type", "application/activity+json")
|> json(ActorView.render("following.json", %{actor: actor}))
end
end
def followers(conn, %{"name" => name, "page" => page}) do
with {page, ""} <- Integer.parse(page),
%Actor{} = actor <- Actors.get_local_actor_by_name_with_preload(name) do
conn
|> put_resp_header("content-type", "application/activity+json")
|> json(ActorView.render("followers.json", %{actor: actor, page: page}))
end
end
def followers(conn, %{"name" => name}) do
with %Actor{} = actor <- Actors.get_local_actor_by_name_with_preload(name) do
conn
|> put_resp_header("content-type", "application/activity+json")
|> json(ActorView.render("followers.json", %{actor: actor}))
end
end
def outbox(conn, %{"name" => name, "page" => page}) do
with {page, ""} <- Integer.parse(page),
%Actor{} = actor <- Actors.get_local_actor_by_name(name) do
conn
|> put_resp_header("content-type", "application/activity+json")
|> json(ActorView.render("outbox.json", %{actor: actor, page: page}))
end
end
def outbox(conn, %{"name" => name}) do
with %Actor{} = actor <- Actors.get_local_actor_by_name(name) do
conn
|> put_resp_header("content-type", "application/activity+json")
|> json(ActorView.render("outbox.json", %{actor: actor}))
end
end
# TODO: Ensure that this inbox is a recipient of the message
def inbox(%{assigns: %{valid_signature: true}} = conn, params) do
Logger.debug("Got something with valid signature inside inbox")
Federator.enqueue(:incoming_ap_doc, params)
json(conn, "ok")
end
# only accept relayed Creates
def inbox(conn, %{"type" => "Create"} = params) do
Logger.info(
"Signature missing or not from author, relayed Create message, fetching object from source"
)
ActivityPub.fetch_object_from_url(params["object"]["id"])
json(conn, "ok")
end
def inbox(conn, params) do
headers = Enum.into(conn.req_headers, %{})
if String.contains?(headers["signature"], params["actor"]) do
Logger.error(
"Signature validation error for: #{params["actor"]}, make sure you are forwarding the HTTP Host header!"
)
Logger.debug(inspect(conn.req_headers))
end
json(conn, "error")
end
def relay(conn, _params) do
with {status, %Actor{} = actor} when status in [:commit, :ok] <- Cache.get_relay() do
conn
|> put_resp_header("content-type", "application/activity+json")
|> json(ActorView.render("actor.json", %{actor: actor}))
end
end
def errors(conn, {:error, :not_found}) do
conn
|> put_status(404)
|> json("Not found")
end
def errors(conn, e) do
Logger.debug(inspect(e))
conn
|> put_status(500)
|> json("Unknown Error")
end
end

28
lib/federation/plugs/federating.ex
View File

@@ -1,28 +0,0 @@
# Portions of this file are derived from Pleroma:
# Pleroma: A lightweight social networking server
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Mobilizon.Federation.Plugs.Federating do
@moduledoc """
Restrict ActivityPub routes when not federating
"""
import Plug.Conn
def init(options) do
options
end
def call(conn, _opts) do
if Mobilizon.Config.get([:instance, :federating]) do
conn
else
conn
|> put_status(404)
|> Phoenix.Controller.put_view(MobilizonWeb.ErrorView)
|> Phoenix.Controller.render("404.json")
|> halt()
end
end
end

56
lib/federation/plugs/http_signature.ex
View File

@@ -1,56 +0,0 @@
# Portions of this file are derived from Pleroma:
# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social>
# SPDX-License-Identifier: AGPL-3.0-only
# Upstream: https://git.pleroma.social/pleroma/pleroma/blob/develop/lib/pleroma/plugs/http_signature.ex
defmodule Mobilizon.Federation.Plugs.HTTPSignatures do
@moduledoc """
Plug to check HTTP Signatures on every incoming request
"""
import Plug.Conn
require Logger
def init(options) do
options
end
def call(%{assigns: %{valid_signature: true}} = conn, _opts) do
conn
end
def call(conn, _opts) do
case get_req_header(conn, "signature") do
[signature | _] ->
if signature do
# set (request-target) header to the appropriate value
# we also replace the digest header with the one we computed
conn =
conn
|> put_req_header(
"(request-target)",
String.downcase("#{conn.method}") <> " #{conn.request_path}"
)
conn =
if conn.assigns[:digest] do
conn
|> put_req_header("digest", conn.assigns[:digest])
else
conn
end
signature_valid = HTTPSignatures.validate_conn(conn)
Logger.debug("Is signature valid ? #{inspect(signature_valid)}")
assign(conn, :valid_signature, signature_valid)
else
Logger.debug("No signature header!")
conn
end
_ ->
conn
end
end
end

