From 8c85f35b19ce3645826d192d6c8286a75ef2fb0d Mon Sep 17 00:00:00 2001 From: Nutomic Date: Mon, 6 Nov 2023 22:02:01 +0100 Subject: [PATCH] Support signed fetch for federation (fixes #868) (#4125) * Support signed fetch for federation (fixes #868) * taplo --- crates/api_crud/src/site/create.rs | 18 +----------------- crates/api_crud/src/site/update.rs | 19 +------------------ crates/db_schema/src/lib.rs | 5 ++++- crates/db_schema/src/schema.rs | 1 + crates/db_schema/src/source/local_site.rs | 7 ++++++- .../down.sql | 3 +++ .../up.sql | 3 +++ src/lib.rs | 13 +++++++++---- 8 files changed, 28 insertions(+), 41 deletions(-) create mode 100644 migrations/2023-11-02-120140_apub-signed-fetch/down.sql create mode 100644 migrations/2023-11-02-120140_apub-signed-fetch/up.sql diff --git a/crates/api_crud/src/site/create.rs b/crates/api_crud/src/site/create.rs index 1449f4844a..ec3dbab579 100644 --- a/crates/api_crud/src/site/create.rs +++ b/crates/api_crud/src/site/create.rs @@ -492,29 +492,13 @@ mod tests { site_registration_mode: RegistrationMode, ) -> LocalSite { LocalSite { - id: Default::default(), - site_id: Default::default(), site_setup, - enable_downvotes: false, - enable_nsfw: false, - community_creation_admin_only: false, - require_email_verification: false, application_question: site_application_question, private_instance: site_is_private, - default_theme: String::new(), - default_post_listing_type: ListingType::All, - legal_information: None, - hide_modlog_mod_names: false, - application_email_admins: false, slur_filter_regex: site_slur_filter_regex, - actor_name_max_length: 0, federation_enabled: site_is_federated, - captcha_enabled: false, - captcha_difficulty: String::new(), - published: Default::default(), - updated: None, registration_mode: site_registration_mode, - reports_email_admins: false, + ..Default::default() } } diff --git a/crates/api_crud/src/site/update.rs b/crates/api_crud/src/site/update.rs index b9d8f6a7fa..62db5bb835 100644 --- a/crates/api_crud/src/site/update.rs +++ b/crates/api_crud/src/site/update.rs @@ -491,29 +491,12 @@ mod tests { site_registration_mode: RegistrationMode, ) -> LocalSite { LocalSite { - id: Default::default(), - site_id: Default::default(), - site_setup: true, - enable_downvotes: false, - enable_nsfw: false, - community_creation_admin_only: false, - require_email_verification: false, application_question: site_application_question, private_instance: site_is_private, - default_theme: String::new(), - default_post_listing_type: ListingType::All, - legal_information: None, - hide_modlog_mod_names: false, - application_email_admins: false, slur_filter_regex: site_slur_filter_regex, - actor_name_max_length: 0, federation_enabled: site_is_federated, - captcha_enabled: false, - captcha_difficulty: String::new(), - published: Default::default(), - updated: None, registration_mode: site_registration_mode, - reports_email_admins: false, + ..Default::default() } } diff --git a/crates/db_schema/src/lib.rs b/crates/db_schema/src/lib.rs index 1aa0e4e882..8d5ad8d79a 100644 --- a/crates/db_schema/src/lib.rs +++ b/crates/db_schema/src/lib.rs @@ -114,7 +114,9 @@ pub enum ListingType { ModeratorView, } -#[derive(EnumString, Display, Debug, Serialize, Deserialize, Clone, Copy, PartialEq, Eq)] +#[derive( + EnumString, Display, Debug, Serialize, Deserialize, Clone, Copy, PartialEq, Eq, Default, +)] #[cfg_attr(feature = "full", derive(DbEnum, TS))] #[cfg_attr( feature = "full", @@ -129,6 +131,7 @@ pub enum RegistrationMode { /// Open, but pending approval of a registration application. RequireApplication, /// Open to all. + #[default] Open, } diff --git a/crates/db_schema/src/schema.rs