mirrors/activitypub-federation-rust
1
0
Fork 0
mirror of https://github.com/LemmyNet/activitypub-federation-rust.git synced 2024-05-17 08:32:42 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: mirrors:0.5.0
Branches Tags
mirrors:main
mirrors:renovate/configure
mirrors:content-type-case-insensitive
mirrors:upgrade-deps
mirrors:signed-digest
mirrors:is-local-no-domain
mirrors:security-fixes
mirrors:object-id-is-local
mirrors:no-duplicate-ci
mirrors:follow-local-redirect
mirrors:retry-more-activity-errors
mirrors:actix-inbox-parts
mirrors:activity-published-field
mirrors:fix-fetch-limit
mirrors:debug-signed-fetch
mirrors:optional-activity-queue
mirrors:fetch-security-checks
mirrors:deserialize_one_return
mirrors:better-json-errors
mirrors:context-not-array
mirrors:refactoring
mirrors:fetch-errors
mirrors:diesel-feature
mirrors:upgrade-deps3
mirrors:parse-impl
mirrors:partialeq
mirrors:webfinger-alphabets
mirrors:fetch-redirect
mirrors:0.4
mirrors:webfinger-template
mirrors:url-verifier-error
mirrors:Nutomic-patch-1
mirrors:fix-tests
mirrors:send-rate-limit
mirrors:fix-signature-expiration
mirrors:retry-connection-failure
mirrors:http-signature-expire-day
mirrors:update-deps
mirrors:actix-rt-dev-dep
mirrors:upgrade-deps2
mirrors:add_woodpecker
mirrors:0.4-lemmy-compat
mirrors:readd-verify-methods
mirrors:various-improvements
mirrors:merge-handler-params
mirrors:0.3
mirrors:fix-deserialize-skip-error
mirrors:no-verify
mirrors:rename-http-fetch-limit
mirrors:fix-date-header
mirrors:abort-retry
mirrors:less-retries
mirrors:digest-verified
mirrors:use-enum-delegate
mirrors:async-verify
mirrors:prepare-0.2.0
mirrors:0.5.6
mirrors:0.5.5
mirrors:0.5.4
mirrors:0.5.3
mirrors:0.5.2
mirrors:0.5.1
mirrors:0.5.1-beta.1
mirrors:0.5.0
mirrors:0.5.0-beta.7
mirrors:0.5.0-beta.6
mirrors:0.5.0-beta.5
mirrors:0.5.0-beta.4
mirrors:0.5.0-beta.3
mirrors:0.5.0-beta.2
mirrors:0.4.7
mirrors:0.5.0-beta.1
mirrors:0.4.6
mirrors:0.4.5
mirrors:0.4.4
mirrors:0.4.3
mirrors:0.4.2
mirrors:0.4.1
mirrors:0.4.0
mirrors:0.4.0-rc3
mirrors:0.4.0-rc2
mirrors:0.4.0-rc1
mirrors:0.3.5
mirrors:0.3.4
mirrors:0.3.3
mirrors:0.3.2
mirrors:0.3.1
mirrors:0.3.0
mirrors:0.2.3
mirrors:0.2.2
mirrors:0.2.1
mirrors:0.2.0
mirrors:0.1.0
...
compare: mirrors:main
Branches Tags
mirrors:renovate/configure
mirrors:main
mirrors:content-type-case-insensitive
mirrors:upgrade-deps
mirrors:signed-digest
mirrors:is-local-no-domain
mirrors:security-fixes
mirrors:object-id-is-local
mirrors:no-duplicate-ci
mirrors:follow-local-redirect
mirrors:retry-more-activity-errors
mirrors:actix-inbox-parts
mirrors:activity-published-field
mirrors:fix-fetch-limit
mirrors:debug-signed-fetch
mirrors:optional-activity-queue
mirrors:fetch-security-checks
mirrors:deserialize_one_return
mirrors:better-json-errors
mirrors:context-not-array
mirrors:refactoring
mirrors:fetch-errors
mirrors:diesel-feature
mirrors:upgrade-deps3
mirrors:parse-impl
mirrors:partialeq
mirrors:webfinger-alphabets
mirrors:fetch-redirect
mirrors:0.4
mirrors:webfinger-template
mirrors:url-verifier-error
mirrors:Nutomic-patch-1
mirrors:fix-tests
mirrors:send-rate-limit
mirrors:fix-signature-expiration
mirrors:retry-connection-failure
mirrors:http-signature-expire-day
mirrors:update-deps
mirrors:actix-rt-dev-dep
mirrors:upgrade-deps2
mirrors:add_woodpecker
mirrors:0.4-lemmy-compat
mirrors:readd-verify-methods
mirrors:various-improvements
mirrors:merge-handler-params
mirrors:0.3
mirrors:fix-deserialize-skip-error
mirrors:no-verify
mirrors:rename-http-fetch-limit
mirrors:fix-date-header
mirrors:abort-retry
mirrors:less-retries
mirrors:digest-verified
mirrors:use-enum-delegate
mirrors:async-verify
mirrors:prepare-0.2.0
mirrors:0.5.6
mirrors:0.5.5
mirrors:0.5.4
mirrors:0.5.3
mirrors:0.5.2
mirrors:0.5.1
mirrors:0.5.1-beta.1
mirrors:0.5.0
mirrors:0.5.0-beta.7
mirrors:0.5.0-beta.6
mirrors:0.5.0-beta.5
mirrors:0.5.0-beta.4
mirrors:0.5.0-beta.3
mirrors:0.5.0-beta.2
mirrors:0.4.7
mirrors:0.5.0-beta.1
mirrors:0.4.6
mirrors:0.4.5
mirrors:0.4.4
mirrors:0.4.3
mirrors:0.4.2
mirrors:0.4.1
mirrors:0.4.0
mirrors:0.4.0-rc3
mirrors:0.4.0-rc2
mirrors:0.4.0-rc1
mirrors:0.3.5
mirrors:0.3.4
mirrors:0.3.3
mirrors:0.3.2
mirrors:0.3.1
mirrors:0.3.0
mirrors:0.2.3
mirrors:0.2.2
mirrors:0.2.1
mirrors:0.2.0
mirrors:0.1.0

21 commits
0.5.0 ... main

Author SHA1 Message Date
Felix Ableitner 16844f048a Version 0.5.6 2024-05-06 11:09:47 +02:00
Nutomic cf1f84993b
Make response content-type check case insensitive (#111) 
* Make response content-type check case insensitive

For wordpress compat

* cleaner

* clippy

* fmt

* fmt
 2024-05-06 11:09:23 +02:00
Felix Ableitner 24afad7abc Version 0.5.5 2024-05-02 13:06:22 +02:00
Nutomic c48de9e944
Upgrade dependencies (#110) 2024-05-02 06:58:08 -04:00
Nutomic be69efdee3
Require signed digest when verifying signatures (#109) 2024-05-02 10:58:56 +02:00
Nutomic ddc455510b
Dont crash when calling is_local_url() without domain (#108) 2024-05-02 10:58:33 +02:00
Felix Ableitner ee268405f7 Version 0.5.4 2024-04-10 11:32:14 +02:00
Nutomic 54e8a1145f
Add function ObjectId.is_local (#106) 
* Add function ObjectId.is_local

* add test

* add test
 2024-04-10 11:31:55 +02:00
Felix Ableitner 779313ac22 Version 0.5.3 2024-04-09 11:30:43 +02:00
Nutomic 7def01a19a
Avoid running ci checks twice (#105) 
* Avoid running ci checks twice

* upgrade rust

* move clippy config to cargo.toml
 2024-04-09 11:28:57 +02:00
Nutomic a2ac97db98
Allow fetching from local domain in case it redirects to remote (#104) 
* Allow fetching from local domain in case it redirects to remote

* clippy

* fix lemmy tests
 2024-04-09 11:28:22 +02:00
Nutomic 5402bc9c19
Retry activity send in case of timeout or rate limit (#102) 2024-04-09 10:38:08 +02:00
Felix Ableitner 1b46dd6f80 Version 0.5.2 2024-03-08 15:43:43 +01:00
Nutomic da28c9c890
Fix request_counter check because fetch_add returns original value (#97) 2024-03-08 09:36:44 -05:00
Nutomic 9b31a7b44b
Get Mastodon signed fetch working (#98) 
* debug signed fetch

