From 097d86454a137495b1462e42ad11098507f4a08c Mon Sep 17 00:00:00 2001 From: "Renato \"Lond\" Cerqueira" Date: Tue, 29 Dec 2020 20:51:05 +0100 Subject: [PATCH 01/17] Add signatures to requests to mastodon to support authorized fetch mode When mastodon is in authorized fetch mode any request has to be signed or it fails with 401. This adds the needed signature to the requests made to discover the actor when receiving something from mastodon (such as a follow request) --- bookwyrm/activitypub/base_activity.py | 40 +++++++++++++++++++++++++++ bookwyrm/models/activitypub_mixin.py | 2 +- bookwyrm/signatures.py | 12 +++++--- bookwyrm/tests/test_signing.py | 2 +- 4 files changed, 50 insertions(+), 6 deletions(-) diff --git a/bookwyrm/activitypub/base_activity.py b/bookwyrm/activitypub/base_activity.py index 24d383ac7..c3287d45d 100644 --- a/bookwyrm/activitypub/base_activity.py +++ b/bookwyrm/activitypub/base_activity.py @@ -8,6 +8,10 @@ from django.db import IntegrityError, transaction from bookwyrm.connectors import ConnectorException, get_data from bookwyrm.tasks import app +import requests +from django.utils.http import http_date +from bookwyrm import models +from bookwyrm.signatures import make_signature class ActivitySerializerError(ValueError): """routine problems serializing activitypub json""" @@ -284,6 +288,12 @@ def resolve_remote_id( # load the data and create the object try: data = get_data(remote_id) + except requests.HTTPError as e: + if e.response.status_code == 401: + ''' This most likely means it's a mastodon with secure fetch enabled. Need to be specific ''' + data = get_activitypub_data(remote_id) + else: + raise e except ConnectorException: raise ActivitySerializerError( f"Could not connect to host for remote_id: {remote_id}" @@ -304,3 +314,33 @@ def resolve_remote_id( # if we're refreshing, "result" will be set and we'll update it return item.to_model(model=model, instance=result, save=save) + +def get_activitypub_data(url): + ''' wrapper for request.get ''' + now = http_date() + + # XXX TEMP!! + sender = models.User.objects.get(id=1) + if not sender.key_pair.private_key: + # this shouldn't happen. it would be bad if it happened. + raise ValueError('No private key found for sender') + + try: + resp = requests.get( + url, + headers={ + 'Accept': 'application/json; charset=utf-8', + 'Date': now, + 'Signature': make_signature('get', sender, url, now), + }, + ) + except RequestError: + raise ConnectorException() + if not resp.ok: + resp.raise_for_status() + try: + data = resp.json() + except ValueError: + raise ConnectorException() + + return data diff --git a/bookwyrm/models/activitypub_mixin.py b/bookwyrm/models/activitypub_mixin.py index 402cb040b..ee0b2c40d 100644 --- a/bookwyrm/models/activitypub_mixin.py +++ b/bookwyrm/models/activitypub_mixin.py @@ -533,7 +533,7 @@ def sign_and_send(sender, data, destination): headers={ "Date": now, "Digest": digest, - "Signature": make_signature(sender, destination, now, digest), + "Signature": make_signature("post", sender, destination, now, digest), "Content-Type": "application/activity+json; charset=utf-8", "User-Agent": USER_AGENT, }, diff --git a/bookwyrm/signatures.py b/bookwyrm/signatures.py index 61cafe71f..27c6357f6 100644 --- a/bookwyrm/signatures.py +++ b/bookwyrm/signatures.py @@ -22,27 +22,31 @@ def create_key_pair(): return private_key, public_key -def make_signature(sender, destination, date, digest): +def make_signature(method, sender, destination, date, digest): """uses a private key to sign an outgoing message""" inbox_parts = urlparse(destination) signature_headers = [ - f"(request-target): post {inbox_parts.path}", + f"(request-target): {method} {inbox_parts.path}", f"host: {inbox_parts.netloc}", f"date: {date}", f"digest: {digest}", ] + headers = "(request-target) host date" + if digest is not None: + signature_headers.append("digest: %s" % digest) + headers = "(request-target) host date digest" + message_to_sign = "\n".join(signature_headers) signer = pkcs1_15.new(RSA.import_key(sender.key_pair.private_key)) signed_message = signer.sign(SHA256.new(message_to_sign.encode("utf8"))) signature = { "keyId": f"{sender.remote_id}#main-key", "algorithm": "rsa-sha256", - "headers": "(request-target) host date