mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2025-01-05 06:48:43 +00:00
177 lines
5.4 KiB
Python
177 lines
5.4 KiB
Python
''' activitystream api '''
|
|
from base64 import b64encode
|
|
from Crypto.PublicKey import RSA
|
|
from Crypto.Signature import pkcs1_15
|
|
from Crypto.Hash import SHA256
|
|
from datetime import datetime
|
|
from django.http import HttpResponse, HttpResponseBadRequest, \
|
|
HttpResponseNotFound, JsonResponse
|
|
from django.views.decorators.csrf import csrf_exempt
|
|
from fedireads.settings import DOMAIN
|
|
from fedireads import models
|
|
from fedireads import openlibrary
|
|
import fedireads.activitypub_templates as templates
|
|
import json
|
|
import requests
|
|
|
|
def webfinger(request):
|
|
''' allow other servers to ask about a user '''
|
|
resource = request.GET.get('resource')
|
|
if not resource and not resource.startswith('acct:'):
|
|
return HttpResponseBadRequest()
|
|
ap_id = resource.replace('acct:', '')
|
|
user = models.User.objects.filter(full_username=ap_id).first()
|
|
if not user:
|
|
return HttpResponseNotFound('No account found')
|
|
return JsonResponse(format_webfinger(user))
|
|
|
|
|
|
def format_webfinger(user):
|
|
''' helper function to create structured webfinger json '''
|
|
return {
|
|
'subject': 'acct:%s' % (user.full_username),
|
|
'links': [
|
|
{
|
|
'rel': 'self',
|
|
'type': 'application/activity+json',
|
|
'href': user.actor
|
|
}
|
|
]
|
|
}
|
|
|
|
|
|
@csrf_exempt
|
|
def get_actor(request, username):
|
|
''' return an activitypub actor object '''
|
|
user = models.User.objects.get(username=username)
|
|
return JsonResponse(templates.actor(user))
|
|
|
|
|
|
@csrf_exempt
|
|
def inbox(request, username):
|
|
''' incoming activitypub events '''
|
|
if request.method == 'GET':
|
|
# return a collection of something?
|
|
return JsonResponse({})
|
|
|
|
# TODO: RSA key verification
|
|
|
|
try:
|
|
activity = json.loads(request.body)
|
|
except json.decoder.JSONDecodeError:
|
|
return HttpResponseBadRequest
|
|
if activity['type'] == 'Add':
|
|
handle_add(activity)
|
|
|
|
if activity['type'] == 'Follow':
|
|
response = handle_follow(activity)
|
|
return JsonResponse(response)
|
|
return HttpResponse()
|
|
|
|
|
|
def handle_add(activity):
|
|
''' adding a book to a shelf '''
|
|
book_id = activity['object']['url']
|
|
book = openlibrary.get_or_create_book(book_id)
|
|
user_ap_id = activity['actor'].replace('https//:', '')
|
|
user = models.User.objects.get(actor=user_ap_id)
|
|
shelf = models.Shelf.objects.get(activitypub_id=activity['target']['id'])
|
|
models.ShelfBook(
|
|
shelf=shelf,
|
|
book=book,
|
|
added_by=user,
|
|
).save()
|
|
|
|
|
|
def handle_follow(activity):
|
|
'''
|
|
{
|
|
"@context": "https://www.w3.org/ns/activitystreams",
|
|
"id": "https://friend.camp/768222ce-a1c7-479c-a544-c93b8b67fb54",
|
|
"type": "Follow",
|
|
"actor": "https://friend.camp/users/tripofmice",
|
|
"object": "https://ff2cb3e9.ngrok.io/api/u/mouse"
|
|
}
|
|
'''
|
|
# figure out who they want to follow
|
|
following = activity['object'].replace('https://%s/api/u/' % DOMAIN, '')
|
|
following = models.User.objects.get(username=following)
|
|
# figure out who they are
|
|
user = get_or_create_remote_user(activity)
|
|
following.followers.add(user)
|
|
# accept the request
|
|
return templates.accept_follow(activity, following)
|
|
|
|
|
|
@csrf_exempt
|
|
def outbox(request, username):
|
|
''' outbox for the requested user '''
|
|
user = models.User.objects.get(username=username)
|
|
size = models.Message.objects.filter(user=user).count()
|
|
if request.method == 'GET':
|
|
# list of activities
|
|
return JsonResponse(templates.outbox_collection(user, size))
|
|
|
|
data = request.body.decode('utf-8')
|
|
if data.activity.type == 'Follow':
|
|
handle_follow(data)
|
|
return HttpResponse()
|
|
|
|
|
|
def broadcast_activity(sender, obj, recipients):
|
|
''' sign and send out the actions '''
|
|
activity = templates.create_activity(sender, obj)
|
|
|
|
# store message in database
|
|
models.Message(user=sender, content=activity).save()
|
|
|
|
for recipient in recipients:
|
|
broadcast(sender, activity, recipient)
|
|
|
|
|
|
def broadcast_follow(sender, action, destination):
|
|
''' send a follow request '''
|
|
broadcast(sender, action, destination)
|
|
|
|
def broadcast(sender, action, destination):
|
|
''' send out an event to all followers '''
|
|
inbox_fragment = '/api/u/%s/inbox' % (sender.username)
|
|
now = datetime.utcnow().isoformat()
|
|
message_to_sign = '''(request-target): post %s
|
|
host: https://%s
|
|
date: %s''' % (inbox_fragment, DOMAIN, now)
|
|
signer = pkcs1_15.new(RSA.import_key(sender.private_key))
|
|
signed_message = signer.sign(SHA256.new(message_to_sign.encode('utf8')))
|
|
|
|
signature = 'keyId="%s",' % sender.full_username
|
|
signature += 'headers="(request-target) host date",'
|
|
signature += 'signature="%s"' % b64encode(signed_message)
|
|
response = requests.post(
|
|
destination,
|
|
data=json.dumps(action),
|
|
headers={
|
|
'Date': now,
|
|
'Signature': signature,
|
|
'Host': DOMAIN,
|
|
},
|
|
)
|
|
if not response.ok:
|
|
response.raise_for_status()
|
|
|
|
def get_or_create_remote_user(activity):
|
|
''' wow, a foreigner '''
|
|
actor = activity['actor']
|
|
try:
|
|
user = models.User.objects.get(actor=actor)
|
|
except models.User.DoesNotExist:
|
|
# TODO: how do you actually correctly learn this?
|
|
username = '%s@%s' % (actor.split('/')[-1], actor.split('/')[2])
|
|
user = models.User.objects.create_user(
|
|
username,
|
|
'', '',
|
|
actor=actor,
|
|
local=False
|
|
)
|
|
return user
|
|
|
|
|