mirrors/gotosocial
1
0
Fork 1
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2024-05-20 17:28:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
gotosocial/internal/ap/resolve.go
kim 1d51e3c8d6
[bugfix] 2643 bug search for account url doesnt always work when redirected (#2673) 
* update activity library so dereferencer returns full response and checks *final* link to allow for redirects

* temporarily add bodged fixed library

* remove unused code

* update getAccountFeatured() to use dereferenceCollectionPage()

* make sure to release map

* perform a 2nd decode to ensure reader is empty after primary decode

* add comment explaining choice of using Decode() instead of Unmarshal()

* update embedded activity library to latest matching https://github.com/superseriousbusiness/activity/pull/21

* add checks to look for changed URI and re-check database if redirected

* update max iteration count to 512, add checks during dereferenceAncestors() for indirect URLs

* remove doubled-up code

* fix use of status instead of current

* use URIs for checking equality for security

* use the latest known URI for boost_of_uri in case original was an indirect

* add dereferenceCollection() function for dereferenceAccountFeatured()

* pull in latest github.com/superseriousbusiness/activity version (and remove the bodge!!)

* fix typo in code comments

* update decodeType() to accept a readcloser and handle body closing

* switch to checking using BoostOfID and add note why not using BoostOfURI

* ensure InReplyTo gets unset when deleting status parent in case currently stubbed

* add tests for Collection and CollectionPage iterators
2024-02-23 16:24:40 +01:00

