2021-11-16 17:03:09 +00:00
|
|
|
use crate::fetcher::post_or_comment::PostOrComment;
|
2022-06-02 14:33:41 +00:00
|
|
|
use activitypub_federation::{
|
2022-06-08 15:45:39 +00:00
|
|
|
core::signatures::PublicKey,
|
|
|
|
traits::{Actor, ApubObject},
|
2022-10-03 17:46:42 +00:00
|
|
|
InstanceSettings,
|
2022-06-02 14:33:41 +00:00
|
|
|
LocalInstance,
|
2022-10-28 13:38:22 +00:00
|
|
|
UrlVerifier,
|
2022-06-02 14:33:41 +00:00
|
|
|
};
|
|
|
|
use anyhow::Context;
|
2022-10-28 13:38:22 +00:00
|
|
|
use async_trait::async_trait;
|
2022-10-27 09:24:07 +00:00
|
|
|
use diesel::PgConnection;
|
2022-05-03 17:44:13 +00:00
|
|
|
use lemmy_api_common::utils::blocking;
|
2022-10-27 09:24:07 +00:00
|
|
|
use lemmy_db_schema::{
|
|
|
|
newtypes::DbUrl,
|
|
|
|
source::{activity::Activity, instance::Instance, local_site::LocalSite},
|
|
|
|
utils::DbPool,
|
2022-06-22 20:24:54 +00:00
|
|
|
};
|
2022-10-27 09:24:07 +00:00
|
|
|
use lemmy_utils::{error::LemmyError, location_info, settings::structs::Settings};
|
2022-06-02 14:33:41 +00:00
|
|
|
use lemmy_websocket::LemmyContext;
|
|
|
|
use once_cell::sync::{Lazy, OnceCell};
|
2021-11-16 17:03:09 +00:00
|
|
|
use url::{ParseError, Url};
|
|
|
|
|
2020-10-12 14:10:09 +00:00
|
|
|
pub mod activities;
|
2021-10-29 10:32:42 +00:00
|
|
|
pub(crate) mod activity_lists;
|
2021-10-27 16:03:07 +00:00
|
|
|
pub(crate) mod collections;
|
2020-04-10 11:37:35 +00:00
|
|
|
pub mod fetcher;
|
2021-07-17 16:20:44 +00:00
|
|
|
pub mod http;
|
2021-11-15 22:54:25 +00:00
|
|
|
pub(crate) mod mentions;
|
2020-10-12 14:10:09 +00:00
|
|
|
pub mod objects;
|
2021-10-29 10:32:42 +00:00
|
|
|
pub mod protocol;
|
2020-04-24 14:04:36 +00:00
|
|
|
|
2022-06-02 14:33:41 +00:00
|
|
|
static CONTEXT: Lazy<Vec<serde_json::Value>> = Lazy::new(|| {
|
|
|
|
serde_json::from_str(include_str!("../assets/lemmy/context.json")).expect("parse context")
|
|
|
|
});
|
|
|
|
|
|
|
|
// TODO: store this in context? but its only used in this crate, no need to expose it elsewhere
|
2022-10-27 09:24:07 +00:00
|
|
|
// TODO this singleton needs to be redone to account for live data.