digest", + "headers": headers, "signature": b64encode(signed_message).decode("utf8"), } return ",".join(f'{k}="{v}"' for (k, v) in signature.items()) - def make_digest(data): """creates a message digest for signing""" return "SHA-256=" + b64encode(hashlib.sha256(data.encode("utf-8")).digest()).decode( diff --git a/bookwyrm/tests/test_signing.py b/bookwyrm/tests/test_signing.py index d33687a59..afcfb6907 100644 --- a/bookwyrm/tests/test_signing.py +++ b/bookwyrm/tests/test_signing.py @@ -85,7 +85,7 @@ class Signature(TestCase): now = date or http_date() data = json.dumps(get_follow_activity(sender, self.rat)) digest = digest or make_digest(data) - signature = make_signature(signer or sender, self.rat.inbox, now, digest) + signature = make_signature("post", signer or sender, self.rat.inbox, now, digest) with patch("bookwyrm.views.inbox.activity_task.delay"): with patch("bookwyrm.models.user.set_remote_server.delay"): return self.send(signature, now, send_data or data, digest) From e2ee3d27a7e40b877d8ddba90c056aa3f7418d25 Mon Sep 17 00:00:00 2001 From: "Renato \"Lond\" Cerqueira" Date: Wed, 5 Jan 2022 15:42:54 +0100 Subject: [PATCH 02/17] WIP --- bookwyrm/activitypub/base_activity.py | 12 ++++++++++-- bookwyrm/tests/activitypub/test_base_activity.py | 5 +++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/bookwyrm/activitypub/base_activity.py b/bookwyrm/activitypub/base_activity.py index c3287d45d..f58b0bde9 100644 --- a/bookwyrm/activitypub/base_activity.py +++ b/bookwyrm/activitypub/base_activity.py @@ -12,6 +12,7 @@ import requests from django.utils.http import http_date from bookwyrm import models from bookwyrm.signatures import make_signature +from bookwyrm.settings import DOMAIN class ActivitySerializerError(ValueError): """routine problems serializing activitypub json""" @@ -315,12 +316,19 @@ def resolve_remote_id( # if we're refreshing, "result" will be set and we'll update it return item.to_model(model=model, instance=result, save=save) +def get_representative(): + try: + models.User.objects.get(id=-99) + except models.User.DoesNotExist: + username = "%s@%s" % (DOMAIN, DOMAIN) + email = "representative@%s" % (DOMAIN) + models.User.objects.create_user(id=-99, username=username, email=email, local=True, localname=DOMAIN) + def get_activitypub_data(url): ''' wrapper for request.get ''' now = http_date() - # XXX TEMP!! - sender = models.User.objects.get(id=1) + sender = get_representative() if not sender.key_pair.private_key: # this shouldn't happen. it would be bad if it happened. raise ValueError('No private key found for sender') diff --git a/bookwyrm/tests/activitypub/test_base_activity.py b/bookwyrm/tests/activitypub/test_base_activity.py index b951c7ab4..0eca7f7aa 100644 --- a/bookwyrm/tests/activitypub/test_base_activity.py +++ b/bookwyrm/tests/activitypub/test_base_activity.py @@ -14,6 +14,7 @@ from bookwyrm.activitypub.base_activity import ( ActivityObject, resolve_remote_id, set_related_field, + get_representative ) from bookwyrm.activitypub import ActivitySerializerError from bookwyrm import models @@ -51,6 +52,10 @@ class BaseActivity(TestCase): image.save(output, format=image.format) self.image_data = output.getvalue() + def test_get_representative_not_existing(self, _): + representative = get_representative() + self.assertIsInstance(representative, models.User) + def test_init(self, *_): """simple successfuly init""" instance = ActivityObject(id="a", type="b") From 9a0f8f9c2a6882f88de26736cafb80bcdeb13060 Mon Sep 17 00:00:00 2001 From: Hugh Rundle Date: Thu, 19 Jan 2023 16:40:13 +1100 Subject: [PATCH 03/17] fix test_get_representative_not_existing params --- bookwyrm/tests/activitypub/test_base_activity.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bookwyrm/tests/activitypub/test_base_activity.py b/bookwyrm/tests/activitypub/test_base_activity.py index e3ba19e6d..6ae446ff7 100644 --- a/bookwyrm/tests/activitypub/test_base_activity.py +++ b/bookwyrm/tests/activitypub/test_base_activity.py @@ -53,7 +53,7 @@ class BaseActivity(TestCase): image.save(output, format=image.format) self.image_data = output.getvalue() - def test_get_representative_not_existing(self, _): + def test_get_representative_not_existing(self, *_): representative = get_representative() self.assertIsInstance(representative, models.User) From 0c614e828fee016814d1e31f963aa23fba3d8dc6 Mon Sep 17 00:00:00 2001 From: Hugh Rundle Date: Fri, 20 Jan 2023 08:24:46 +1100 Subject: [PATCH 04/17] deal with missing digests in signatures If no digest value is passed to make_signature and Exception was thrown. Since digest is added to the signature headers if it is not None anyway, there is no need to assign the digest value before that check. When signing a request _as the server_ for Mastodon's AUTHORIZED_FETCH there is no need to include a digest. --- bookwyrm/signatures.