2020-09-24 13:53:21 +00:00
|
|
|
#[macro_use]
|
|
|
|
extern crate lazy_static;
|
|
|
|
|
2020-10-12 14:10:09 +00:00
|
|
|
pub mod activities;
|
2020-08-31 13:48:02 +00:00
|
|
|
pub mod activity_queue;
|
2020-05-05 14:30:13 +00:00
|
|
|
pub mod extensions;
|
2020-04-10 11:37:35 +00:00
|
|
|
pub mod fetcher;
|
2021-07-17 16:20:44 +00:00
|
|
|
pub mod http;
|
2021-08-05 11:00:29 +00:00
|
|
|
pub mod migrations;
|
2020-10-12 14:10:09 +00:00
|
|
|
pub mod objects;
|
2020-04-24 14:04:36 +00:00
|
|
|
|
2021-09-25 15:44:52 +00:00
|
|
|
use crate::{extensions::signatures::PublicKey, fetcher::post_or_comment::PostOrComment};
|
2020-08-11 14:31:05 +00:00
|
|
|
use anyhow::{anyhow, Context};
|
2021-03-25 19:19:40 +00:00
|
|
|
use lemmy_api_common::blocking;
|
2021-09-25 15:44:52 +00:00
|
|
|
use lemmy_db_queries::{source::activity::Activity_, DbPool};
|
2021-03-02 12:41:48 +00:00
|
|
|
use lemmy_db_schema::{
|
2021-09-25 15:44:52 +00:00
|
|
|
source::{activity::Activity, person::Person},
|
2021-03-30 20:23:50 +00:00
|
|
|
CommunityId,
|
2021-03-02 12:41:48 +00:00
|
|
|
DbUrl,
|
2021-01-12 16:12:41 +00:00
|
|
|
};
|
2021-03-30 20:23:50 +00:00
|
|
|
use lemmy_db_views_actor::community_person_ban_view::CommunityPersonBanView;
|
2021-03-01 17:24:11 +00:00
|
|
|
use lemmy_utils::{location_info, settings::structs::Settings, LemmyError};
|
2020-05-16 14:04:08 +00:00
|
|
|
use serde::Serialize;
|
2020-10-22 16:12:43 +00:00
|
|
|
use std::net::IpAddr;
|
2020-07-17 21:11:07 +00:00
|
|
|
use url::{ParseError, Url};
|
2020-04-24 14:04:36 +00:00
|
|
|
|
2021-08-17 18:04:58 +00:00
|
|
|
static APUB_JSON_CONTENT_TYPE: &str = "application/activity+json";
|
2020-04-07 15:29:23 +00:00
|
|
|
|
2020-10-19 14:29:35 +00:00
|
|
|
/// Checks if the ID is allowed for sending or receiving.
