Fix missing private key for signed fetch (#4516)
* Fix missing private key for signed fetch (fixes #4451) * clippy * instance actor name and webfinger * better webfinger handling * upgrade lib * update test asset
This commit is contained in:
parent
00f7778485
commit
5859502a2a
8 changed files with 55 additions and 43 deletions
6
Cargo.lock
generated
6
Cargo.lock
generated
|
@ -16,9 +16,9 @@ checksum = "8f27d075294830fcab6f66e320dab524bc6d048f4a151698e153205559113772"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "activitypub_federation"
|
name = "activitypub_federation"
|
||||||
version = "0.5.1"
|
version = "0.5.2"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "eee115a53849bbcac6c953495b5f9322b56680c0a1bdef6813183f0453f9ee3c"
|
checksum = "a028034c642d3ed16b535f98f48b3df30397833c183d68852d79de16650d5ed5"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"activitystreams-kinds",
|
"activitystreams-kinds",
|
||||||
"actix-web",
|
"actix-web",
|
||||||
|
@ -2577,7 +2577,6 @@ version = "0.19.3"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"activitypub_federation",
|
"activitypub_federation",
|
||||||
"actix-web",
|
"actix-web",
|
||||||
"anyhow",
|
|
||||||
"chrono",
|
"chrono",
|
||||||
"encoding",
|
"encoding",
|
||||||
"enum-map",
|
"enum-map",
|
||||||
|
@ -2599,7 +2598,6 @@ dependencies = [
|
||||||
"serde",
|
"serde",
|
||||||
"serde_with",
|
"serde_with",
|
||||||
"serial_test",
|
"serial_test",
|
||||||
"task-local-extensions",
|
|
||||||
"tokio",
|
"tokio",
|
||||||
"tracing",
|
"tracing",
|
||||||
"ts-rs",
|
"ts-rs",
|
||||||
|
|
|
@ -96,7 +96,7 @@ lemmy_routes = { version = "=0.19.3", path = "./crates/routes" }
|
||||||
lemmy_db_views = { version = "=0.19.3", path = "./crates/db_views" }
|
lemmy_db_views = { version = "=0.19.3", path = "./crates/db_views" }
|
||||||
lemmy_db_views_actor = { version = "=0.19.3", path = "./crates/db_views_actor" }
|
lemmy_db_views_actor = { version = "=0.19.3", path = "./crates/db_views_actor" }
|
||||||
lemmy_db_views_moderator = { version = "=0.19.3", path = "./crates/db_views_moderator" }
|
lemmy_db_views_moderator = { version = "=0.19.3", path = "./crates/db_views_moderator" }
|
||||||
activitypub_federation = { version = "0.5.1", default-features = false, features = [
|
activitypub_federation = { version = "0.5.2", default-features = false, features = [
|
||||||
"actix-web",
|
"actix-web",
|
||||||
] }
|
] }
|
||||||
diesel = "2.1.4"
|
diesel = "2.1.4"
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
"type": "Application",
|
"type": "Application",
|
||||||
"id": "https://enterprise.lemmy.ml/",
|
"id": "https://enterprise.lemmy.ml/",
|
||||||
"name": "Enterprise",
|
"name": "Enterprise",
|
||||||
|
"preferredUsername": "enterprise.lemmy.ml",
|
||||||
"summary": "A test instance",
|
"summary": "A test instance",
|
||||||
"content": "<p>Enterprise sidebar</p>\\n",
|
"content": "<p>Enterprise sidebar</p>\\n",
|
||||||
"mediaType": "text/html",
|
"mediaType": "text/html",
|
||||||
|
|
|
@ -96,6 +96,7 @@ impl Object for ApubSite {
|
||||||
kind: ApplicationType::Application,
|
kind: ApplicationType::Application,
|
||||||
id: self.id().into(),
|
id: self.id().into(),
|
||||||
name: self.name.clone(),
|
name: self.name.clone(),
|
||||||
|
preferred_username: data.domain().to_string(),
|
||||||
content: self.sidebar.as_ref().map(|d| markdown_to_html(d)),
|
content: self.sidebar.as_ref().map(|d| markdown_to_html(d)),
|
||||||
source: self.sidebar.clone().map(Source::new),
|
source: self.sidebar.clone().map(Source::new),
|
||||||
summary: self.description.clone(),
|
summary: self.description.clone(),
|
||||||
|
|
|
@ -19,8 +19,10 @@ pub struct Instance {
|
||||||
#[serde(rename = "type")]
|
#[serde(rename = "type")]
|
||||||
pub(crate) kind: ApplicationType,
|
pub(crate) kind: ApplicationType,
|
||||||
pub(crate) id: ObjectId<ApubSite>,
|
pub(crate) id: ObjectId<ApubSite>,
|
||||||
// site name
|
/// site name
|
||||||
pub(crate) name: String,
|
pub(crate) name: String,
|
||||||
|
/// instance domain, necessary for mastodon authorized fetch
|
||||||
|
pub(crate) preferred_username: String,
|
||||||
pub(crate) inbox: Url,
|
pub(crate) inbox: Url,
|
||||||
