Fix missing private key for signed fetch (#4516)

* Fix missing private key for signed fetch (fixes #4451)

* clippy

* instance actor name and webfinger

* better webfinger handling

* upgrade lib

* update test asset
This commit is contained in:
Nutomic 2024-03-08 16:23:15 +01:00 committed by GitHub
parent 00f7778485
commit 5859502a2a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 55 additions and 43 deletions

6
Cargo.lock generated
View file

@ -16,9 +16,9 @@ checksum = "8f27d075294830fcab6f66e320dab524bc6d048f4a151698e153205559113772"
[[package]] [[package]]
name = "activitypub_federation" name = "activitypub_federation"
version = "0.5.1" version = "0.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "eee115a53849bbcac6c953495b5f9322b56680c0a1bdef6813183f0453f9ee3c" checksum = "a028034c642d3ed16b535f98f48b3df30397833c183d68852d79de16650d5ed5"
dependencies = [ dependencies = [
"activitystreams-kinds", "activitystreams-kinds",
"actix-web", "actix-web",
@ -2577,7 +2577,6 @@ version = "0.19.3"
dependencies = [ dependencies = [
"activitypub_federation", "activitypub_federation",
"actix-web", "actix-web",
"anyhow",
"chrono", "chrono",
"encoding", "encoding",
"enum-map", "enum-map",
@ -2599,7 +2598,6 @@ dependencies = [
"serde", "serde",
"serde_with", "serde_with",
"serial_test", "serial_test",
"task-local-extensions",
"tokio", "tokio",
"tracing", "tracing",
"ts-rs", "ts-rs",

View file

@ -96,7 +96,7 @@ lemmy_routes = { version = "=0.19.3", path = "./crates/routes" }
lemmy_db_views = { version = "=0.19.3", path = "./crates/db_views" } lemmy_db_views = { version = "=0.19.3", path = "./crates/db_views" }
lemmy_db_views_actor = { version = "=0.19.3", path = "./crates/db_views_actor" } lemmy_db_views_actor = { version = "=0.19.3", path = "./crates/db_views_actor" }
lemmy_db_views_moderator = { version = "=0.19.3", path = "./crates/db_views_moderator" } lemmy_db_views_moderator = { version = "=0.19.3", path = "./crates/db_views_moderator" }
activitypub_federation = { version = "0.5.1", default-features = false, features = [ activitypub_federation = { version = "0.5.2", default-features = false, features = [
"actix-web", "actix-web",
] } ] }
diesel = "2.1.4" diesel = "2.1.4"

View file

@ -2,6 +2,7 @@
"type": "Application", "type": "Application",
"id": "https://enterprise.lemmy.ml/", "id": "https://enterprise.lemmy.ml/",
"name": "Enterprise", "name": "Enterprise",
"preferredUsername": "enterprise.lemmy.ml",
"summary": "A test instance", "summary": "A test instance",
"content": "<p>Enterprise sidebar</p>\\n", "content": "<p>Enterprise sidebar</p>\\n",
"mediaType": "text/html", "mediaType": "text/html",

View file

@ -96,6 +96,7 @@ impl Object for ApubSite {
kind: ApplicationType::Application, kind: ApplicationType::Application,
id: self.id().into(), id: self.id().into(),
name: self.name.clone(), name: self.name.clone(),
preferred_username: data.domain().to_string(),
content: self.sidebar.as_ref().map(|d| markdown_to_html(d)), content: self.sidebar.as_ref().map(|d| markdown_to_html(d)),
source: self.sidebar.clone().map(Source::new), source: self.sidebar.clone().map(Source::new),
summary: self.description.clone(), summary: self.description.clone(),

View file

@ -19,8 +19,10 @@ pub struct Instance {
#[serde(rename = "type")] #[serde(rename = "type")]
pub(crate) kind: ApplicationType, pub(crate) kind: ApplicationType,
pub(crate) id: ObjectId<ApubSite>, pub(crate) id: ObjectId<ApubSite>,
// site name /// site name
pub(crate) name: String, pub(crate) name: String,
/// instance domain, necessary for mastodon authorized fetch
pub(crate) preferred_username: String,
pub(crate) inbox: Url, pub(crate) inbox: Url,
/// mandatory field in activitypub, lemmy currently serves an empty outbox /// mandatory field in activitypub, lemmy currently serves an empty outbox
pub(crate) outbox: Url, pub(crate) outbox: Url,