* regex

* content-type

* no dbg

* clippy
 2024-03-08 15:26:57 +01:00
Felix Ableitner 147f144769 Version 0.5.1 2024-03-04 16:27:44 +01:00
Felix Ableitner 3b5e5f66ba Upgrade dependencies 2024-03-04 16:23:46 +01:00
Nutomic 636b47c8b2
Add back activity send queue as optional feature (#94) 
* Add back activity send queue as optional feature

* fix port collision in tests

* improve docs

* serialize fn

* deduplicate

* more dedup

* more dedup

* dedupupup

* test cleanup

* remove fn
 2024-03-04 08:53:33 -05:00
Nutomic a859db05bb
Add security checks when fetching objects (#95) 
* Add security checks when fetching objects

* static

* as ref

* update comment

* fix header

* Update comment
 2024-03-04 12:47:42 +01:00
Felix Ableitner f907b6efa7 Version 0.5.1-beta.1 2024-01-05 16:21:20 +01:00
Nutomic ec97b44de4
Fix return type for deserialize_one (#93) 2024-01-05 10:18:12 -05:00
21 changed files with 990 additions and 199 deletions
Show stats Expand all files Collapse all files

42
.woodpecker.yml
View file

@ -1,54 +1,56 @@
pipeline:
variables:
- &rust_image "rust:1.77-bullseye"
steps:
cargo_fmt:
image: rustdocker/rust:nightly
commands:
- /root/.cargo/bin/cargo fmt -- --check
cargo_check:
image: rust:1.70-bullseye
environment:
CARGO_HOME: .cargo
commands:
- cargo check --all-features --all-targets
when:
- event: pull_request
cargo_clippy:
image: rust:1.70-bullseye
image: *rust_image
environment:
CARGO_HOME: .cargo
commands:
- rustup component add clippy
- cargo clippy --all-targets --all-features --
-D warnings -D deprecated -D clippy::perf -D clippy::complexity
-D clippy::dbg_macro -D clippy::inefficient_to_string
-D clippy::items-after-statements -D clippy::implicit_clone
-D clippy::wildcard_imports -D clippy::cast_lossless
-D clippy::manual_string_new -D clippy::redundant_closure_for_method_calls
- cargo clippy --all-features -- -D clippy::unwrap_used
- cargo clippy --all-targets --all-features
when:
- event: pull_request
cargo_test:
image: rust:1.70-bullseye
image: *rust_image
environment:
CARGO_HOME: .cargo
commands:
- cargo test --all-features --no-fail-fast
when:
- event: pull_request
cargo_doc:
image: rust:1.70-bullseye
image: *rust_image
environment:
CARGO_HOME: .cargo
commands:
- cargo doc --all-features
when:
- event: pull_request
cargo_run_actix_example:
image: rust:1.70-bullseye
image: *rust_image
environment:
CARGO_HOME: .cargo
commands:
- cargo run --example local_federation actix-web
when:
- event: pull_request
cargo_run_axum_example:
image: rust:1.70-bullseye
image: *rust_image
environment:
CARGO_HOME: .cargo
commands:
- cargo run --example local_federation axum
when:
- event: pull_request

69
Cargo.toml
View file

@ -1,6 +1,6 @@
[package]
name = "activitypub_federation"
version = "0.5.0"
version = "0.5.6"
edition = "2021"
description = "High-level Activitypub framework"
keywords = ["activitypub", "activitystreams", "federation", "fediverse"]
@ -14,24 +14,41 @@ actix-web = ["dep:actix-web"]
axum = ["dep:axum", "dep:tower", "dep:hyper", "dep:http-body-util"]
diesel = ["dep:diesel"]
[lints.rust]
warnings = "deny"
deprecated = "deny"
[lints.clippy]
perf = "deny"
complexity = "deny"
dbg_macro = "deny"
inefficient_to_string = "deny"
items-after-statements = "deny"
implicit_clone = "deny"
wildcard_imports = "deny"
cast_lossless = "deny"
manual_string_new = "deny"
redundant_closure_for_method_calls = "deny"
unwrap_used = "deny"
[dependencies]
chrono = { version = "0.4.31", features = ["clock"], default-features = false }
serde = { version = "1.0.194", features = ["derive"] }
async-trait = "0.1.77"
chrono = { version = "0.4.38", features = ["clock"], default-features = false }
serde = { version = "1.0.200", features = ["derive"] }
async-trait = "0.1.80"
url = { version = "2.5.0", features = ["serde"] }
serde_json = { version = "1.0.110", features = ["preserve_order"] }
reqwest = { version = "0.11.23", features = ["json", "stream"] }
reqwest-middleware = "0.2.4"
serde_json = { version = "1.0.116", features = ["preserve_order"] }
reqwest = { version = "0.11.27", features = ["json", "stream"] }
reqwest-middleware = "0.2.5"
tracing = "0.1.40"
base64 = "0.21.5"
openssl = "0.10.62"
base64 = "0.22.1"
openssl = "0.10.64"
once_cell = "1.19.0"
http = "0.2.11"
http = "0.2.12"
sha2 = "0.10.8"
thiserror = "1.0.56"
derive_builder = "0.12.0"
itertools = "0.12.0"
dyn-clone = "1.0.16"
thiserror = "1.0.59"
derive_builder = "0.20.0"
itertools = "0.12.1"
dyn-clone = "1.0.17"
enum_delegate = "0.2.0"
httpdate = "1.0.3"
http-signature-normalization-reqwest = { version = "0.10.0", default-features = false, features = [
@ -40,23 +57,23 @@ http-signature-normalization-reqwest = { version = "0.10.0", default-features =
"default-spawner",
] }
http-signature-normalization = "0.7.0"
bytes = "1.5.0"
bytes = "1.6.0"
futures-core = { version = "0.3.30", default-features = false }
pin-project-lite = "0.2.13"
pin-project-lite = "0.2.14"
activitystreams-kinds = "0.3.0"
regex = { version = "1.10.2", default-features = false, features = ["std", "unicode-case"] }
tokio = { version = "1.35.1", features = [
regex = { version = "1.10.4", default-features = false, features = ["std", "unicode-case"] }
tokio = { version = "1.37.0", features = [
"sync",
"rt",
"rt-multi-thread",
"time",
] }
diesel = { version = "2.1.4", features = ["postgres"], default-features = false, optional = true }
diesel = { version = "2.1.6", features = ["postgres"], default-features = false, optional = true }
futures = "0.3.30"
moka = { version = "0.12.2", features = ["future"] }
moka = { version = "0.12.7", features = ["future"] }
# Actix-web
actix-web = { version = "4.4.1", default-features = false, optional = true }
actix-web = { version = "4.5.1", default-features = false, optional = true }
# Axum
axum = { version = "0.6.20", features = [
@ -65,20 +82,20 @@ axum = { version = "0.6.20", features = [
], default-features = false, optional = true }
tower = { version = "0.4.13", optional = true }
hyper = { version = "0.14", optional = true }
http-body-util = {version = "0.1.0", optional = true }
http-body-util = {version = "0.1.1", optional = true }
[dev-dependencies]
anyhow = "1.0.79"
anyhow = "1.0.82"
rand = "0.8.5"
env_logger = "0.10.1"
tower-http = { version = "0.5.0", features = ["map-request-body", "util"] }
env_logger = "0.11.3"
tower-http = { version = "0.5.2", features = ["map-request-body", "util"] }
axum = { version = "0.6.20", features = [
"http1",
"tokio",
"query",
], default-features = false }
axum-macros = "0.3.8"
tokio = { version = "1.35.1", features = ["full"] }
tokio = { version = "1.37.0", features = ["full"] }
[profile.dev]
strip = "symbols"

