2020-01-28 19:45:27 +00:00
|
|
|
''' handles all of the activity coming in to the server '''
|
2020-04-22 13:53:22 +00:00
|
|
|
import json
|
2020-01-30 04:56:18 +00:00
|
|
|
from base64 import b64decode
|
2020-05-13 10:40:57 +00:00
|
|
|
from urllib.parse import urldefrag
|
|
|
|
|
|
2020-03-29 07:05:09 +00:00
|
|
|
from Crypto.Hash import SHA256
|
2020-01-30 04:56:18 +00:00
|
|
|
from Crypto.PublicKey import RSA
|
|
|
|
|
from Crypto.Signature import pkcs1_15
|
2020-02-23 09:27:10 +00:00
|
|
|
import django.db.utils
|
2020-03-29 07:05:09 +00:00
|
|
|
from django.http import HttpResponse
|
|
|
|
|
from django.http import HttpResponseBadRequest, HttpResponseNotFound
|
|
|
|
|
from django.views.decorators.csrf import csrf_exempt
|
2020-01-30 04:56:18 +00:00
|
|
|
import requests
|
2020-01-28 09:01:33 +00:00
|
|
|
|
2020-05-04 01:56:29 +00:00
|
|
|
from fedireads import books_manager, models, outgoing
|
2020-03-21 22:21:27 +00:00
|
|
|
from fedireads import status as status_builder
|
2020-02-15 06:44:07 +00:00
|
|
|
from fedireads.remote_user import get_or_create_remote_user
|
2020-04-01 00:00:01 +00:00
|
|
|
from fedireads.tasks import app
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@csrf_exempt
|
|
|
|
|
def inbox(request, username):
|
|
|
|
|
''' incoming activitypub events '''
|
|
|
|
|
# TODO: should do some kind of checking if the user accepts
|
|
|
|
|
# this action from the sender probably? idk
|
|
|
|
|
# but this will just throw a 404 if the user doesn't exist
|
|
|
|
|
try:
|
|
|
|
|
models.User.objects.get(localname=username)
|
|
|
|
|
except models.User.DoesNotExist:
|
|
|
|
|
return HttpResponseNotFound()
|
|
|
|
|
|
|
|
|
|
return shared_inbox(request)
|
2020-01-28 09:01:33 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@csrf_exempt
|
2020-01-28 19:13:13 +00:00
|
|
|
def shared_inbox(request):
|
|
|
|
|
''' incoming activitypub events '''
|
2020-01-30 04:56:18 +00:00
|
|
|
# TODO: should this be functionally different from the non-shared inbox??
|
2020-01-28 19:13:13 +00:00
|
|
|
if request.method == 'GET':
|
|
|
|
|
return HttpResponseNotFound()
|
2020-01-28 09:01:33 +00:00
|
|
|
|
2020-01-28 19:13:13 +00:00
|
|
|
try:
|
|
|
|
|
activity = json.loads(request.body)
|
|
|
|
|
except json.decoder.JSONDecodeError:
|
2020-02-15 04:37:02 +00:00
|
|
|
return HttpResponseBadRequest()
|
|
|
|
|
|
2020-05-09 21:26:27 +00:00
|
|
|
if not activity.get('object'):
|
|
|
|
|
return HttpResponseBadRequest()
|
|
|
|
|
|
2020-02-15 04:37:02 +00:00
|
|
|
try:
|
2020-05-13 10:40:57 +00:00
|
|
|
verify_signature(activity.get('actor'), request)
|
2020-02-15 04:37:02 +00:00
|
|
|
except ValueError:
|
|
|
|
|
return HttpResponse(status=401)
|
|
|
|
|
|
2020-03-29 06:52:07 +00:00
|
|
|
handlers = {
|
|
|
|
|
'Follow': handle_follow,
|
|
|
|
|
'Accept': handle_follow_accept,
|
|
|
|
|
'Reject': handle_follow_reject,
|
2020-03-29 07:05:09 +00:00
|
|
|
'Create': handle_create,