|
2022-06-02 14:33:41 +00:00
|
|
|
fn local_instance(context: &LemmyContext) -> &'static LocalInstance {
|
|
|
|
static LOCAL_INSTANCE: OnceCell<LocalInstance> = OnceCell::new();
|
|
|
|
LOCAL_INSTANCE.get_or_init(|| {
|
2022-10-27 09:24:07 +00:00
|
|
|
let conn = &mut context
|
|
|
|
.pool()
|
|
|
|
.get()
|
|
|
|
.expect("getting connection for LOCAL_INSTANCE init");
|
|
|
|
// Local site may be missing
|
|
|
|
let local_site = &LocalSite::read(conn);
|
|
|
|
let worker_count = local_site
|
|
|
|
.as_ref()
|
|
|
|
.map(|l| l.federation_worker_count)
|
|
|
|
.unwrap_or(64) as u64;
|
|
|
|
let http_fetch_retry_limit = local_site
|
|
|
|
.as_ref()
|
|
|
|
.map(|l| l.federation_http_fetch_retry_limit)
|
|
|
|
.unwrap_or(25);
|
|
|
|
let federation_debug = local_site
|
|
|
|
.as_ref()
|
|
|
|
.map(|l| l.federation_debug)
|
|
|
|
.unwrap_or(true);
|
|
|
|
|
2022-10-03 17:46:42 +00:00
|
|
|
let settings = InstanceSettings::builder()
|
2022-10-27 09:24:07 +00:00
|
|
|
.http_fetch_retry_limit(http_fetch_retry_limit)
|
|
|
|
.worker_count(worker_count)
|
|
|
|
.debug(federation_debug)
|
2022-10-03 17:46:42 +00:00
|
|
|
.http_signature_compat(true)
|
2022-10-28 13:38:22 +00:00
|
|
|
.url_verifier(Box::new(VerifyUrlData(context.clone())))
|
2022-06-02 14:33:41 +00:00
|
|
|
.build()
|
|
|
|
.expect("configure federation");
|
|
|
|
LocalInstance::new(
|
2022-06-22 20:24:54 +00:00
|
|
|
context.settings().hostname.to_owned(),
|
2022-06-02 14:33:41 +00:00
|
|
|
context.client().clone(),
|
|
|
|
settings,
|
|
|
|
)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2022-10-28 13:38:22 +00:00
|
|
|
#[derive(Clone)]
|
|
|
|
struct VerifyUrlData(LemmyContext);
|
|
|
|
|
|
|
|
#[async_trait]
|
|
|
|
impl UrlVerifier for VerifyUrlData {
|
|
|
|
async fn verify(&self, url: &Url) -> Result<(), &'static str> {
|
|
|
|
let local_site_data = blocking(self.0.pool(), fetch_local_site_data)
|
|
|
|
.await
|
|
|
|
.expect("read local site data")
|
|
|
|
.expect("read local site data");
|
|
|
|
check_apub_id_valid(url, &local_site_data, self.0.settings())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-10-19 14:29:35 +00:00
|
|
|
/// Checks if the ID is allowed for sending or receiving.
|
|
|
|
///
|
|
|
|
/// In particular, it checks for:
|
|
|
|
/// - federation being enabled (if its disabled, only local URLs are allowed)
|
|
|
|
/// - the correct scheme (either http or https)
|
|
|
|
/// - URL being in the allowlist (if it is active)
|
|
|
|
/// - URL not being in the blocklist (if it is active)
|
|
|
|
///
|
2021-11-02 13:18:12 +00:00
|
|
|
/// `use_strict_allowlist` should be true only when parsing a remote community, or when parsing a
|
|
|
|
/// post/comment in a local community.
|
2022-10-27 09:24:07 +00:00
|
|
|
#[tracing::instrument(skip(settings, local_site_data))]
|
|
|
|
fn check_apub_id_valid(
|
|
|
|
apub_id: &Url,
|
|
|
|
local_site_data: &LocalSiteData,
|
|
|
|
settings: &Settings,
|
|
|
|
) -> Result<(), &'static str> {
|
2022-06-02 14:33:41 +00:00
|
|
|
let domain = apub_id.domain().expect("apud id has domain").to_string();
|
|
|
|
let local_instance = settings
|
|
|
|
.get_hostname_without_port()
|
|
|
|
