Implement secure mode federation example in actix-web example

2024-06-10 09:19:34 +00:00 · 2023-05-31 15:31:19 +02:00 · 2023-05-31 15:31:19 +02:00 · 1b6dbf036f
parent 216458eb82
commit 1b6dbf036f
2 changed files with 26 additions and 2 deletions
--- a/examples/local_federation/actix_web/http.rs
+++ b/examples/local_federation/actix_web/http.rs
@ -4,11 +4,11 @@ use crate::{
    objects::person::{DbUser, PersonAcceptedActivities},
 };
 use activitypub_federation::{
-    actix_web::inbox::receive_activity,
+    actix_web::{inbox::receive_activity, signing_actor},
    config::{Data, FederationConfig, FederationMiddleware},
    fetch::webfinger::{build_webfinger_response, extract_webfinger_name},
    protocol::context::WithContext,
-    traits::Object,
+    traits::{Actor, Object},
    FEDERATION_CONTENT_TYPE,
 };
 use actix_web::{web, web::Bytes, App, HttpRequest, HttpResponse, HttpServer};
@ -23,6 +23,7 @@ pub fn listen(config: &FederationConfig<DatabaseHandle>) -> Result<(), Error> {
    let server = HttpServer::new(move || {
        App::new()
            .wrap(FederationMiddleware::new(config.clone()))
+            .route("/", web::get().to(http_get_system_user))
            .route("/{user}", web::get().to(http_get_user))
            .route("/{user}/inbox", web::post().to(http_post_user_inbox))
            .route("/.well-known/webfinger", web::get().to(webfinger))
@ -33,11 +34,28 @@ pub fn listen(config: &FederationConfig<DatabaseHandle>) -> Result<(), Error> {
    Ok(())
 }

+/// Handles requests to fetch system user json over HTTP
+pub async fn http_get_system_user(data: Data<DatabaseHandle>) -> Result<HttpResponse, Error> {
+    let json_user = data.system_user.clone().into_json(&data).await?;
+    Ok(HttpResponse::Ok()
+        .content_type(FEDERATION_CONTENT_TYPE)
+        .json(WithContext::new_default(json_user)))
+}
+
 /// Handles requests to fetch user json over HTTP
 pub async fn http_get_user(
+    request: HttpRequest,
    user_name: web::Path<String>,
    data: Data<DatabaseHandle>,
 ) -> Result<HttpResponse, Error> {
+    let signed_by = signing_actor::<DbUser>(&request, None, &data).await?;
+    // here, checks can be made on the actor or the domain to which
+    // it belongs, to verify whether it is allowed to access this resource
+    info!(
+        "Fetch user request is signed by system account {}",
+        signed_by.id()
+    );
+
    let db_user = data.local_user();
    if user_name.into_inner() == db_user.name {
        let json_user = db_user.into_json(&data).await?;
--- a/examples/local_federation/instance.rs
+++ b/examples/local_federation/instance.rs
@ -15,13 +15,18 @@ pub fn new_instance(
    hostname: &str,
    name: String,
 ) -> Result<FederationConfig<DatabaseHandle>, Error> {
+    let mut system_user = DbUser::new(hostname, "system".into())?;
+    system_user.ap_id = Url::parse(&format!("http://{}/", hostname))?.into();
+
    let local_user = DbUser::new(hostname, name)?;
    let database = Arc::new(Database {
+        system_user: system_user.clone(),
        users: Mutex::new(vec![local_user]),
        posts: Mutex::new(vec![]),
    });
    let config = FederationConfig::builder()
        .domain(hostname)
+        .signed_fetch_actor(&system_user)
        .app_data(database)
        .debug(true)
        .build()?;
@ -32,6 +37,7 @@ pub type DatabaseHandle = Arc<Database>;

 /// Our "database" which contains all known posts and users (local and federated)
 pub struct Database {
+    pub system_user: DbUser,
    pub users: Mutex<Vec<DbUser>>,
    pub posts: Mutex<Vec<DbPost>>,
 }