|
2020-03-29 06:52:07 +00:00
|
|
|
'Like': handle_favorite,
|
2020-03-30 14:13:32 +00:00
|
|
|
'Announce': handle_boost,
|
2020-03-30 01:42:34 +00:00
|
|
|
'Add': {
|
2020-04-01 00:00:01 +00:00
|
|
|
'Tag': handle_tag,
|
2020-03-30 01:42:34 +00:00
|
|
|
},
|
|
|
|
|
'Undo': {
|
|
|
|
|
'Follow': handle_unfollow,
|
|
|
|
|
'Like': handle_unfavorite,
|
|
|
|
|
},
|
|
|
|
|
'Update': {
|
|
|
|
|
'Person': None,# TODO: handle_update_user
|
2020-05-04 01:56:29 +00:00
|
|
|
'Document': handle_update_book,
|
2020-03-30 01:42:34 +00:00
|
|
|
},
|
2020-03-29 06:52:07 +00:00
|
|
|
}
|
|
|
|
|
activity_type = activity['type']
|
|
|
|
|
|
2020-03-30 01:42:34 +00:00
|
|
|
handler = handlers.get(activity_type, None)
|
|
|
|
|
if isinstance(handler, dict):
|
|
|
|
|
handler = handler.get(activity['object']['type'], None)
|
2020-03-29 07:05:09 +00:00
|
|
|
|
2020-04-01 00:00:01 +00:00
|
|
|
if not handler:
|
|
|
|
|
return HttpResponseNotFound()
|
2020-02-19 08:13:06 +00:00
|
|
|
|
2020-04-01 00:00:01 +00:00
|
|
|
handler.delay(activity)
|
|
|
|
|
return HttpResponse()
|
2020-01-28 19:13:13 +00:00
|
|
|
|
2020-02-15 04:37:02 +00:00
|
|
|
|
2020-05-13 10:40:57 +00:00
|
|
|
def get_public_key(key_actor):
|
2020-05-13 10:09:47 +00:00
|
|
|
try:
|
2020-05-13 10:40:57 +00:00
|
|
|
user = models.User.objects.get(actor=key_actor)
|
|
|
|
|
public_key = user.public_key
|
|
|
|
|
actor = user.actor
|
2020-05-13 10:09:47 +00:00
|
|
|
except models.User.DoesNotExist:
|
|
|
|
|
response = requests.get(
|
2020-05-13 10:40:57 +00:00
|
|
|
key_actor,
|
2020-05-13 10:09:47 +00:00
|
|
|
headers={'Accept': 'application/activity+json'}
|
|
|
|
|
)
|
|
|
|
|
if not response.ok:
|
|
|
|
|
raise ValueError('Could not load public key')
|
2020-05-13 10:40:57 +00:00
|
|
|
user_data = response.json()
|
|
|
|
|
public_key = user_data['publicKey']['publicKeyPem']
|
2020-05-13 10:09:47 +00:00
|
|
|
|
|
|
|
|
return RSA.import_key(public_key)
|
|
|
|
|
|
2020-05-13 10:40:57 +00:00
|
|
|
def verify_signature(required_actor, request):
|
2020-02-15 04:37:02 +00:00
|
|
|
''' verify rsa signature '''
|
2020-01-30 04:56:18 +00:00
|
|
|
signature_dict = {}
|
2020-02-15 04:37:02 +00:00
|
|
|
for pair in request.headers['Signature'].split(','):
|
2020-01-30 04:56:18 +00:00
|
|
|
k, v = pair.split('=', 1)
|
|
|
|
|
v = v.replace('"', '')
|
|
|
|
|
signature_dict[k] = v
|
|
|
|
|
|
2020-02-15 04:37:02 +00:00
|
|
|
try:
|
|
|
|
|
key_id = signature_dict['keyId']
|
|
|
|
|
headers = signature_dict['headers']
|
|
|
|
|
signature = b64decode(signature_dict['signature'])
|
|
|
|
|
except KeyError:
|
|
|
|
|
raise ValueError('Invalid auth header')
|
2020-01-30 04:56:18 +00:00
|
|
|
|
2020-05-13 10:40:57 +00:00
|
|
|
# TODO Use the fragment - actors can have multiple keys?
|
|
|
|
|
key_actor = urldefrag(key_id).url
|
|
|
|
|
|
|
|
|
|
if key_actor != required_actor:
|
|
|
|
|
raise ValueError("Wrong actor created signature.")