.expect("local hostname is valid");
|
|
|
|
if domain == local_instance {
|
|
|
|
return Ok(());
|
2020-08-18 13:12:03 +00:00
|
|
|
}
|
|
|
|
|
2022-10-27 09:24:07 +00:00
|
|
|
if !local_site_data
|
|
|
|
.local_site
|
|
|
|
.as_ref()
|
|
|
|
.map(|l| l.federation_enabled)
|
|
|
|
.unwrap_or(true)
|
|
|
|
{
|
2022-06-02 14:33:41 +00:00
|
|
|
return Err("Federation disabled");
|
2020-10-22 16:12:43 +00:00
|
|
|
}
|
|
|
|
|
2021-09-22 15:57:09 +00:00
|
|
|
if apub_id.scheme() != settings.get_protocol_string() {
|
2022-06-02 14:33:41 +00:00
|
|
|
return Err("Invalid protocol scheme");
|
2020-04-17 17:34:18 +00:00
|
|
|
}
|
|
|
|
|
2022-10-27 09:24:07 +00:00
|
|
|
if let Some(blocked) = local_site_data.blocked_instances.as_ref() {
|
2021-04-21 13:36:07 +00:00
|
|
|
if blocked.contains(&domain) {
|
2022-06-02 14:33:41 +00:00
|
|
|
return Err("Domain is blocked");
|
2021-04-21 13:36:07 +00:00
|
|
|
}
|
|
|
|
}
|
2021-03-01 17:24:11 +00:00
|
|
|
|
2022-10-27 09:24:07 +00:00
|
|
|
if let Some(allowed) = local_site_data.allowed_instances.as_ref() {
|
2022-06-02 14:33:41 +00:00
|
|
|
if !allowed.contains(&domain) {
|
|
|
|
return Err("Domain is not in allowlist");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
|
2022-10-27 09:24:07 +00:00
|
|
|
#[derive(Clone)]
|
|
|
|
pub(crate) struct LocalSiteData {
|
|
|
|
local_site: Option<LocalSite>,
|
|
|
|
allowed_instances: Option<Vec<String>>,
|
|
|
|
blocked_instances: Option<Vec<String>>,
|
|
|
|
}
|
|
|
|
|
|
|
|
pub(crate) fn fetch_local_site_data(
|
|
|
|
conn: &mut PgConnection,
|
|
|
|
) -> Result<LocalSiteData, diesel::result::Error> {
|
|
|
|
// LocalSite may be missing
|
|
|
|
let local_site = LocalSite::read(conn).ok();
|
|
|
|
let allowed = Instance::allowlist(conn)?;
|
|
|
|
let blocked = Instance::blocklist(conn)?;
|
|
|
|
|
|
|
|
// These can return empty vectors, so convert them to options
|
|
|
|
let allowed_instances = (!allowed.is_empty()).then(|| allowed);
|
|
|
|
let blocked_instances = (!blocked.is_empty()).then(|| blocked);
|
|
|
|
|
|
|
|
Ok(LocalSiteData {
|
|
|
|
local_site,
|
|
|
|
allowed_instances,
|
|
|
|
blocked_instances,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
#[tracing::instrument(skip(settings, local_site_data))]
|
2022-06-02 14:33:41 +00:00
|
|
|
pub(crate) fn check_apub_id_valid_with_strictness(
|
|
|
|
apub_id: &Url,
|
|
|
|
is_strict: bool,
|
2022-10-27 09:24:07 +00:00
|
|
|
local_site_data: &LocalSiteData,
|
2022-06-02 14:33:41 +00:00
|
|
|
settings: &Settings,
|
|
|
|
) -> Result<(), LemmyError> {
|
2022-10-27 09:24:07 +00:00
|
|
|
check_apub_id_valid(apub_id, local_site_data, settings).map_err(LemmyError::from_message)?;
|
2022-06-02 14:33:41 +00:00
|
|
|
let domain = apub_id.domain().expect("apud id has domain").to_string();
|
|
|
|
let local_instance = settings
|
|
|
|
.get_hostname_without_port()
|
|
|
|
.expect("local hostname is valid");
|
|
|
|
if domain == local_instance {
|
|
|
|
return Ok(());
|
|
|
|
}
|
|
|
|
|
2022-10-27 09:24:07 +00:00
|
|
|
if let Some(allowed) = local_site_data.allowed_instances.as_ref() {
|
2021-04-21 13:36:07 +00:00
|
|
|
// Only check allowlist if this is a community, or strict allowlist is enabled.
