diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb index 8eda96336..d79ed142a 100644 --- a/app/controllers/accounts_controller.rb +++ b/app/controllers/accounts_controller.rb @@ -15,7 +15,9 @@ class AccountsController < ApplicationController render xml: AtomSerializer.render(AtomSerializer.new.feed(@account, @entries.to_a)) end - format.activitystreams2 + format.activitystreams2 do + headers['Access-Control-Allow-Origin'] = '*' + end end end diff --git a/app/controllers/api/activitypub/activities_controller.rb b/app/controllers/api/activitypub/activities_controller.rb new file mode 100644 index 000000000..03f27c7f6 --- /dev/null +++ b/app/controllers/api/activitypub/activities_controller.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +class Api::Activitypub::ActivitiesController < ApiController + # before_action :set_follow, only: [:show_follow] + before_action :set_status, only: [:show_status] + + respond_to :activitystreams2 + + # Show a status in AS2 format, as either an Announce (reblog) or a Create (post) activity. + def show_status + headers['Access-Control-Allow-Origin'] = '*' + + return forbidden unless @status.permitted? + + if @status.reblog? + render :show_status_announce + else + render :show_status_create + end + end + + private + + def set_status + @status = Status.find(params[:id]) + end +end diff --git a/app/controllers/api/activitypub/notes_controller.rb b/app/controllers/api/activitypub/notes_controller.rb new file mode 100644 index 000000000..722961ec6 --- /dev/null +++ b/app/controllers/api/activitypub/notes_controller.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +class Api::Activitypub::NotesController < ApiController + before_action :set_status + + respond_to :activitystreams2 + + def show + headers['Access-Control-Allow-Origin'] = '*' + + forbidden unless @status.permitted? + end + + private + + def set_status + @status = Status.find(params[:id]) + end +end diff --git a/app/controllers/api/activitypub/outbox_controller.rb b/app/controllers/api/activitypub/outbox_controller.rb new file mode 100644 index 000000000..05d779910 --- /dev/null +++ b/app/controllers/api/activitypub/outbox_controller.rb @@ -0,0 +1,41 @@ +# frozen_string_literal: true + +class Api::Activitypub::OutboxController < ApiController + before_action :set_account + + respond_to :activitystreams2 + + def show + headers['Access-Control-Allow-Origin'] = '*' + + @statuses = Status.as_outbox_timeline(@account).paginate_by_max_id(limit_param(DEFAULT_STATUSES_LIMIT), params[:max_id], params[:since_id]) + @statuses = cache_collection(@statuses) + + set_maps(@statuses) + + # Since the statuses are in reverse chronological order, last is the lowest ID. + @next_path = api_activitypub_outbox_url(max_id: @statuses.last.id) if @statuses.size == limit_param(DEFAULT_STATUSES_LIMIT) + + unless @statuses.empty? + if @statuses.first.id == 1 + @prev_path = api_activitypub_outbox_url + elsif params[:max_id] + @prev_path = api_activitypub_outbox_url(since_id: @statuses.first.id) + end + end + + @paginated = @next_path || @prev_path + + set_pagination_headers(@next_path, @prev_path) + end + + private + + def cache_collection(raw) + super(raw, Status) + end + + def set_account + @account = Account.find(params[:id]) + end +end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 92755bcd3..ad2be71ee 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -62,6 +62,13 @@ class ApplicationController < ActionController::Base end end + def forbidden + respond_to do |format| + format.any { head 403 } + format.html { render 'errors/403', layout: 'error', status: 403 } + end + end + def unprocessable_entity respond_to do |format| format.any { head 422 } diff --git a/app/helpers/activitystreams2_builder_helper.rb b/app/helpers/activitystreams2_builder_helper.rb new file mode 100644 index 000000000..eeada56f2 --- /dev/null +++ b/app/helpers/activitystreams2_builder_helper.rb @@ -0,0 +1,8 @@ +# frozen_string_literal: true + +module Activitystreams2BuilderHelper + # Gets a usable name for an account, using display name or username. + def account_name(account) + account.display_name.empty? ? account.username : account.display_name + end +end diff --git a/app/models/status.rb b/app/models/status.rb index b75bd0a7b..918a58405 100644 --- a/app/models/status.rb +++ b/app/models/status.rb @@ -140,6 +140,10 @@ class Status < ApplicationRecord account.nil? ? filter_timeline_default(query) : filter_timeline_default(filter_timeline(query, account)) end + def as_outbox_timeline(account) + where(account: account, visibility: :public) + end + def favourites_map(status_ids, account_id) Favourite.select('status_id').where(status_id: status_ids).where(account_id: account_id).map { |f| [f.status_id, true] }.to_h end diff --git a/app/views/accounts/show.activitystreams2.rabl b/app/views/accounts/show.activitystreams2.rabl index dabae3f29..2c0a4ad3a 100644 --- a/app/views/accounts/show.activitystreams2.rabl +++ b/app/views/accounts/show.activitystreams2.rabl @@ -6,3 +6,4 @@ attributes display_name: :name, username: :preferredUsername, note: :summary node(:icon) { |account| full_asset_url(account.avatar.url(:original)) } node(:image) { |account| full_asset_url(account.header.url(:original)) } +node(:outbox) { |account| api_activitypub_outbox_url(account.id) } diff --git a/app/views/activitypub/types/announce.activitystreams2.rabl b/app/views/activitypub/types/announce.activitystreams2.rabl new file mode 100644 index 000000000..4a29aa134 --- /dev/null +++ b/app/views/activitypub/types/announce.activitystreams2.rabl @@ -0,0 +1,3 @@ +extends 'activitypub/intransient.activitystreams2.rabl' + +node(:type) { 'Announce' } diff --git a/app/views/activitypub/types/collection.activitystreams2.rabl b/app/views/activitypub/types/collection.activitystreams2.rabl new file mode 100644 index 000000000..9e7e14e2b --- /dev/null +++ b/app/views/activitypub/types/collection.activitystreams2.rabl @@ -0,0 +1,5 @@ +extends 'activitypub/intransient.activitystreams2.rabl' + +node(:type) { 'Collection' } +node(:items) { [] } +node(:totalItems) { 0 } diff --git a/app/views/activitypub/types/create.activitystreams2.rabl b/app/views/activitypub/types/create.activitystreams2.rabl new file mode 100644 index 000000000..e41a056a7 --- /dev/null +++ b/app/views/activitypub/types/create.activitystreams2.rabl @@ -0,0 +1,3 @@ +extends 'activitypub/intransient.activitystreams2.rabl' + +node(:type) { 'Create' } diff --git a/app/views/activitypub/types/note.activitystreams2.rabl b/app/views/activitypub/types/note.activitystreams2.rabl new file mode 100644 index 000000000..39c74d4ba --- /dev/null +++ b/app/views/activitypub/types/note.activitystreams2.rabl @@ -0,0 +1,3 @@ +extends 'activitypub/intransient.activitystreams2.rabl' + +node(:type) { 'Note' } diff --git a/app/views/activitypub/types/ordered_collection.activitystreams2.rabl b/app/views/activitypub/types/ordered_collection.activitystreams2.rabl new file mode 100644 index 000000000..2cda6f4d0 --- /dev/null +++ b/app/views/activitypub/types/ordered_collection.activitystreams2.rabl @@ -0,0 +1,3 @@ +extends 'activitypub/types/collection.activitystreams2.rabl' + +node(:type) { 'OrderedCollection' } diff --git a/app/views/activitypub/types/ordered_collection_page.activitystreams2.rabl b/app/views/activitypub/types/ordered_collection_page.activitystreams2.rabl new file mode 100644 index 000000000..f498fe8e5 --- /dev/null +++ b/app/views/activitypub/types/ordered_collection_page.activitystreams2.rabl @@ -0,0 +1,4 @@ +extends 'activitypub/types/ordered_collection.activitystreams2.rabl' + +node(:type) { 'OrderedCollectionPage' } +node(:current) { request.original_url } diff --git a/app/views/api/activitypub/activities/_show_status.activitystreams2.rabl b/app/views/api/activitypub/activities/_show_status.activitystreams2.rabl new file mode 100644 index 000000000..472bf5dbd --- /dev/null +++ b/app/views/api/activitypub/activities/_show_status.activitystreams2.rabl @@ -0,0 +1,4 @@ +object @status + +node(:actor) { |status| TagManager.instance.url_for(status.account) } +node(:published) { |status| status.created_at.to_time.xmlschema } \ No newline at end of file diff --git a/app/views/api/activitypub/activities/show_status_announce.activitystreams2.rabl b/app/views/api/activitypub/activities/show_status_announce.activitystreams2.rabl new file mode 100644 index 000000000..44ac1ba2f --- /dev/null +++ b/app/views/api/activitypub/activities/show_status_announce.activitystreams2.rabl @@ -0,0 +1,8 @@ +extends 'activitypub/types/announce.activitystreams2.rabl' +extends 'api/activitypub/activities/_show_status.activitystreams2.rabl' + +object @status + +node(:name) { |status| t('activitypub.activity.announce.name', account_name: account_name(status.account)) } +node(:url) { |status| TagManager.instance.url_for(status) } +node(:object) { |status| api_activitypub_status_url(status.reblog_of_id) } diff --git a/app/views/api/activitypub/activities/show_status_create.activitystreams2.rabl b/app/views/api/activitypub/activities/show_status_create.activitystreams2.rabl new file mode 100644 index 000000000..ff4d39eca --- /dev/null +++ b/app/views/api/activitypub/activities/show_status_create.activitystreams2.rabl @@ -0,0 +1,8 @@ +extends 'activitypub/types/create.activitystreams2.rabl' +extends 'api/activitypub/activities/_show_status.activitystreams2.rabl' + +object @status + +node(:name) { |status| t('activitypub.activity.create.name', account_name: account_name(status.account)) } +node(:url) { |status| TagManager.instance.url_for(status) } +node(:object) { |status| api_activitypub_note_url(status) } diff --git a/app/views/api/activitypub/notes/show.activitystreams2.rabl b/app/views/api/activitypub/notes/show.activitystreams2.rabl new file mode 100644 index 000000000..d962f4438 --- /dev/null +++ b/app/views/api/activitypub/notes/show.activitystreams2.rabl @@ -0,0 +1,11 @@ +extends 'activitypub/types/note.activitystreams2.rabl' + +object @status + +attributes :content + +node(:name) { |status| status.content } +node(:url) { |status| TagManager.instance.url_for(status) } +node(:attributedTo) { |status| TagManager.instance.url_for(status.account) } +node(:inReplyTo) { |status| api_activitypub_note_url(status.thread) } if @status.thread +node(:published) { |status| status.created_at.to_time.xmlschema } diff --git a/app/views/api/activitypub/outbox/show.activitystreams2.rabl b/app/views/api/activitypub/outbox/show.activitystreams2.rabl new file mode 100644 index 000000000..a498f74bc --- /dev/null +++ b/app/views/api/activitypub/outbox/show.activitystreams2.rabl @@ -0,0 +1,23 @@ +if @paginated + extends 'activitypub/types/ordered_collection_page.activitystreams2.rabl' +else + extends 'activitypub/types/ordered_collection.activitystreams2.rabl' +end + +object @account + +node(:items) do + @statuses.map { |status| api_activitypub_status_url(status) } +end + +node(:totalItems) { @statuses.count } +node(:next) { @next_path } if @next_path +node(:prev) { @prev_path } if @prev_path + +node(:name) { |account| t('activitypub.outbox.name', account_name: account_name(account)) } +node(:summary) { |account| t('activitypub.outbox.summary', account_name: account_name(account)) } +node(:updated) do |account| + times = @statuses.map { |status| status.updated_at.to_time } + times << account.created_at.to_time + times.max.xmlschema +end diff --git a/app/views/errors/403.html.haml b/app/views/errors/403.html.haml new file mode 100644 index 000000000..c6e421f4f --- /dev/null +++ b/app/views/errors/403.html.haml @@ -0,0 +1,5 @@ +- content_for :page_title do + = t('errors.403') + +- content_for :content do + = t('errors.403') \ No newline at end of file diff --git a/config/locales/en.yml b/config/locales/en.yml index b8463673e..778027cec 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -40,6 +40,15 @@ en: posts: Posts remote_follow: Remote follow unfollow: Unfollow + activitypub: + outbox: + name: "%{account_name}'s Outbox" + summary: "A collection of activities from user %{account_name}." + activity: + create: + name: "%{account_name} created a note." + announce: + name: "%{account_name} announced an activity." admin: accounts: are_you_sure: Are you sure? @@ -206,6 +215,7 @@ en: x_months: "%{count}mo" x_seconds: "%{count}s" errors: + '403': You don't have permission to view this page. '404': The page you were looking for doesn't exist. '410': The page you were looking for doesn't exist anymore. '422': diff --git a/config/routes.rb b/config/routes.rb index 2c8ac1cff..6893aa06b 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -106,6 +106,15 @@ Rails.application.routes.draw do # OEmbed get '/oembed', to: 'oembed#show', as: :oembed + # ActivityPub + namespace :activitypub do + get '/users/:id/outbox', to: 'outbox#show', as: :outbox + + get '/statuses/:id', to: 'activities#show_status', as: :status + + resources :notes, only: [:show] + end + # JSON / REST API namespace :v1 do resources :statuses, only: [:create, :show, :destroy] do diff --git a/spec/controllers/api/activitypub/activities_controller_spec.rb b/spec/controllers/api/activitypub/activities_controller_spec.rb new file mode 100644 index 000000000..c78c93a75 --- /dev/null +++ b/spec/controllers/api/activitypub/activities_controller_spec.rb @@ -0,0 +1,77 @@ +require 'rails_helper' + +RSpec.describe Api::Activitypub::ActivitiesController, type: :controller do + render_views + + let(:user) { Fabricate(:user, account: Fabricate(:account, username: 'alice')) } + + describe 'GET #show' do + describe 'normal status' do + public_status = nil + + before do + public_status = Status.create!