[bugfix] Normalize status content (don't parse status content as IRI) (#1665)

* start fannying about

* finish up Normalize

* tidy up

* pin to tag

* move errors about just a little bit
This commit is contained in:
tobi 2023-04-06 13:19:55 +02:00 committed by GitHub
parent 4f322f527f
commit c54510bc74
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 665 additions and 293 deletions

2
go.mod
View file

@ -42,7 +42,7 @@ require (
github.com/spf13/cobra v1.6.1 github.com/spf13/cobra v1.6.1
github.com/spf13/viper v1.15.0 github.com/spf13/viper v1.15.0
github.com/stretchr/testify v1.8.2 github.com/stretchr/testify v1.8.2
github.com/superseriousbusiness/activity v1.2.1-gts github.com/superseriousbusiness/activity v1.2.2-gts
github.com/superseriousbusiness/exif-terminator v0.5.0 github.com/superseriousbusiness/exif-terminator v0.5.0
github.com/superseriousbusiness/oauth2/v4 v4.3.2-SSB.0.20230227143000-f4900831d6c8 github.com/superseriousbusiness/oauth2/v4 v4.3.2-SSB.0.20230227143000-f4900831d6c8
github.com/tdewolff/minify/v2 v2.12.5 github.com/tdewolff/minify/v2 v2.12.5

4
go.sum
View file

@ -543,8 +543,8 @@ github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o
github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8= github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8=
github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
github.com/sunfish-shogi/bufseekio v0.0.0-20210207115823-a4185644b365/go.mod h1:dEzdXgvImkQ3WLI+0KQpmEx8T/C/ma9KeS3AfmU899I= github.com/sunfish-shogi/bufseekio v0.0.0-20210207115823-a4185644b365/go.mod h1:dEzdXgvImkQ3WLI+0KQpmEx8T/C/ma9KeS3AfmU899I=
github.com/superseriousbusiness/activity v1.2.1-gts h1:wh7v0zYa1mJmqB35PSfvgl4cs51Dh5PyfKvcZLSxMQU= github.com/superseriousbusiness/activity v1.2.2-gts h1:7duR8MCbYIKyM4UkeSkze2S/2+ve1XHs8kVfaFg58UI=
github.com/superseriousbusiness/activity v1.2.1-gts/go.mod h1:AZw0Xb4Oju8rmaJCZ21gc5CPg47MmNgyac+Hx5jo8VM= github.com/superseriousbusiness/activity v1.2.2-gts/go.mod h1:AZw0Xb4Oju8rmaJCZ21gc5CPg47MmNgyac+Hx5jo8VM=
github.com/superseriousbusiness/exif-terminator v0.5.0 h1:57SO/geyaOl2v/lJSQLVcQbdghpyFuK8ZTtaHL81fUQ= github.com/superseriousbusiness/exif-terminator v0.5.0 h1:57SO/geyaOl2v/lJSQLVcQbdghpyFuK8ZTtaHL81fUQ=
github.com/superseriousbusiness/exif-terminator v0.5.0/go.mod h1:d5IkskXco/3XRXzOrI73uGYn+wahJEqPlQSSqn6jxSw= github.com/superseriousbusiness/exif-terminator v0.5.0/go.mod h1:d5IkskXco/3XRXzOrI73uGYn+wahJEqPlQSSqn6jxSw=
github.com/superseriousbusiness/go-jpeg-image-structure/v2 v2.0.0-20220321154430-d89a106fdabe h1:ksl2oCx/Qo8sNDc3Grb8WGKBM9nkvhCm25uvlT86azE= github.com/superseriousbusiness/go-jpeg-image-structure/v2 v2.0.0-20220321154430-d89a106fdabe h1:ksl2oCx/Qo8sNDc3Grb8WGKBM9nkvhCm25uvlT86azE=

View file

@ -15,4 +15,21 @@
// You should have received a copy of the GNU Affero General Public License // You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>. // along with this program. If not, see <http://www.gnu.org/licenses/>.
package federation package ap
import "fmt"
// ErrWrongType indicates that we tried to resolve a type into
// an interface that it's not compatible with, eg a Person into
// a Statusable.
type ErrWrongType struct {
wrapped error
}
func (err *ErrWrongType) Error() string {
return fmt.Sprintf("wrong received type: %v", err.wrapped)
}
func newErrWrongType(err error) error {
return &ErrWrongType{wrapped: err}
}

View file

@ -60,6 +60,7 @@ type Statusable interface {
WithSensitive WithSensitive
WithConversation WithConversation
WithContent WithContent
WithSetContent
WithAttachment WithAttachment
WithTag WithTag
WithReplies WithReplies
@ -281,6 +282,11 @@ type WithContent interface {
GetActivityStreamsContent() vocab.ActivityStreamsContentProperty GetActivityStreamsContent() vocab.ActivityStreamsContentProperty
} }
// WithSetContent represents an activity that can have content set on it.
type WithSetContent interface {
SetActivityStreamsContent(vocab.ActivityStreamsContentProperty)
}
// WithPublished represents an activity with ActivityStreamsPublishedProperty // WithPublished represents an activity with ActivityStreamsPublishedProperty
type WithPublished interface { type WithPublished interface {
GetActivityStreamsPublished() vocab.ActivityStreamsPublishedProperty GetActivityStreamsPublished() vocab.ActivityStreamsPublishedProperty