b/crates/db_schema/src/schema.rs index 440cb09faf..0d9e9401a8 100644 --- a/crates/db_schema/src/schema.rs +++ b/crates/db_schema/src/schema.rs @@ -385,6 +385,7 @@ diesel::table! { updated -> Nullable, registration_mode -> RegistrationModeEnum, reports_email_admins -> Bool, + federation_signed_fetch -> Bool, } } diff --git a/crates/db_schema/src/source/local_site.rs b/crates/db_schema/src/source/local_site.rs index e5945e86fd..9187c6a09e 100644 --- a/crates/db_schema/src/source/local_site.rs +++ b/crates/db_schema/src/source/local_site.rs @@ -13,7 +13,7 @@ use ts_rs::TS; use typed_builder::TypedBuilder; #[skip_serializing_none] -#[derive(PartialEq, Eq, Debug, Clone, Serialize, Deserialize)] +#[derive(PartialEq, Eq, Debug, Clone, Serialize, Deserialize, Default)] #[cfg_attr(feature = "full", derive(Queryable, Identifiable, TS))] #[cfg_attr(feature = "full", diesel(table_name = local_site))] #[cfg_attr(feature = "full", diesel(belongs_to(crate::source::site::Site)))] @@ -60,6 +60,9 @@ pub struct LocalSite { pub registration_mode: RegistrationMode, /// Whether to email admins on new reports. pub reports_email_admins: bool, + /// Whether to sign outgoing Activitypub fetches with private key of local instance. Some + /// Fediverse instances and platforms require this. + pub federation_signed_fetch: bool, } #[derive(Clone, TypedBuilder)] @@ -88,6 +91,7 @@ pub struct LocalSiteInsertForm { pub captcha_difficulty: Option, pub registration_mode: Option, pub reports_email_admins: Option, + pub federation_signed_fetch: Option, } #[derive(Clone, Default)] @@ -114,4 +118,5 @@ pub struct LocalSiteUpdateForm { pub registration_mode: Option, pub reports_email_admins: Option, pub updated: Option>>, + pub federation_signed_fetch: Option, } diff --git a/migrations/2023-11-02-120140_apub-signed-fetch/down.sql b/migrations/2023-11-02-120140_apub-signed-fetch/down.sql new file mode 100644 index 0000000000..11f25bee61 --- /dev/null +++ b/migrations/2023-11-02-120140_apub-signed-fetch/down.sql @@ -0,0 +1,3 @@ +ALTER TABLE local_site + DROP COLUMN federation_signed_fetch; + diff --git a/migrations/2023-11-02-120140_apub-signed-fetch/up.sql b/migrations/2023-11-02-120140_apub-signed-fetch/up.sql new file mode 100644 index 0000000000..a4a917c60d --- /dev/null +++ b/migrations/2023-11-02-120140_apub-signed-fetch/up.sql @@ -0,0 +1,3 @@ +ALTER TABLE local_site + ADD COLUMN federation_signed_fetch boolean NOT NULL DEFAULT FALSE; + diff --git a/src/lib.rs b/src/lib.rs index ec2a8fdae2..6bedb97fd6 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -36,6 +36,7 @@ use lemmy_api_common::{ }; use lemmy_apub::{ activities::{handle_outgoing_activities, match_outgoing_activities}, + objects::instance::ApubSite, VerifyUrlData, FEDERATION_HTTP_FETCH_LIMIT, }; @@ -164,16 +165,20 @@ pub async fn start_lemmy_server(args: CmdArgs) -> Result<(), LemmyError> { serve_prometheus(prometheus, context.clone())?; } - let federation_config = FederationConfig::builder() + let mut federation_config = FederationConfig::builder(); + federation_config .domain(SETTINGS.hostname.clone()) .app_data(context.clone()) .client(client.clone()) .http_fetch_limit(FEDERATION_HTTP_FETCH_LIMIT) .debug(cfg!(debug_assertions)) .http_signature_compat(true) - .url_verifier(Box::new(VerifyUrlData(context.inner_pool().clone()))) - .build() - .await?; + .url_verifier(Box::new(VerifyUrlData(context.inner_pool().clone()))); + if local_site.federation_signed_fetch { + let site: ApubSite = site_view.site.into(); + federation_config.signed_fetch_actor(&site); + } + let federation_config = federation_config.build().await?; MATCH_OUTGOING_ACTIVITIES .set(Box::new(move |d, c| {