59
docs/09_sending_activities.md
View file

@ -4,6 +4,46 @@ To send an activity we need to initialize our previously defined struct, and pic
```
# use activitypub_federation::config::FederationConfig;
# use activitypub_federation::activity_queue::queue_activity;
# use activitypub_federation::http_signatures::generate_actor_keypair;
# use activitypub_federation::traits::Actor;
# use activitypub_federation::fetch::object_id::ObjectId;
# use activitypub_federation::traits::tests::{DB_USER, DbConnection, Follow};
# tokio::runtime::Runtime::new().unwrap().block_on(async {
# let db_connection = DbConnection;
# let config = FederationConfig::builder()
# .domain("example.com")
# .app_data(db_connection)
# .build().await?;
# let data = config.to_request_data();
# let sender = DB_USER.clone();
# let recipient = DB_USER.clone();
let activity = Follow {
actor: ObjectId::parse("https://lemmy.ml/u/nutomic")?,
object: recipient.federation_id.clone().into(),
kind: Default::default(),
id: "https://lemmy.ml/activities/321".try_into()?
};
let inboxes = vec![recipient.shared_inbox_or_inbox()];
queue_activity(&activity, &sender, inboxes, &data).await?;
# Ok::<(), anyhow::Error>(())
# }).unwrap()
```
The list of inboxes gets deduplicated (important for shared inbox). All inboxes on the local domain and those which fail the [crate::config::UrlVerifier] check are excluded from delivery. For each remaining inbox a background tasks is created. It signs the HTTP header with the given private key. Finally the activity is delivered to the inbox.
It is possible that delivery fails because the target instance is temporarily unreachable. In this case the task is scheduled for retry after a certain waiting time. For each task delivery is retried up to 3 times after the initial attempt. The retry intervals are as follows:
- one minute, in case of service restart
- one hour, in case of instance maintenance
- 2.5 days, in case of major incident with rebuild from backup
In case [crate::config::FederationConfigBuilder::debug] is enabled, no background thread is used but activities are sent directly on the foreground. This makes it easier to catch delivery errors and avoids complicated steps to await delivery in tests.
In some cases you may want to bypass the builtin activity queue, and implement your own. For example to specify different retry intervals, or to persist retries across application restarts. You can do it with the following code:
```rust
# use activitypub_federation::config::FederationConfig;
# use activitypub_federation::activity_sending::SendActivityTask;
# use activitypub_federation::http_signatures::generate_actor_keypair;
# use activitypub_federation::traits::Actor;
@ -28,23 +68,8 @@ let inboxes = vec![recipient.shared_inbox_or_inbox()];
let sends = SendActivityTask::prepare(&activity, &sender, inboxes, &data).await?;
for send in sends {
send.sign_and_send(&data).await?;
send.sign_and_send(&data).await?;
}
# Ok::<(), anyhow::Error>(())
# }).unwrap()
```
The list of inboxes gets deduplicated (important for shared inbox). All inboxes on the local
domain and those which fail the [crate::config::UrlVerifier] check are excluded from delivery.
For each remaining inbox a background tasks is created. It signs the HTTP header with the given
private key. Finally the activity is delivered to the inbox.
It is possible that delivery fails because the target instance is temporarily unreachable. In
this case the task is scheduled for retry after a certain waiting time. For each task delivery
is retried up to 3 times after the initial attempt. The retry intervals are as follows:
- one minute, in case of service restart
- one hour, in case of instance maintenance
- 2.5 days, in case of major incident with rebuild from backup
In case [crate::config::FederationConfigBuilder::debug] is enabled, no background thread is used but activities are sent directly on the foreground. This makes it easier to catch delivery errors and avoids complicated steps to await delivery in tests.
```

2
examples/live_federation/main.rs
View file

@ -1,3 +1,5 @@
#![allow(clippy::unwrap_used)]
use crate::{
database::Database,
http::{http_get_user, http_post_user_inbox, webfinger},

12
examples/live_federation/objects/post.rs
View file

@ -21,7 +21,6 @@ pub struct DbPost {
pub text: String,
pub ap_id: ObjectId<DbPost>,
pub creator: ObjectId<DbUser>,
pub local: bool,
}
#[derive(Deserialize, Serialize, Debug)]
@ -59,7 +58,15 @@ impl Object for DbPost {
}
async fn into_json(self, _data: &Data<Self::DataType>) -> Result<Self::Kind, Self::Error> {
unimplemented!()
Ok(Note {
kind: NoteType::Note,
id: self.ap_id,
content: self.text,
attributed_to: self.creator,
to: vec![public()],
tag: vec![],
in_reply_to: None,
})
}
async fn verify(
@ -81,7 +88,6 @@ impl Object for DbPost {
text: json.content,
ap_id: json.id.clone(),
creator: json.attributed_to.clone(),
local: false,
};
let mention = Mention {

2
examples/local_federation/activities/follow.rs
View file

@ -67,7 +67,7 @@ impl ActivityHandler for Follow {
let id = generate_object_id(data.domain())?;
let accept = Accept::new(local_user.ap_id.clone(), self, id.clone());
local_user
.send(accept, vec![follower.shared_inbox_or_inbox()], data)
.send(accept, vec![follower.shared_inbox_or_inbox()], false, data)
.await?;
Ok(())
}

1
examples/local_federation/instance.rs
View file

@ -28,6 +28,7 @@ pub async fn new_instance(
.domain(hostname)
.signed_fetch_actor(&system_user)
.app_data(database)
.url_verifier(Box::new(MyUrlVerifier()))
.debug(true)
.build()
.await?;

2
examples/local_federation/main.rs
View file

@ -1,3 +1,5 @@
#![allow(clippy::unwrap_used)]
use crate::{
instance::{listen, new_instance, Webserver},
objects::post::DbPost,

17
examples/local_federation/objects/person.rs
View file

@ -6,6 +6,7 @@ use crate::{
utils::generate_object_id,
};
use activitypub_federation::{
activity_queue::queue_activity,
activity_sending::SendActivityTask,
config::Data,
fetch::{object_id::ObjectId, webfinger::webfinger_resolve_actor},
@ -85,7 +86,7 @@ impl DbUser {
let other: DbUser = webfinger_resolve_actor(other, data).await?;
let id = generate_object_id(data.domain())?;
let follow = Follow::new(self.ap_id.clone(), other.ap_id.clone(), id.clone());
self.send(follow, vec![other.shared_inbox_or_inbox()], data)
self.send(follow, vec![other.shared_inbox_or_inbox()], false, data)
.await?;
Ok(())
}
@ -98,7 +99,7 @@ impl DbUser {
let user: DbUser = ObjectId::from(f).dereference(data).await?;
inboxes.push(user.shared_inbox_or_inbox());
}
self.send(create, inboxes, data).await?;
self.send(create, inboxes, true, data).await?;
Ok(())
}
@ -106,6 +107,7 @@ impl DbUser {
&self,
activity: Activity,
recipients: Vec<Url>,
use_queue: bool,
data: &Data<DatabaseHandle>,
) -> Result<(), Error>
where
@ -113,9 +115,14 @@ impl DbUser {
<Activity as ActivityHandler>::Error: From<anyhow::Error> + From<serde_json::Error>,
{
let activity = WithContext::new_default(activity);
let sends = SendActivityTask::prepare(&activity, self, recipients, data).await?;
for send in sends {
send.sign_and_send(data).await?;
// Send through queue in some cases and bypass it in others to test both code paths
if use_queue {
queue_activity(&activity, self, recipients, data).await?;
} else {
let sends = SendActivityTask::prepare(&activity, self, recipients, data).await?;
for send in sends {
send.sign_and_send(data).await?;
}
}
Ok(())
}

521
src/activity_queue.rs Normal file
View file

@ -0,0 +1,521 @@
//! Queue for signing and sending outgoing activities with retry
//!
#![doc = include_str!("../docs/09_sending_activities.md")]
use crate::{
activity_sending::{build_tasks, SendActivityTask},
config::Data,
error::Error,