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/bookwyrm/signatures.py b/bookwyrm/signatures.py index dc094d988..ff634232d 100644 --- a/bookwyrm/signatures.py +++ b/bookwyrm/signatures.py @@ -22,14 +22,13 @@ def create_key_pair(): return private_key, public_key -def make_signature(method, sender, destination, date, digest): +def make_signature(method, sender, destination, date, digest=None): """uses a private key to sign an outgoing message""" inbox_parts = urlparse(destination) signature_headers = [ f"(request-target): {method} {inbox_parts.path}", f"host: {inbox_parts.netloc}", - f"date: {date}", - f"digest: {digest}", + f"date: {date}" ] headers = "(request-target) host date" if digest is not None: From 0da5473b0c2beb6e4bc567d6761bb9c9d8113c42 Mon Sep 17 00:00:00 2001 From: Hugh Rundle Date: Fri, 20 Jan 2023 16:31:27 +1100 Subject: [PATCH 05/17] black formatting --- bookwyrm/signatures.py | 3 ++- bookwyrm/tests/activitypub/test_base_activity.py | 2 +- bookwyrm/tests/test_signing.py | 4 +++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/bookwyrm/signatures.py b/bookwyrm/signatures.py index ff634232d..fb0ad49c1 100644 --- a/bookwyrm/signatures.py +++ b/bookwyrm/signatures.py @@ -28,7 +28,7 @@ def make_signature(method, sender, destination, date, digest=None): signature_headers = [ f"(request-target): {method} {inbox_parts.path}", f"host: {inbox_parts.netloc}", - f"date: {date}" + f"date: {date}", ] headers = "(request-target) host date" if digest is not None: @@ -46,6 +46,7 @@ def make_signature(method, sender, destination, date, digest=None): } return ",".join(f'{k}="{v}"' for (k, v) in signature.items()) + def make_digest(data): """creates a message digest for signing""" return "SHA-256=" + b64encode(hashlib.sha256(data.encode("utf-8")).digest()).decode( diff --git a/bookwyrm/tests/activitypub/test_base_activity.py b/bookwyrm/tests/activitypub/test_base_activity.py index 6ae446ff7..56bc142bb 100644 --- a/bookwyrm/tests/activitypub/test_base_activity.py +++ b/bookwyrm/tests/activitypub/test_base_activity.py @@ -14,7 +14,7 @@ from bookwyrm.activitypub.base_activity import ( ActivityObject, resolve_remote_id, set_related_field, - get_representative + get_representative, ) from bookwyrm.activitypub import ActivitySerializerError from bookwyrm import models diff --git a/bookwyrm/tests/test_signing.py b/bookwyrm/tests/test_signing.py index 54675d9d5..ec50a3da0 100644 --- a/bookwyrm/tests/test_signing.py +++ b/bookwyrm/tests/test_signing.py @@ -85,7 +85,9 @@ class Signature(TestCase): now = date or http_date() data = json.dumps(get_follow_activity(sender, self.rat)) digest = digest or make_digest(data) - signature = make_signature("post", signer or sender, self.rat.inbox, now, digest) + signature = make_signature( + "post", signer or sender, self.rat.inbox, now, digest + ) with patch("bookwyrm.views.inbox.activity_task.delay"): with patch("bookwyrm.models.user.set_remote_server.delay"): return self.send(signature, now, send_data or data, digest) From 41082387160341dd12951a31a4449520dc77b640 Mon Sep 17 00:00:00 2001 From: Hugh Rundle Date: Fri, 20 Jan 2023 16:32:17 +1100 Subject: [PATCH 06/17] resolve SECURE_FETCH bugs ERROR HANDLING FIXES - use raise_for_status() to pass through response code - handle exceptions where no response object is passed through INSTANCE ACTOR - models.User.objects.create_user function cannot take an ID - allow instance admins to determine username and email for instance actor in settings.py --- bookwyrm/activitypub/base_activity.py | 38 +++++++++++------------ bookwyrm/connectors/abstract_connector.py | 2 +- bookwyrm/settings.py | 5 +++ 3 files changed, 24 insertions(+), 21 deletions(-) diff --git a/bookwyrm/activitypub/base_activity.py