116
internal/ap/normalize.go Normal file
View file

@ -0,0 +1,116 @@
// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package ap
import (
"github.com/superseriousbusiness/activity/pub"
"github.com/superseriousbusiness/activity/streams"
)
// NormalizeActivityObject normalizes the 'object'.'content' field of the given Activity.
//
// The rawActivity map should the freshly deserialized json representation of the Activity.
//
// This function is a noop if the type passed in is anything except a Create with a Statusable as its Object.
func NormalizeActivityObject(activity pub.Activity, rawActivity map[string]interface{}) {
if activity.GetTypeName() != ActivityCreate {
// Only interested in Create right now.
return
}
withObject, ok := activity.(WithObject)
if !ok {
// Create was not a WithObject.
return
}
createObject := withObject.GetActivityStreamsObject()
if createObject == nil {
// No object set.
return
}
if createObject.Len() != 1 {
// Not interested in Object arrays.
return
}
// We now know length is 1 so get the first
// item from the iter. We need this to be
// a Statusable if we're to continue.
i := createObject.At(0)
if i == nil {
// This is awkward.
return
}
t := i.GetType()
if t == nil {
// This is also awkward.
return
}
statusable, ok := t.(Statusable)
if !ok {
// Object is not Statusable;
// we're not interested.
return
}
object, ok := rawActivity["object"]
if !ok {
// No object in raw map.
return
}
rawStatusable, ok := object.(map[string]interface{})
if !ok {
// Object wasn't a json object.
return
}
// Pass in the statusable and its raw JSON representation.
NormalizeStatusableContent(statusable, rawStatusable)
}
// NormalizeStatusableContent replaces the Content of the given statusable
// with the raw 'content' value from the given json object map.
//
// noop if there was no content in the json object map or the content was
// not a plain string.
func NormalizeStatusableContent(statusable Statusable, rawStatusable map[string]interface{}) {
content, ok := rawStatusable["content"]
if !ok {
// No content in rawStatusable.
// TODO: In future we might also
// look for "contentMap" property.
return
}
rawContent, ok := content.(string)
if !ok {
// Not interested in content arrays.
return
}
// Set normalized content property from the raw string; this
// will replace any existing content property on the statusable.
contentProp := streams.NewActivityStreamsContentProperty()
contentProp.AppendXMLSchemaString(rawContent)
statusable.SetActivityStreamsContent(contentProp)
}

View file

@ -0,0 +1,110 @@
// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package ap_test
import (
"context"
"encoding/json"
"testing"
"github.com/stretchr/testify/suite"
"github.com/superseriousbusiness/activity/streams"
"github.com/superseriousbusiness/activity/streams/vocab"
"github.com/superseriousbusiness/gotosocial/internal/ap"
"github.com/superseriousbusiness/gotosocial/testrig"
)
type NormalizeTestSuite struct {
suite.Suite
}
func (suite *NormalizeTestSuite) GetStatusable() (vocab.ActivityStreamsNote, map[string]interface{}) {
rawJson := `{
"@context": [
"https://www.w3.org/ns/activitystreams",
"https://example.org/schemas/litepub-0.1.jsonld",
{
"@language": "und"
}
],
"actor": "https://example.org/users/someone",
"attachment": [],
"attributedTo": "https://example.org/users/someone",
"cc": [
"https://example.org/users/someone/followers"
],
"content": "UPDATE: As of this morning there are now more than 7 million Mastodon users, most from the <a class=\"hashtag\" data-tag=\"twittermigration\" href=\"https://example.org/tag/twittermigration\" rel=\"tag ugc\">#TwitterMigration</a>.<br><br>In fact, 100,000 new accounts have been created since last night.<br><br>Since last night&#39;s spike 8,000-12,000 new accounts are being created every hour.<br><br>Yesterday, I estimated that Mastodon would have 8 million users by the end of the week. That might happen a lot sooner if this trend continues.",
"context": "https://example.org/contexts/01GX0MSHPER1E0FT022Q209EJZ",
"conversation": "https://example.org/contexts/01GX0MSHPER1E0FT022Q209EJZ",
"id": "https://example.org/objects/01GX0MT2PA58JNSMK11MCS65YD",
"published": "2022-11-18T17:43:58.489995Z",
"replies": {
"items": [
"https://example.org/objects/01GX0MV12MGEG3WF9SWB5K3KRJ"
],
"type": "Collection"
},
"repliesCount": 0,
"sensitive": null,
"source": "UPDATE: As of this morning there are now more than 7 million Mastodon users, most from the #TwitterMigration.\r\n\r\nIn fact, 100,000 new accounts have been created since last night.\r\n\r\nSince last night's spike 8,000-12,000 new accounts are being created every hour.\r\n\r\nYesterday, I estimated that Mastodon would have 8 million users by the end of the week. That might happen a lot sooner if this trend continues.",
"summary": "",
"tag": [
{
"href": "https://example.org/tags/twittermigration",
"name": "#twittermigration",
"type": "Hashtag"
}
],
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"type": "Note"
}`
var rawNote map[string]interface{}
err := json.Unmarshal([]byte(rawJson), &rawNote)
if err != nil {
panic(err)
}
t, err := streams.ToType(context.Background(), rawNote)
if err != nil {
panic(err)
}
return t.(vocab.ActivityStreamsNote), rawNote
}
func (suite *NormalizeTestSuite) TestNormalizeActivityObject() {
note, rawNote := suite.GetStatusable()
suite.Equal(`update: As of this morning there are now more than 7 million Mastodon users, most from the <a class="hashtag" data-tag="twittermigration" href="https://example.org/tag/twittermigration" rel="tag ugc">#TwitterMigration%3C/a%3E.%3Cbr%3E%3Cbr%3EIn%20fact,%20100,000%20new%20accounts%20have%20been%20created%20since%20last%20night.%3Cbr%3E%3Cbr%3ESince%20last%20night&%2339;s%20spike%208,000-12,000%20new%20accounts%20are%20being%20created%20every%20hour.%3Cbr%3E%3Cbr%3EYesterday,%20I%20estimated%20that%20Mastodon%20would%20have%208%20million%20users%20by%20the%20end%20of%20the%20week.%20That%20might%20happen%20a%20lot%20sooner%20if%20this%20trend%20continues.`, ap.ExtractContent(note))
create := testrig.WrapAPNoteInCreate(
testrig.URLMustParse("https://example.org/create_something"),
testrig.URLMustParse("https://example.org/users/someone"),
testrig.TimeMustParse("2022-11-18T17:43:58.489995Z"),
note,
)
ap.NormalizeActivityObject(create, map[string]interface{}{"object": rawNote})
suite.Equal(`UPDATE: As of this morning there are now more than 7 million Mastodon users, most from the <a class="hashtag" data-tag="twittermigration" href="https://example.org/tag/twittermigration" rel="tag ugc">#TwitterMigration</a>.<br><br>In fact, 100,000 new accounts have been created since last night.<br><br>Since last night&#39;s spike 8,000-12,000 new accounts are being created every hour.<br><br>Yesterday, I estimated that Mastodon would have 8 million users by the end of the week. That might happen a lot sooner if this trend continues.`, ap.ExtractContent(note))
}
func TestNormalizeTestSuite(t *testing.T) {
suite.Run(t, new(NormalizeTestSuite))
}