traits::{ActivityHandler, Actor},
};
use futures_core::Future;
use reqwest_middleware::ClientWithMiddleware;
use serde::Serialize;
use std::{
fmt::{Debug, Display},
sync::{
atomic::{AtomicUsize, Ordering},
Arc,
},
time::Duration,
};
use tokio::{
sync::mpsc::{unbounded_channel, UnboundedSender},
task::{JoinHandle, JoinSet},
};
use tracing::{info, warn};
use url::Url;
/// Send a new activity to the given inboxes with automatic retry on failure. Alternatively you
/// can implement your own queue and then send activities using [[crate::activity_sending::SendActivityTask]].
///
/// - `activity`: The activity to be sent, gets converted to json
/// - `private_key`: Private key belonging to the actor who sends the activity, for signing HTTP
/// signature. Generated with [crate::http_signatures::generate_actor_keypair].
/// - `inboxes`: List of remote actor inboxes that should receive the activity. Ignores local actor
/// inboxes. Should be built by calling [crate::traits::Actor::shared_inbox_or_inbox]
/// for each target actor.
pub async fn queue_activity<Activity, Datatype, ActorType>(
activity: &Activity,
actor: &ActorType,
inboxes: Vec<Url>,
data: &Data<Datatype>,
) -> Result<(), Error>
where
Activity: ActivityHandler + Serialize + Debug,
Datatype: Clone,
ActorType: Actor,
{
let config = &data.config;
let tasks = build_tasks(activity, actor, inboxes, data).await?;
for task in tasks {
// Don't use the activity queue if this is in debug mode, send and wait directly
if config.debug {
if let Err(err) = sign_and_send(
&task,
&config.client,
config.request_timeout,
Default::default(),
)
.await
{
warn!("{err}");
}
} else {
// This field is only optional to make builder work, its always present at this point
let activity_queue = config
.activity_queue
.as_ref()
.expect("Config has activity queue");
activity_queue.queue(task).await?;
let stats = activity_queue.get_stats();
let running = stats.running.load(Ordering::Relaxed);
if running == config.queue_worker_count && config.queue_worker_count != 0 {
warn!("Reached max number of send activity workers ({}). Consider increasing worker count to avoid federation delays", config.queue_worker_count);
warn!("{:?}", stats);
} else {
info!("{:?}", stats);
}
}
}
Ok(())
}
async fn sign_and_send(
task: &SendActivityTask,
client: &ClientWithMiddleware,
timeout: Duration,
retry_strategy: RetryStrategy,
) -> Result<(), Error> {
retry(
|| task.sign_and_send_internal(client, timeout),
retry_strategy,
)
.await
}
/// A simple activity queue which spawns tokio workers to send out requests
/// When creating a queue, it will spawn a task per worker thread
/// Uses an unbounded mpsc queue for communication (i.e, all messages are in memory)
pub(crate) struct ActivityQueue {
// Stats shared between the queue and workers
stats: Arc<Stats>,
sender: UnboundedSender<SendActivityTask>,
sender_task: JoinHandle<()>,
retry_sender_task: JoinHandle<()>,
}
/// Simple stat counter to show where we're up to with sending messages
/// This is a lock-free way to share things between tasks
/// When reading these values it's possible (but extremely unlikely) to get stale data if a worker task is in the middle of transitioning
#[derive(Default)]
pub(crate) struct Stats {
pending: AtomicUsize,
running: AtomicUsize,
retries: AtomicUsize,
dead_last_hour: AtomicUsize,
completed_last_hour: AtomicUsize,
}
impl Debug for Stats {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
write!(
f,
"Activity queue stats: pending: {}, running: {}, retries: {}, dead: {}, complete: {}",
self.pending.load(Ordering::Relaxed),
self.running.load(Ordering::Relaxed),
self.retries.load(Ordering::Relaxed),
self.dead_last_hour.load(Ordering::Relaxed),
self.completed_last_hour.load(Ordering::Relaxed)
)
}
}
#[derive(Clone, Copy, Default)]
struct RetryStrategy {
/// Amount of time in seconds to back off
backoff: usize,
/// Amount of times to retry
retries: usize,
/// If this particular request has already been retried, you can add an offset here to increment the count to start
offset: usize,
/// Number of seconds to sleep before trying
initial_sleep: usize,
}
/// A tokio spawned worker which is responsible for submitting requests to federated servers
/// This will retry up to one time with the same signature, and if it fails, will move it to the retry queue.
/// We need to retry activity sending in case the target instances is temporarily unreachable.
/// In this case, the task is stored and resent when the instance is hopefully back up. This
/// list shows the retry intervals, and which events of the target instance can be covered:
/// - 60s (one minute, service restart) -- happens in the worker w/ same signature
/// - 60min (one hour, instance maintenance) --- happens in the retry worker
/// - 60h (2.5 days, major incident with rebuild from backup) --- happens in the retry worker
async fn worker(
client: ClientWithMiddleware,
timeout: Duration,
message: SendActivityTask,
retry_queue: UnboundedSender<SendActivityTask>,
stats: Arc<Stats>,
strategy: RetryStrategy,
) {
stats.pending.fetch_sub(1, Ordering::Relaxed);
stats.running.fetch_add(1, Ordering::Relaxed);
let outcome = sign_and_send(&message, &client, timeout, strategy).await;
// "Running" has finished, check the outcome
stats.running.fetch_sub(1, Ordering::Relaxed);
match outcome {
Ok(_) => {
stats.completed_last_hour.fetch_add(1, Ordering::Relaxed);
}
Err(_err) => {
stats.retries.fetch_add(1, Ordering::Relaxed);
warn!(
"Sending activity {} to {} to the retry queue to be tried again later",
message.activity_id, message.inbox
);
// Send to the retry queue. Ignoring whether it succeeds or not
retry_queue.send(message).ok();
}
}
}
async fn retry_worker(
client: ClientWithMiddleware,
timeout: Duration,
message: SendActivityTask,
stats: Arc<Stats>,
strategy: RetryStrategy,
) {
// Because the times are pretty extravagant between retries, we have to re-sign each time
let outcome = retry(
|| {
sign_and_send(
&message,
&client,
timeout,
RetryStrategy {
backoff: 0,
retries: 0,
offset: 0,
initial_sleep: 0,
},
)
},
strategy,
)
.await;
stats.retries.fetch_sub(1, Ordering::Relaxed);
match outcome {
Ok(_) => {
stats.completed_last_hour.fetch_add(1, Ordering::Relaxed);
}
Err(_err) => {
stats.dead_last_hour.fetch_add(1, Ordering::Relaxed);
}
}
}
impl ActivityQueue {
fn new(
client: ClientWithMiddleware,
worker_count: usize,
retry_count: usize,
timeout: Duration,
backoff: usize, // This should be 60 seconds by default or 1 second in tests
) -> Self {
let stats: Arc<Stats> = Default::default();
// This task clears the dead/completed stats every hour
let hour_stats = stats.clone();
tokio::spawn(async move {
let duration = Duration::from_secs(3600);
loop {
tokio::time::sleep(duration).await;
hour_stats.completed_last_hour.store(0, Ordering::Relaxed);
hour_stats.dead_last_hour.store(0, Ordering::Relaxed);
}
});
let (retry_sender, mut retry_receiver) = unbounded_channel();
let retry_stats = stats.clone();
let retry_client = client.clone();
// The "fast path" retry
// The backoff should be < 5 mins for this to work otherwise signatures may expire
// This strategy is the one that is used with the *same* signature
let strategy = RetryStrategy {
backoff,
retries: 1,
offset: 0,
initial_sleep: 0,
};
// The "retry path" strategy
// After the fast path fails, a task will sleep up to backoff ^ 2 and then retry again
let retry_strategy = RetryStrategy {
backoff,
retries: 3,
offset: 2,
initial_sleep: backoff.pow(2), // wait 60 mins before even trying
};
let retry_sender_task = tokio::spawn(async move {
let mut join_set = JoinSet::new();
while let Some(message) = retry_receiver.recv().await {
let retry_task = retry_worker(
retry_client.clone(),
timeout,
message,