b/bookwyrm/activitypub/base_activity.py index 3390c9cf5..e7061a456 100644 --- a/bookwyrm/activitypub/base_activity.py +++ b/bookwyrm/activitypub/base_activity.py @@ -11,7 +11,7 @@ from django.utils.http import http_date from bookwyrm import models from bookwyrm.connectors import ConnectorException, get_data from bookwyrm.signatures import make_signature -from bookwyrm.settings import DOMAIN +from bookwyrm.settings import DOMAIN, INSTANCE_ACTOR_USERNAME, INSTANCE_ACTOR_EMAIL from bookwyrm.tasks import app, MEDIUM logger = logging.getLogger(__name__) @@ -281,15 +281,12 @@ def resolve_remote_id( try: data = get_data(remote_id) except requests.HTTPError as e: - if e.response.status_code == 401: - ''' This most likely means it's a mastodon with secure fetch enabled. Need to be specific ''' + if (e.response is not None) and e.response.status_code == 401: + """This most likely means it's a mastodon with secure fetch enabled.""" data = get_activitypub_data(remote_id) else: - raise e - except ConnectorException: - logger.info("Could not connect to host for remote_id: %s", remote_id) - return None - + logger.info("Could not connect to host for remote_id: %s", remote_id) + return None # determine the model implicitly, if not provided # or if it's a model with subclasses like Status, check again if not model or hasattr(model.objects, "select_subclasses"): @@ -309,33 +306,34 @@ def resolve_remote_id( def get_representative(): + username = "%s@%s" % (INSTANCE_ACTOR_USERNAME, DOMAIN) try: - models.User.objects.get(id=-99) + user = models.User.objects.get(username=username) except models.User.DoesNotExist: - username = "%s@%s" % (DOMAIN, DOMAIN) - email = "representative@%s" % (DOMAIN) - models.User.objects.create_user(id=-99, username=username, email=email, local=True, localname=DOMAIN) + email = INSTANCE_ACTOR_EMAIL + user = models.User.objects.create_user( + username=username, email=email, local=True, localname=DOMAIN + ) + return user def get_activitypub_data(url): - ''' wrapper for request.get ''' + """wrapper for request.get""" now = http_date() - sender = get_representative() if not sender.key_pair.private_key: # this shouldn't happen. it would be bad if it happened. - raise ValueError('No private key found for sender') - + raise ValueError("No private key found for sender") try: resp = requests.get( url, headers={ - 'Accept': 'application/json; charset=utf-8', - 'Date': now, - 'Signature': make_signature('get', sender, url, now), + "Accept": "application/json; charset=utf-8", + "Date": now, + "Signature": make_signature("get", sender, url, now), }, ) - except RequestError: + except requests.RequestException: raise ConnectorException() if not resp.ok: resp.raise_for_status() diff --git a/bookwyrm/connectors/abstract_connector.py b/bookwyrm/connectors/abstract_connector.py index 8ae93926a..dbfb2668d 100644 --- a/bookwyrm/connectors/abstract_connector.py +++ b/bookwyrm/connectors/abstract_connector.py @@ -244,7 +244,7 @@ def get_data(url, params=None, timeout=settings.QUERY_TIMEOUT): raise ConnectorException(err) if not resp.ok: - raise ConnectorException() + resp.raise_for_status() try: data = resp.json() except ValueError as err: diff --git a/bookwyrm/settings.py b/bookwyrm/settings.py index 74ef7d313..528bf68e2 100644 --- a/bookwyrm/settings.py +++ b/bookwyrm/settings.py @@ -370,3 +370,8 @@ TWO_FACTOR_LOGIN_MAX_SECONDS = 60 HTTP_X_FORWARDED_PROTO = env.bool("SECURE_PROXY_SSL_HEADER", False) if HTTP_X_FORWARDED_PROTO: SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") + +# AUTHORIZED_FETCH Instance Actor +# WARNING this must both be unique - not used by any other user +INSTANCE_ACTOR_USERNAME = DOMAIN +INSTANCE_ACTOR_EMAIL = f"representative@{DOMAIN}" From f8c9df4aff68e92b47db14dbcebe2ba8980f99c1 Mon Sep 17 00:00:00 2001 From: Hugh Rundle Date: Fri, 20 Jan 2023 18:20:18 +1100 Subject: [PATCH 07/17] pylint fixes --- bookwyrm/activitypub/base_activity.py | 13 +++++++------ bookwyrm/signatures.py | 2 +- bookwyrm/tests/activitypub/test_base_activity.py | 1 + 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/bookwyrm/activitypub/base_activity.py b/bookwyrm/activitypub/base_activity.py index e7061a456..6fc600b77 100644 --- a/bookwyrm/activitypub/base_activity.py +++ b/bookwyrm/activitypub/base_activity.py @@ -1,8 +1,8 @@ """ basics for an activitypub serializer """ from dataclasses import dataclass, fields, MISSING from json import JSONEncoder -import requests import logging +import requests from django.apps import apps from django.db import IntegrityError, transaction @@ -251,10 +251,10 @@ def set_related_field( def get_model_from_type(activity_type): """given the activity, what type of model""" - models = apps.get_models() + activity_models = apps.get_models() model = [ m - for m in models + for m in activity_models if hasattr(m, "activity_serializer") and hasattr(m.activity_serializer, "type") and m.activity_serializer.type == activity_type @@ -280,9 +280,9 @@ def resolve_remote_id( # load the data and create the object try: data = get_data(remote_id) - except requests.HTTPError as e: + except ConnectorException as e: if (e.response is not None) and e.response.status_code == 401: - """This most likely means it's a mastodon with secure fetch enabled.""" + # This most likely means it's a mastodon with secure fetch enabled. data = get_activitypub_data(remote_id) else: logger.info("Could not connect to host for remote_id: %s", remote_id) @@ -306,7 +306,8 @@ def resolve_remote_id( def get_representative(): - username = "%s@%s" % (INSTANCE_ACTOR_USERNAME, DOMAIN) + """Get or create an actor representing the entire instance to sign requests to 'secure mastodon' servers""" + username = f"{INSTANCE_ACTOR_USERNAME}@{DOMAIN}" try: user = models.User.objects.get(username=username) except models.User.DoesNotExist: diff --git a/bookwyrm/signatures.py b/bookwyrm/signatures.py index fb0ad49c1..772d39cce 100644 --- a/bookwyrm/signatures.py +++ b/bookwyrm/signatures.py @@ -32,7 +32,7 @@ def make_signature(method, sender, destination, date, digest=None): ] headers = "(request-target) host date" if digest is not None: - signature_headers.append("digest: %s" % digest) + signature_headers.append(f"digest: {digest}") headers = "(request-target) host date digest" message_to_sign = "\n".join(signature_headers) diff --git a/bookwyrm/tests/activitypub/test_base_activity.py b/bookwyrm/tests/activitypub/test_base_activity.py index 56bc142bb..120cd2c91 100644 --- a/bookwyrm/tests/activitypub/test_base_activity.py +++ b/bookwyrm/tests/activitypub/test_base_activity.py @@ -54,6 +54,7 @@ class BaseActivity(TestCase): self.image_data = output.getvalue() def test_get_representative_not_existing(self, *_): + """test that an instance representative actor is created if it does not exist""" representative = get_representative() self.assertIsInstance(representative, models.User) From e8452011f76c3c026e016669b7c717285c7281b0 Mon Sep 17 00:00:00 2001 From: Hugh Rundle Date: Fri, 20 Jan 2023 19:55:38 +1100 Subject: [PATCH 08/17] handle get_data exceptions better Makes exception handling more precise, only raising status for 401s. Also fixes a string pylint was complaining about. --- bookwyrm/activitypub/base_activity.py | 3 ++- bookwyrm/connectors/abstract_connector.py | 6 +++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/bookwyrm/activitypub/base_activity.py b/bookwyrm/activitypub/base_activity.py index 6fc600b77..a4affa172 100644 --- a/bookwyrm/activitypub/base_activity.py +++ b/bookwyrm/activitypub/base_activity.py @@ -306,7 +306,8 @@ def resolve_remote_id( def get_representative(): - """Get or create an actor representing the entire instance to sign requests to 'secure mastodon' servers""" + """Get or create an actor representing the instance + to sign requests to 'secure mastodon' servers""" username = f"{INSTANCE_ACTOR_USERNAME}@{DOMAIN}" try: user = models.User.objects.get(username=username) diff --git a/bookwyrm/connectors/abstract_connector.py b/bookwyrm/connectors/abstract_connector.py index dbfb2668d..6dd8a3081 100644 --- a/bookwyrm/connectors/abstract_connector.py +++ b/bookwyrm/connectors/abstract_connector.py @@ -244,7 +244,11 @@ def get_data(url, params=None, timeout=settings.QUERY_TIMEOUT): raise ConnectorException(err) if not resp.ok: - resp.raise_for_status() + if resp.status_code == 401: + # this is probably an AUTHORIZED_FETCH issue + resp.raise_for_status() + else: + raise ConnectorException() try: data = resp.json() except ValueError as err: From 317fa5cdfd63d49c34a6210a13674a596ee97bd7 Mon Sep 17 00:00:00 2001 From: Hugh Rundle Date: Fri, 20 Jan 2023 20:05:14 +1100 Subject: [PATCH 09/17] black --- bookwyrm/activitypub/base_activity.