|
|
|
|
|
|
|
|
|
|
key = get_public_key(key_actor)
|
2020-01-30 04:56:18 +00:00
|
|
|
|
|
|
|
|
comparison_string = []
|
|
|
|
|
for signed_header_name in headers.split(' '):
|
|
|
|
|
if signed_header_name == '(request-target)':
|
|
|
|
|
comparison_string.append('(request-target): post %s' % request.path)
|
|
|
|
|
else:
|
|
|
|
|
comparison_string.append('%s: %s' % (
|
|
|
|
|
signed_header_name,
|
|
|
|
|
request.headers[signed_header_name]
|
|
|
|
|
))
|
|
|
|
|
comparison_string = '\n'.join(comparison_string)
|
|
|
|
|
|
|
|
|
|
signer = pkcs1_15.new(key)
|
|
|
|
|
digest = SHA256.new()
|
|
|
|
|
digest.update(comparison_string.encode())
|
|
|
|
|
|
2020-02-15 04:37:02 +00:00
|
|
|
# raises a ValueError if it fails
|
|
|
|
|
signer.verify(digest, signature)
|
2020-02-15 04:04:22 +00:00
|
|
|
|
2020-01-28 09:01:33 +00:00
|
|
|
|
2020-04-01 00:00:01 +00:00
|
|
|
@app.task
|
2020-03-29 06:52:07 +00:00
|
|
|
def handle_follow(activity):
|
2020-02-15 21:07:57 +00:00
|
|
|
''' someone wants to follow a local user '''
|
2020-05-09 21:26:27 +00:00
|
|
|
# figure out who they want to follow -- not using get_or_create because
|
|
|
|
|
# we only allow you to follow local users
|
|
|
|
|
try:
|
|
|
|
|
to_follow = models.User.objects.get(actor=activity['object'])
|
|
|
|
|
except models.User.DoesNotExist:
|
|
|
|
|
return False
|
|
|
|
|
# figure out who the actor is
|
2020-01-28 09:01:33 +00:00
|
|
|
user = get_or_create_remote_user(activity['actor'])
|
2020-02-23 09:27:10 +00:00
|
|
|
try:
|
2020-03-13 17:04:39 +00:00
|
|
|
request = models.UserFollowRequest.objects.create(
|
2020-02-24 16:10:09 +00:00
|
|
|
user_subject=user,
|
|
|
|
|
user_object=to_follow,
|
2020-02-23 09:27:10 +00:00
|
|
|
relationship_id=activity['id']
|
|
|
|
|
)
|
2020-03-14 22:20:01 +00:00
|
|
|
except django.db.utils.IntegrityError as err:
|
|
|
|
|
if err.__cause__.diag.constraint_name != 'userfollowrequest_unique':
|
|
|
|
|
raise
|
2020-02-23 21:24:23 +00:00
|
|
|
# Duplicate follow request. Not sure what the correct behaviour is, but
|
|
|
|
|
# just dropping it works for now. We should perhaps generate the
|
|
|
|
|
# Accept, but then do we need to match the activity id?
|
2020-04-01 00:00:01 +00:00
|
|
|
return
|
2020-02-23 09:27:10 +00:00
|
|
|
|
2020-03-09 20:13:54 +00:00
|
|
|
if not to_follow.manually_approves_followers:
|
2020-03-21 22:21:27 +00:00
|
|
|
status_builder.create_notification(
|
|
|
|
|
to_follow,
|
|
|
|
|
'FOLLOW',
|
|
|
|
|
related_user=user
|
|
|
|
|
)
|
2020-03-29 02:23:19 +00:00
|
|
|
outgoing.handle_accept(user, to_follow, request)
|
2020-03-13 13:13:32 +00:00
|
|
|
else:
|
2020-03-21 22:21:27 +00:00
|
|
|
status_builder.create_notification(
|
|
|
|
|
to_follow,
|
|
|
|
|
'FOLLOW_REQUEST',
|
|
|
|
|
related_user=user
|
|
|
|
|
)
|
2020-02-15 06:44:07 +00:00
|
|
|
|
2020-01-28 09:01:33 +00:00
|
|
|
|
2020-04-01 00:00:01 +00:00
|
|
|
@app.task
|
2020-03-29 07:05:09 +00:00
|
|
|
def handle_unfollow(activity):
|
2020-02-19 06:44:13 +00:00
|
|
|
''' unfollow a local user '''
|
|
|
|
|
obj = activity['object']
|
|
|
|
|
try:
|
|
|
|
|
requester = get_or_create_remote_user(obj['actor'])
|
|
|
|
|
to_unfollow = models.User.objects.get(actor=obj['object'])
|
|
|
|
|
except models.User.DoesNotExist:
|
2020-05-09 21:26:27 +00:00
|
|
|
return False
|
2020-02-19 06:44:13 +00:00
|
|
|
|
|
|
|
|
to_unfollow.followers.remove(requester)