118
internal/ap/resolve.go Normal file
View file

@ -0,0 +1,118 @@
// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package ap
import (
"context"
"encoding/json"
"fmt"
"github.com/superseriousbusiness/activity/streams"
"github.com/superseriousbusiness/activity/streams/vocab"
)
// ResolveStatusable tries to resolve the given bytes into an ActivityPub Statusable representation.
// It will then perform normalization on the Statusable by calling NormalizeStatusable, so that
// callers don't need to bother doing extra steps.
//
// Works for: Article, Document, Image, Video, Note, Page, Event, Place, Profile
func ResolveStatusable(ctx context.Context, b []byte) (Statusable, error) {
rawStatusable := make(map[string]interface{})
if err := json.Unmarshal(b, &rawStatusable); err != nil {
return nil, fmt.Errorf("ResolveStatusable: error unmarshalling bytes into json: %w", err)
}
t, err := streams.ToType(ctx, rawStatusable)
if err != nil {
return nil, fmt.Errorf("ResolveStatusable: error resolving json into ap vocab type: %w", err)
}
var (
statusable Statusable
ok bool
)
switch t.GetTypeName() {
case ObjectArticle:
statusable, ok = t.(vocab.ActivityStreamsArticle)
case ObjectDocument:
statusable, ok = t.(vocab.ActivityStreamsDocument)
case ObjectImage:
statusable, ok = t.(vocab.ActivityStreamsImage)
case ObjectVideo:
statusable, ok = t.(vocab.ActivityStreamsVideo)
case ObjectNote:
statusable, ok = t.(vocab.ActivityStreamsNote)
case ObjectPage:
statusable, ok = t.(vocab.ActivityStreamsPage)
case ObjectEvent:
statusable, ok = t.(vocab.ActivityStreamsEvent)
case ObjectPlace:
statusable, ok = t.(vocab.ActivityStreamsPlace)
case ObjectProfile:
statusable, ok = t.(vocab.ActivityStreamsProfile)
}
if !ok {
err = fmt.Errorf("ResolveStatusable: could not resolve %T to Statusable", t)
return nil, newErrWrongType(err)
}
NormalizeStatusableContent(statusable, rawStatusable)
return statusable, nil
}
// ResolveStatusable tries to resolve the given bytes into an ActivityPub Accountable representation.
//
// Works for: Application, Group, Organization, Person, Service
func ResolveAccountable(ctx context.Context, b []byte) (Accountable, error) {
rawAccountable := make(map[string]interface{})
if err := json.Unmarshal(b, &rawAccountable); err != nil {
return nil, fmt.Errorf("ResolveAccountable: error unmarshalling bytes into json: %w", err)
}
t, err := streams.ToType(ctx, rawAccountable)
if err != nil {
return nil, fmt.Errorf("ResolveAccountable: error resolving json into ap vocab type: %w", err)
}
var (
accountable Accountable
ok bool
)
switch t.GetTypeName() {
case ActorApplication:
accountable, ok = t.(vocab.ActivityStreamsApplication)
case ActorGroup:
accountable, ok = t.(vocab.ActivityStreamsGroup)
case ActorOrganization:
accountable, ok = t.(vocab.ActivityStreamsOrganization)
case ActorPerson:
accountable, ok = t.(vocab.ActivityStreamsPerson)
case ActorService:
accountable, ok = t.(vocab.ActivityStreamsService)
}
if !ok {
err = fmt.Errorf("ResolveAccountable: could not resolve %T to Accountable", t)
return nil, newErrWrongType(err)
}
return accountable, nil
}

View file

@ -357,39 +357,13 @@ func (d *deref) enrichAccount(ctx context.Context, requestUser string, uri *url.
// dereferenceAccountable calls remoteAccountID with a GET request, and tries to parse whatever // dereferenceAccountable calls remoteAccountID with a GET request, and tries to parse whatever
// it finds as something that an account model can be constructed out of. // it finds as something that an account model can be constructed out of.
//
// Will work for Person, Application, or Service models.
func (d *deref) dereferenceAccountable(ctx context.Context, transport transport.Transport, remoteAccountID *url.URL) (ap.Accountable, error) { func (d *deref) dereferenceAccountable(ctx context.Context, transport transport.Transport, remoteAccountID *url.URL) (ap.Accountable, error) {
b, err := transport.Dereference(ctx, remoteAccountID) b, err := transport.Dereference(ctx, remoteAccountID)
if err != nil { if err != nil {
return nil, fmt.Errorf("DereferenceAccountable: error deferencing %s: %w", remoteAccountID.String(), err) return nil, fmt.Errorf("dereferenceAccountable: error deferencing %s: %w", remoteAccountID.String(), err)
} }
m := make(map[string]interface{}) return ap.ResolveAccountable(ctx, b)
if err := json.Unmarshal(b, &m); err != nil {
return nil, fmt.Errorf("DereferenceAccountable: error unmarshalling bytes into json: %w", err)
}
t, err := streams.ToType(ctx, m)
if err != nil {
return nil, fmt.Errorf("DereferenceAccountable: error resolving json into ap vocab type: %w", err)
}
//nolint:forcetypeassert
switch t.GetTypeName() {
case ap.ActorApplication:
return t.(vocab.ActivityStreamsApplication), nil
case ap.ActorGroup:
return t.(vocab.ActivityStreamsGroup), nil
case ap.ActorOrganization:
return t.(vocab.ActivityStreamsOrganization), nil
case ap.ActorPerson:
return t.(vocab.ActivityStreamsPerson), nil
case ap.ActorService:
return t.(vocab.ActivityStreamsService), nil
}
return nil, newErrWrongType(fmt.Errorf("DereferenceAccountable: type name %s not supported as Accountable", t.GetTypeName()))
} }
func (d *deref) fetchRemoteAccountAvatar(ctx context.Context, tsport transport.Transport, avatarURL string, accountID string) (string, error) { func (d *deref) fetchRemoteAccountAvatar(ctx context.Context, tsport transport.Transport, avatarURL string, accountID string) (string, error) {

View file

@ -66,20 +66,6 @@ func newErrTransportError(err error) error {
return &ErrTransportError{wrapped: err} return &ErrTransportError{wrapped: err}
} }
// ErrWrongType indicates that an unexpected type was returned from a remote call;
// for example, we were served a Person when we were looking for a statusable.
type ErrWrongType struct {
wrapped error
}
func (err *ErrWrongType) Error() string {
return fmt.Sprintf("wrong received type: %v", err.wrapped)
}
func newErrWrongType(err error) error {
return &ErrWrongType{wrapped: err}
}
// ErrOther denotes some other kind of weird error, perhaps from a malformed json // ErrOther denotes some other kind of weird error, perhaps from a malformed json
// or some other weird crapola. // or some other weird crapola.
type ErrOther struct { type ErrOther struct {