/// mandatory field in activitypub, lemmy currently serves an empty outbox
|
/// mandatory field in activitypub, lemmy currently serves an empty outbox
|
||||||
pub(crate) outbox: Url,
|
pub(crate) outbox: Url,
|
||||||
|
|
|
@ -34,7 +34,9 @@ pub struct Site {
|
||||||
pub last_refreshed_at: DateTime<Utc>,
|
pub last_refreshed_at: DateTime<Utc>,
|
||||||
/// The site inbox
|
/// The site inbox
|
||||||
pub inbox_url: DbUrl,
|
pub inbox_url: DbUrl,
|
||||||
|
#[serde(skip)]
|
||||||
pub private_key: Option<String>,
|
pub private_key: Option<String>,
|
||||||
|
#[serde(skip)]
|
||||||
pub public_key: String,
|
pub public_key: String,
|
||||||
pub instance_id: InstanceId,
|
pub instance_id: InstanceId,
|
||||||
/// If present, nsfw content is visible by default. Should be displayed by frontends/clients
|
/// If present, nsfw content is visible by default. Should be displayed by frontends/clients
|
||||||
|
|
|
@ -9,7 +9,7 @@ use lemmy_db_schema::{
|
||||||
impl SiteView {
|
impl SiteView {
|
||||||
pub async fn read_local(pool: &mut DbPool<'_>) -> Result<Self, Error> {
|
pub async fn read_local(pool: &mut DbPool<'_>) -> Result<Self, Error> {
|
||||||
let conn = &mut get_conn(pool).await?;
|
let conn = &mut get_conn(pool).await?;
|
||||||
let mut res = site::table
|
site::table
|
||||||
.inner_join(local_site::table)
|
.inner_join(local_site::table)
|
||||||
.inner_join(
|
.inner_join(
|
||||||
local_site_rate_limit::table.on(local_site::id.eq(local_site_rate_limit::local_site_id)),
|
local_site_rate_limit::table.on(local_site::id.eq(local_site_rate_limit::local_site_id)),
|
||||||
|
@ -22,9 +22,6 @@ impl SiteView {
|
||||||
site_aggregates::all_columns,
|
site_aggregates::all_columns,
|
||||||
))
|
))
|
||||||
.first::<SiteView>(conn)
|
.first::<SiteView>(conn)
|
||||||
.await?;
|
.await
|
||||||
|
|
||||||
res.site.private_key = None;
|
|
||||||
Ok(res)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -38,6 +38,12 @@ async fn get_webfinger_response(
|
||||||
) -> Result<HttpResponse, LemmyError> {
|
) -> Result<HttpResponse, LemmyError> {
|
||||||
let name = extract_webfinger_name(&info.resource, &context)?;
|
let name = extract_webfinger_name(&info.resource, &context)?;
|
||||||
|
|
||||||
|
let links = if name == context.settings().hostname {
|
||||||
|
// webfinger response for instance actor (required for mastodon authorized fetch)
|
||||||
|
let url = Url::parse(&context.settings().get_protocol_and_hostname())?;
|
||||||
|
vec![webfinger_link_for_actor(Some(url), "none", &context)]
|
||||||
|
} else {
|
||||||
|
// webfinger response for user/community
|
||||||
let user_id: Option<Url> = Person::read_from_name(&mut context.pool(), name, false)
|
let user_id: Option<Url> = Person::read_from_name(&mut context.pool(), name, false)
|
||||||
.await
|
.await
|
||||||
.ok()
|
.ok()
|
||||||
|
@ -56,14 +62,18 @@ async fn get_webfinger_response(
|
||||||
|
|
||||||
// Mastodon seems to prioritize the last webfinger item in case of duplicates. Put
|
// Mastodon seems to prioritize the last webfinger item in case of duplicates. Put
|
||||||
// community last so that it gets prioritized. For Lemmy the order doesnt matter.
|
// community last so that it gets prioritized. For Lemmy the order doesnt matter.
|
||||||
let links = vec![
|
vec![
|
||||||
webfinger_link_for_actor(user_id, "Person", &context),
|
webfinger_link_for_actor(user_id, "Person", &context),
|
||||||
webfinger_link_for_actor(community_id, "Group", &context),
|
webfinger_link_for_actor(community_id, "Group", &context),
|
||||||
]
|
]
|
||||||
|
}
|
||||||
.into_iter()
|
.into_iter()
|
||||||
.flatten()
|
.flatten()
|
||||||
.collect();
|
.collect::<Vec<_>>();
|
||||||
|
|
||||||
|
if links.is_empty() {
|
||||||
|
Ok(HttpResponse::NotFound().finish())
|
||||||
|
} else {
|
||||||
let json = Webfinger {
|
let json = Webfinger {
|
||||||
subject: info.resource.clone(),
|
subject: info.resource.clone(),
|
||||||
links,
|
links,
|
||||||
|
@ -76,6 +86,7 @@ async fn get_webfinger_response(
|
||||||
.json(json),
|
.json(json),
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
fn webfinger_link_for_actor(
|
fn webfinger_link_for_actor(
|
||||||
url: Option<Url>,
|
url: Option<Url>,
|
||||||
|
|
Loading…
Reference in a new issue