Remove header guard for activitypub routes
This commit is contained in:
parent
76220a4523
commit
9a1fe154db
2 changed files with 56 additions and 54 deletions
|
@ -12,30 +12,16 @@ use crate::http::{
|
|||
post::get_apub_post,
|
||||
shared_inbox,
|
||||
};
|
||||
use actix_web::*;
|
||||
use actix_web::{dev::RequestHead, guard::Guard, http::Method, *};
|
||||
use http_signature_normalization_actix::digest::middleware::VerifyDigest;
|
||||
use lemmy_apub_lib::APUB_JSON_CONTENT_TYPE;
|
||||
use lemmy_utils::settings::structs::Settings;
|
||||
use sha2::{Digest, Sha256};
|
||||
|
||||
static APUB_JSON_CONTENT_TYPE_LONG: &str =
|
||||
"application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"";
|
||||
|
||||
pub fn config(cfg: &mut web::ServiceConfig, settings: &Settings) {
|
||||
if settings.federation.enabled {
|
||||
println!("federation enabled, host is {}", settings.hostname);
|
||||
let digest_verifier = VerifyDigest::new(Sha256::new());
|
||||
|
||||
let header_guard_accept = guard::Any(guard::Header("Accept", APUB_JSON_CONTENT_TYPE))
|
||||
.or(guard::Header("Accept", APUB_JSON_CONTENT_TYPE_LONG));
|
||||
let header_guard_content_type =
|
||||
guard::Any(guard::Header("Content-Type", APUB_JSON_CONTENT_TYPE))
|
||||
.or(guard::Header("Content-Type", APUB_JSON_CONTENT_TYPE_LONG));
|
||||
|
||||
cfg
|
||||
.service(
|
||||
web::scope("")
|
||||
.guard(header_guard_accept)
|
||||
.route(
|
||||
"/c/{community_name}",
|
||||
web::get().to(get_apub_community_http),
|
||||
|
@ -59,16 +45,32 @@ pub fn config(cfg: &mut web::ServiceConfig, settings: &Settings) {
|
|||
)
|
||||
.route("/post/{post_id}", web::get().to(get_apub_post))
|
||||
.route("/comment/{comment_id}", web::get().to(get_apub_comment))
|
||||
.route("/activities/{type_}/{id}", web::get().to(get_activity)),
|
||||
)
|
||||
// Inboxes dont work with the header guard for some reason.
|
||||
.service(
|
||||
.route("/activities/{type_}/{id}", web::get().to(get_activity));
|
||||
|
||||
cfg.service(
|
||||
web::scope("")
|
||||
.wrap(digest_verifier)
|
||||
.guard(header_guard_content_type)
|
||||
.wrap(VerifyDigest::new(Sha256::new()))
|
||||
.guard(InboxRequestGuard)
|
||||
.route("/c/{community_name}/inbox", web::post().to(community_inbox))
|
||||
.route("/u/{user_name}/inbox", web::post().to(person_inbox))
|
||||
.route("/inbox", web::post().to(shared_inbox)),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
/// Without this, things like webfinger or RSS feeds stop working, as all requests seem to get
|
||||
/// routed into the inbox service (because it covers the root path). So we filter out anything that
|
||||
/// definitely can't be an inbox request (based on Accept header and request method).
|
||||
struct InboxRequestGuard;
|
||||
|
||||
impl Guard for InboxRequestGuard {
|
||||
fn check(&self, request: &RequestHead) -> bool {
|
||||
if request.method != Method::POST {
|
||||
return false;
|
||||
}
|
||||
if let Some(val) = request.headers.get("Content-Type") {
|
||||
return val.to_str().unwrap().starts_with("application/");
|
||||
}
|
||||
false
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
use actix_web::{error::ErrorBadRequest, web::Query, *};
|
||||
use actix_web::{web, web::Query, HttpResponse};
|
||||
use anyhow::anyhow;
|
||||
use lemmy_api_common::blocking;
|
||||
use lemmy_apub_lib::webfinger::{WebfingerLink, WebfingerResponse};
|
||||
use lemmy_db_schema::source::{community::Community, person::Person};
|
||||
use lemmy_utils::{settings::structs::Settings, LemmyError};
|
||||
use lemmy_utils::{settings::structs::Settings, ApiError, LemmyError};
|
||||
use lemmy_websocket::LemmyContext;
|
||||
use serde::Deserialize;
|
||||
|
||||
|
@ -30,7 +30,7 @@ pub fn config(cfg: &mut web::ServiceConfig, settings: &Settings) {
|
|||
async fn get_webfinger_response(
|
||||
info: Query<Params>,
|
||||
context: web::Data<LemmyContext>,
|
||||
) -> Result<HttpResponse, Error> {
|
||||
) -> Result<HttpResponse, LemmyError> {
|
||||
let community_regex_parsed = context
|
||||
.settings()
|
||||
.webfinger_community_regex()
|
||||
|
@ -52,7 +52,7 @@ async fn get_webfinger_response(
|
|||
Community::read_from_name(conn, &community_name)
|
||||
})
|
||||
.await?
|
||||
.map_err(|_| ErrorBadRequest(LemmyError::from(anyhow!("not_found"))))?
|
||||
.map_err(|e| ApiError::err("not_found", e))?
|
||||
.actor_id
|
||||
} else if let Some(person_name) = username_regex_parsed {
|
||||
let person_name = person_name.as_str().to_owned();
|
||||
|
@ -61,10 +61,10 @@ async fn get_webfinger_response(
|
|||
Person::find_by_name(conn, &person_name)
|
||||
})
|
||||
.await?
|
||||
.map_err(|_| ErrorBadRequest(LemmyError::from(anyhow!("not_found"))))?
|
||||
.map_err(|e| ApiError::err("not_found", e))?
|
||||
.actor_id
|
||||
} else {
|
||||
return Err(ErrorBadRequest(LemmyError::from(anyhow!("not_found"))));
|
||||
return Err(LemmyError::from(anyhow!("not_found")));
|
||||
};
|
||||
|
||||
let json = WebfingerResponse {
|
||||
|
|
Loading…
Reference in a new issue