View file

@ -19,14 +19,11 @@ package dereferencing
import ( import (
"context" "context"
"encoding/json"
"errors" "errors"
"fmt" "fmt"
"net/url" "net/url"
"strings" "strings"
"github.com/superseriousbusiness/activity/streams"
"github.com/superseriousbusiness/activity/streams/vocab"
"github.com/superseriousbusiness/gotosocial/internal/ap" "github.com/superseriousbusiness/gotosocial/internal/ap"
"github.com/superseriousbusiness/gotosocial/internal/config" "github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/db" "github.com/superseriousbusiness/gotosocial/internal/db"
@ -161,78 +158,10 @@ func (d *deref) dereferenceStatusable(ctx context.Context, tsport transport.Tran
b, err := tsport.Dereference(ctx, remoteStatusID) b, err := tsport.Dereference(ctx, remoteStatusID)
if err != nil { if err != nil {
return nil, fmt.Errorf("DereferenceStatusable: error deferencing %s: %s", remoteStatusID.String(), err) return nil, fmt.Errorf("dereferenceStatusable: error deferencing %s: %w", remoteStatusID.String(), err)
} }
m := make(map[string]interface{}) return ap.ResolveStatusable(ctx, b)
if err := json.Unmarshal(b, &m); err != nil {
return nil, fmt.Errorf("DereferenceStatusable: error unmarshalling bytes into json: %s", err)
}
t, err := streams.ToType(ctx, m)
if err != nil {
return nil, fmt.Errorf("DereferenceStatusable: error resolving json into ap vocab type: %s", err)
}
// Article, Document, Image, Video, Note, Page, Event, Place, Mention, Profile
switch t.GetTypeName() {
case ap.ObjectArticle:
p, ok := t.(vocab.ActivityStreamsArticle)
if !ok {
return nil, errors.New("DereferenceStatusable: error resolving type as ActivityStreamsArticle")
}
return p, nil
case ap.ObjectDocument:
p, ok := t.(vocab.ActivityStreamsDocument)
if !ok {
return nil, errors.New("DereferenceStatusable: error resolving type as ActivityStreamsDocument")
}
return p, nil
case ap.ObjectImage:
p, ok := t.(vocab.ActivityStreamsImage)
if !ok {
return nil, errors.New("DereferenceStatusable: error resolving type as ActivityStreamsImage")
}
return p, nil
case ap.ObjectVideo:
p, ok := t.(vocab.ActivityStreamsVideo)
if !ok {
return nil, errors.New("DereferenceStatusable: error resolving type as ActivityStreamsVideo")
}
return p, nil
case ap.ObjectNote:
p, ok := t.(vocab.ActivityStreamsNote)
if !ok {
return nil, errors.New("DereferenceStatusable: error resolving type as ActivityStreamsNote")
}
return p, nil
case ap.ObjectPage:
p, ok := t.(vocab.ActivityStreamsPage)
if !ok {
return nil, errors.New("DereferenceStatusable: error resolving type as ActivityStreamsPage")
}
return p, nil
case ap.ObjectEvent:
p, ok := t.(vocab.ActivityStreamsEvent)
if !ok {
return nil, errors.New("DereferenceStatusable: error resolving type as ActivityStreamsEvent")
}
return p, nil
case ap.ObjectPlace:
p, ok := t.(vocab.ActivityStreamsPlace)
if !ok {
return nil, errors.New("DereferenceStatusable: error resolving type as ActivityStreamsPlace")
}
return p, nil
case ap.ObjectProfile:
p, ok := t.(vocab.ActivityStreamsProfile)
if !ok {
return nil, errors.New("DereferenceStatusable: error resolving type as ActivityStreamsProfile")
}
return p, nil
}
return nil, newErrWrongType(fmt.Errorf("DereferenceStatusable: type name %s not supported as Statusable", t.GetTypeName()))
} }
// populateStatusFields fetches all the information we temporarily pinned to an incoming // populateStatusFields fetches all the information we temporarily pinned to an incoming