82
lib/federation/plugs/mapped_signature_to_identity.ex
View File

@@ -1,82 +0,0 @@
# Portions of this file are derived from Pleroma:
# Pleroma: A lightweight social networking server
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule MobilizonWeb.Plugs.MappedSignatureToIdentity do
@moduledoc """
Get actor identity from Signature when handing fetches
"""
import Plug.Conn
alias Mobilizon.Actors.Actor
alias Mobilizon.Federation.ActivityPub
alias Mobilizon.Federation.ActivityPub.Utils
alias Mobilizon.Federation.HTTPSignatures.Signature
require Logger
def init(options), do: options
@spec key_id_from_conn(Plug.Conn.t()) :: String.t() | nil
defp key_id_from_conn(conn) do
case HTTPSignatures.signature_for_conn(conn) do
%{"keyId" => key_id} ->
Signature.key_id_to_actor_url(key_id)
_ ->
nil
end
end
@spec actor_from_key_id(Plug.Conn.t()) :: Actor.t() | nil
defp actor_from_key_id(conn) do
with key_actor_id when is_binary(key_actor_id) <- key_id_from_conn(conn),
{:ok, %Actor{} = actor} <- ActivityPub.get_or_fetch_actor_by_url(key_actor_id) do
actor
else
_ ->
nil
end
end
def call(%{assigns: %{actor: _}} = conn, _opts), do: conn
# if this has payload make sure it is signed by the same actor that made it
def call(%{assigns: %{valid_signature: true}, params: %{"actor" => actor}} = conn, _opts) do
with actor_id <- Utils.get_url(actor),
{:actor, %Actor{} = actor} <- {:actor, actor_from_key_id(conn)},
{:actor_match, true} <- {:actor_match, actor.url == actor_id} do
assign(conn, :actor, actor)
else
{:actor_match, false} ->
Logger.debug("Failed to map identity from signature (payload actor mismatch)")
Logger.debug("key_id=#{key_id_from_conn(conn)}, actor=#{actor}")
assign(conn, :valid_signature, false)
# remove me once testsuite uses mapped capabilities instead of what we do now
{:actor, nil} ->
Logger.debug("Failed to map identity from signature (lookup failure)")
Logger.debug("key_id=#{key_id_from_conn(conn)}, actor=#{actor}")
conn
end
end
# no payload, probably a signed fetch
def call(%{assigns: %{valid_signature: true}} = conn, _opts) do
case actor_from_key_id(conn) do
%Actor{} = actor ->
assign(conn, :actor, actor)
_ ->
Logger.debug("Failed to map identity from signature (no payload actor mismatch)")
Logger.debug("key_id=#{key_id_from_conn(conn)}")
assign(conn, :valid_signature, false)
end
end
# no signature at all
def call(conn, _opts), do: conn
end

