Add support for dereferencing objects through bearcaps (#14683)
parent
ce8f33dd2f
commit
52157fdcba
@ -0,0 +1,69 @@ |
||||
# frozen_string_literal: true |
||||
|
||||
class ActivityPub::Dereferencer |
||||
include JsonLdHelper |
||||
|
||||
def initialize(uri, permitted_origin: nil, signature_account: nil) |
||||
@uri = uri |
||||
@permitted_origin = permitted_origin |
||||
@signature_account = signature_account |
||||
end |
||||
|
||||
def object |
||||
@object ||= fetch_object! |
||||
end |
||||
|
||||
private |
||||
|
||||
def bear_cap? |
||||
@uri.start_with?('bear:') |
||||
end |
||||
|
||||
def fetch_object! |
||||
if bear_cap? |
||||
fetch_with_token! |
||||
else |
||||
fetch_with_signature! |
||||
end |
||||
end |
||||
|
||||
def fetch_with_token! |
||||
perform_request(bear_cap['u'], headers: { 'Authorization' => "Bearer #{bear_cap['t']}" }) |
||||
end |
||||
|
||||
def fetch_with_signature! |
||||
perform_request(@uri) |
||||
end |
||||
|
||||
def bear_cap |
||||
@bear_cap ||= Addressable::URI.parse(@uri).query_values |
||||
end |
||||
|
||||
def perform_request(uri, headers: nil) |
||||
return if invalid_origin?(uri) |
||||
|
||||
req = Request.new(:get, uri) |
||||
|
||||
req.add_headers('Accept' => 'application/activity+json, application/ld+json') |
||||
req.add_headers(headers) if headers |
||||
req.on_behalf_of(@signature_account) if @signature_account |
||||
|
||||
req.perform do |res| |
||||
if res.code == 200 |
||||
json = body_to_json(res.body_with_limit) |
||||
json if json.present? && json['id'] == uri |
||||
else |
||||
raise Mastodon::UnexpectedResponseError, res unless response_successful?(res) || response_error_unsalvageable?(res) |
||||
end |
||||
end |
||||
end |
||||
|
||||
def invalid_origin?(uri) |
||||
return true if unsupported_uri_scheme?(uri) |
||||
|
||||
needle = Addressable::URI.parse(uri).host |
||||
haystack = Addressable::URI.parse(@permitted_origin).host |
||||
|
||||
!haystack.casecmp(needle).zero? |
||||
end |
||||
end |
@ -0,0 +1,73 @@ |
||||
require 'rails_helper' |
||||
|
||||
RSpec.describe ActivityPub::Dereferencer do |
||||
describe '#object' do |
||||
let(:object) { { '@context': 'https://www.w3.org/ns/activitystreams', id: 'https://example.com/foo', type: 'Note', content: 'Hoge' } } |
||||
let(:permitted_origin) { 'https://example.com' } |
||||
let(:signature_account) { nil } |
||||
let(:uri) { nil } |
||||
|
||||
subject { described_class.new(uri, permitted_origin: permitted_origin, signature_account: signature_account).object } |
||||
|
||||
before do |
||||
stub_request(:get, 'https://example.com/foo').to_return(body: Oj.dump(object), headers: { 'Content-Type' => 'application/activity+json' }) |
||||
end |
||||
|
||||
context 'with a URI' do |
||||
let(:uri) { 'https://example.com/foo' } |
||||
|
||||
it 'returns object' do |
||||
expect(subject.with_indifferent_access).to eq object.with_indifferent_access |
||||
end |
||||
|
||||
context 'with signature account' do |
||||
let(:signature_account) { Fabricate(:account) } |
||||
|
||||
it 'makes signed request' do |
||||
subject |
||||
expect(a_request(:get, 'https://example.com/foo').with { |req| req.headers['Signature'].present? }).to have_been_made |
||||
end |
||||
end |
||||
|
||||
context 'with different origin' do |
||||
let(:uri) { 'https://other-example.com/foo' } |
||||
|
||||
it 'does not make request' do |
||||
subject |
||||
expect(a_request(:get, 'https://other-example.com/foo')).to_not have_been_made |
||||
end |
||||
end |
||||
end |
||||
|
||||
context 'with a bearcap' do |
||||
let(:uri) { 'bear:?t=hoge&u=https://example.com/foo' } |
||||
|
||||
it 'makes request with Authorization header' do |
||||
subject |
||||
expect(a_request(:get, 'https://example.com/foo').with(headers: { 'Authorization' => 'Bearer hoge' })).to have_been_made |
||||
end |
||||
|
||||
it 'returns object' do |
||||
expect(subject.with_indifferent_access).to eq object.with_indifferent_access |
||||
end |
||||
|
||||
context 'with signature account' do |
||||
let(:signature_account) { Fabricate(:account) } |
||||
|
||||
it 'makes signed request' do |
||||
subject |
||||
expect(a_request(:get, 'https://example.com/foo').with { |req| req.headers['Signature'].present? && req.headers['Authorization'] == 'Bearer hoge' }).to have_been_made |
||||
end |
||||
end |
||||
|
||||
context 'with different origin' do |
||||
let(:uri) { 'bear:?t=hoge&u=https://other-example.com/foo' } |
||||
|
||||
it 'does not make request' do |
||||
subject |
||||
expect(a_request(:get, 'https://other-example.com/foo')).to_not have_been_made |
||||
end |
||||
end |
||||
end |
||||
end |
||||
end |
Loading…
Reference in new issue