View file

@ -19,133 +19,218 @@ package federation
import ( import (
"context" "context"
"encoding/json"
"fmt"
"io"
"net/http" "net/http"
"net/url" "net/url"
"strings"
"codeberg.org/gruf/go-kv"
"github.com/superseriousbusiness/activity/pub" "github.com/superseriousbusiness/activity/pub"
"github.com/superseriousbusiness/activity/streams"
"github.com/superseriousbusiness/activity/streams/vocab" "github.com/superseriousbusiness/activity/streams/vocab"
"github.com/superseriousbusiness/gotosocial/internal/ap"
"github.com/superseriousbusiness/gotosocial/internal/log" "github.com/superseriousbusiness/gotosocial/internal/log"
) )
// federatingActor implements the go-fed federating protocol interface // Potential incoming Content-Type header values; be
type federatingActor struct { // lenient with whitespace and quotation mark placement.
actor pub.FederatingActor var activityStreamsMediaTypes = []string{
"application/activity+json",
"application/ld+json;profile=https://www.w3.org/ns/activitystreams",
"application/ld+json;profile=\"https://www.w3.org/ns/activitystreams\"",
"application/ld+json ;profile=https://www.w3.org/ns/activitystreams",
"application/ld+json ;profile=\"https://www.w3.org/ns/activitystreams\"",
"application/ld+json ; profile=https://www.w3.org/ns/activitystreams",
"application/ld+json ; profile=\"https://www.w3.org/ns/activitystreams\"",
"application/ld+json; profile=https://www.w3.org/ns/activitystreams",
"application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"",
} }
// newFederatingProtocol returns the gotosocial implementation of the GTSFederatingProtocol interface // federatingActor wraps the pub.FederatingActor interface
// with some custom GoToSocial-specific logic.
type federatingActor struct {
sideEffectActor pub.DelegateActor
wrapped pub.FederatingActor
}
// newFederatingProtocol returns a new federatingActor, which
// implements the pub.FederatingActor interface.
func newFederatingActor(c pub.CommonBehavior, s2s pub.FederatingProtocol, db pub.Database, clock pub.Clock) pub.FederatingActor { func newFederatingActor(c pub.CommonBehavior, s2s pub.FederatingProtocol, db pub.Database, clock pub.Clock) pub.FederatingActor {
actor := pub.NewFederatingActor(c, s2s, db, clock) sideEffectActor := pub.NewSideEffectActor(c, s2s, nil, db, clock)
customActor := pub.NewCustomActor(sideEffectActor, false, true, clock)
return &federatingActor{ return &federatingActor{
actor: actor, sideEffectActor: sideEffectActor,
wrapped: customActor,
} }
} }
// Send a federated activity.
//
// The provided url must be the outbox of the sender. All processing of
// the activity occurs similarly to the C2S flow:
// - If t is not an Activity, it is wrapped in a Create activity.
// - A new ID is generated for the activity.
// - The activity is added to the specified outbox.
// - The activity is prepared and delivered to recipients.
//
// Note that this function will only behave as expected if the
// implementation has been constructed to support federation. This
// method will guaranteed work for non-custom Actors. For custom actors,
// care should be used to not call this method if only C2S is supported.
func (f *federatingActor) Send(c context.Context, outbox *url.URL, t vocab.Type) (pub.Activity, error) { func (f *federatingActor) Send(c context.Context, outbox *url.URL, t vocab.Type) (pub.Activity, error) {
log.Infof(c, "send activity %s via outbox %s", t.GetTypeName(), outbox) log.Infof(c, "send activity %s via outbox %s", t.GetTypeName(), outbox)
return f.actor.Send(c, outbox, t) return f.wrapped.Send(c, outbox, t)
} }
// PostInbox returns true if the request was handled as an ActivityPub
// POST to an actor's inbox. If false, the request was not an
// ActivityPub request and may still be handled by the caller in
// another way, such as serving a web page.
//
// If the error is nil, then the ResponseWriter's headers and response
// has already been written. If a non-nil error is returned, then no
// response has been written.
//
// If the Actor was constructed with the Federated Protocol enabled,
// side effects will occur.
//
// If the Federated Protocol is not enabled, writes the
// http.StatusMethodNotAllowed status code in the response. No side
// effects occur.
func (f *federatingActor) PostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (bool, error) { func (f *federatingActor) PostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (bool, error) {
return f.actor.PostInbox(c, w, r) return f.PostInboxScheme(c, w, r, "https")
} }
// PostInboxScheme is similar to PostInbox, except clients are able to // PostInboxScheme is a reimplementation of the default baseActor
// specify which protocol scheme to handle the incoming request and the // implementation of PostInboxScheme in pub/base_actor.go.
// data stored within the application (HTTP, HTTPS, etc). //
func (f *federatingActor) PostInboxScheme(c context.Context, w http.ResponseWriter, r *http.Request, scheme string) (bool, error) { // Key differences from that implementation:
return f.actor.PostInboxScheme(c, w, r, scheme) // - More explicit debug logging when a request is not processed.
// - Normalize content of activity object.
// - Return code 202 instead of 200 on successful POST, to reflect
// that we process most side effects asynchronously.
func (f *federatingActor) PostInboxScheme(ctx context.Context, w http.ResponseWriter, r *http.Request, scheme string) (bool, error) {
l := log.
WithContext(ctx).
WithFields([]kv.Field{
{"userAgent", r.UserAgent()},
{"path", r.URL.Path},
}...)
// Do nothing if this is not an ActivityPub POST request.
if !func() bool {
if r.Method != http.MethodPost {
l.Debugf("inbox request was %s rather than required POST", r.Method)
return false
} }
// GetInbox returns true if the request was handled as an ActivityPub contentType := r.Header.Get("Content-Type")
// GET to an actor's inbox. If false, the request was not an ActivityPub for _, mediaType := range activityStreamsMediaTypes {
// request and may still be handled by the caller in another way, such if strings.Contains(contentType, mediaType) {
// as serving a web page. return true
}
}
l.Debugf("inbox POST request content-type %s was not recognized", contentType)
return false
}() {
return false, nil
}
// Check the peer request is authentic.
ctx, authenticated, err := f.sideEffectActor.AuthenticatePostInbox(ctx, w, r)
if err != nil {
return true, err
} else if !authenticated {
return true, nil
}
