bookwyrm/fedireads/api.py

''' api utilties '''
from base64 import b64encode
from Crypto.PublicKey import RSA
from Crypto.Signature import pkcs1_15
from Crypto.Hash import SHA256
from datetime import datetime
import json
import requests

from fedireads import models
from fedireads import incoming
from fedireads.settings import DOMAIN


def get_or_create_remote_user(actor):
    ''' look up a remote user or add them '''
    try:
        return models.User.objects.get(actor=actor)
    except models.User.DoesNotExist:
        pass

    # get the user's info
    response = requests.get(
        actor,
        headers={'Accept': 'application/activity+json'}
    )
    data = response.json()

    username = '%s@%s' % (actor.split('/')[-1], actor.split('/')[2])
    shared_inbox = data.get('endpoints').get('sharedInbox') if \
        data.get('endpoints') else None
    user = models.User.objects.create_user(
        username, '', '',
        name=data.get('name'),
        summary=data.get('summary'),
        inbox=data['inbox'],
        outbox=data['outbox'],
        shared_inbox=shared_inbox,
        public_key=data.get('publicKey').get('publicKeyPem'),
        actor=actor,
        local=False
    )
    return user


def get_recipients(user, post_privacy, direct_recipients=None):
    ''' deduplicated list of recipients '''
    recipients = direct_recipients or []

    followers = user.followers.all()
    if post_privacy == 'public':
        # post to public shared inboxes
        shared_inboxes = set(u.shared_inbox for u in followers)
        recipients += list(shared_inboxes)
        # TODO: not every user has a shared inbox
        # TODO: direct to anyone who's mentioned
    if post_privacy == 'followers':
        # don't send it to the shared inboxes
        inboxes = set(u.inbox for u in followers)
        recipients += list(inboxes)
    # if post privacy is direct, we just have direct recipients,
    # which is already set. hurray
    return recipients


def broadcast(sender, action, recipients):
    ''' send out an event '''
    errors = []
    for recipient in recipients:
        try:
            sign_and_send(sender, action, recipient)
        except requests.exceptions.HTTPError as e:
            errors.append({
                'error': e,
                'recipient': recipient,
                'activity': action,
            })
    return errors


def sign_and_send(sender, action, destination):
    ''' crpyto whatever and http junk '''
    inbox_fragment = sender.inbox.replace('https://%s' % DOMAIN, '')
    now = datetime.utcnow().isoformat()
    signature_headers = [
        '(request-target): post %s' % inbox_fragment,
        'host: https://%s' % DOMAIN,
        'date: %s' %  now
    ]
    message_to_sign = '\n'.join(signature_headers)
    signer = pkcs1_15.new(RSA.import_key(sender.private_key))
    signed_message = signer.sign(SHA256.new(message_to_sign.encode('utf8')))

    signature = {
        'keyId': '%s#main-key' % sender.actor,
        'algorithm': 'rsa-sha256',
        'headers': '(request-target) host date',
        'signature': b64encode(signed_message).decode('utf8'),
    }
    signature = ','.join('%s="%s"' % (k, v) for (k, v) in signature.items())

    response = requests.post(
        destination,
        data=json.dumps(action),
        headers={
            'Date': now,
            'Signature': signature,
            'Host': 'https://%s' % DOMAIN,
            'Content-Type': 'application/activity+json; charset=utf-8',
        },
    )
    if not response.ok:
        response.raise_for_status()
    incoming.handle_response(response)
Code cleanup 2020-01-28 19:45:27 +00:00			`''' api utilties '''`
			`from base64 import b64encode`
			`from Crypto.PublicKey import RSA`
			`from Crypto.Signature import pkcs1_15`
			`from Crypto.Hash import SHA256`
			`from datetime import datetime`
			`import json`
			`import requests`

			`from fedireads import models`
			`from fedireads import incoming`
			`from fedireads.settings import DOMAIN`


Separates incoming and outgoing api actions 2020-01-28 09:01:33 +00:00			`def get_or_create_remote_user(actor):`
Code cleanup 2020-01-28 19:45:27 +00:00			`''' look up a remote user or add them '''`
Separates incoming and outgoing api actions 2020-01-28 09:01:33 +00:00			`try:`
Add federated users 2020-01-29 20:07:20 +00:00			`return models.User.objects.get(actor=actor)`
Separates incoming and outgoing api actions 2020-01-28 09:01:33 +00:00			`except models.User.DoesNotExist:`
Add federated users 2020-01-29 20:07:20 +00:00			`pass`

			`# get the user's info`
			`response = requests.get(`
			`actor,`
			`headers={'Accept': 'application/activity+json'}`
			`)`
			`data = response.json()`

