MetuFSS
/
metu.life
2
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add support for dereferencing objects through bearcaps (#14683)

Browse Source
master
Eugen Rochko 4 years ago committed by GitHub
parent ce8f33dd2f
commit 52157fdcba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 166 additions and 14 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 16
      app/lib/activitypub/activity.rb
  2. 22
      app/lib/activitypub/activity/create.rb
  3. 69
      app/lib/activitypub/dereferencer.rb
  4. 73
      spec/lib/activitypub/dereferencer_spec.rb

16
app/lib/activitypub/activity.rb
Unescape View File

@ -71,7 +71,15 @@ class ActivityPub::Activity
end end
def object_uri def object_uri
@object_uri ||= value_or_id(@object) @object_uri ||= begin
str = value_or_id(@object)
if str.start_with?('bear:')
Addressable::URI.parse(str).query_values['u']
else
str
end
end
end end
def unsupported_object_type? def unsupported_object_type?
@ -159,12 +167,10 @@ class ActivityPub::Activity
def dereference_object! def dereference_object!
return unless @object.is_a?(String) return unless @object.is_a?(String)
return if invalid_origin?(@object)
object = fetch_resource(@object, true, signed_fetch_account) dereferencer = ActivityPub::Dereferencer.new(@object, permitted_origin: @account.uri, signature_account: signed_fetch_account)
return unless object.present? && object.is_a?(Hash) && supported_context?(object)
@object = object @object = dereferencer.object unless dereferencer.object.nil?
end end
def signed_fetch_account def signed_fetch_account

22
app/lib/activitypub/activity/create.rb
Unescape View File

@ -15,7 +15,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
private private
def create_encrypted_message def create_encrypted_message
return reject_payload! if invalid_origin?(@object['id']) || @options[:delivered_to_account_id].blank? return reject_payload! if invalid_origin?(object_uri) || @options[:delivered_to_account_id].blank?
target_account = Account.find(@options[:delivered_to_account_id]) target_account = Account.find(@options[:delivered_to_account_id])
target_device = target_account.devices.find_by(device_id: @object.dig('to', 'deviceId')) target_device = target_account.devices.find_by(device_id: @object.dig('to', 'deviceId'))
@ -43,7 +43,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
end end
def create_status def create_status
return reject_payload! if unsupported_object_type? || invalid_origin?(@object['id']) || Tombstone.exists?(uri: @object['id']) || !related_to_local_activity? return reject_payload! if unsupported_object_type? || invalid_origin?(object_uri) || tombstone_exists? || !related_to_local_activity?
RedisLock.acquire(lock_options) do |lock| RedisLock.acquire(lock_options) do |lock|
if lock.acquired? if lock.acquired?
@ -90,7 +90,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
fetch_replies(@status) fetch_replies(@status)
check_for_spam check_for_spam
distribute(@status) distribute(@status)
forward_for_reply if @status.distributable? forward_for_reply
end end
def find_existing_status def find_existing_status
@ -102,8 +102,8 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
def process_status_params def process_status_params
@params = begin @params = begin
{ {
uri: @object['id'], uri: object_uri,
url: object_url || @object['id'], url: object_url || object_uri,
account: @account, account: @account,
text: text_from_content || '', text: text_from_content || '',
language: detected_language, language: detected_language,
@ -313,7 +313,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
RedisLock.acquire(poll_lock_options) do |lock| RedisLock.acquire(poll_lock_options) do |lock|
if lock.acquired? if lock.acquired?
already_voted = poll.votes.where(account: @account).exists? already_voted = poll.votes.where(account: @account).exists?
poll.votes.create!(account: @account, choice: poll.options.index(@object['name']), uri: @object['id']) poll.votes.create!(account: @account, choice: poll.options.index(@object['name']), uri: object_uri)
else else
raise Mastodon::RaceConditionError raise Mastodon::RaceConditionError
end end
@ -385,7 +385,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
end end
def text_from_content def text_from_content
return Formatter.instance.linkify([[text_from_name, text_from_summary.presence].compact.join("\n\n"), object_url || @object['id']].join(' ')) if converted_object_type? return Formatter.instance.linkify([[text_from_name, text_from_summary.presence].compact.join("\n\n"), object_url || object_uri].join(' ')) if converted_object_type?
if @object['content'].present? if @object['content'].present?
@object['content'] @object['content']
@ -484,12 +484,16 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
Account.local.where(username: local_usernames).exists? Account.local.where(username: local_usernames).exists?
end end
def tombstone_exists?
Tombstone.exists?(uri: object_uri)
end
def check_for_spam def check_for_spam
SpamCheck.perform(@status) SpamCheck.perform(@status)
end end
def forward_for_reply def forward_for_reply
return unless @json['signature'].present? && reply_to_local? return unless @status.distributable? && @json['signature'].present? && reply_to_local?
ActivityPub::RawDistributionWorker.perform_async(Oj.dump(@json), replied_to_status.account_id, [@account.preferred_inbox_url]) ActivityPub::RawDistributionWorker.perform_async(Oj.dump(@json), replied_to_status.account_id, [@account.preferred_inbox_url])
end end
@ -507,7 +511,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
end end
def lock_options def lock_options
{ redis: Redis.current, key: "create:#{@object['id']}" } { redis: Redis.current, key: "create:#{object_uri}" }
end end
def poll_lock_options def poll_lock_options