// Begin processing the request, but note that we have
// not yet applied authorization (ex: blocks).
// //
// If the error is nil, then the ResponseWriter's headers and response // Obtain the activity and reject unknown activities.
// has already been written. If a non-nil error is returned, then no b, err := io.ReadAll(r.Body)
// response has been written. if err != nil {
err = fmt.Errorf("PostInboxScheme: error reading request body: %w", err)
return true, err
}
var rawActivity map[string]interface{}
if err := json.Unmarshal(b, &rawActivity); err != nil {
err = fmt.Errorf("PostInboxScheme: error unmarshalling request body: %w", err)
return true, err
}
t, err := streams.ToType(ctx, rawActivity)
if err != nil {
if !streams.IsUnmatchedErr(err) {
// Real error.
err = fmt.Errorf("PostInboxScheme: error matching json to type: %w", err)
return true, err
}
// Respond with bad request; we just couldn't
// match the type to one that we know about.
l.Debug("json could not be resolved to ActivityStreams value")
w.WriteHeader(http.StatusBadRequest)
return true, nil
}
activity, ok := t.(pub.Activity)
if !ok {
err = fmt.Errorf("ActivityStreams value with type %T is not a pub.Activity", t)
return true, err
}
if activity.GetJSONLDId() == nil {
l.Debugf("incoming Activity %s did not have required id property set", activity.GetTypeName())
w.WriteHeader(http.StatusBadRequest)
return true, nil
}
// If activity Object is a Statusable, we'll want to replace the
// parsed `content` value with the value from the raw JSON instead.
// See https://github.com/superseriousbusiness/gotosocial/issues/1661
ap.NormalizeActivityObject(activity, rawActivity)
// Allow server implementations to set context data with a hook.
ctx, err = f.sideEffectActor.PostInboxRequestBodyHook(ctx, r, activity)
if err != nil {
return true, err
}
// Check authorization of the activity.
authorized, err := f.sideEffectActor.AuthorizePostInbox(ctx, w, activity)
if err != nil {
return true, err
} else if !authorized {
return true, nil
}
// Copy existing URL + add request host and scheme.
inboxID := func() *url.URL {
id := &url.URL{}
*id = *r.URL
id.Host = r.Host
id.Scheme = scheme
return id
}()
// Post the activity to the actor's inbox and trigger side effects for
// that particular Activity type. It is up to the delegate to resolve
// the given map.
if err := f.sideEffectActor.PostInbox(ctx, inboxID, activity); err != nil {
// Special case: We know it is a bad request if the object or
// target properties needed to be populated, but weren't.
// //
// If the request is an ActivityPub request, the Actor will defer to the // Send the rejection to the peer.
// application to determine the correct authorization of the request and if err == pub.ErrObjectRequired || err == pub.ErrTargetRequired {
// the resulting OrderedCollection to respond with. The Actor handles l.Debugf("malformed incoming Activity: %s", err)
// serializing this OrderedCollection and responding with the correct w.WriteHeader(http.StatusBadRequest)
// headers and http.StatusOK. return true, nil
}
err = fmt.Errorf("PostInboxScheme: error calling sideEffectActor.PostInbox: %w", err)
return true, err
}
// Our side effects are complete, now delegate determining whether to do inbox forwarding, as well as the action to do it.
if err := f.sideEffectActor.InboxForwarding(ctx, inboxID, activity); err != nil {
err = fmt.Errorf("PostInboxScheme: error calling sideEffectActor.InboxForwarding: %w", err)
return true, err
}
// Request is now undergoing processing.
// Respond with an Accepted status.
w.WriteHeader(http.StatusAccepted)
return true, nil
}
func (f *federatingActor) GetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (bool, error) { func (f *federatingActor) GetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (bool, error) {
return f.actor.GetInbox(c, w, r) return f.wrapped.GetInbox(c, w, r)
} }
// PostOutbox returns true if the request was handled as an ActivityPub
// POST to an actor's outbox. If false, the request was not an
// ActivityPub request and may still be handled by the caller in another
// way, such as serving a web page.
//
// If the error is nil, then the ResponseWriter's headers and response
// has already been written. If a non-nil error is returned, then no
// response has been written.
//
// If the Actor was constructed with the Social Protocol enabled, side
// effects will occur.
//
// If the Social Protocol is not enabled, writes the
// http.StatusMethodNotAllowed status code in the response. No side
// effects occur.
//
// If the Social and Federated Protocol are both enabled, it will handle
// the side effects of receiving an ActivityStream Activity, and then
// federate the Activity to peers.
func (f *federatingActor) PostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (bool, error) { func (f *federatingActor) PostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (bool, error) {
return f.actor.PostOutbox(c, w, r) return f.wrapped.PostOutbox(c, w, r)
} }
// PostOutboxScheme is similar to PostOutbox, except clients are able to
// specify which protocol scheme to handle the incoming request and the
// data stored within the application (HTTP, HTTPS, etc).
func (f *federatingActor) PostOutboxScheme(c context.Context, w http.ResponseWriter, r *http.Request, scheme string) (bool, error) { func (f *federatingActor) PostOutboxScheme(c context.Context, w http.ResponseWriter, r *http.Request, scheme string) (bool, error) {
return f.actor.PostOutboxScheme(c, w, r, scheme) return f.wrapped.PostOutboxScheme(c, w, r, scheme)
} }
// GetOutbox returns true if the request was handled as an ActivityPub
// GET to an actor's outbox. If false, the request was not an
// ActivityPub request.
//
// If the error is nil, then the ResponseWriter's headers and response
// has already been written. If a non-nil error is returned, then no
// response has been written.
//
// If the request is an ActivityPub request, the Actor will defer to the
// application to determine the correct authorization of the request and
// the resulting OrderedCollection to respond with. The Actor handles
// serializing this OrderedCollection and responding with the correct
// headers and http.StatusOK.
func (f *federatingActor) GetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (bool, error) { func (f *federatingActor) GetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (bool, error) {
return f.actor.GetOutbox(c, w, r) return f.wrapped.GetOutbox(c, w, r)
} }