118
lib/federation/views/actor_view.ex
View File

@@ -1,118 +0,0 @@
defmodule MobilizonWeb.ActivityPub.ActorView do
use MobilizonWeb, :view
alias Mobilizon.Actors
alias Mobilizon.Actors.Actor
alias Mobilizon.Federation.ActivityPub
alias Mobilizon.Federation.ActivityPub.{Activity, Utils}
alias Mobilizon.Federation.ActivityStream.Convertible
@private_visibility_empty_collection %{elements: [], total: 0}
def render("actor.json", %{actor: actor}) do
actor
|> Convertible.model_to_as()
|> Map.merge(Utils.make_json_ld_header())
end
def render("following.json", %{actor: actor, page: page}) do
%{total: total, elements: following} =
if Actor.is_public_visibility(actor),
do: Actors.build_followings_for_actor(actor, page),
else: @private_visibility_empty_collection
following
|> collection(actor.preferred_username, :following, page, total)
|> Map.merge(Utils.make_json_ld_header())
end
def render("following.json", %{actor: actor}) do
%{total: total, elements: following} =
if Actor.is_public_visibility(actor),
do: Actors.build_followings_for_actor(actor),
else: @private_visibility_empty_collection
%{
"id" => Actor.build_url(actor.preferred_username, :following),
"type" => "OrderedCollection",
"totalItems" => total,
"first" => collection(following, actor.preferred_username, :following, 1, total)
}
|> Map.merge(Utils.make_json_ld_header())
end
def render("followers.json", %{actor: actor, page: page}) do
%{total: total, elements: followers} =
if Actor.is_public_visibility(actor),
do: Actors.build_followers_for_actor(actor, page),
else: @private_visibility_empty_collection
followers
|> collection(actor.preferred_username, :followers, page, total)
|> Map.merge(Utils.make_json_ld_header())
end
def render("followers.json", %{actor: actor}) do
%{total: total, elements: followers} =
if Actor.is_public_visibility(actor),
do: Actors.build_followers_for_actor(actor),
else: @private_visibility_empty_collection
%{
"id" => Actor.build_url(actor.preferred_username, :followers),
"type" => "OrderedCollection",
"totalItems" => total,
"first" => collection(followers, actor.preferred_username, :followers, 1, total)
}
|> Map.merge(Utils.make_json_ld_header())
end
def render("outbox.json", %{actor: actor, page: page}) do
%{total: total, elements: followers} =
if Actor.is_public_visibility(actor),
do: ActivityPub.fetch_public_activities_for_actor(actor, page),
else: @private_visibility_empty_collection
followers
|> collection(actor.preferred_username, :outbox, page, total)
|> Map.merge(Utils.make_json_ld_header())
end
def render("outbox.json", %{actor: actor}) do
%{total: total, elements: followers} =
if Actor.is_public_visibility(actor),
do: ActivityPub.fetch_public_activities_for_actor(actor),
else: @private_visibility_empty_collection
%{
"id" => Actor.build_url(actor.preferred_username, :outbox),
"type" => "OrderedCollection",
"totalItems" => total,
"first" => collection(followers, actor.preferred_username, :outbox, 1, total)
}
|> Map.merge(Utils.make_json_ld_header())
end
@spec collection(list(), String.t(), atom(), integer(), integer()) :: map()
defp collection(collection, preferred_username, endpoint, page, total)
when endpoint in [:followers, :following, :outbox] do
offset = (page - 1) * 10
map = %{
"id" => Actor.build_url(preferred_username, endpoint, page: page),
"type" => "OrderedCollectionPage",
"partOf" => Actor.build_url(preferred_username, endpoint),
"orderedItems" => Enum.map(collection, &item/1)
}
if offset < total do
Map.put(map, "next", Actor.build_url(preferred_username, endpoint, page: page + 1))
end
map
end
def item(%Activity{data: %{"id" => id}}), do: id
def item(%Actor{url: url}), do: url
end

30
lib/federation/views/object_view.ex
View File

@@ -1,30 +0,0 @@
defmodule MobilizonWeb.ActivityPub.ObjectView do
use MobilizonWeb, :view
alias Mobilizon.Federation.ActivityPub.{Activity, Utils}
def render("activity.json", %{activity: %Activity{local: local, data: data} = activity}) do
%{
"id" => data["id"],
"type" =>
if local do
"Create"
else
"Announce"
end,
"actor" => activity.actor,
# Not sure if needed since this is used into outbox
"published" => Timex.now(),
"to" => activity.recipients,
"object" =>
case data["type"] do
"Event" ->
render_one(data, ObjectView, "event.json", as: :event)
"Note" ->
render_one(data, ObjectView, "comment.json", as: :comment)
end
}
|> Map.merge(Utils.make_json_ld_header())
end
end