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bookwyrm/activitypub/base_activity.py b/bookwyrm/activitypub/base_activity.py index a4affa172..7befc5bc6 100644 --- a/bookwyrm/activitypub/base_activity.py +++ b/bookwyrm/activitypub/base_activity.py @@ -307,7 +307,7 @@ def resolve_remote_id( def get_representative(): """Get or create an actor representing the instance - to sign requests to 'secure mastodon' servers""" + to sign requests to 'secure mastodon' servers""" username = f"{INSTANCE_ACTOR_USERNAME}@{DOMAIN}" try: user = models.User.objects.get(username=username) From 803bba71a6da58b51caacd3210db279c13faba9f Mon Sep 17 00:00:00 2001 From: Hugh Rundle Date: Sun, 22 Jan 2023 15:59:19 +1100 Subject: [PATCH 10/17] fix error handling - when using raise_for_status we need to catch an HTTPError, not a ConnectionError - simplify instance actor - use internal email address since it will never be used anyway, and make default username less likely to already be in use. --- bookwyrm/activitypub/base_activity.py | 11 +++++++---- bookwyrm/settings.py | 4 +--- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/bookwyrm/activitypub/base_activity.py b/bookwyrm/activitypub/base_activity.py index 7befc5bc6..3adddfeb9 100644 --- a/bookwyrm/activitypub/base_activity.py +++ b/bookwyrm/activitypub/base_activity.py @@ -11,7 +11,7 @@ from django.utils.http import http_date from bookwyrm import models from bookwyrm.connectors import ConnectorException, get_data from bookwyrm.signatures import make_signature -from bookwyrm.settings import DOMAIN, INSTANCE_ACTOR_USERNAME, INSTANCE_ACTOR_EMAIL +from bookwyrm.settings import DOMAIN, INSTANCE_ACTOR_USERNAME from bookwyrm.tasks import app, MEDIUM logger = logging.getLogger(__name__) @@ -280,7 +280,10 @@ def resolve_remote_id( # load the data and create the object try: data = get_data(remote_id) - except ConnectorException as e: + except ConnectionError: + logger.info("Could not connect to host for remote_id: %s", remote_id) + return None + except requests.HTTPError as e: if (e.response is not None) and e.response.status_code == 401: # This most likely means it's a mastodon with secure fetch enabled. data = get_activitypub_data(remote_id) @@ -309,12 +312,12 @@ def get_representative(): """Get or create an actor representing the instance to sign requests to 'secure mastodon' servers""" username = f"{INSTANCE_ACTOR_USERNAME}@{DOMAIN}" + email = "bookwyrm@localhost" try: user = models.User.objects.get(username=username) except models.User.DoesNotExist: - email = INSTANCE_ACTOR_EMAIL user = models.User.objects.create_user( - username=username, email=email, local=True, localname=DOMAIN + username=username, email=email, local=True, localname=INSTANCE_ACTOR_USERNAME ) return user diff --git a/bookwyrm/settings.py b/bookwyrm/settings.py index 528bf68e2..ed1447b05 100644 --- a/bookwyrm/settings.py +++ b/bookwyrm/settings.py @@ -372,6 +372,4 @@ if HTTP_X_FORWARDED_PROTO: SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") # AUTHORIZED_FETCH Instance Actor -# WARNING this must both be unique - not used by any other user -INSTANCE_ACTOR_USERNAME = DOMAIN -INSTANCE_ACTOR_EMAIL = f"representative@{DOMAIN}" +INSTANCE_ACTOR_USERNAME = "bookwyrm.instance.actor" From f0e1767bc96e9924cf66c80d8909b3ab4ed8facf Mon Sep 17 00:00:00 2001 From: Hugh Rundle Date: Sun, 22 Jan 2023 16:10:30 +1100 Subject: [PATCH 11/17] black code --- bookwyrm/activitypub/base_activity.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/bookwyrm/activitypub/base_activity.py b/bookwyrm/activitypub/base_activity.py index 3adddfeb9..02e5395fc 100644 --- a/bookwyrm/activitypub/base_activity.py +++ b/bookwyrm/activitypub/base_activity.py @@ -317,7 +317,10 @@ def get_representative(): user = models.User.objects.get(username=username) except models.User.DoesNotExist: user = models.User.objects.create_user( - username=username, email=email, local=True, localname=INSTANCE_ACTOR_USERNAME + username=username, + email=email, + local=True, + localname=INSTANCE_ACTOR_USERNAME, ) return user From 821169251ceada45de45d4cf31d0fbf9f99ea805 Mon Sep 17 00:00:00 2001 From: Hugh Rundle Date: Thu, 26 Jan 2023 17:19:44 +1100 Subject: [PATCH 12/17] add more verbose comment to settings.py --- bookwyrm/settings.