retry_stats.clone(),
retry_strategy,
);
if retry_count > 0 {
// If we're over the limit of retries, wait for them to finish before spawning
while join_set.len() >= retry_count {
join_set.join_next().await;
}
join_set.spawn(retry_task);
} else {
// If the retry worker count is `0` then just spawn and don't use the join_set
tokio::spawn(retry_task);
}
}
while !join_set.is_empty() {
join_set.join_next().await;
}
});
let (sender, mut receiver) = unbounded_channel();
let sender_stats = stats.clone();
let sender_task = tokio::spawn(async move {
let mut join_set = JoinSet::new();
while let Some(message) = receiver.recv().await {
let task = worker(
client.clone(),
timeout,
message,
retry_sender.clone(),
sender_stats.clone(),
strategy,
);
if worker_count > 0 {
// If we're over the limit of workers, wait for them to finish before spawning
while join_set.len() >= worker_count {
join_set.join_next().await;
}
join_set.spawn(task);
} else {
// If the worker count is `0` then just spawn and don't use the join_set
tokio::spawn(task);
}
}
drop(retry_sender);
while !join_set.is_empty() {
join_set.join_next().await;
}
});
Self {
stats,
sender,
sender_task,
retry_sender_task,
}
}
async fn queue(&self, message: SendActivityTask) -> Result<(), Error> {
self.stats.pending.fetch_add(1, Ordering::Relaxed);
self.sender
.send(message)
.map_err(|e| Error::ActivityQueueError(e.0.activity_id))?;
Ok(())
}
fn get_stats(&self) -> &Stats {
&self.stats
}
#[allow(unused)]
// Drops all the senders and shuts down the workers
pub(crate) async fn shutdown(self, wait_for_retries: bool) -> Result<Arc<Stats>, Error> {
drop(self.sender);
self.sender_task.await?;
if wait_for_retries {
self.retry_sender_task.await?;
}
Ok(self.stats)
}
}
/// Creates an activity queue using tokio spawned tasks
/// Note: requires a tokio runtime
pub(crate) fn create_activity_queue(
client: ClientWithMiddleware,
worker_count: usize,
retry_count: usize,
request_timeout: Duration,
) -> ActivityQueue {
ActivityQueue::new(client, worker_count, retry_count, request_timeout, 60)
}
/// Retries a future action factory function up to `amount` times with an exponential backoff timer between tries
async fn retry<T, E: Display + Debug, F: Future<Output = Result<T, E>>, A: FnMut() -> F>(
mut action: A,
strategy: RetryStrategy,
) -> Result<T, E> {
let mut count = strategy.offset;
// Do an initial sleep if it's called for
if strategy.initial_sleep > 0 {
let sleep_dur = Duration::from_secs(strategy.initial_sleep as u64);
tokio::time::sleep(sleep_dur).await;
}
loop {
match action().await {
Ok(val) => return Ok(val),
Err(err) => {
if count < strategy.retries {
count += 1;
let sleep_amt = strategy.backoff.pow(count as u32) as u64;
let sleep_dur = Duration::from_secs(sleep_amt);
warn!("{err:?}. Sleeping for {sleep_dur:?} and trying again");
tokio::time::sleep(sleep_dur).await;
continue;
} else {
return Err(err);
}
}
}
}
}
#[cfg(test)]
#[allow(clippy::unwrap_used)]
mod tests {
use super::*;
use crate::http_signatures::generate_actor_keypair;
use axum::extract::State;
use bytes::Bytes;
use http::{HeaderMap, StatusCode};
use std::time::Instant;
use tracing::debug;
// This will periodically send back internal errors to test the retry
async fn dodgy_handler(
State(state): State<Arc<AtomicUsize>>,
headers: HeaderMap,
body: Bytes,
) -> Result<(), StatusCode> {
debug!("Headers:{:?}", headers);
debug!("Body len:{}", body.len());
if state.fetch_add(1, Ordering::Relaxed) % 20 == 0 {
return Err(StatusCode::INTERNAL_SERVER_ERROR);
}
Ok(())
}
async fn test_server() {
use axum::{routing::post, Router};
// We should break every now and then ;)
let state = Arc::new(AtomicUsize::new(0));
let app = Router::new()
.route("/", post(dodgy_handler))
.with_state(state);
axum::Server::bind(&"0.0.0.0:8002".parse().unwrap())
.serve(app.into_make_service())
.await
.unwrap();
}
#[tokio::test(flavor = "multi_thread")]
// Queues 100 messages and then asserts that the worker runs them
async fn test_activity_queue_workers() {
let num_workers = 64;
let num_messages: usize = 100;
tokio::spawn(test_server());
/*
// uncomment for debug logs & stats
use tracing::log::LevelFilter;
env_logger::builder()
.filter_level(LevelFilter::Warn)
.filter_module("activitypub_federation", LevelFilter::Info)
.format_timestamp(None)
.init();
*/
let activity_queue = ActivityQueue::new(
reqwest::Client::default().into(),
num_workers,
num_workers,
Duration::from_secs(10),
1,
);
let keypair = generate_actor_keypair().unwrap();
let message = SendActivityTask {
actor_id: "http://localhost:8002".parse().unwrap(),
activity_id: "http://localhost:8002/activity".parse().unwrap(),
activity: "{}".into(),
inbox: "http://localhost:8002".parse().unwrap(),
private_key: keypair.private_key().unwrap(),
http_signature_compat: true,
};
let start = Instant::now();
for _ in 0..num_messages {
activity_queue.queue(message.clone()).await.unwrap();
}
info!("Queue Sent: {:?}", start.elapsed());
let stats = activity_queue.shutdown(true).await.unwrap();
info!(
"Queue Finished. Num msgs: {}, Time {:?}, msg/s: {:0.0}",
num_messages,
start.elapsed(),
num_messages as f64 / start.elapsed().as_secs_f64()
);
assert_eq!(
stats.completed_last_hour.load(Ordering::Relaxed),
num_messages
);
}
}

225
src/activity_sending.rs
View file

@ -10,118 +10,113 @@ use crate::{
traits::{ActivityHandler, Actor},
FEDERATION_CONTENT_TYPE,
};
use bytes::Bytes;
use futures::StreamExt;
use http::StatusCode;
use httpdate::fmt_http_date;
use itertools::Itertools;
use openssl::pkey::{PKey, Private};
use reqwest::header::{HeaderMap, HeaderName, HeaderValue};
use reqwest::{
header::{HeaderMap, HeaderName, HeaderValue},
Response,
};
use reqwest_middleware::ClientWithMiddleware;
use serde::Serialize;
use std::{
self,
fmt::{Debug, Display},
time::SystemTime,
time::{Duration, SystemTime},
};
use tracing::debug;
use url::Url;
#[derive(Clone, Debug)]
/// all info needed to send one activity to one inbox
pub struct SendActivityTask<'a> {
actor_id: &'a Url,
activity_id: &'a Url,
activity: Bytes,
inbox: Url,
private_key: PKey<Private>,
http_signature_compat: bool,
/// All info needed to sign and send one activity to one inbox. You should generally use
/// [[crate::activity_queue::queue_activity]] unless you want implement your own queue.
pub struct SendActivityTask {
pub(crate) actor_id: Url,
pub(crate) activity_id: Url,
pub(crate) activity: Bytes,
pub(crate) inbox: Url,
pub(crate) private_key: PKey<Private>,
pub(crate) http_signature_compat: bool,
}
impl Display for SendActivityTask<'_> {
impl Display for SendActivityTask {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
write!(f, "{} to {}", self.activity_id, self.inbox)
}
}
impl SendActivityTask<'_> {
/// prepare an activity for sending
impl SendActivityTask {
/// Prepare an activity for sending
///
/// - `activity`: The activity to be sent, gets converted to json
/// - `inboxes`: List of remote actor inboxes that should receive the activity. Ignores local actor
/// inboxes. Should be built by calling [crate::traits::Actor::shared_inbox_or_inbox]
/// for each target actor.
pub async fn prepare<'a, Activity, Datatype, ActorType>(
activity: &'a Activity,
pub async fn prepare<Activity, Datatype, ActorType>(
activity: &Activity,
actor: &ActorType,
inboxes: Vec<Url>,
data: &Data<Datatype>,
) -> Result<Vec<SendActivityTask<'a>>, Error>
) -> Result<Vec<SendActivityTask>, Error>
where
Activity: ActivityHandler + Serialize + Debug,
Datatype: Clone,
ActorType: Actor,
{
let config = &data.config;
let actor_id = activity.actor();
let activity_id = activity.id();
let activity_serialized: Bytes = serde_json::to_vec(&activity)
.map_err(|e| Error::SerializeOutgoingActivity(e, format!("{:?}", activity)))?
.into();