View file

@ -34,7 +34,9 @@ pub struct Site {
pub last_refreshed_at: DateTime<Utc>, pub last_refreshed_at: DateTime<Utc>,
/// The site inbox /// The site inbox
pub inbox_url: DbUrl, pub inbox_url: DbUrl,
#[serde(skip)]
pub private_key: Option<String>, pub private_key: Option<String>,
#[serde(skip)]
pub public_key: String, pub public_key: String,
pub instance_id: InstanceId, pub instance_id: InstanceId,
/// If present, nsfw content is visible by default. Should be displayed by frontends/clients /// If present, nsfw content is visible by default. Should be displayed by frontends/clients

View file

@ -9,7 +9,7 @@ use lemmy_db_schema::{
impl SiteView { impl SiteView {
pub async fn read_local(pool: &mut DbPool<'_>) -> Result<Self, Error> { pub async fn read_local(pool: &mut DbPool<'_>) -> Result<Self, Error> {
let conn = &mut get_conn(pool).await?; let conn = &mut get_conn(pool).await?;
let mut res = site::table site::table
.inner_join(local_site::table) .inner_join(local_site::table)
.inner_join( .inner_join(
local_site_rate_limit::table.on(local_site::id.eq(local_site_rate_limit::local_site_id)), local_site_rate_limit::table.on(local_site::id.eq(local_site_rate_limit::local_site_id)),
@ -22,9 +22,6 @@ impl SiteView {
site_aggregates::all_columns, site_aggregates::all_columns,
)) ))
.first::<SiteView>(conn) .first::<SiteView>(conn)
.await?; .await
res.site.private_key = None;
Ok(res)
} }
} }

View file

@ -38,43 +38,54 @@ async fn get_webfinger_response(
) -> Result<HttpResponse, LemmyError> { ) -> Result<HttpResponse, LemmyError> {
let name = extract_webfinger_name(&info.resource, &context)?; let name = extract_webfinger_name(&info.resource, &context)?;
let user_id: Option<Url> = Person::read_from_name(&mut context.pool(), name, false) let links = if name == context.settings().hostname {
.await // webfinger response for instance actor (required for mastodon authorized fetch)
.ok() let url = Url::parse(&context.settings().get_protocol_and_hostname())?;
.map(|c| c.actor_id.into()); vec![webfinger_link_for_actor(Some(url), "none", &context)]
let community_id: Option<Url> = Community::read_from_name(&mut context.pool(), name, false) } else {
.await // webfinger response for user/community
.ok() let user_id: Option<Url> = Person::read_from_name(&mut context.pool(), name, false)
.and_then(|c| { .await
if c.visibility == CommunityVisibility::Public { .ok()
let id: Url = c.actor_id.into(); .map(|c| c.actor_id.into());
Some(id) let community_id: Option<Url> = Community::read_from_name(&mut context.pool(), name, false)
} else { .await
None .ok()
} .and_then(|c| {
}); if c.visibility == CommunityVisibility::Public {
let id: Url = c.actor_id.into();
Some(id)
} else {
None
}
});
// Mastodon seems to prioritize the last webfinger item in case of duplicates. Put // Mastodon seems to prioritize the last webfinger item in case of duplicates. Put
// community last so that it gets prioritized. For Lemmy the order doesnt matter. // community last so that it gets prioritized. For Lemmy the order doesnt matter.
let links = vec![ vec![
webfinger_link_for_actor(user_id, "Person", &context), webfinger_link_for_actor(user_id, "Person", &context),
webfinger_link_for_actor(community_id, "Group", &context), webfinger_link_for_actor(community_id, "Group", &context),
] ]
}
.into_iter() .into_iter()
.flatten() .flatten()
.collect(); .collect::<Vec<_>>();
let json = Webfinger { if links.is_empty() {
subject: info.resource.clone(), Ok(HttpResponse::NotFound().finish())
links, } else {
..Default::default() let json = Webfinger {
}; subject: info.resource.clone(),
links,
..Default::default()
};
Ok( Ok(
HttpResponse::Ok() HttpResponse::Ok()
.content_type(&WEBFINGER_CONTENT_TYPE) .content_type(&WEBFINGER_CONTENT_TYPE)
.json(json), .json(json),
) )
}
} }
fn webfinger_link_for_actor( fn webfinger_link_for_actor(