GoToSocial sends 'tag' values as a single object if there is only one
user mentioned, rather than an array with an object inside it.
This causes Bookwyrm to reject the tag since it comes through as a
dict rather than a list.
This commit fixes this at the point the incoming AP object is transformed
so that "mention" tags are turned into a mention_user.
Bookwyrm keyIds are at `userpath/#main-key`, however when signing AP objects we have claimed in the headers that the keyId is at `userpath#main-key`.
This is incorrect, and makes GoToSocial's strict checking break.
Simply updating the signatures to use the correct KeyId breaks legacy Bookwyrm's signature checks, becuase it assumes that the keyId path is the same as the user path plus a fragment.
This commit allows for either option, by sending the request a second time with the incorrect keyId if sending with the correct one causes an error.
Previously the 'tag' value in an activitypub object was assumed to be a List (array).
Some AP software sends 'tag' as a Dict (object) if there is only a single tag value.
It's somewhat debatable whether this is spec compliant but we should aim to be robust.
This commit puts an individual mention tag inside a list if necessary.
Fixes#2801
Related to #2794
It is legitimate to use any url for the user's key id. We have been assuming this id is the user id plus a fragment (#key-id) but this is not always the case, notably in the case of GoToSocial it is at /key-id. This commit instead checks the remote user's information to see if the key id listed matches the key id of the message allegedly received from them.
Whilst troubleshooting this it also became apparent that there is a mismatch between Bookwyrm users' keyId and the KeyId we claim to be using in signed requests (there is a forward slash missing). Since everything after the slash is a fragment, this usually slips through but we should be consistent so I updated that.
The series link needs an author so if it doesn't have one, instead of
showing a server error let's just show the series details as plain text
without a link.
Fixes: #2797
This avoids filtering for the user that made the post in the same query
as we use for other things, which should allow for better use of indices
in all cases. Previously, #2723 did some work on this that only worked
for some cases in HomeStream, but this code should work for all cases.
Related: #2720
This is the header described in the ActivityPub spec, which should fix
some federation problems with GoToSocial and potentially other picky
services.
Related: #2794, superseriousbusiness/gotosocial#1676
This enables automatic instrumentation of Postgres queries when
OpenTelemetry instrumentation is enabled, which will help with debugging
performance problems.
Previously, ignore_activity could unexpectedly make a outgoing HTTP
connection, leading to unwanted latency, particularly when called via
ActivityObject.to_model, which had the allow_external_connections
parameter already.
Related: #2717
Since Celery tasks don't affect interactive latency, we should have a
more generous timeout. This also allows admins to set the timeout for
Celery and the web frontend separately, without breaking backwards
compatibility with the previous environment variable.