262 lines
8.2 KiB
Go
Raw Blame History

// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package ap
import (
"context"
"encoding/json"
"errors"
"fmt"
"io"
"net/http"
"github.com/superseriousbusiness/activity/pub"
"github.com/superseriousbusiness/activity/streams"
"github.com/superseriousbusiness/activity/streams/vocab"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
)
// ResolveActivity is a util function for pulling a pub.Activity type out of an incoming request body,
// returning the resolved activity type, error and whether to accept activity (false = transient i.e. ignore).
func ResolveIncomingActivity(r *http.Request) (pub.Activity, bool, gtserror.WithCode) {
// Get "raw" map
// destination.
raw := getMap()
// Decode data as JSON into 'raw' map
// and get the resolved AS vocab.Type.
// (this handles close of request body).
t, err := decodeType(r.Context(), r.Body, raw)
if err != nil {
// NOTE: if the error here was due to the response body
// ending early, the connection will have broken so it
// doesn't matter if we try to return 400 or 500, the
// error is mainly for our logging. tl;dr there's not a
// huge need to differentiate between those error types.
if !streams.IsUnmatchedErr(err) {
err := gtserror.Newf("error matching json to type: %w", err)
return nil, false, gtserror.NewErrorInternalError(err)
}
const text = "body json not resolvable as ActivityStreams type"
return nil, false, gtserror.NewErrorBadRequest(errors.New(text), text)
}
// Ensure this is an Activity type.
activity, ok := t.(pub.Activity)
if !ok {
text := fmt.Sprintf("cannot resolve vocab type %T as pub.Activity", t)
return nil, false, gtserror.NewErrorBadRequest(errors.New(text), text)
}
if activity.GetJSONLDId() == nil {
// missing ID indicates a transient ID as per:
//
// all objects distributed by the ActivityPub protocol MUST have unique global identifiers,
// unless they are intentionally transient (short lived activities that are not intended to
// be able to be looked up, such as some kinds of chat messages or game notifications).
return nil, false, nil
}
// Normalize any Statusable, Accountable, Pollable fields found.
// (see: https://github.com/superseriousbusiness/gotosocial/issues/1661)
NormalizeIncomingActivity(activity, raw)
// Release.
putMap(raw)
return activity, true, nil
}
// ResolveStatusable tries to resolve the response data as an ActivityPub
// Statusable representation. It will then perform normalization on the Statusable.
//
// Works for: Article, Document, Image, Video, Note, Page, Event, Place, Profile, Question.
func ResolveStatusable(ctx context.Context, body io.ReadCloser) (Statusable, error) {
// Get "raw" map
// destination.
raw := getMap()
// Decode data as JSON into 'raw' map
// and get the resolved AS vocab.Type.
// (this handles close of given body).
t, err := decodeType(ctx, body, raw)
if err != nil {
return nil, gtserror.SetWrongType(err)
}
// Attempt to cast as Statusable.
statusable, ok := ToStatusable(t)
if !ok {
err := gtserror.Newf("cannot resolve vocab type %T as statusable", t)
return nil, gtserror.SetWrongType(err)
}
if pollable, ok := ToPollable(statusable); ok {
// Question requires extra normalization, and
// fortunately directly implements Statusable.
NormalizeIncomingPollOptions(pollable, raw)
statusable = pollable
}
NormalizeIncomingContent(statusable, raw)
NormalizeIncomingAttachments(statusable, raw)
NormalizeIncomingSummary(statusable, raw)
NormalizeIncomingName(statusable, raw)
// Release.
putMap(raw)
return statusable, nil
}
// ResolveAccountable tries to resolve the given reader into an ActivityPub
// Accountable representation. It will then perform normalization on the Accountable.
//
// Works for: Application, Group, Organization, Person, Service
func ResolveAccountable(ctx context.Context, body io.ReadCloser) (Accountable, error) {
// Get "raw" map
// destination.
raw := getMap()
// Decode data as JSON into 'raw' map
// and get the resolved AS vocab.Type.
// (this handles close of given body).
t, err := decodeType(ctx, body, raw)
if err != nil {
return nil, gtserror.SetWrongType(err)
}
// Attempt to cast as Statusable.
accountable, ok := ToAccountable(t)
if !ok {
err := gtserror.Newf("cannot resolve vocab type %T as accountable", t)
return nil, gtserror.SetWrongType(err)
}
NormalizeIncomingSummary(accountable, raw)
// Release.
putMap(raw)
return accountable, nil
}
// ResolveCollection tries to resolve the given reader into an ActivityPub Collection-like
// representation, then wrapping as abstracted iterator. Works for: Collection, OrderedCollection.
func ResolveCollection(ctx context.Context, body io.ReadCloser) (CollectionIterator, error) {
// Get "raw" map
// destination.
raw := getMap()
// Decode data as JSON into 'raw' map
// and get the resolved AS vocab.Type.
// (this handles close of given body).
t, err := decodeType(ctx, body, raw)
if err != nil {
return nil, gtserror.SetWrongType(err)
}
// Release.
putMap(raw)
// Cast as as Collection-like.
return ToCollectionIterator(t)
}
// ResolveCollectionPage tries to resolve the given reader into an ActivityPub CollectionPage-like
// representation, then wrapping as abstracted iterator. Works for: CollectionPage, OrderedCollectionPage.
func ResolveCollectionPage(ctx context.Context, body io.ReadCloser) (CollectionPageIterator, error) {
// Get "raw" map
// destination.
raw := getMap()
// Decode data as JSON into 'raw' map
// and get the resolved AS vocab.Type.
// (this handles close of given body).
t, err := decodeType(ctx, body, raw)
if err != nil {
return nil, gtserror.SetWrongType(err)
}
// Release.
putMap(raw)
// Cast as as CollectionPage-like.
return ToCollectionPageIterator(t)
}
// emptydest is an empty JSON decode
// destination useful for "noop" decodes
// to check underlying reader is empty.
var emptydest = &struct{}{}
// decodeType tries to read and parse the data
// at provided io.ReadCloser as a JSON ActivityPub
// type, failing if not parseable as JSON or not
// resolveable as one of our known AS types.
//
// NOTE: this function handles closing
// given body when it is finished with.
//
// The given map pointer will also be populated with
// the 'raw' JSON data, for further processing.
func decodeType(
ctx context.Context,
body io.ReadCloser,
raw map[string]any,
) (vocab.Type, error) {
// Wrap body in JSON decoder.
//
// We do this instead of using json.Unmarshal()
// so we can take advantage of the decoder's streamed
// check of input data as valid JSON. This means that
// in the cases of garbage input, or even just fallback
// HTML responses that were incorrectly content-type'd,
// we can error-out as soon as possible.
dec := json.NewDecoder(body)
// Unmarshal JSON source data into "raw" map.
if err := dec.Decode(&raw); err != nil {
_ = body.Close() // ensure closed.
return nil, gtserror.NewfAt(3, "error decoding into json: %w", err)
}
// Perform a secondary decode just to ensure we drained the
// entirety of the data source. Error indicates either extra
// trailing garbage, or multiple JSON values (invalid data).
if err := dec.Decode(emptydest); err != io.EOF {
_ = body.Close() // ensure closed.
return nil, gtserror.NewfAt(3, "data remaining after json")
}
// Done with body.
_ = body.Close()
// Resolve an ActivityStreams type.
t, err := streams.ToType(ctx, raw)
if err != nil {
return nil, gtserror.NewfAt(3, "error resolving json into ap vocab type: %w", err)
}
return t, nil
}
Reference in a new issue View git blame Copy permalink