|
|
|
|
///
|
|
|
|
/// In particular, it checks for:
|
|
|
|
/// - federation being enabled (if its disabled, only local URLs are allowed)
|
|
|
|
/// - the correct scheme (either http or https)
|
|
|
|
/// - URL being in the allowlist (if it is active)
|
|
|
|
/// - URL not being in the blocklist (if it is active)
|
|
|
|
///
|
2021-08-12 12:48:09 +00:00
|
|
|
pub(crate) fn check_is_apub_id_valid(
|
|
|
|
apub_id: &Url,
|
|
|
|
use_strict_allowlist: bool,
|
|
|
|
) -> Result<(), LemmyError> {
|
2020-08-18 13:12:03 +00:00
|
|
|
let settings = Settings::get();
|
|
|
|
let domain = apub_id.domain().context(location_info!())?.to_string();
|
2021-01-15 01:18:18 +00:00
|
|
|
let local_instance = settings.get_hostname_without_port()?;
|
2020-08-18 13:12:03 +00:00
|
|
|
|
2021-08-04 21:13:51 +00:00
|
|
|
if !settings.federation.enabled {
|
2020-08-18 13:12:03 +00:00
|
|
|
return if domain == local_instance {
|
|
|
|
Ok(())
|
|
|
|
} else {
|
|
|
|
Err(
|
|
|
|
anyhow!(
|
|
|
|
"Trying to connect with {}, but federation is disabled",
|
|
|
|
domain
|
|
|
|
)
|
|
|
|
.into(),
|
|
|
|
)
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
2020-10-22 16:12:43 +00:00
|
|
|
let host = apub_id.host_str().context(location_info!())?;
|
|
|
|
let host_as_ip = host.parse::<IpAddr>();
|
|
|
|
if host == "localhost" || host_as_ip.is_ok() {
|
2021-02-05 16:15:29 +00:00
|
|
|
return Err(anyhow!("invalid hostname {}: {}", host, apub_id).into());
|
2020-10-22 16:12:43 +00:00
|
|
|
}
|
|
|
|
|
2020-09-25 15:33:00 +00:00
|
|
|
if apub_id.scheme() != Settings::get().get_protocol_string() {
|
2021-02-05 16:15:29 +00:00
|
|
|
return Err(anyhow!("invalid apub id scheme {}: {}", apub_id.scheme(), apub_id).into());
|
2020-04-17 17:34:18 +00:00
|
|
|
}
|
|
|
|
|
2021-04-21 13:36:07 +00:00
|
|
|
// TODO: might be good to put the part above in one method, and below in another
|
|
|
|
// (which only gets called in apub::objects)
|
|
|
|
// -> no that doesnt make sense, we still need the code below for blocklist and strict allowlist
|
2021-08-04 21:13:51 +00:00
|
|
|
if let Some(blocked) = Settings::get().federation.blocked_instances {
|
2021-04-21 13:36:07 +00:00
|
|
|
if blocked.contains(&domain) {
|
|
|
|
return Err(anyhow!("{} is in federation blocklist", domain).into());
|
|
|
|
}
|
|
|
|
}
|
2021-03-01 17:24:11 +00:00
|
|
|
|
2021-08-04 21:13:51 +00:00
|
|
|
if let Some(mut allowed) = Settings::get().federation.allowed_instances {
|
2021-04-21 13:36:07 +00:00
|
|
|
// Only check allowlist if this is a community, or strict allowlist is enabled.
|
2021-08-04 21:13:51 +00:00
|
|
|
let strict_allowlist = Settings::get().federation.strict_allowlist;
|
2021-04-21 13:36:07 +00:00
|
|
|
if use_strict_allowlist || strict_allowlist {
|
|
|
|
// need to allow this explicitly because apub receive might contain objects from our local
|
|
|
|
// instance.
|
|
|
|
allowed.push(local_instance);
|
2020-07-01 12:54:29 +00:00
|
|
|
|
2021-04-21 13:36:07 +00:00
|
|
|
if !allowed.contains(&domain) {
|
|
|
|
return Err(anyhow!("{} not in federation allowlist", domain).into());
|
|
|
|
}
|
2020-08-13 20:26:49 +00:00
|
|
|
}
|
2020-04-17 17:34:18 +00:00
|
|
|
}
|
2021-04-21 13:36:07 +00:00
|
|
|
|
|
|
|
Ok(())
|
2020-04-17 17:34:18 +00:00
|
|
|
}
|
2020-04-24 19:55:54 +00:00
|
|
|
|
2021-03-10 22:33:55 +00:00
|
|
|
/// Common methods provided by ActivityPub actors (community and person). Not all methods are
|
2020-10-19 14:29:35 +00:00
|
|
|
/// implemented by all actors.
|
2021-08-17 18:04:58 +00:00
|
|
|
trait ActorType {
|
2021-02-04 16:34:58 +00:00
|
|
|
fn is_local(&self) -> bool;
|
2021-01-27 16:42:23 +00:00
|
|
|
fn actor_id(&self) -> Url;
|
Apub inbox rewrite (#1652)
* start to implement apub inbox routing lib
* got something that almost works
* it compiles!