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/bookwyrm/settings.py b/bookwyrm/settings.py index ed1447b05..cd63ebb0d 100644 --- a/bookwyrm/settings.py +++ b/bookwyrm/settings.py @@ -371,5 +371,8 @@ HTTP_X_FORWARDED_PROTO = env.bool("SECURE_PROXY_SSL_HEADER", False) if HTTP_X_FORWARDED_PROTO: SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") -# AUTHORIZED_FETCH Instance Actor +# Instance Actor for signing GET requests to "secure mode" +# Mastodon servers. +# Do not change this setting unless you already have an existing +# user with the same username - in which case you should change it! INSTANCE_ACTOR_USERNAME = "bookwyrm.instance.actor" From 63dafd54d30108ce95a2bfebbc3045344aabbcfc Mon Sep 17 00:00:00 2001 From: Hugh Rundle Date: Thu, 26 Jan 2023 17:24:51 +1100 Subject: [PATCH 13/17] black I can't even tell what it thinks it did, but Black likes to complain. --- bookwyrm/settings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bookwyrm/settings.py b/bookwyrm/settings.py index cd63ebb0d..5cbb4b1e4 100644 --- a/bookwyrm/settings.py +++ b/bookwyrm/settings.py @@ -371,7 +371,7 @@ HTTP_X_FORWARDED_PROTO = env.bool("SECURE_PROXY_SSL_HEADER", False) if HTTP_X_FORWARDED_PROTO: SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") -# Instance Actor for signing GET requests to "secure mode" +# Instance Actor for signing GET requests to "secure mode" # Mastodon servers. # Do not change this setting unless you already have an existing # user with the same username - in which case you should change it! From 9be2f00064c0242c055432f36d1222548f291af0 Mon Sep 17 00:00:00 2001 From: Mouse Reeve Date: Thu, 26 Jan 2023 07:19:53 -0800 Subject: [PATCH 14/17] Update test_signing.py --- bookwyrm/tests/test_signing.py | 1 + 1 file changed, 1 insertion(+) diff --git a/bookwyrm/tests/test_signing.py b/bookwyrm/tests/test_signing.py index 9c5098018..8a7f65249 100644 --- a/bookwyrm/tests/test_signing.py +++ b/bookwyrm/tests/test_signing.py @@ -89,6 +89,7 @@ class Signature(TestCase): signature = make_signature( "post", signer or sender, self.rat.inbox, now, digest ) + with patch("bookwyrm.views.inbox.activity_task.apply_async"): with patch("bookwyrm.models.user.set_remote_server.delay"): return self.send(signature, now, send_data or data, digest) From 7c75c246d24fe5514b4e0864f4b904641ba9fd6a Mon Sep 17 00:00:00 2001 From: Jascha Urbach Date: Thu, 26 Jan 2023 16:51:32 +0100 Subject: [PATCH 15/17] Update requirements.txt Important bugfixes and performance updates. did not touch opentelemetry or the dev dependencies. No breaking changes. --- requirements.txt | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/requirements.txt b/requirements.txt index be223f5cd..e71fb52c8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,24 +4,24 @@ celery==5.2.7 colorthief==0.2.1 Django==3.2.16 django-celery-beat==2.4.0 -django-compressor==4.1 +django-compressor==4.3.1 django-imagekit==4.1.0 -django-model-utils==4.2.0 +django-model-utils==4.3.1 django-sass-processor==1.2.2 environs==9.5.0 flower==1.2.0 libsass==0.22.0 -Markdown==3.3.3 -Pillow>=9.3.0 +Markdown==3.4.1 +Pillow==9.4.0 psycopg2==2.9.5 pycryptodome==3.16.0 python-dateutil==2.8.2 redis==3.4.1 -requests==2.28.1 +requests==2.28.2 responses==0.22.0 pytz>=2022.7 -boto3==1.26.32 -django-storages==1.11.1 +boto3==1.26.57 +django-storages==1.13.2 django-redis==5.2.0 opentelemetry-api==1.11.1 opentelemetry-exporter-otlp-proto-grpc==1.11.1 @@ -29,7 +29,7 @@ opentelemetry-instrumentation-celery==0.30b1 opentelemetry-instrumentation-django==0.30b1 opentelemetry-sdk==1.11.1 protobuf==3.20.* -pyotp==2.6.0 +pyotp==2.8.0 qrcode==7.3.1 # Dev From ef481498440d8dbcb064b7f7463640017769a76b Mon Sep 17 00:00:00 2001 From: Mouse Reeve Date: Thu, 26 Jan 2023 07:52:37 -0800 Subject: [PATCH 16/17] Show import queue in Celery admin --- bookwyrm/templates/settings/celery.html | 12 +++++++++--- bookwyrm/views/admin/celery_status.py | 1 + 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/bookwyrm/templates/settings/celery.html b/bookwyrm/templates/settings/celery.html index b2bd95601..7ce6553fb 100644 --- a/bookwyrm/templates/settings/celery.html +++ b/bookwyrm/templates/settings/celery.html @@ -13,24 +13,30 @@