View file

@ -24,7 +24,6 @@ import (
"net/http" "net/http"
"net/url" "net/url"
"codeberg.org/gruf/go-kv"
"github.com/superseriousbusiness/activity/pub" "github.com/superseriousbusiness/activity/pub"
"github.com/superseriousbusiness/activity/streams" "github.com/superseriousbusiness/activity/streams"
"github.com/superseriousbusiness/activity/streams/vocab" "github.com/superseriousbusiness/activity/streams/vocab"
@ -138,74 +137,80 @@ func (f *federator) PostInboxRequestBodyHook(ctx context.Context, r *http.Reques
// authenticated must be true and error nil. The request will continue // authenticated must be true and error nil. The request will continue
// to be processed. // to be processed.
func (f *federator) AuthenticatePostInbox(ctx context.Context, w http.ResponseWriter, r *http.Request) (context.Context, bool, error) { func (f *federator) AuthenticatePostInbox(ctx context.Context, w http.ResponseWriter, r *http.Request) (context.Context, bool, error) {
l := log.WithContext(ctx). log.Tracef(ctx, "received request to authenticate inbox %s", r.URL.String())
WithFields(kv.Fields{
{"useragent", r.UserAgent()},
{"url", r.URL.String()},
}...)
l.Trace("received request to authenticate")
if !uris.IsInboxPath(r.URL) {
return nil, false, fmt.Errorf("path %s was not an inbox path", r.URL.String())
}
// Ensure this is an inbox path, and fetch the inbox owner
// account by parsing username from `/users/{username}/inbox`.
username, err := uris.ParseInboxPath(r.URL) username, err := uris.ParseInboxPath(r.URL)
if err != nil { if err != nil {
return nil, false, fmt.Errorf("could not parse path %s: %s", r.URL.String(), err) err = fmt.Errorf("AuthenticatePostInbox: could not parse %s as inbox path: %w", r.URL.String(), err)
return nil, false, err
} }
if username == "" { if username == "" {
return nil, false, errors.New("username was empty") err = errors.New("AuthenticatePostInbox: inbox username was empty")
return nil, false, err
} }
receivingAccount, err := f.db.GetAccountByUsernameDomain(ctx, username, "") receivingAccount, err := f.db.GetAccountByUsernameDomain(ctx, username, "")
if err != nil { if err != nil {
return nil, false, fmt.Errorf("could not fetch receiving account with username %s: %s", username, err) err = fmt.Errorf("AuthenticatePostInbox: could not fetch receiving account %s: %w", username, err)
return nil, false, err
} }
// Check who's delivering by inspecting the http signature.
publicKeyOwnerURI, errWithCode := f.AuthenticateFederatedRequest(ctx, receivingAccount.Username) publicKeyOwnerURI, errWithCode := f.AuthenticateFederatedRequest(ctx, receivingAccount.Username)
if errWithCode != nil { if errWithCode != nil {
switch errWithCode.Code() { switch errWithCode.Code() {
case http.StatusUnauthorized, http.StatusForbidden, http.StatusBadRequest: case http.StatusUnauthorized, http.StatusForbidden, http.StatusBadRequest:
// if 400, 401, or 403, obey the interface by writing the header and bailing // If codes 400, 401, or 403, obey the go-fed
// interface by writing the header and bailing.
w.WriteHeader(errWithCode.Code()) w.WriteHeader(errWithCode.Code())
return ctx, false, nil return ctx, false, nil
case http.StatusGone: case http.StatusGone:
// if the requesting account has gone (http 410) then likely // If the requesting account's key has gone
// inbox post was a delete, we can just write 202 and leave, // (410) then likely inbox post was a delete.
// since we didn't know about the account anyway, so we can't //
// do any further processing // We can just write 202 and leave: we didn't
// know about the account anyway, so we can't
// do any further processing.
w.WriteHeader(http.StatusAccepted) w.WriteHeader(http.StatusAccepted)
return ctx, false, nil return ctx, false, nil
default: default:
// if not, there's been a proper error // Proper error.
return ctx, false, err return ctx, false, err
} }
} }
// authentication has passed, so add an instance entry for this instance if it hasn't been done already // Authentication has passed, check if we need to create a
i := &gtsmodel.Instance{} // new instance entry for the Host of the requesting account.
if err := f.db.GetWhere(ctx, []db.Where{{Key: "domain", Value: publicKeyOwnerURI.Host}}, i); err != nil { if _, err := f.db.GetInstance(ctx, publicKeyOwnerURI.Host); err != nil {
if err != db.ErrNoEntries { if !errors.Is(err, db.ErrNoEntries) {
// there's been an actual error // There's been an actual error.
return ctx, false, fmt.Errorf("error getting requesting account with public key id %s: %s", publicKeyOwnerURI.String(), err) err = fmt.Errorf("AuthenticatePostInbox: error getting instance %s: %w", publicKeyOwnerURI.Host, err)
return ctx, false, err
} }
// we don't have an entry for this instance yet so dereference it // We don't yet have an entry for
i, err = f.GetRemoteInstance(transport.WithFastfail(ctx), username, &url.URL{ // the instance, go dereference it.
instance, err := f.GetRemoteInstance(transport.WithFastfail(ctx), username, &url.URL{
Scheme: publicKeyOwnerURI.Scheme, Scheme: publicKeyOwnerURI.Scheme,
Host: publicKeyOwnerURI.Host, Host: publicKeyOwnerURI.Host,
}) })
if err != nil { if err != nil {
return nil, false, fmt.Errorf("could not dereference new remote instance %s during AuthenticatePostInbox: %s", publicKeyOwnerURI.Host, err) err = fmt.Errorf("AuthenticatePostInbox: error dereferencing instance %s: %w", publicKeyOwnerURI.Host, err)
return nil, false, err
} }
// and put it in the db if err := f.db.Put(ctx, instance); err != nil {
if err := f.db.Put(ctx, i); err != nil { err = fmt.Errorf("AuthenticatePostInbox: error inserting instance entry for %s: %w", publicKeyOwnerURI.Host, err)
return nil, false, fmt.Errorf("error inserting newly dereferenced instance %s: %s", publicKeyOwnerURI.Host, err) return nil, false, err
} }
} }
// We know the public key owner URI now, so we can
// dereference the remote account (or just get it
// from the db if we already have it).
requestingAccount, err := f.GetAccountByURI( requestingAccount, err := f.GetAccountByURI(
transport.WithFastfail(ctx), username, publicKeyOwnerURI, false, transport.WithFastfail(ctx), username, publicKeyOwnerURI, false,
) )
@ -220,9 +225,12 @@ func (f *federator) AuthenticatePostInbox(ctx context.Context, w http.ResponseWr
w.WriteHeader(http.StatusAccepted) w.WriteHeader(http.StatusAccepted)
return ctx, false, nil return ctx, false, nil
} }
return nil, false, fmt.Errorf("couldn't get requesting account %s: %s", publicKeyOwnerURI, err) err = fmt.Errorf("AuthenticatePostInbox: couldn't get requesting account %s: %w", publicKeyOwnerURI, err)
return nil, false, err
} }
// We have everything we need now, set the requesting
// and receiving accounts on the context for later use.
withRequesting := context.WithValue(ctx, ap.ContextRequestingAccount, requestingAccount) withRequesting := context.WithValue(ctx, ap.ContextRequestingAccount, requestingAccount)
withReceiving := context.WithValue(withRequesting, ap.ContextReceivingAccount, receivingAccount) withReceiving := context.WithValue(withRequesting, ap.ContextReceivingAccount, receivingAccount)
return withReceiving, true, nil return withReceiving, true, nil
@ -351,14 +359,15 @@ func (f *federator) Blocked(ctx context.Context, actorIRIs []*url.URL) (bool, er
// type and extension. The unhandled ones are passed to DefaultCallback. // type and extension. The unhandled ones are passed to DefaultCallback.
func (f *federator) FederatingCallbacks(ctx context.Context) (wrapped pub.FederatingWrappedCallbacks, other []interface{}, err error) { func (f *federator) FederatingCallbacks(ctx context.Context) (wrapped pub.FederatingWrappedCallbacks, other []interface{}, err error) {
wrapped = pub.FederatingWrappedCallbacks{ wrapped = pub.FederatingWrappedCallbacks{
// OnFollow determines what action to take for this particular callback // OnFollow determines what action to take for this
// if a Follow Activity is handled. // particular callback if a Follow Activity is handled.
// //
// For our implementation, we always want to do nothing because we have internal logic for handling follows. // For our implementation, we always want to do nothing
// because we have internal logic for handling follows.
OnFollow: pub.OnFollowDoNothing, OnFollow: pub.OnFollowDoNothing,
} }
// override some default behaviors and trigger our own side effects // Override some default behaviors to trigger our own side effects.
other = []interface{}{ other = []interface{}{
func(ctx context.Context, undo vocab.ActivityStreamsUndo) error { func(ctx context.Context, undo vocab.ActivityStreamsUndo) error {
return f.FederatingDB().Undo(ctx, undo) return f.FederatingDB().Undo(ctx, undo)
@ -385,11 +394,7 @@ func (f *federator) FederatingCallbacks(ctx context.Context) (wrapped pub.Federa
// type and extension, so the unhandled ones are passed to // type and extension, so the unhandled ones are passed to
// DefaultCallback. // DefaultCallback.
func (f *federator) DefaultCallback(ctx context.Context, activity pub.Activity) error { func (f *federator) DefaultCallback(ctx context.Context, activity pub.Activity) error {
l := log.WithContext(ctx). log.Debugf(ctx, "received unhandle-able activity type (%s) so ignoring it", activity.GetTypeName())
WithFields(kv.Fields{
{"aptype", activity.GetTypeName()},
}...)
l.Debug("received unhandle-able activity type so ignoring it")
return nil return nil
} }