(account: user.account, text: 'Hello world', visibility: :public) + + @request.env['HTTP_ACCEPT'] = 'application/activity+json' + get :show_status, id: public_status.id + end + + it 'returns http success' do + expect(response).to have_http_status(:success) + end + + it 'sets Content-Type header to AS2' do + expect(response.header['Content-Type']).to include 'application/activity+json' + end + + it 'sets Access-Control-Allow-Origin header to *' do + expect(response.header['Access-Control-Allow-Origin']).to eq '*' + end + + it 'returns http success' do + json_data = JSON.parse(response.body) + expect(json_data).to include('@context' => 'https://www.w3.org/ns/activitystreams') + expect(json_data).to include('type' => 'Create') + expect(json_data).to include('id' => @request.url) + expect(json_data).to include('type' => 'Create') + expect(json_data).to include('object' => api_activitypub_note_url(public_status)) + expect(json_data).to include('url' => TagManager.instance.url_for(public_status)) + end + end + + describe 'reblog' do + original = nil + reblog = nil + + before do + original = Status.create!(account: user.account, text: 'Hello world', visibility: :public) + reblog = Status.create!(account: user.account, reblog_of_id: original.id, visibility: :public) + + @request.env['HTTP_ACCEPT'] = 'application/activity+json' + get :show_status, id: reblog.id + end + + it 'returns http success' do + expect(response).to have_http_status(:success) + end + + it 'sets Content-Type header to AS2' do + expect(response.header['Content-Type']).to include 'application/activity+json' + end + + it 'sets Access-Control-Allow-Origin header to *' do + expect(response.header['Access-Control-Allow-Origin']).to eq '*' + end + + it 'returns http success' do + json_data = JSON.parse(response.body) + expect(json_data).to include('@context' => 'https://www.w3.org/ns/activitystreams') + expect(json_data).to include('type' => 'Announce') + expect(json_data).to include('id' => @request.url) + expect(json_data).to include('type' => 'Announce') + expect(json_data).to include('object' => api_activitypub_status_url(original)) + expect(json_data).to include('url' => TagManager.instance.url_for(reblog)) + end + end + end +end diff --git a/spec/controllers/api/activitypub/notes_controller_spec.rb b/spec/controllers/api/activitypub/notes_controller_spec.rb new file mode 100644 index 000000000..df8f1b42a --- /dev/null +++ b/spec/controllers/api/activitypub/notes_controller_spec.rb @@ -0,0 +1,81 @@ +require 'rails_helper' + +RSpec.describe Api::Activitypub::NotesController, type: :controller do + render_views + + let(:user_alice) { Fabricate(:user, account: Fabricate(:account, username: 'alice')) } + let(:user_bob) { Fabricate(:user, account: Fabricate(:account, username: 'bob')) } + + describe 'GET #show' do + describe 'normal status' do + public_status = nil + + before do + public_status = Status.create!(account: user_alice.account, text: 'Hello world', visibility: :public) + + @request.env['HTTP_ACCEPT'] = 'application/activity+json' + get :show, id: public_status.id + end + + it 'returns http success' do + expect(response).to have_http_status(:success) + end + + it 'sets Content-Type header to AS2' do + expect(response.header['Content-Type']).to include 'application/activity+json' + end + + it 'sets Access-Control-Allow-Origin header to *' do + expect(response.header['Access-Control-Allow-Origin']).to eq '*' + end + + it 'returns http success' do + json_data = JSON.parse(response.body) + expect(json_data).to include('@context' => 'https://www.w3.org/ns/activitystreams') + expect(json_data).to include('type' => 'Note') + expect(json_data).to include('id' => @request.url) + expect(json_data).to include('name' => 'Hello world') + expect(json_data).to include('content' => 'Hello world') + expect(json_data).to include('published') + expect(json_data).to include('url' => TagManager.instance.url_for(public_status)) + end + end + + describe 'reply' do + original = nil + reply = nil + + before do + original = Status.create!(account: user_alice.account, text: 'Hello world', visibility: :public) + reply = Status.create!