let private_key = get_pkey_cached(data, actor).await?;
Ok(futures::stream::iter(
inboxes
.into_iter()
.unique()
.filter(|i| !config.is_local_url(i)),
)
.filter_map(|inbox| async {
if let Err(err) = config.verify_url_valid(&inbox).await {
debug!("inbox url invalid, skipping: {inbox}: {err}");
return None;
};
Some(SendActivityTask {
actor_id,
activity_id,
inbox,
activity: activity_serialized.clone(),
private_key: private_key.clone(),
http_signature_compat: config.http_signature_compat,
})
})
.collect()
.await)
build_tasks(activity, actor, inboxes, data).await
}
/// convert a sendactivitydata to a request, signing and sending it
pub async fn sign_and_send<Datatype: Clone>(&self, data: &Data<Datatype>) -> Result<(), Error> {
let client = &data.config.client;
self.sign_and_send_internal(&data.config.client, data.config.request_timeout)
.await
}
pub(crate) async fn sign_and_send_internal(
&self,
client: &ClientWithMiddleware,
timeout: Duration,
) -> Result<(), Error> {
debug!("Sending {} to {}", self.activity_id, self.inbox,);
let request_builder = client
.post(self.inbox.to_string())
.timeout(data.config.request_timeout)
.timeout(timeout)
.headers(generate_request_headers(&self.inbox));
let request = sign_request(
request_builder,
self.actor_id,
&self.actor_id,
self.activity.clone(),
self.private_key.clone(),
self.http_signature_compat,
)
.await?;
let response = client.execute(request).await?;
self.handle_response(response).await
}
match response {
o if o.status().is_success() => {
/// Based on the HTTP status code determines if an activity was delivered successfully. In that case
/// Ok is returned. Otherwise it returns Err and the activity send should be retried later.
///
/// Equivalent code in mastodon: https://github.com/mastodon/mastodon/blob/v4.2.8/app/helpers/jsonld_helper.rb#L215-L217
async fn handle_response(&self, response: Response) -> Result<(), Error> {
match response.status() {
status if status.is_success() => {
debug!("Activity {self} delivered successfully");
Ok(())
}
o if o.status().is_client_error() => {
let text = o.text_limited().await?;
status
if status.is_client_error()
&& status != StatusCode::REQUEST_TIMEOUT
&& status != StatusCode::TOO_MANY_REQUESTS =>
{
let text = response.text_limited().await?;
debug!("Activity {self} was rejected, aborting: {text}");
Ok(())
}
o => {
let status = o.status();
let text = o.text_limited().await?;
status => {
let text = response.text_limited().await?;
Err(Error::Other(format!(
"Activity {self} failure with status {status}: {text}",
@ -131,7 +126,50 @@ impl SendActivityTask<'_> {
}
}
async fn get_pkey_cached<ActorType>(
pub(crate) async fn build_tasks<'a, Activity, Datatype, ActorType>(
activity: &'a Activity,
actor: &ActorType,
inboxes: Vec<Url>,
data: &Data<Datatype>,
) -> Result<Vec<SendActivityTask>, Error>
where
Activity: ActivityHandler + Serialize + Debug,
Datatype: Clone,
ActorType: Actor,
{
let config = &data.config;
let actor_id = activity.actor();
let activity_id = activity.id();
let activity_serialized: Bytes = serde_json::to_vec(activity)
.map_err(|e| Error::SerializeOutgoingActivity(e, format!("{:?}", activity)))?
.into();
let private_key = get_pkey_cached(data, actor).await?;
Ok(futures::stream::iter(
inboxes
.into_iter()
.unique()
.filter(|i| !config.is_local_url(i)),
)
.filter_map(|inbox| async {
if let Err(err) = config.verify_url_valid(&inbox).await {
debug!("inbox url invalid, skipping: {inbox}: {err}");
return None;
};
Some(SendActivityTask {
actor_id: actor_id.clone(),
activity_id: activity_id.clone(),
inbox,
activity: activity_serialized.clone(),
private_key: private_key.clone(),
http_signature_compat: config.http_signature_compat,
})
})
.collect()
.await)
}
pub(crate) async fn get_pkey_cached<ActorType>(
data: &Data<impl Clone>,
actor: &ActorType,
) -> Result<PKey<Private>, Error>
@ -186,33 +224,20 @@ pub(crate) fn generate_request_headers(inbox_url: &Url) -> HeaderMap {
}
#[cfg(test)]
#[allow(clippy::unwrap_used)]
mod tests {
use axum::extract::State;
use bytes::Bytes;
use http::StatusCode;
use super::*;
use crate::{config::FederationConfig, http_signatures::generate_actor_keypair};
use std::{
sync::{atomic::AtomicUsize, Arc},
time::Instant,
};
use tracing::info;
use crate::{config::FederationConfig, http_signatures::generate_actor_keypair};
use super::*;
#[allow(unused)]
// This will periodically send back internal errors to test the retry
async fn dodgy_handler(
State(state): State<Arc<AtomicUsize>>,
headers: HeaderMap,
body: Bytes,
) -> Result<(), StatusCode> {
async fn dodgy_handler(headers: HeaderMap, body: Bytes) -> Result<(), StatusCode> {
debug!("Headers:{:?}", headers);
debug!("Body len:{}", body.len());
/*if state.fetch_add(1, Ordering::Relaxed) % 20 == 0 {
return Err(StatusCode::INTERNAL_SERVER_ERROR);
}*/
Ok(())
}
@ -253,8 +278,8 @@ mod tests {
let keypair = generate_actor_keypair().unwrap();
let message = SendActivityTask {
actor_id: &"http://localhost:8001".parse().unwrap(),
activity_id: &"http://localhost:8001/activity".parse().unwrap(),
actor_id: "http://localhost:8001".parse().unwrap(),
activity_id: "http://localhost:8001/activity".parse().unwrap(),
activity: "{}".into(),
inbox: "http://localhost:8001".parse().unwrap(),
private_key: keypair.private_key().unwrap(),
@ -276,4 +301,48 @@ mod tests {
info!("Queue Sent: {:?}", start.elapsed());
Ok(())
}
#[tokio::test]
async fn test_handle_response() {
let keypair = generate_actor_keypair().unwrap();
let message = SendActivityTask {
actor_id: "http://localhost:8001".parse().unwrap(),
activity_id: "http://localhost:8001/activity".parse().unwrap(),
activity: "{}".into(),
inbox: "http://localhost:8001".parse().unwrap(),
private_key: keypair.private_key().unwrap(),
http_signature_compat: true,
};
let res = |status| {
http::Response::builder()
.status(status)
.body(vec![])
.unwrap()
.into()
};
assert!(message.handle_response(res(StatusCode::OK)).await.is_ok());
assert!(message
.handle_response(res(StatusCode::BAD_REQUEST))
.await
.is_ok());
assert!(message
.handle_response(res(StatusCode::MOVED_PERMANENTLY))
.await
.is_err());
assert!(message
.handle_response(res(StatusCode::REQUEST_TIMEOUT))
.await
.is_err());
assert!(message
.handle_response(res(StatusCode::TOO_MANY_REQUESTS))
.await
.is_err());
assert!(message
.handle_response(res(StatusCode::INTERNAL_SERVER_ERROR))
.await
.is_err());
}
}

1
src/actix_web/inbox.rs
View file

@ -45,6 +45,7 @@ where
}
#[cfg(test)]
#[allow(clippy::unwrap_used)]
mod test {
use super::*;
use crate::{

69
src/config.rs
View file

@ -15,6 +15,7 @@
//! ```
use crate::{
activity_queue::{create_activity_queue, ActivityQueue},
error::Error,
protocol::verification::verify_domains_match,
traits::{ActivityHandler, Actor},
@ -85,6 +86,20 @@ pub struct FederationConfig<T: Clone> {
setter(custom)
)]
pub(crate) actor_pkey_cache: Cache<Url, PKey<Private>>,
/// Queue for sending outgoing activities. Only optional to make builder work, its always
/// present once constructed.
#[builder(setter(skip))]
pub(crate) activity_queue: Option<Arc<ActivityQueue>>,
/// When sending with activity queue: Number of tasks that can be in-flight concurrently.
/// Tasks are retried once after a minute, then put into the retry queue.
/// Setting this count to `0` means that there is no limit to concurrency
#[builder(default = "0")]
pub(crate) queue_worker_count: usize,
/// When sending with activity queue: Number of concurrent tasks that are being retried
/// in-flight concurrently. Tasks are retried after an hour, then again in 60 hours.
/// Setting this count to `0` means that there is no limit to concurrency
#[builder(default = "0")]
pub(crate) queue_retry_count: usize,
}
impl<T: Clone> FederationConfig<T> {