{% trans "Queues" %}

-
+

{% trans "Low priority" %}

{{ queues.low_priority|intcomma }}

-
+

{% trans "Medium priority" %}

{{ queues.medium_priority|intcomma }}

-
+

{% trans "High priority" %}

{{ queues.high_priority|intcomma }}

+
+
+

{% trans "Imports" %}

+

{{ queues.imports|intcomma }}

+
+
{% else %} diff --git a/bookwyrm/views/admin/celery_status.py b/bookwyrm/views/admin/celery_status.py index 5221fd619..0e88f55f1 100644 --- a/bookwyrm/views/admin/celery_status.py +++ b/bookwyrm/views/admin/celery_status.py @@ -36,6 +36,7 @@ class CeleryStatus(View): "low_priority": r.llen("low_priority"), "medium_priority": r.llen("medium_priority"), "high_priority": r.llen("high_priority"), + "imports": r.llen("imports"), } # pylint: disable=broad-except except Exception as err: From c26387baea7e7b81e1b8acdf582615f36b1e33d9 Mon Sep 17 00:00:00 2001 From: Jascha Urbach Date: Thu, 26 Jan 2023 17:24:18 +0100 Subject: [PATCH 17/17] add "import" to celery worker import was missing in ExecStart for celery --- contrib/systemd/bookwyrm-worker.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/systemd/bookwyrm-worker.service b/contrib/systemd/bookwyrm-worker.service index 7e25b0b17..d79fdabf6 100644 --- a/contrib/systemd/bookwyrm-worker.service +++ b/contrib/systemd/bookwyrm-worker.service @@ -6,7 +6,7 @@ After=network.target postgresql.service redis.service User=bookwyrm Group=bookwyrm WorkingDirectory=/opt/bookwyrm/ -ExecStart=/opt/bookwyrm/venv/bin/celery -A celerywyrm worker -l info -Q high_priority,medium_priority,low_priority +ExecStart=/opt/bookwyrm/venv/bin/celery -A celerywyrm worker -l info -Q high_priority,medium_priority,low_priority,import StandardOutput=journal StandardError=inherit