(account: user_bob.account, text: 'Hello world', in_reply_to_id: original.id, visibility: :public) + + @request.env['HTTP_ACCEPT'] = 'application/activity+json' + get :show, id: reply.id + end + + it 'returns http success' do + expect(response).to have_http_status(:success) + end + + it 'sets Content-Type header to AS2' do + expect(response.header['Content-Type']).to include 'application/activity+json' + end + + it 'sets Access-Control-Allow-Origin header to *' do + expect(response.header['Access-Control-Allow-Origin']).to eq '*' + end + + it 'returns http success' do + json_data = JSON.parse(response.body) + expect(json_data).to include('@context' => 'https://www.w3.org/ns/activitystreams') + expect(json_data).to include('type' => 'Note') + expect(json_data).to include('id' => @request.url) + expect(json_data).to include('name' => 'Hello world') + expect(json_data).to include('content' => 'Hello world') + expect(json_data).to include('published') + expect(json_data).to include('url' => TagManager.instance.url_for(reply)) + expect(json_data).to include('inReplyTo' => api_activitypub_note_url(original)) + end + end + end +end diff --git a/spec/controllers/api/activitypub/outbox_controller_spec.rb b/spec/controllers/api/activitypub/outbox_controller_spec.rb new file mode 100644 index 000000000..55fb9b509 --- /dev/null +++ b/spec/controllers/api/activitypub/outbox_controller_spec.rb @@ -0,0 +1,92 @@ +require 'rails_helper' + +RSpec.describe Api::Activitypub::OutboxController, type: :controller do + render_views + + let(:user) { Fabricate(:user, account: Fabricate(:account, username: 'alice')) } + + describe 'GET #show' do + before do + @request.env['HTTP_ACCEPT'] = 'application/activity+json' + end + + describe 'small number of statuses' do + public_status = nil + + before do + public_status = Status.create!(account: user.account, text: 'Hello world', visibility: :public) + Status.create!(account: user.account, text: 'Hello world', visibility: :private) + Status.create!(account: user.account, text: 'Hello world', visibility: :unlisted) + Status.create!(account: user.account, text: 'Hello world', visibility: :direct) + + get :show, id: user.account.id + end + + it 'returns http success' do + expect(response).to have_http_status(:success) + end + + it 'sets Content-Type header to AS2' do + expect(response.header['Content-Type']).to include 'application/activity+json' + end + + it 'sets Access-Control-Allow-Origin header to *' do + expect(response.header['Access-Control-Allow-Origin']).to eq '*' + end + + it 'returns AS2 JSON body' do + json_data = JSON.parse(response.body) + expect(json_data).to include('@context' => 'https://www.w3.org/ns/activitystreams') + expect(json_data).to include('id' => @request.url) + expect(json_data).to include('type' => 'OrderedCollection') + expect(json_data).to include('totalItems' => 1) + expect(json_data).to include('items') + expect(json_data['items'].count).to eq(1) + expect(json_data['items']).to include(api_activitypub_status_url(public_status)) + end + end + + describe 'large number of statuses' do + before do + 30.times do + Status.create!(account: user.account, text: 'Hello world', visibility: :public) + end + + Status.create!(account: user.account, text: 'Hello world', visibility: :private) + Status.create!(account: user.account, text: 'Hello world', visibility: :unlisted) + Status.create!(account: user.account, text: 'Hello world', visibility: :direct) + end + + describe 'first page' do + before do + get :show, id: user.account.id + end + + it 'returns http success' do + expect(response).to have_http_status(:success) + end + + it 'sets Content-Type header to AS2' do + expect(response.header['Content-Type']).to include 'application/activity+json' + end + + it 'sets Access-Control-Allow-Origin header to *' do + expect(response.header['Access-Control-Allow-Origin']).to eq '*' + end + + it 'returns AS2 JSON body' do + json_data = JSON.parse(response.body) + expect(json_data).to include('@context' => 'https://www.w3.org/ns/activitystreams') + expect(json_data).to include('id' => @request.url) + expect(json_data).to include('type' => 'OrderedCollectionPage') + expect(json_data).to include('totalItems' => 20) + expect(json_data).to include('items') + expect(json_data['items'].count).to eq(20) + expect(json_data).to include('current' => @request.url) + expect(json_data).to include('next') + expect(json_data).to_not include('prev') + end + end + end + end +end