* implemented some more
* move library code to separate crate (most of it)
* convert private message handlers
* convert all comment receivers (except undo comment)
* convert post receiver
* add verify trait
* convert community receivers
* add cc field for all activities which i forgot before
* convert inbox functions, add missing checks
* convert undo like/dislike receivers
* convert undo_delete and undo_remove receivers
* move block/unblock activities
* convert remaining activity receivers
* reimplement http signature verification and other checks
* also use actor type for routing, VerifyActivity and SendActivity traits
* cleanup and restructure apub_receive code
* wip: try to fix activity routing
* implement a (very bad) derive macro for activityhandler
* working activity routing!
* rework pm verify(), fix tests and confirm manually
also remove inbox username check which was broken
* rework following verify(), fix tests and test manually
* fix post/comment create/update, rework voting
* Rewrite remove/delete post/comment, fix tests, test manually
* Rework and fix (un)block user, announce, update post
* some code cleanup
* rework delete/remove activity receivers (still quite messy)
* rewrite, test and fix add/remove mod, update community handlers
* add docs for ActivityHandler derive macro
* dont try to compile macro comments
2021-07-17 16:08:46 +00:00
|
|
|
fn name(&self) -> String;
|
2020-04-24 19:55:54 +00:00
|
|
|
|
2020-08-11 14:31:05 +00:00
|
|
|
// TODO: every actor should have a public key, so this shouldnt be an option (needs to be fixed in db)
|
|
|
|
fn public_key(&self) -> Option<String>;
|
|
|
|
fn private_key(&self) -> Option<String>;
|
2020-04-25 02:34:51 +00:00
|
|
|
|
2021-02-04 16:34:58 +00:00
|
|
|
fn get_shared_inbox_or_inbox_url(&self) -> Url;
|
2020-04-24 19:55:54 +00:00
|
|
|
|
2021-02-04 16:34:58 +00:00
|
|
|
/// Outbox URL is not generally used by Lemmy, so it can be generated on the fly (but only for
|
|
|
|
/// local actors).
|
|
|
|
fn get_outbox_url(&self) -> Result<Url, LemmyError> {
|
2021-04-13 11:48:30 +00:00
|
|
|
/* TODO
|
2021-02-04 16:34:58 +00:00
|
|
|
if !self.is_local() {
|
|
|
|
return Err(anyhow!("get_outbox_url() called for remote actor").into());
|
|
|
|
}
|
2021-04-13 11:48:30 +00:00
|
|
|
*/
|
2021-02-04 16:34:58 +00:00
|
|
|
Ok(Url::parse(&format!("{}/outbox", &self.actor_id()))?)
