* Support signed fetch for federation (fixes #868) * taplo
This commit is contained in:
parent
cf788334aa
commit
8c85f35b19
8 changed files with 28 additions and 41 deletions
|
@ -492,29 +492,13 @@ mod tests {
|
|||
site_registration_mode: RegistrationMode,
|
||||
) -> LocalSite {
|
||||
LocalSite {
|
||||
id: Default::default(),
|
||||
site_id: Default::default(),
|
||||
site_setup,
|
||||
enable_downvotes: false,
|
||||
enable_nsfw: false,
|
||||
community_creation_admin_only: false,
|
||||
require_email_verification: false,
|
||||
application_question: site_application_question,
|
||||
private_instance: site_is_private,
|
||||
default_theme: String::new(),
|
||||
default_post_listing_type: ListingType::All,
|
||||
legal_information: None,
|
||||
hide_modlog_mod_names: false,
|
||||
application_email_admins: false,
|
||||
slur_filter_regex: site_slur_filter_regex,
|
||||
actor_name_max_length: 0,
|
||||
federation_enabled: site_is_federated,
|
||||
captcha_enabled: false,
|
||||
captcha_difficulty: String::new(),
|
||||
published: Default::default(),
|
||||
updated: None,
|
||||
registration_mode: site_registration_mode,
|
||||
reports_email_admins: false,
|
||||
..Default::default()
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -491,29 +491,12 @@ mod tests {
|
|||
site_registration_mode: RegistrationMode,
|
||||
) -> LocalSite {
|
||||
LocalSite {
|
||||
id: Default::default(),
|
||||
site_id: Default::default(),
|
||||
site_setup: true,
|
||||
enable_downvotes: false,
|
||||
enable_nsfw: false,
|
||||
community_creation_admin_only: false,
|
||||
require_email_verification: false,
|
||||
application_question: site_application_question,
|
||||
private_instance: site_is_private,
|
||||
default_theme: String::new(),
|
||||
default_post_listing_type: ListingType::All,
|
||||
legal_information: None,
|
||||
hide_modlog_mod_names: false,
|
||||
application_email_admins: false,
|
||||
slur_filter_regex: site_slur_filter_regex,
|
||||
actor_name_max_length: 0,
|
||||
federation_enabled: site_is_federated,
|
||||
captcha_enabled: false,
|
||||
captcha_difficulty: String::new(),
|
||||
published: Default::default(),
|
||||
updated: None,
|
||||
registration_mode: site_registration_mode,
|
||||
reports_email_admins: false,
|
||||
..Default::default()
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -114,7 +114,9 @@ pub enum ListingType {
|
|||
ModeratorView,
|
||||
}
|
||||
|
||||
#[derive(EnumString, Display, Debug, Serialize, Deserialize, Clone, Copy, PartialEq, Eq)]
|
||||
#[derive(
|
||||
EnumString, Display, Debug, Serialize, Deserialize, Clone, Copy, PartialEq, Eq, Default,
|
||||
)]
|
||||
#[cfg_attr(feature = "full", derive(DbEnum, TS))]
|
||||
#[cfg_attr(
|
||||
feature = "full",
|
||||
|
@ -129,6 +131,7 @@ pub enum RegistrationMode {
|
|||
/// Open, but pending approval of a registration application.
|
||||
RequireApplication,
|
||||
/// Open to all.
|
||||
#[default]
|
||||
Open,
|
||||
}
|
||||
|
||||
|
|
|
@ -385,6 +385,7 @@ diesel::table! {
|
|||
updated -> Nullable<Timestamptz>,
|
||||
registration_mode -> RegistrationModeEnum,
|
||||
reports_email_admins -> Bool,
|
||||
federation_signed_fetch -> Bool,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ use ts_rs::TS;
|
|||
use typed_builder::TypedBuilder;
|
||||
|
||||
#[skip_serializing_none]
|
||||
#[derive(PartialEq, Eq, Debug, Clone, Serialize, Deserialize)]
|
||||
#[derive(PartialEq, Eq, Debug, Clone, Serialize, Deserialize, Default)]
|
||||
#[cfg_attr(feature = "full", derive(Queryable, Identifiable, TS))]
|
||||
#[cfg_attr(feature = "full", diesel(table_name = local_site))]
|
||||
#[cfg_attr(feature = "full", diesel(belongs_to(crate::source::site::Site)))]
|
||||
|
@ -60,6 +60,9 @@ pub struct LocalSite {
|
|||
pub registration_mode: RegistrationMode,
|
||||
/// Whether to email admins on new reports.