|
|
|
|
|
|
|
|
|
|
|
2020-04-01 00:00:01 +00:00
|
|
|
@app.task
|
2020-03-29 06:52:07 +00:00
|
|
|
def handle_follow_accept(activity):
|
2020-02-15 04:24:35 +00:00
|
|
|
''' hurray, someone remote accepted a follow request '''
|
|
|
|
|
# figure out who they want to follow
|
|
|
|
|
requester = models.User.objects.get(actor=activity['object']['actor'])
|
|
|
|
|
# figure out who they are
|
|
|
|
|
accepter = get_or_create_remote_user(activity['actor'])
|
|
|
|
|
|
2020-03-13 17:04:39 +00:00
|
|
|
try:
|
2020-03-14 00:57:36 +00:00
|
|
|
request = models.UserFollowRequest.objects.get(
|
|
|
|
|
user_subject=requester,
|
|
|
|
|
user_object=accepter
|
|
|
|
|
)
|
2020-03-13 17:04:39 +00:00
|
|
|
request.delete()
|
|
|
|
|
except models.UserFollowRequest.DoesNotExist:
|
|
|
|
|
pass
|
2020-03-21 21:25:31 +00:00
|
|
|
accepter.followers.add(requester)
|
2020-02-15 04:24:35 +00:00
|
|
|
|
|
|
|
|
|
2020-04-01 00:00:01 +00:00
|
|
|
@app.task
|
2020-03-29 06:52:07 +00:00
|
|
|
def handle_follow_reject(activity):
|
2020-03-13 17:04:39 +00:00
|
|
|
''' someone is rejecting a follow request '''
|
|
|
|
|
requester = models.User.objects.get(actor=activity['object']['actor'])
|
|
|
|
|
rejecter = get_or_create_remote_user(activity['actor'])
|
|
|
|
|
|
|
|
|
|
try:
|
2020-03-21 21:29:39 +00:00
|
|
|
request = models.UserFollowRequest.objects.get(
|
|
|
|
|
user_subject=requester,
|
|
|
|
|
user_object=rejecter
|
|
|
|
|
)
|
2020-03-13 17:04:39 +00:00
|
|
|
request.delete()
|
|
|
|
|
except models.UserFollowRequest.DoesNotExist:
|
2020-05-09 21:26:27 +00:00
|
|
|
return False
|
2020-03-13 17:04:39 +00:00
|
|
|
|
|
|
|
|
|
2020-04-01 00:00:01 +00:00
|
|
|
@app.task
|
2020-03-29 06:52:07 +00:00
|
|
|
def handle_create(activity):
|
2020-01-28 09:01:33 +00:00
|
|
|
''' someone did something, good on them '''
|
|
|
|
|
user = get_or_create_remote_user(activity['actor'])
|
2020-02-15 05:00:11 +00:00
|
|
|
|
2020-03-29 07:05:09 +00:00
|
|
|
if user.local:
|
|
|
|
|
# we really oughtn't even be sending in this case
|
2020-05-03 21:55:13 +00:00
|
|
|
return True
|
2020-03-29 07:05:09 +00:00
|
|
|
|
2020-04-20 23:37:53 +00:00
|
|
|
if activity['object'].get('fedireadsType') and \
|
2020-03-21 23:50:49 +00:00
|
|
|
'inReplyToBook' in activity['object']:
|
2020-05-09 21:26:27 +00:00
|
|
|
if activity['object']['fedireadsType'] == 'Review':
|
|
|
|
|
builder = status_builder.create_review_from_activity
|
|
|
|
|
elif activity['object']['fedireadsType'] == 'Quotation':
|
|
|
|
|
builder = status_builder.create_quotation_from_activity
|
|
|
|
|
else:
|
|
|
|
|
builder = status_builder.create_comment_from_activity
|
|
|
|
|
|
|
|
|
|
# create the status, it'll throw a ValueError if anything is missing
|
|
|
|
|
builder(user, activity['object'])
|
2020-05-03 21:55:13 +00:00
|
|
|
elif activity['object'].get('inReplyTo'):
|
|
|
|
|
# only create the status if it's in reply to a status we already know
|
|
|
|
|
if not status_builder.get_status(activity['object']['inReplyTo']):
|
|
|
|
|
return True
|
|
|
|
|
|
2020-05-09 21:26:27 +00:00
|
|
|
status = status_builder.create_status_from_activity(
|
|
|
|
|
user,
|
|
|
|
|
activity['object']
|
|
|
|
|
)
|
|
|
|
|
if status and status.reply_parent:
|
|
|
|
|
status_builder.create_notification(
|
|
|
|
|
status.reply_parent.user,
|
|
|
|
|
'REPLY',
|
|
|
|
|
related_user=status.user,
|
|
|
|
|
