12efe721cc
* Big refactoring of the Inbox We now have a type that routes an activity through the registered handlers until one of them matches. Each Actor/Activity/Object combination is represented by an implementation of AsObject These combinations are then registered on the Inbox type, which will try to deserialize the incoming activity in the requested types. Advantages: - nicer syntax: the final API is clearer and more idiomatic - more generic: only two traits (`AsActor` and `AsObject`) instead of one for each kind of activity - it is easier to see which activities we handle and which one we don't * Small fixes - Avoid panics - Don't search for AP ID infinitely - Code style issues * Fix tests * Introduce a new trait: FromId It should be implemented for any AP object. It allows to look for an object in database using its AP ID, or to dereference it if it was not present in database Also moves the inbox code to plume-models to test it (and write a basic test for each activity type we handle) * Use if let instead of match * Don't require PlumeRocket::intl for tests * Return early and remove a forgotten dbg! * Add more tests to try to understand where the issues come from * Also add a test for comment federation * Don't check creation_date is the same for blogs * Make user and blog federation more tolerant to errors/missing fields * Make clippy happy * Use the correct Accept header when dereferencing * Fix follow approval with Mastodon * Add spaces to characters that should not be in usernames And validate blog names too * Smarter dereferencing: only do it once for each actor/object * Forgot some files * Cargo fmt * Delete plume_test * Delete plume_tests * Update get_id docs + Remove useless : Sized * Appease cargo fmt * Remove dbg! + Use as_ref instead of clone when possible + Use and_then instead of map when possible * Remove .po~ * send unfollow to local instance * read cover from update activity * Make sure "cc" and "to" are never empty and fix a typo in a constant name * Cargo fmt
105 lines
3.3 KiB
Rust
105 lines
3.3 KiB
Rust
use plume_common::activity_pub::{
|
|
inbox::FromId,
|
|
request::Digest,
|
|
sign::{verify_http_headers, Signable},
|
|
};
|
|
use plume_models::{
|
|
headers::Headers, inbox::inbox, instance::Instance, users::User, Error, PlumeRocket,
|
|
};
|
|
use rocket::{data::*, http::Status, response::status, Outcome::*, Request};
|
|
use rocket_contrib::json::*;
|
|
use serde::Deserialize;
|
|
use std::io::Read;
|
|
|
|
pub fn handle_incoming(
|
|
rockets: PlumeRocket,
|
|
data: SignedJson<serde_json::Value>,
|
|
headers: Headers,
|
|
) -> Result<String, status::BadRequest<&'static str>> {
|
|
let conn = &*rockets.conn;
|
|
let act = data.1.into_inner();
|
|
let sig = data.0;
|
|
|
|
let activity = act.clone();
|
|
let actor_id = activity["actor"]
|
|
.as_str()
|
|
.or_else(|| activity["actor"]["id"].as_str())
|
|
.ok_or(status::BadRequest(Some("Missing actor id for activity")))?;
|
|
|
|
let actor =
|
|
User::from_id(&rockets, actor_id, None).expect("instance::shared_inbox: user error");
|
|
if !verify_http_headers(&actor, &headers.0, &sig).is_secure() && !act.clone().verify(&actor) {
|
|
// maybe we just know an old key?
|
|
actor
|
|
.refetch(conn)
|
|
.and_then(|_| User::get(conn, actor.id))
|
|
.and_then(|u| {
|
|
if verify_http_headers(&u, &headers.0, &sig).is_secure() || act.clone().verify(&u) {
|
|
Ok(())
|
|
} else {
|
|
Err(Error::Signature)
|
|
}
|
|
})
|
|
.map_err(|_| {
|
|
println!(
|
|
"Rejected invalid activity supposedly from {}, with headers {:?}",
|
|
actor.username, headers.0
|
|
);
|
|
status::BadRequest(Some("Invalid signature"))
|
|
})?;
|
|
}
|
|
|
|
if Instance::is_blocked(conn, actor_id)
|
|
.map_err(|_| status::BadRequest(Some("Can't tell if instance is blocked")))?
|
|
{
|
|
return Ok(String::new());
|
|
}
|
|
|
|
Ok(match inbox(&rockets, act) {
|
|
Ok(_) => String::new(),
|
|
Err(e) => {
|
|
println!("Shared inbox error: {:?}", e);
|
|
format!("Error: {:?}", e)
|
|
}
|
|
})
|
|
}
|
|
|
|
const JSON_LIMIT: u64 = 1 << 20;
|
|
|
|
pub struct SignedJson<T>(pub Digest, pub Json<T>);
|
|
|
|
impl<'a, T: Deserialize<'a>> FromData<'a> for SignedJson<T> {
|
|
type Error = JsonError<'a>;
|
|
type Owned = String;
|
|
type Borrowed = str;
|
|
|
|
fn transform(
|
|
r: &Request,
|
|
d: Data,
|
|
) -> Transform<rocket::data::Outcome<Self::Owned, Self::Error>> {
|
|
let size_limit = r.limits().get("json").unwrap_or(JSON_LIMIT);
|
|
let mut s = String::with_capacity(512);
|
|
match d.open().take(size_limit).read_to_string(&mut s) {
|
|
Ok(_) => Transform::Borrowed(Success(s)),
|
|
Err(e) => Transform::Borrowed(Failure((Status::BadRequest, JsonError::Io(e)))),
|
|
}
|
|
}
|
|
|
|
fn from_data(
|
|
_: &Request,
|
|
o: Transformed<'a, Self>,
|
|
) -> rocket::data::Outcome<Self, Self::Error> {
|
|
let string = o.borrowed()?;
|
|
match serde_json::from_str(&string) {
|
|
Ok(v) => Success(SignedJson(Digest::from_body(&string), Json(v))),
|
|
Err(e) => {
|
|
if e.is_data() {
|
|
Failure((Status::UnprocessableEntity, JsonError::Parse(string, e)))
|
|
} else {
|
|
Failure((Status::BadRequest, JsonError::Parse(string, e)))
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|