|
2020-04-24 19:55:54 +00:00
|
|
|
}
|
2020-04-26 17:20:42 +00:00
|
|
|
|
2021-08-12 12:48:09 +00:00
|
|
|
fn get_public_key(&self) -> Result<PublicKey, LemmyError> {
|
|
|
|
Ok(PublicKey {
|
|
|
|
id: format!("{}#main-key", self.actor_id()),
|
|
|
|
owner: self.actor_id(),
|
|
|
|
public_key_pem: self.public_key().context(location_info!())?,
|
|
|
|
})
|
2020-04-25 02:34:51 +00:00
|
|
|
}
|
2020-04-24 19:55:54 +00:00
|
|
|
}
|
2020-05-15 16:36:11 +00:00
|
|
|
|
2021-03-17 17:12:37 +00:00
|
|
|
#[async_trait::async_trait(?Send)]
|
|
|
|
pub trait CommunityType {
|
2021-04-09 15:01:26 +00:00
|
|
|
fn followers_url(&self) -> Url;
|
2021-03-17 17:12:37 +00:00
|
|
|
async fn get_follower_inboxes(&self, pool: &DbPool) -> Result<Vec<Url>, LemmyError>;
|
|
|
|
}
|
|
|
|
|
2021-02-04 16:34:58 +00:00
|
|
|
pub enum EndpointType {
|
|
|
|
Community,
|
2021-03-10 22:33:55 +00:00
|
|
|
Person,
|
2021-02-04 16:34:58 +00:00
|
|
|
Post,
|
|
|
|
Comment,
|
|
|
|
PrivateMessage,
|
|
|
|
}
|
|
|
|
|
2021-07-20 04:29:50 +00:00
|
|
|
/// Generates an apub endpoint for a given domain, IE xyz.tld
|
2021-08-17 18:04:58 +00:00
|
|
|
fn generate_apub_endpoint_for_domain(
|
2021-02-04 16:34:58 +00:00
|
|
|
endpoint_type: EndpointType,
|
|
|
|
name: &str,
|
2021-07-20 04:29:50 +00:00
|
|
|
domain: &str,
|
2021-03-02 12:41:48 +00:00
|
|
|
) -> Result<DbUrl, ParseError> {
|
2021-02-04 16:34:58 +00:00
|
|
|
let point = match endpoint_type {
|
|
|
|
EndpointType::Community => "c",
|
2021-03-10 22:33:55 +00:00
|
|
|
EndpointType::Person => "u",
|
2021-02-04 16:34:58 +00:00
|
|
|
EndpointType::Post => "post",
|
|
|
|
EndpointType::Comment => "comment",
|
|
|
|
EndpointType::PrivateMessage => "private_message",
|
|
|
|
};
|
|
|
|
|
2021-07-20 04:29:50 +00:00
|
|
|
Ok(Url::parse(&format!("{}/{}/{}", domain, point, name))?.into())
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Generates the ActivityPub ID for a given object type and ID.
|
|
|
|
pub fn generate_apub_endpoint(
|
|
|
|
endpoint_type: EndpointType,
|
|
|
|
name: &str,
|
|
|
|
) -> Result<DbUrl, ParseError> {
|
|
|
|
generate_apub_endpoint_for_domain(
|
|
|
|
endpoint_type,
|
|
|
|
name,
|
|
|
|
&Settings::get().get_protocol_and_hostname(),
|
2021-02-04 16:34:58 +00:00
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2021-03-02 12:41:48 +00:00
|
|
|
pub fn generate_followers_url(actor_id: &DbUrl) -> Result<DbUrl, ParseError> {
|
2021-02-04 16:34:58 +00:00
|
|
|
Ok(Url::parse(&format!("{}/followers", actor_id))?.into())
|
|
|
|
}
|
|
|
|
|
2021-03-02 12:41:48 +00:00
|
|
|
pub fn generate_inbox_url(actor_id: &DbUrl) -> Result<DbUrl, ParseError> {
|
2021-02-04 16:34:58 +00:00
|
|
|
Ok(Url::parse(&format!("{}/inbox", actor_id))?.into())
|
|
|
|
}
|
|
|
|
|
2021-03-02 12:41:48 +00:00
|
|
|
pub fn generate_shared_inbox_url(actor_id: &DbUrl) -> Result<DbUrl, LemmyError> {
|
2021-07-31 20:58:11 +00:00
|
|
|
let actor_id: Url = actor_id.clone().into();
|
2021-02-04 16:34:58 +00:00
|
|
|
let url = format!(
|
|
|
|
"{}://{}{}/inbox",
|
|
|
|
&actor_id.scheme(),
|
|
|
|
&actor_id.host_str().context(location_info!())?,
|
|
|
|
if let Some(port) = actor_id.port() {
|
|
|
|
format!(":{}", port)
|
|
|
|
} else {
|
|
|
|
"".to_string()
|
|
|
|
},
|
|
|
|
);
|
|
|
|
Ok(Url::parse(&url)?.into())
|
|
|
|
}
|
|
|
|
|
2021-08-17 18:04:58 +00:00
|
|
|
fn generate_moderators_url(community_id: &DbUrl) -> Result<DbUrl, LemmyError> {
|
2021-03-08 13:40:28 +00:00
|
|
|
Ok(Url::parse(&format!("{}/moderators", community_id))?.into())
|
|
|
|
}
|
|
|
|
|
2021-07-20 04:29:50 +00:00
|
|
|
/// Takes in a shortname of the type dessalines@xyz.tld or dessalines (assumed to be local), and outputs the actor id.