related_status=status,
|
2020-03-21 22:21:27 +00:00
|
|
|
)
|
2020-05-03 21:55:13 +00:00
|
|
|
return True
|
2020-02-15 05:00:11 +00:00
|
|
|
|
|
|
|
|
|
2020-04-01 00:00:01 +00:00
|
|
|
@app.task
|
2020-03-29 06:52:07 +00:00
|
|
|
def handle_favorite(activity):
|
2020-02-19 08:13:06 +00:00
|
|
|
''' approval of your good good post '''
|
2020-04-01 00:00:01 +00:00
|
|
|
try:
|
|
|
|
|
status_id = activity['object'].split('/')[-1]
|
|
|
|
|
status = models.Status.objects.get(id=status_id)
|
|
|
|
|
liker = get_or_create_remote_user(activity['actor'])
|
|
|
|
|
except (models.Status.DoesNotExist, models.User.DoesNotExist):
|
2020-05-09 21:26:27 +00:00
|
|
|
return False
|
2020-04-01 00:00:01 +00:00
|
|
|
|
|
|
|
|
if not liker.local:
|
|
|
|
|
status_builder.create_favorite_from_activity(liker, activity)
|
|
|
|
|
|
|
|
|
|
status_builder.create_notification(
|
|
|
|
|
status.user,
|
|
|
|
|
'FAVORITE',
|
|
|
|
|
related_user=liker,
|
|
|
|
|
related_status=status,
|
|
|
|
|
)
|
2020-02-19 08:13:06 +00:00
|
|
|
|
|
|
|
|
|
2020-04-01 00:00:01 +00:00
|
|
|
@app.task
|
2020-03-29 06:52:07 +00:00
|
|
|
def handle_unfavorite(activity):
|
2020-03-21 22:21:27 +00:00
|
|
|
''' approval of your good good post '''
|
2020-03-31 23:31:33 +00:00
|
|
|
favorite_id = activity['object']['id']
|
2020-05-13 01:56:28 +00:00
|
|
|
fav = models.Favorite.objects.filter(remote_id=favorite_id).first()
|
2020-03-31 23:31:33 +00:00
|
|
|
if not fav:
|
2020-05-09 21:26:27 +00:00
|
|
|
return False
|
2020-03-21 22:21:27 +00:00
|
|
|
|
|
|
|
|
fav.delete()
|
|
|
|
|
|
|
|
|
|
|
2020-04-01 00:00:01 +00:00
|
|
|
@app.task
|
2020-03-30 14:13:32 +00:00
|
|
|
def handle_boost(activity):
|
|
|
|
|
''' someone gave us a boost! '''
|
|
|
|
|
try:
|
|
|
|
|
status_id = activity['object'].split('/')[-1]
|
|
|
|
|
status = models.Status.objects.get(id=status_id)
|
|
|
|
|
booster = get_or_create_remote_user(activity['actor'])
|
|
|
|
|
except (models.Status.DoesNotExist, models.User.DoesNotExist):
|
2020-05-09 21:26:27 +00:00
|
|
|
return False
|
2020-03-30 14:13:32 +00:00
|
|
|
|
|
|
|
|
if not booster.local:
|
|
|
|
|
status_builder.create_boost_from_activity(booster, activity)
|
|
|
|
|
|
|
|
|
|
status_builder.create_notification(
|
|
|
|
|
status.user,
|
|
|
|
|
'BOOST',
|
|
|
|
|
related_user=booster,
|
|
|
|
|
related_status=status,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2020-04-01 00:00:01 +00:00
|
|
|
@app.task
|
|
|
|
|
def handle_tag(activity):
|
2020-05-10 18:29:10 +00:00
|
|
|
''' someone is tagging a book '''
|
2020-04-01 00:00:01 +00:00
|
|
|
user = get_or_create_remote_user(activity['actor'])
|
|
|
|
|
if not user.local:
|
2020-05-09 21:26:27 +00:00
|
|
|
book = activity['target']['id']
|
2020-04-01 00:00:01 +00:00
|
|
|
status_builder.create_tag(user, book, activity['object']['name'])
|
2020-05-04 01:56:29 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@app.task
|
|
|
|
|
def handle_update_book(activity):
|
|
|
|
|
''' a remote instance changed a book (Document) '''
|
|
|
|
|
document = activity['object']
|
|
|
|
|
# check if we have their copy and care about their updates
|
|
|
|
|
book = models.Book.objects.select_subclasses().filter(
|
|
|
|
|
remote_id=document['url'],
|
|
|
|
|
sync=True,
|
|
|
|
|
).first()
|
|
|
|
|
if not book:
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
books_manager.update_book(book, data=document)
|