|
2022-10-27 09:24:07 +00:00
|
|
|
let strict_allowlist = local_site_data
|
|
|
|
.local_site
|
|
|
|
.as_ref()
|
|
|
|
.map(|l| l.federation_strict_allowlist)
|
|
|
|
.unwrap_or(true);
|
2022-06-02 14:33:41 +00:00
|
|
|
if is_strict || strict_allowlist {
|
2021-04-21 13:36:07 +00:00
|
|
|
// need to allow this explicitly because apub receive might contain objects from our local
|
|
|
|
// instance.
|
2022-10-27 09:24:07 +00:00
|
|
|
let mut allowed_and_local = allowed.to_owned();
|
|
|
|
allowed_and_local.push(local_instance);
|
2020-07-01 12:54:29 +00:00
|
|
|
|
2022-10-27 09:24:07 +00:00
|
|
|
if !allowed_and_local.contains(&domain) {
|
2022-06-02 14:33:41 +00:00
|
|
|
return Err(LemmyError::from_message(
|
|
|
|
"Federation forbidden by strict allowlist",
|
2022-03-16 20:11:49 +00:00
|
|
|
));
|
2021-04-21 13:36:07 +00:00
|
|
|
}
|
2020-08-13 20:26:49 +00:00
|
|
|
}
|
2020-04-17 17:34:18 +00:00
|
|
|
}
|
2021-04-21 13:36:07 +00:00
|
|
|
Ok(())
|
2020-04-17 17:34:18 +00:00
|
|
|
}
|
2020-04-24 19:55:54 +00:00
|
|
|
|
2021-02-04 16:34:58 +00:00
|
|
|
pub enum EndpointType {
|
|
|
|
Community,
|
2021-03-10 22:33:55 +00:00
|
|
|
Person,
|
2021-02-04 16:34:58 +00:00
|
|
|
Post,
|
|
|
|
Comment,
|
|
|
|
PrivateMessage,
|
|
|
|
}
|
|
|
|
|
2021-07-20 04:29:50 +00:00
|
|
|
/// Generates an apub endpoint for a given domain, IE xyz.tld
|
2021-10-25 16:09:21 +00:00
|
|
|
pub fn generate_local_apub_endpoint(
|
2021-02-04 16:34:58 +00:00
|
|
|
endpoint_type: EndpointType,
|
|
|
|
name: &str,
|
2021-07-20 04:29:50 +00:00
|
|
|
domain: &str,
|
2021-03-02 12:41:48 +00:00
|
|
|
) -> Result<DbUrl, ParseError> {
|
2021-02-04 16:34:58 +00:00
|
|
|
let point = match endpoint_type {
|
|
|
|
EndpointType::Community => "c",
|
2021-03-10 22:33:55 +00:00
|
|
|
EndpointType::Person => "u",
|
2021-02-04 16:34:58 +00:00
|
|
|
EndpointType::Post => "post",
|
|
|
|
EndpointType::Comment => "comment",
|
|
|
|
EndpointType::PrivateMessage => "private_message",
|
|
|
|
};
|
|
|
|
|
2021-07-20 04:29:50 +00:00
|
|
|
Ok(Url::parse(&format!("{}/{}/{}", domain, point, name))?.into())
|
|
|
|
}
|
|
|
|
|
2021-03-02 12:41:48 +00:00
|
|
|
pub fn generate_followers_url(actor_id: &DbUrl) -> Result<DbUrl, ParseError> {
|
2021-02-04 16:34:58 +00:00
|
|
|
Ok(Url::parse(&format!("{}/followers", actor_id))?.into())
|
|
|
|
}
|
|
|
|
|
2021-03-02 12:41:48 +00:00
|
|
|
pub fn generate_inbox_url(actor_id: &DbUrl) -> Result<DbUrl, ParseError> {
|
2021-02-04 16:34:58 +00:00
|
|
|
Ok(Url::parse(&format!("{}/inbox", actor_id))?.into())
|
|
|
|
}
|
|
|
|
|
2022-02-07 19:23:12 +00:00
|
|
|
pub fn generate_site_inbox_url(actor_id: &DbUrl) -> Result<DbUrl, ParseError> {