|
|
|
|
/// Used in the API for communities and users.
|
|
|
|
pub fn build_actor_id_from_shortname(
|
|
|
|
endpoint_type: EndpointType,
|
|
|
|
short_name: &str,
|
|
|
|
) -> Result<DbUrl, ParseError> {
|
|
|
|
let split = short_name.split('@').collect::<Vec<&str>>();
|
|
|
|
|
|
|
|
let name = split[0];
|
|
|
|
|
|
|
|
// If there's no @, its local
|
|
|
|
let domain = if split.len() == 1 {
|
|
|
|
Settings::get().get_protocol_and_hostname()
|
|
|
|
} else {
|
2021-07-20 16:55:04 +00:00
|
|
|
format!("{}://{}", Settings::get().get_protocol_string(), split[1])
|
2021-07-20 04:29:50 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
generate_apub_endpoint_for_domain(endpoint_type, name, &domain)
|
|
|
|
}
|
|
|
|
|
2020-10-19 14:29:35 +00:00
|
|
|
/// Store a sent or received activity in the database, for logging purposes. These records are not
|
|
|
|
/// persistent.
|
2021-08-17 18:04:58 +00:00
|
|
|
async fn insert_activity<T>(
|
2020-10-23 12:29:56 +00:00
|
|
|
ap_id: &Url,
|
|
|
|
activity: T,
|
2020-07-10 18:15:41 +00:00
|
|
|
local: bool,
|
2020-11-06 13:06:47 +00:00
|
|
|
sensitive: bool,
|
2020-07-10 18:15:41 +00:00
|
|
|
pool: &DbPool,
|
|
|
|
) -> Result<(), LemmyError>
|
|
|
|
where
|
2020-08-01 14:04:42 +00:00
|
|
|
T: Serialize + std::fmt::Debug + Send + 'static,
|
2020-07-10 18:15:41 +00:00
|
|
|
{
|
2021-03-02 12:41:48 +00:00
|
|
|
let ap_id = ap_id.to_owned().into();
|
2020-07-10 18:15:41 +00:00
|
|
|
blocking(pool, move |conn| {
|
2020-11-06 13:06:47 +00:00
|
|
|
Activity::insert(conn, ap_id, &activity, local, sensitive)
|
2020-07-10 18:15:41 +00:00
|
|
|
})
|
|
|
|
.await??;
|
|
|
|
Ok(())
|
|
|
|
}
|
2021-01-12 16:12:41 +00:00
|
|
|
|
2021-08-17 18:04:58 +00:00
|
|
|
async fn check_community_or_site_ban(
|
2021-03-30 20:23:50 +00:00
|
|
|
person: &Person,
|
|
|
|
community_id: CommunityId,
|
|
|
|
pool: &DbPool,
|
|
|
|
) -> Result<(), LemmyError> {
|
|
|
|
if person.banned {
|
|
|
|
return Err(anyhow!("Person is banned from site").into());
|
|
|
|
}
|
|
|
|
let person_id = person.id;
|
|
|
|
let is_banned =
|
|
|
|
move |conn: &'_ _| CommunityPersonBanView::get(conn, person_id, community_id).is_ok();
|
|
|
|
if blocking(pool, is_banned).await? {
|
|
|
|
return Err(anyhow!("Person is banned from community").into());
|
|
|
|
}
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
}
|