@ -159,11 +174,17 @@ impl<T: Clone> FederationConfig<T> {
/// Returns true if the url refers to this instance. Handles hostnames like `localhost:8540` for
/// local debugging.
pub(crate) fn is_local_url(&self, url: &Url) -> bool {
let mut domain = url.host_str().expect("id has domain").to_string();
if let Some(port) = url.port() {
domain = format!("{}:{}", domain, port);
match url.host_str() {
Some(domain) => {
let domain = if let Some(port) = url.port() {
format!("{}:{}", domain, port)
} else {
domain.to_string()
};
domain == self.domain
}
None => false,
}
domain == self.domain
}
/// Returns the local domain
@ -197,7 +218,14 @@ impl<T: Clone> FederationConfigBuilder<T> {
/// queue for outgoing activities, which is stored internally in the config struct.
/// Requires a tokio runtime for the background queue.
pub async fn build(&mut self) -> Result<FederationConfig<T>, FederationConfigBuilderError> {
let config = self.partial_build()?;
let mut config = self.partial_build()?;
let queue = create_activity_queue(
config.client.clone(),
config.queue_worker_count,
config.queue_retry_count,
config.request_timeout,
);
config.activity_queue = Some(Arc::new(queue));
Ok(config)
}
}
@ -319,3 +347,34 @@ impl<T: Clone> FederationMiddleware<T> {
FederationMiddleware(config)
}
}
#[cfg(test)]
#[allow(clippy::unwrap_used)]
mod test {
use super::*;
async fn config() -> FederationConfig<i32> {
FederationConfig::builder()
.domain("example.com")
.app_data(1)
.build()
.await
.unwrap()
}
#[tokio::test]
async fn test_url_is_local() -> Result<(), Error> {
let config = config().await;
assert!(config.is_local_url(&Url::parse("http://example.com")?));
assert!(!config.is_local_url(&Url::parse("http://other.com")?));
// ensure that missing domain doesnt cause crash
assert!(!config.is_local_url(&Url::parse("http://127.0.0.1")?));
Ok(())
}
#[tokio::test]
async fn test_get_domain() {
let config = config().await;
assert_eq!("example.com", config.domain());
}
}

21
src/error.rs
View file

@ -1,13 +1,12 @@
//! Error messages returned by this library
use std::string::FromUtf8Error;
use crate::fetch::webfinger::WebFingerError;
use http_signature_normalization_reqwest::SignError;
use openssl::error::ErrorStack;
use std::string::FromUtf8Error;
use tokio::task::JoinError;
use url::Url;
use crate::fetch::webfinger::WebFingerError;
/// Error messages returned by this library
#[derive(thiserror::Error, Debug)]
pub enum Error {
@ -62,6 +61,20 @@ pub enum Error {
/// Signing errors
#[error(transparent)]
SignError(#[from] SignError),
/// Failed to queue activity for sending
#[error("Failed to queue activity {0} for sending")]
ActivityQueueError(Url),
/// Stop activity queue
#[error(transparent)]
StopActivityQueue(#[from] JoinError),
/// Attempted to fetch object which doesn't have valid ActivityPub Content-Type
#[error(
"Attempted to fetch object from {0} which doesn't have valid ActivityPub Content-Type"
)]
FetchInvalidContentType(Url),
/// Attempted to fetch object but the response's id field doesn't match
#[error("Attempted to fetch object from {0} but the response's id field doesn't match")]
FetchWrongId(Url),
/// Other generic errors
#[error("{0}")]
Other(String),

59
src/fetch/mod.rs
View file

@ -5,12 +5,13 @@
use crate::{
config::Data,
error::{Error, Error::ParseFetchedObject},
extract_id,
http_signatures::sign_request,
reqwest_shim::ResponseExt,
FEDERATION_CONTENT_TYPE,
};
use bytes::Bytes;
use http::StatusCode;
use http::{HeaderValue, StatusCode};
use serde::de::DeserializeOwned;
use std::sync::atomic::Ordering;
use tracing::info;
@ -29,6 +30,8 @@ pub struct FetchObjectResponse<Kind> {
pub object: Kind,
/// Contains the final URL (different from request URL in case of redirect)
pub url: Url,
content_type: Option<HeaderValue>,
object_id: Option<Url>,
}
/// Fetch a remote object over HTTP and convert to `Kind`.
@ -42,12 +45,44 @@ pub struct FetchObjectResponse<Kind> {
/// [Error::RequestLimit]. This prevents denial of service attacks where an attack triggers
/// infinite, recursive fetching of data.
///
/// The `Accept` header will be set to the content of [`FEDERATION_CONTENT_TYPE`].
/// The `Accept` header will be set to the content of [`FEDERATION_CONTENT_TYPE`]. When parsing the
/// response it ensures that it has a valid `Content-Type` header as defined by ActivityPub, to
/// prevent security vulnerabilities like [this one](https://github.com/mastodon/mastodon/security/advisories/GHSA-jhrq-qvrm-qr36).
/// Additionally it checks that the `id` field is identical to the fetch URL (after redirects).
pub async fn fetch_object_http<T: Clone, Kind: DeserializeOwned>(
url: &Url,
data: &Data<T>,
) -> Result<FetchObjectResponse<Kind>, Error> {
fetch_object_http_with_accept(url, data, FEDERATION_CONTENT_TYPE).await
static FETCH_CONTENT_TYPE: HeaderValue = HeaderValue::from_static(FEDERATION_CONTENT_TYPE);
const VALID_RESPONSE_CONTENT_TYPES: [&str; 3] = [
FEDERATION_CONTENT_TYPE, // lemmy
r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#, // activitypub standard
r#"application/activity+json; charset=utf-8"#, // mastodon
];
let res = fetch_object_http_with_accept(url, data, &FETCH_CONTENT_TYPE).await?;
// Ensure correct content-type to prevent vulnerabilities, with case insensitive comparison.
let content_type = res
.content_type
.as_ref()
.and_then(|c| c.to_str().ok())
.ok_or(Error::FetchInvalidContentType(res.url.clone()))?;
if !VALID_RESPONSE_CONTENT_TYPES.contains(&content_type) {
return Err(Error::FetchInvalidContentType(res.url));
}
// Ensure id field matches final url after redirect
if res.object_id.as_ref() != Some(&res.url) {
return Err(Error::FetchWrongId(res.url));
}
// Dont allow fetching local object. Only check this after the request as a local url
// may redirect to a remote object.
if data.config.is_local_url(&res.url) {
return Err(Error::NotFound);
}
Ok(res)
}
/// Fetch a remote object over HTTP and convert to `Kind`. This function works exactly as
@ -55,15 +90,15 @@ pub async fn fetch_object_http<T: Clone, Kind: DeserializeOwned>(
async fn fetch_object_http_with_accept<T: Clone, Kind: DeserializeOwned>(
url: &Url,
data: &Data<T>,
content_type: &str,
content_type: &HeaderValue,
) -> Result<FetchObjectResponse<Kind>, Error> {
let config = &data.config;
// dont fetch local objects this way
debug_assert!(url.domain() != Some(&config.domain));
config.verify_url_valid(url).await?;
info!("Fetching remote object {}", url.to_string());
let counter = data.request_counter.fetch_add(1, Ordering::SeqCst);
let mut counter = data.request_counter.fetch_add(1, Ordering::SeqCst);
// fetch_add returns old value so we need to increment manually here
counter += 1;
if counter > config.http_fetch_limit {
return Err(Error::RequestLimit);
}
@ -93,9 +128,17 @@ async fn fetch_object_http_with_accept<T: Clone, Kind: DeserializeOwned>(
}
let url = res.url().clone();
let content_type = res.headers().get("Content-Type").cloned();
let text = res.bytes_limited().await?;
let object_id = extract_id(&text).ok();
match serde_json::from_slice(&text) {
Ok(object) => Ok(FetchObjectResponse { object, url }),
Ok(object) => Ok(FetchObjectResponse {
object,
url,
content_type,
object_id,
}),
Err(e) => Err(ParseFetchedObject(
e,
url,

28
src/fetch/object_id.rs
View file

@ -88,19 +88,13 @@ where
<Kind as Object>::Error: From<Error>,
{
let db_object = self.dereference_from_db(data).await?;
// if its a local object, only fetch it from the database and not over http
if data.config.is_local_url(&self.0) {
return match db_object {
None => Err(Error::NotFound.into()),
Some(o) => Ok(o),
};
}
// object found in database
if let Some(object) = db_object {
// object is old and should be refetched
if let Some(last_refreshed_at) = object.last_refreshed_at() {