69
app/lib/activitypub/dereferencer.rb
Unescape View File

@ -0,0 +1,69 @@
# frozen_string_literal: true
class ActivityPub::Dereferencer
include JsonLdHelper
def initialize(uri, permitted_origin: nil, signature_account: nil)
@uri = uri
@permitted_origin = permitted_origin
@signature_account = signature_account
end
def object
@object ||= fetch_object!
end
private
def bear_cap?
@uri.start_with?('bear:')
end
def fetch_object!
if bear_cap?
fetch_with_token!
else
fetch_with_signature!
end
end
def fetch_with_token!
perform_request(bear_cap['u'], headers: { 'Authorization' => "Bearer #{bear_cap['t']}" })
end
def fetch_with_signature!
perform_request(@uri)
end
def bear_cap
@bear_cap ||= Addressable::URI.parse(@uri).query_values
end
def perform_request(uri, headers: nil)
return if invalid_origin?(uri)
req = Request.new(:get, uri)
req.add_headers('Accept' => 'application/activity+json, application/ld+json')
req.add_headers(headers) if headers
req.on_behalf_of(@signature_account) if @signature_account
req.perform do |res|
if res.code == 200
json = body_to_json(res.body_with_limit)
json if json.present? && json['id'] == uri
else
raise Mastodon::UnexpectedResponseError, res unless response_successful?(res) || response_error_unsalvageable?(res)
end
end
end
def invalid_origin?(uri)
return true if unsupported_uri_scheme?(uri)
needle = Addressable::URI.parse(uri).host
haystack = Addressable::URI.parse(@permitted_origin).host
!haystack.casecmp(needle).zero?
end
end

73
spec/lib/activitypub/dereferencer_spec.rb
Unescape View File

@ -0,0 +1,73 @@
require 'rails_helper'
RSpec.describe ActivityPub::Dereferencer do
describe '#object' do
let(:object) { { '@context': 'https://www.w3.org/ns/activitystreams', id: 'https://example.com/foo', type: 'Note', content: 'Hoge' } }
let(:permitted_origin) { 'https://example.com' }
let(:signature_account) { nil }
let(:uri) { nil }
subject { described_class.new(uri, permitted_origin: permitted_origin, signature_account: signature_account).object }
before do
stub_request(:get, 'https://example.com/foo').to_return(body: Oj.dump(object), headers: { 'Content-Type' => 'application/activity+json' })
end
context 'with a URI' do
let(:uri) { 'https://example.com/foo' }
it 'returns object' do
expect(subject.with_indifferent_access).to eq object.with_indifferent_access
end
context 'with signature account' do
let(:signature_account) { Fabricate(:account) }
it 'makes signed request' do
subject
expect(a_request(:get, 'https://example.com/foo').with { |req| req.headers['Signature'].present? }).to have_been_made
end
end
context 'with different origin' do
let(:uri) { 'https://other-example.com/foo' }
it 'does not make request' do
subject
expect(a_request(:get, 'https://other-example.com/foo')).to_not have_been_made
end
end
end
context 'with a bearcap' do
let(:uri) { 'bear:?t=hoge&u=https://example.com/foo' }
it 'makes request with Authorization header' do
subject
expect(a_request(:get, 'https://example.com/foo').with(headers: { 'Authorization' => 'Bearer hoge' })).to have_been_made
end
it 'returns object' do
expect(subject.with_indifferent_access).to eq object.with_indifferent_access
end
context 'with signature account' do
let(:signature_account) { Fabricate(:account) }
it 'makes signed request' do
subject
expect(a_request(:get, 'https://example.com/foo').with { |req| req.headers['Signature'].present? && req.headers['Authorization'] == 'Bearer hoge' }).to have_been_made
end
end
context 'with different origin' do
let(:uri) { 'bear:?t=hoge&u=https://other-example.com/foo' }
it 'does not make request' do
subject
expect(a_request(:get, 'https://other-example.com/foo')).to_not have_been_made
end
end
end
end
end
Write Preview
Loading…
Cancel
Save