|
||||
pub reports_email_admins: bool,
|
||||
/// Whether to sign outgoing Activitypub fetches with private key of local instance. Some
|
||||
/// Fediverse instances and platforms require this.
|
||||
pub federation_signed_fetch: bool,
|
||||
}
|
||||
|
||||
#[derive(Clone, TypedBuilder)]
|
||||
|
@ -88,6 +91,7 @@ pub struct LocalSiteInsertForm {
|
|||
pub captcha_difficulty: Option<String>,
|
||||
pub registration_mode: Option<RegistrationMode>,
|
||||
pub reports_email_admins: Option<bool>,
|
||||
pub federation_signed_fetch: Option<bool>,
|
||||
}
|
||||
|
||||
#[derive(Clone, Default)]
|
||||
|
@ -114,4 +118,5 @@ pub struct LocalSiteUpdateForm {
|
|||
pub registration_mode: Option<RegistrationMode>,
|
||||
pub reports_email_admins: Option<bool>,
|
||||
pub updated: Option<Option<DateTime<Utc>>>,
|
||||
pub federation_signed_fetch: Option<bool>,
|
||||
}
|
||||
|
|
3
migrations/2023-11-02-120140_apub-signed-fetch/down.sql
Normal file
3
migrations/2023-11-02-120140_apub-signed-fetch/down.sql
Normal file
|
@ -0,0 +1,3 @@
|
|||
ALTER TABLE local_site
|
||||
DROP COLUMN federation_signed_fetch;
|
||||
|
3
migrations/2023-11-02-120140_apub-signed-fetch/up.sql
Normal file
3
migrations/2023-11-02-120140_apub-signed-fetch/up.sql
Normal file
|
@ -0,0 +1,3 @@
|
|||
ALTER TABLE local_site
|
||||
ADD COLUMN federation_signed_fetch boolean NOT NULL DEFAULT FALSE;
|
||||
|
13
src/lib.rs
13
src/lib.rs
|
@ -36,6 +36,7 @@ use lemmy_api_common::{
|
|||
};
|
||||
use lemmy_apub::{
|
||||
activities::{handle_outgoing_activities, match_outgoing_activities},
|
||||
objects::instance::ApubSite,
|
||||
VerifyUrlData,
|
||||
FEDERATION_HTTP_FETCH_LIMIT,
|
||||
};
|
||||
|
@ -164,16 +165,20 @@ pub async fn start_lemmy_server(args: CmdArgs) -> Result<(), LemmyError> {
|
|||
serve_prometheus(prometheus, context.clone())?;
|
||||
}
|
||||
|
||||
let federation_config = FederationConfig::builder()
|
||||
let mut federation_config = FederationConfig::builder();
|
||||
federation_config
|
||||
.domain(SETTINGS.hostname.clone())
|
||||
.app_data(context.clone())
|
||||
.client(client.clone())
|
||||
.http_fetch_limit(FEDERATION_HTTP_FETCH_LIMIT)
|
||||
.debug(cfg!(debug_assertions))
|
||||
.http_signature_compat(true)
|
||||
.url_verifier(Box::new(VerifyUrlData(context.inner_pool().clone())))
|
||||
.build()
|
||||
.await?;
|
||||
.url_verifier(Box::new(VerifyUrlData(context.inner_pool().clone())));
|
||||
if local_site.federation_signed_fetch {
|
||||
let site: ApubSite = site_view.site.into();
|
||||
federation_config.signed_fetch_actor(&site);
|
||||
}
|
||||
let federation_config = federation_config.build().await?;
|
||||
|
||||
MATCH_OUTGOING_ACTIVITIES
|
||||
.set(Box::new(move |d, c| {
|
||||
|
|
Loading…
Reference in a new issue