|
|
|
|
let mut actor_id: Url = actor_id.clone().into();
|
|
|
|
actor_id.set_path("site_inbox");
|
|
|
|
Ok(actor_id.into())
|
|
|
|
}
|
|
|
|
|
2021-03-02 12:41:48 +00:00
|
|
|
pub fn generate_shared_inbox_url(actor_id: &DbUrl) -> Result<DbUrl, LemmyError> {
|
2021-07-31 20:58:11 +00:00
|
|
|
let actor_id: Url = actor_id.clone().into();
|
2021-02-04 16:34:58 +00:00
|
|
|
let url = format!(
|
|
|
|
"{}://{}{}/inbox",
|
|
|
|
&actor_id.scheme(),
|
|
|
|
&actor_id.host_str().context(location_info!())?,
|
|
|
|
if let Some(port) = actor_id.port() {
|
|
|
|
format!(":{}", port)
|
|
|
|
} else {
|
|
|
|
"".to_string()
|
|
|
|
},
|
|
|
|
);
|
|
|
|
Ok(Url::parse(&url)?.into())
|
|
|
|
}
|
|
|
|
|
2021-10-06 20:20:05 +00:00
|
|
|
pub fn generate_outbox_url(actor_id: &DbUrl) -> Result<DbUrl, ParseError> {
|
|
|
|
Ok(Url::parse(&format!("{}/outbox", actor_id))?.into())
|
|
|
|
}
|
|
|
|
|
2021-08-17 18:04:58 +00:00
|
|
|
fn generate_moderators_url(community_id: &DbUrl) -> Result<DbUrl, LemmyError> {
|
2021-03-08 13:40:28 +00:00
|
|
|
Ok(Url::parse(&format!("{}/moderators", community_id))?.into())
|
|
|
|
}
|
|
|
|
|
2020-10-19 14:29:35 +00:00
|
|
|
/// Store a sent or received activity in the database, for logging purposes. These records are not
|
|
|
|
/// persistent.
|
2021-12-06 14:54:47 +00:00
|
|
|
#[tracing::instrument(skip(pool))]
|
2021-11-16 02:07:07 +00:00
|
|
|
async fn insert_activity(
|
2020-10-23 12:29:56 +00:00
|
|
|
ap_id: &Url,
|
2021-11-16 02:07:07 +00:00
|
|
|
activity: serde_json::Value,
|
2020-07-10 18:15:41 +00:00
|
|
|
local: bool,
|
2020-11-06 13:06:47 +00:00
|
|
|
sensitive: bool,
|
2020-07-10 18:15:41 +00:00
|
|
|
pool: &DbPool,
|
2022-03-24 16:05:27 +00:00
|
|
|
) -> Result<bool, LemmyError> {
|
2021-03-02 12:41:48 +00:00
|
|
|
let ap_id = ap_id.to_owned().into();
|
2022-03-24 16:05:27 +00:00
|
|
|
Ok(
|
|
|
|
blocking(pool, move |conn| {
|
2022-10-27 09:24:07 +00:00
|
|
|
Activity::insert(conn, ap_id, activity, local, Some(sensitive))
|
2022-03-24 16:05:27 +00:00
|
|
|
})
|
|
|
|
.await??,
|
|
|
|
)
|
2020-07-10 18:15:41 +00:00
|
|
|
}
|
2022-06-02 14:33:41 +00:00
|
|
|
|
|
|
|
/// Common methods provided by ActivityPub actors (community and person). Not all methods are
|
|
|
|
/// implemented by all actors.
|
2022-06-08 15:45:39 +00:00
|
|
|
pub trait ActorType: Actor + ApubObject {
|
2022-06-02 14:33:41 +00:00
|
|
|
fn actor_id(&self) -> Url;
|
|
|
|
|
|
|
|
fn private_key(&self) -> Option<String>;
|
|
|
|
|
|
|
|
fn get_public_key(&self) -> PublicKey {
|
|
|
|
PublicKey::new_main_key(self.actor_id(), self.public_key().to_string())
|
|
|
|
}
|
|
|
|
}
|