if should_refetch_object(last_refreshed_at) {
let is_local = data.config.is_local_url(&self.0);
if !is_local && should_refetch_object(last_refreshed_at) {
// object is outdated and should be refetched
return self.dereference_from_http(data, Some(object)).await;
}
}
@ -175,6 +169,11 @@ where
Kind::verify(&res.object, redirect_url, data).await?;
Kind::from_json(res.object, data).await
}
/// Returns true if the object's domain matches the one defined in [[FederationConfig.domain]].
pub fn is_local(&self, data: &Data<<Kind as Object>::DataType>) -> bool {
data.config.is_local_url(&self.0)
}
}
/// Need to implement clone manually, to avoid requiring Kind to be Clone
@ -197,9 +196,9 @@ static ACTOR_REFETCH_INTERVAL_SECONDS_DEBUG: i64 = 20;
fn should_refetch_object(last_refreshed: DateTime<Utc>) -> bool {
let update_interval = if cfg!(debug_assertions) {
// avoid infinite loop when fetching community outbox
ChronoDuration::seconds(ACTOR_REFETCH_INTERVAL_SECONDS_DEBUG)
ChronoDuration::try_seconds(ACTOR_REFETCH_INTERVAL_SECONDS_DEBUG).expect("valid duration")
} else {
ChronoDuration::seconds(ACTOR_REFETCH_INTERVAL_SECONDS)
ChronoDuration::try_seconds(ACTOR_REFETCH_INTERVAL_SECONDS).expect("valid duration")
};
let refresh_limit = Utc::now() - update_interval;
last_refreshed.lt(&refresh_limit)
@ -345,9 +344,10 @@ const _IMPL_DIESEL_NEW_TYPE_FOR_OBJECT_ID: () = {
};
#[cfg(test)]
#[allow(clippy::unwrap_used)]
pub mod tests {
use super::*;
use crate::{fetch::object_id::should_refetch_object, traits::tests::DbUser};
use crate::traits::tests::DbUser;
#[test]
fn test_deserialize() {
@ -362,10 +362,10 @@ pub mod tests {
#[test]
fn test_should_refetch_object() {
let one_second_ago = Utc::now() - ChronoDuration::seconds(1);
let one_second_ago = Utc::now() - ChronoDuration::try_seconds(1).unwrap();
assert!(!should_refetch_object(one_second_ago));
let two_days_ago = Utc::now() - ChronoDuration::days(2);
let two_days_ago = Utc::now() - ChronoDuration::try_days(2).unwrap();
assert!(should_refetch_object(two_days_ago));
}
}

17
src/fetch/webfinger.rs
View file

@ -5,6 +5,7 @@ use crate::{
traits::{Actor, Object},
FEDERATION_CONTENT_TYPE,
};
use http::HeaderValue;
use itertools::Itertools;
use once_cell::sync::Lazy;
use regex::Regex;
@ -33,6 +34,9 @@ impl WebFingerError {
}
}
/// The content-type for webfinger responses.
pub static WEBFINGER_CONTENT_TYPE: HeaderValue = HeaderValue::from_static("application/jrd+json");
/// Takes an identifier of the form `name@example.com`, and returns an object of `Kind`.
///
/// For this the identifier is first resolved via webfinger protocol to an Activitypub ID. This ID
@ -58,7 +62,7 @@ where
let res: Webfinger = fetch_object_http_with_accept(
&Url::parse(&fetch_url).map_err(Error::UrlParse)?,
data,
"application/jrd+json",
&WEBFINGER_CONTENT_TYPE,
)
.await?
.object;
@ -117,7 +121,7 @@ where
T: Clone,
{
static WEBFINGER_REGEX: Lazy<Regex> =
Lazy::new(|| Regex::new(r"^acct:([\p{L}0-9_]+)@(.*)$").expect("compile regex"));
Lazy::new(|| Regex::new(r"^acct:([\p{L}0-9_\.\-]+)@(.*)$").expect("compile regex"));
// Regex to extract usernames from webfinger query. Supports different alphabets using `\p{L}`.
// TODO: This should use a URL parser
let captures = WEBFINGER_REGEX
@ -241,6 +245,7 @@ pub struct WebfingerLink {
}
#[cfg(test)]
#[allow(clippy::unwrap_used)]
mod tests {
use super::*;
use crate::{
@ -284,6 +289,14 @@ mod tests {
Ok("Владимир"),
extract_webfinger_name("acct:Владимир@example.com", &data)
);
assert_eq!(
Ok("example.com"),
extract_webfinger_name("acct:example.com@example.com", &data)
);
assert_eq!(
Ok("da-sh"),
extract_webfinger_name("acct:da-sh@example.com", &data)
);
assert_eq!(
Ok("تجريب"),
extract_webfinger_name("acct:تجريب@example.com", &data)

10
src/http_signatures.rs
View file

@ -1,7 +1,7 @@
//! Generating keypairs, creating and verifying signatures
//!
//! Signature creation and verification is handled internally in the library. See
//! [send_activity](crate::activity_sending::send_activity) and
//! [send_activity](crate::activity_sending::SendActivityTask::sign_and_send) and
//! [receive_activity (actix-web)](crate::actix_web::inbox::receive_activity) /
//! [receive_activity (axum)](crate::axum::inbox::receive_activity).
@ -189,8 +189,11 @@ fn verify_signature_inner(
uri: &Uri,
public_key: &str,
) -> Result<(), Error> {
static CONFIG: Lazy<http_signature_normalization::Config> =
Lazy::new(|| http_signature_normalization::Config::new().set_expiration(EXPIRES_AFTER));
static CONFIG: Lazy<http_signature_normalization::Config> = Lazy::new(|| {
http_signature_normalization::Config::new()
.set_expiration(EXPIRES_AFTER)
.require_digest()
});
let path_and_query = uri.path_and_query().map(PathAndQuery::as_str).unwrap_or("");
@ -275,6 +278,7 @@ pub(crate) fn verify_body_hash(
}
#[cfg(test)]
#[allow(clippy::unwrap_used)]
pub mod test {
use super::*;
use crate::activity_sending::generate_request_headers;

20
src/lib.rs
View file

@ -10,6 +10,7 @@
#![doc = include_str!("../docs/10_fetching_objects_with_unknown_type.md")]
#![deny(missing_docs)]
pub mod activity_queue;
pub mod activity_sending;
#[cfg(feature = "actix-web")]
pub mod actix_web;
@ -35,7 +36,7 @@ use serde::{de::DeserializeOwned, Deserialize};
use url::Url;
/// Mime type for Activitypub data, used for `Accept` and `Content-Type` HTTP headers
pub static FEDERATION_CONTENT_TYPE: &str = "application/activity+json";
pub const FEDERATION_CONTENT_TYPE: &str = "application/activity+json";
/// Deserialize incoming inbox activity to the given type, perform basic
/// validation and extract the actor.
@ -53,12 +54,8 @@ where
{
let activity: Activity = serde_json::from_slice(body).map_err(|e| {
// Attempt to include activity id in error message
#[derive(Deserialize)]
struct Id {
id: Url,
}
let id = serde_json::from_slice::<Id>(body).ok();
Error::ParseReceivedActivity(e, id.map(|i| i.id))
let id = extract_id(body).ok();
Error::ParseReceivedActivity(e, id)
})?;
data.config.verify_url_and_domain(&activity).await?;
let actor = ObjectId::<ActorT>::from(activity.actor().clone())
@ -66,3 +63,12 @@ where
.await?;
Ok((activity, actor))
}
/// Attempt to parse id field from serialized json
fn extract_id(data: &[u8]) -> serde_json::Result<Url> {
#[derive(Deserialize)]
struct Id {
id: Url,
}
Ok(serde_json::from_slice::<Id>(data)?.id)
}

10
src/protocol/helpers.rs
View file

@ -56,12 +56,12 @@ where
/// #[derive(serde::Deserialize)]
/// struct Note {
/// #[serde(deserialize_with = "deserialize_one")]
/// to: Url
/// to: [Url; 1]
/// }
///
/// let note = serde_json::from_str::<Note>(r#"{"to": ["https://example.com/u/alice"] }"#);
/// assert!(note.is_ok());
pub fn deserialize_one<'de, T, D>(deserializer: D) -> Result<T, D::Error>
pub fn deserialize_one<'de, T, D>(deserializer: D) -> Result<[T; 1], D::Error>
where
T: Deserialize<'de>,
D: Deserializer<'de>,
@ -75,8 +75,8 @@ where
let result: MaybeArray<T> = Deserialize::deserialize(deserializer)?;
Ok(match result {
MaybeArray::Simple(value) => value,
MaybeArray::Array([value]) => value,
MaybeArray::Simple(value) => [value],
MaybeArray::Array([value]) => [value],
})
}
@ -125,7 +125,7 @@ mod tests {
#[derive(serde::Deserialize)]
struct Note {
#[serde(deserialize_with = "deserialize_one")]
_to: Url,
_to: [Url; 1],
}
let note = serde_json::from_str::<Note>(

2
src/traits.rs
View file

@ -343,7 +343,7 @@ pub mod tests {
error::Error,
fetch::object_id::ObjectId,
http_signatures::{generate_actor_keypair, Keypair},
protocol::{public_key::PublicKey, verification::verify_domains_match},
protocol::verification::verify_domains_match,
};
use activitystreams_kinds::{activity::FollowType, actor::PersonType};
use once_cell::sync::Lazy;