			`username = '%s@%s' % (actor.split('/')[-1], actor.split('/')[2])`
Support users with no shared inbox 2020-02-07 21:39:48 +00:00			`shared_inbox = data.get('endpoints').get('sharedInbox') if \`
			`data.get('endpoints') else None`
Add federated users 2020-01-29 20:07:20 +00:00			`user = models.User.objects.create_user(`
			`username, '', '',`
			`name=data.get('name'),`
			`summary=data.get('summary'),`
			`inbox=data['inbox'],`
			`outbox=data['outbox'],`
Support users with no shared inbox 2020-02-07 21:39:48 +00:00			`shared_inbox=shared_inbox,`
Adds remote user public key 2020-01-29 23:59:43 +00:00			`public_key=data.get('publicKey').get('publicKeyPem'),`
Add federated users 2020-01-29 20:07:20 +00:00			`actor=actor,`
			`local=False`
			`)`
Separates incoming and outgoing api actions 2020-01-28 09:01:33 +00:00			`return user`

Code cleanup 2020-01-28 19:45:27 +00:00
			`def get_recipients(user, post_privacy, direct_recipients=None):`
			`''' deduplicated list of recipients '''`
			`recipients = direct_recipients or []`

			`followers = user.followers.all()`
			`if post_privacy == 'public':`
			`# post to public shared inboxes`
			`shared_inboxes = set(u.shared_inbox for u in followers)`
			`recipients += list(shared_inboxes)`
Support users with no shared inbox 2020-02-07 21:39:48 +00:00			`# TODO: not every user has a shared inbox`
Code cleanup 2020-01-28 19:45:27 +00:00			`# TODO: direct to anyone who's mentioned`
			`if post_privacy == 'followers':`
			`# don't send it to the shared inboxes`
			`inboxes = set(u.inbox for u in followers)`
			`recipients += list(inboxes)`
			`# if post privacy is direct, we just have direct recipients,`
			`# which is already set. hurray`
			`return recipients`


			`def broadcast(sender, action, recipients):`
			`''' send out an event '''`
Better error handling in broadcaster 2020-01-29 23:55:48 +00:00			`errors = []`
Code cleanup 2020-01-28 19:45:27 +00:00			`for recipient in recipients:`
Better error handling in broadcaster 2020-01-29 23:55:48 +00:00			`try:`
			`sign_and_send(sender, action, recipient)`
			`except requests.exceptions.HTTPError as e:`
			`errors.append({`
			`'error': e,`
			`'recipient': recipient,`
			`'activity': action,`
			`})`
			`return errors`
Code cleanup 2020-01-28 19:45:27 +00:00

			`def sign_and_send(sender, action, destination):`
			`''' crpyto whatever and http junk '''`
			`inbox_fragment = sender.inbox.replace('https://%s' % DOMAIN, '')`
			`now = datetime.utcnow().isoformat()`
RSA sign and verify (working) 2020-01-30 04:56:18 +00:00			`signature_headers = [`
			`'(request-target): post %s' % inbox_fragment,`
			`'host: https://%s' % DOMAIN,`
			`'date: %s' % now`
			`]`
			`message_to_sign = '\n'.join(signature_headers)`
Code cleanup 2020-01-28 19:45:27 +00:00			`signer = pkcs1_15.new(RSA.import_key(sender.private_key))`
			`signed_message = signer.sign(SHA256.new(message_to_sign.encode('utf8')))`

Better error handling in broadcaster 2020-01-29 23:55:48 +00:00			`signature = {`
			`'keyId': '%s#main-key' % sender.actor,`
			`'algorithm': 'rsa-sha256',`
			`'headers': '(request-target) host date',`
RSA sign and verify (working) 2020-01-30 04:56:18 +00:00			`'signature': b64encode(signed_message).decode('utf8'),`
Better error handling in broadcaster 2020-01-29 23:55:48 +00:00			`}`
			`signature = ','.join('%s="%s"' % (k, v) for (k, v) in signature.items())`

Code cleanup 2020-01-28 19:45:27 +00:00			`response = requests.post(`
			`destination,`
			`data=json.dumps(action),`
			`headers={`
			`'Date': now,`
			`'Signature': signature,`
RSA sign and verify (working) 2020-01-30 04:56:18 +00:00			`'Host': 'https://%s' % DOMAIN,`
Support users with no shared inbox 2020-02-07 21:39:48 +00:00			`'Content-Type': 'application/activity+json; charset=utf-8',`
Code cleanup 2020-01-28 19:45:27 +00:00			`},`
			`)`
			`if not response.ok:`
			`response.raise_for_status()`
			`incoming.handle_response(response)`