Merge pull request #1891 from LemmyNet/remove-apub-accept-guard

Remove header guard for activitypub routes
This commit is contained in:
Dessalines 2021-11-10 09:38:50 -05:00 committed by GitHub
commit 8a108bccae
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 56 additions and 54 deletions

View file

@ -12,30 +12,16 @@ use crate::http::{
post::get_apub_post, post::get_apub_post,
shared_inbox, shared_inbox,
}; };
use actix_web::*; use actix_web::{dev::RequestHead, guard::Guard, http::Method, *};
use http_signature_normalization_actix::digest::middleware::VerifyDigest; use http_signature_normalization_actix::digest::middleware::VerifyDigest;
use lemmy_apub_lib::APUB_JSON_CONTENT_TYPE;
use lemmy_utils::settings::structs::Settings; use lemmy_utils::settings::structs::Settings;
use sha2::{Digest, Sha256}; use sha2::{Digest, Sha256};
static APUB_JSON_CONTENT_TYPE_LONG: &str =
"application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"";
pub fn config(cfg: &mut web::ServiceConfig, settings: &Settings) { pub fn config(cfg: &mut web::ServiceConfig, settings: &Settings) {
if settings.federation.enabled { if settings.federation.enabled {
println!("federation enabled, host is {}", settings.hostname); println!("federation enabled, host is {}", settings.hostname);
let digest_verifier = VerifyDigest::new(Sha256::new());
let header_guard_accept = guard::Any(guard::Header("Accept", APUB_JSON_CONTENT_TYPE))
.or(guard::Header("Accept", APUB_JSON_CONTENT_TYPE_LONG));
let header_guard_content_type =
guard::Any(guard::Header("Content-Type", APUB_JSON_CONTENT_TYPE))
.or(guard::Header("Content-Type", APUB_JSON_CONTENT_TYPE_LONG));
cfg cfg
.service(
web::scope("")
.guard(header_guard_accept)
.route( .route(
"/c/{community_name}", "/c/{community_name}",
web::get().to(get_apub_community_http), web::get().to(get_apub_community_http),
@ -59,16 +45,32 @@ pub fn config(cfg: &mut web::ServiceConfig, settings: &Settings) {
) )
.route("/post/{post_id}", web::get().to(get_apub_post)) .route("/post/{post_id}", web::get().to(get_apub_post))
.route("/comment/{comment_id}", web::get().to(get_apub_comment)) .route("/comment/{comment_id}", web::get().to(get_apub_comment))
.route("/activities/{type_}/{id}", web::get().to(get_activity)), .route("/activities/{type_}/{id}", web::get().to(get_activity));
)
// Inboxes dont work with the header guard for some reason. cfg.service(
.service(
web::scope("") web::scope("")
.wrap(digest_verifier) .wrap(VerifyDigest::new(Sha256::new()))
.guard(header_guard_content_type) .guard(InboxRequestGuard)
.route("/c/{community_name}/inbox", web::post().to(community_inbox)) .route("/c/{community_name}/inbox", web::post().to(community_inbox))
.route("/u/{user_name}/inbox", web::post().to(person_inbox)) .route("/u/{user_name}/inbox", web::post().to(person_inbox))
.route("/inbox", web::post().to(shared_inbox)), .route("/inbox", web::post().to(shared_inbox)),
); );
} }
} }
/// Without this, things like webfinger or RSS feeds stop working, as all requests seem to get
/// routed into the inbox service (because it covers the root path). So we filter out anything that
/// definitely can't be an inbox request (based on Accept header and request method).
struct InboxRequestGuard;
impl Guard for InboxRequestGuard {
fn check(&self, request: &RequestHead) -> bool {
if request.method != Method::POST {
return false;
}
if let Some(val) = request.headers.get("Content-Type") {
return val.to_str().unwrap().starts_with("application/");
}
false
}
}

View file

@ -1,9 +1,9 @@
use actix_web::{error::ErrorBadRequest, web::Query, *}; use actix_web::{web, web::Query, HttpResponse};
use anyhow::anyhow; use anyhow::anyhow;
use lemmy_api_common::blocking; use lemmy_api_common::blocking;
use lemmy_apub_lib::webfinger::{WebfingerLink, WebfingerResponse}; use lemmy_apub_lib::webfinger::{WebfingerLink, WebfingerResponse};
use lemmy_db_schema::source::{community::Community, person::Person}; use lemmy_db_schema::source::{community::Community, person::Person};
use lemmy_utils::{settings::structs::Settings, LemmyError}; use lemmy_utils::{settings::structs::Settings, ApiError, LemmyError};
use lemmy_websocket::LemmyContext; use lemmy_websocket::LemmyContext;
use serde::Deserialize; use serde::Deserialize;
@ -30,7 +30,7 @@ pub fn config(cfg: &mut web::ServiceConfig, settings: &Settings) {
async fn get_webfinger_response( async fn get_webfinger_response(
info: Query<Params>, info: Query<Params>,
context: web::Data<LemmyContext>, context: web::Data<LemmyContext>,
) -> Result<HttpResponse, Error> { ) -> Result<HttpResponse, LemmyError> {
let community_regex_parsed = context let community_regex_parsed = context
.settings() .settings()
.webfinger_community_regex() .webfinger_community_regex()
@ -52,7 +52,7 @@ async fn get_webfinger_response(
Community::read_from_name(conn, &community_name) Community::read_from_name(conn, &community_name)
}) })
.await? .await?
.map_err(|_| ErrorBadRequest(LemmyError::from(anyhow!("not_found"))))? .map_err(|e| ApiError::err("not_found", e))?
.actor_id .actor_id
} else if let Some(person_name) = username_regex_parsed { } else if let Some(person_name) = username_regex_parsed {
let person_name = person_name.as_str().to_owned(); let person_name = person_name.as_str().to_owned();
@ -61,10 +61,10 @@ async fn get_webfinger_response(
Person::find_by_name(conn, &person_name) Person::find_by_name(conn, &person_name)
}) })
.await? .await?
.map_err(|_| ErrorBadRequest(LemmyError::from(anyhow!("not_found"))))? .map_err(|e| ApiError::err("not_found", e))?
.actor_id .actor_id
} else { } else {
return Err(ErrorBadRequest(LemmyError::from(anyhow!("not_found")))); return Err(LemmyError::from(anyhow!("not_found")));
}; };
let json = WebfingerResponse { let json = WebfingerResponse {