View file

@ -25,6 +25,7 @@ import (
"strings" "strings"
"codeberg.org/gruf/go-kv" "codeberg.org/gruf/go-kv"
"github.com/superseriousbusiness/gotosocial/internal/ap"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
"github.com/superseriousbusiness/gotosocial/internal/config" "github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/db" "github.com/superseriousbusiness/gotosocial/internal/db"
@ -131,9 +132,10 @@ func (p *Processor) SearchGet(ctx context.Context, authed *oauth.Auth, search *a
// check if it's a status... // check if it's a status...
foundStatus, err := p.searchStatusByURI(ctx, authed, uri) foundStatus, err := p.searchStatusByURI(ctx, authed, uri)
if err != nil { if err != nil {
// Check for semi-expected error types.
var ( var (
errNotRetrievable *dereferencing.ErrNotRetrievable errNotRetrievable *dereferencing.ErrNotRetrievable
errWrongType *dereferencing.ErrWrongType errWrongType *ap.ErrWrongType
) )
if !errors.As(err, &errNotRetrievable) && !errors.As(err, &errWrongType) { if !errors.As(err, &errNotRetrievable) && !errors.As(err, &errWrongType) {
return nil, gtserror.NewErrorInternalError(fmt.Errorf("error looking up status: %w", err)) return nil, gtserror.NewErrorInternalError(fmt.Errorf("error looking up status: %w", err))
@ -148,9 +150,10 @@ func (p *Processor) SearchGet(ctx context.Context, authed *oauth.Auth, search *a
if !foundOne { if !foundOne {
foundAccount, err := p.searchAccountByURI(ctx, authed, uri, search.Resolve) foundAccount, err := p.searchAccountByURI(ctx, authed, uri, search.Resolve)
if err != nil { if err != nil {
// Check for semi-expected error types.
var ( var (
errNotRetrievable *dereferencing.ErrNotRetrievable errNotRetrievable *dereferencing.ErrNotRetrievable
errWrongType *dereferencing.ErrWrongType errWrongType *ap.ErrWrongType
) )
if !errors.As(err, &errNotRetrievable) && !errors.As(err, &errWrongType) { if !errors.As(err, &errNotRetrievable) && !errors.As(err, &errWrongType) {
return nil, gtserror.NewErrorInternalError(fmt.Errorf("error looking up account: %w", err)) return nil, gtserror.NewErrorInternalError(fmt.Errorf("error looking up account: %w", err))

View file

@ -67,7 +67,8 @@ func NewSocialActor(c CommonBehavior,
db Database, db Database,
clock Clock) Actor { clock Clock) Actor {
return &baseActor{ return &baseActor{
delegate: &sideEffectActor{ // Use SideEffectActor without s2s.
delegate: &SideEffectActor{
common: c, common: c,
c2s: c2s, c2s: c2s,
db: db, db: db,
@ -96,7 +97,8 @@ func NewFederatingActor(c CommonBehavior,
clock Clock) FederatingActor { clock Clock) FederatingActor {
return &baseActorFederating{ return &baseActorFederating{
baseActor{ baseActor{
delegate: &sideEffectActor{ // Use SideEffectActor without c2s.
delegate: &SideEffectActor{
common: c, common: c,
s2s: s2s, s2s: s2s,
db: db, db: db,
@ -124,13 +126,7 @@ func NewActor(c CommonBehavior,
clock Clock) FederatingActor { clock Clock) FederatingActor {
return &baseActorFederating{ return &baseActorFederating{
baseActor{ baseActor{
delegate: &sideEffectActor{ delegate: NewSideEffectActor(c, s2s, c2s, db, clock),
common: c,
c2s: c2s,
s2s: s2s,
db: db,
clock: clock,
},
enableSocialProtocol: true, enableSocialProtocol: true,
enableFederatedProtocol: true, enableFederatedProtocol: true,
clock: clock, clock: clock,
@ -147,6 +143,9 @@ func NewActor(c CommonBehavior,
// //
// It is possible to create a DelegateActor that is not ActivityPub compliant. // It is possible to create a DelegateActor that is not ActivityPub compliant.
// Use with due care. // Use with due care.
//
// If you find yourself passing a SideEffectActor in as the DelegateActor,
// consider using NewActor, NewFederatingActor, or NewSocialActor instead.
func NewCustomActor(delegate DelegateActor, func NewCustomActor(delegate DelegateActor,
enableSocialProtocol, enableFederatedProtocol bool, enableSocialProtocol, enableFederatedProtocol bool,
clock Clock) FederatingActor { clock Clock) FederatingActor {

View file

@ -12,16 +12,16 @@ import (
) )
// sideEffectActor must satisfy the DelegateActor interface. // sideEffectActor must satisfy the DelegateActor interface.
var _ DelegateActor = &sideEffectActor{} var _ DelegateActor = &SideEffectActor{}
// sideEffectActor is a DelegateActor that handles the ActivityPub // SideEffectActor is a DelegateActor that handles the ActivityPub
// implementation side effects, but requires a more opinionated application to // implementation side effects, but requires a more opinionated application to
// be written. // be written.
// //
// Note that when using the sideEffectActor with an application that good-faith // Note that when using the SideEffectActor with an application that good-faith
// implements its required interfaces, the ActivityPub specification is // implements its required interfaces, the ActivityPub specification is
// guaranteed to be correctly followed. // guaranteed to be correctly followed.
type sideEffectActor struct { type SideEffectActor struct {
common CommonBehavior common CommonBehavior
s2s FederatingProtocol s2s FederatingProtocol
c2s SocialProtocol c2s SocialProtocol
@ -29,49 +29,73 @@ type sideEffectActor struct {
clock Clock clock Clock
} }
// NewSideEffectActor returns a new SideEffectActor, which satisfies the
// DelegateActor interface. Most of the time you will not need to call this
// function, and should instead rely on the NewSocialActor, NewFederatingActor,
// and NewActor functions, all of which use a SideEffectActor under the hood.
// Nevertheless, this function is exposed in case application developers need
// a SideEffectActor for some other reason (tests, monkey patches, etc).
//
// If you are using the returned SideEffectActor for federation, ensure that s2s
// is not nil. Likewise, if you are using it for the social protocol, ensure
// that c2s is not nil.
func NewSideEffectActor(c CommonBehavior,
s2s FederatingProtocol,
c2s SocialProtocol,
db Database,
clock Clock) *SideEffectActor {
return &SideEffectActor{
common: c,
s2s: s2s,
c2s: c2s,
db: db,
clock: clock,
}
}
// PostInboxRequestBodyHook defers to the delegate. // PostInboxRequestBodyHook defers to the delegate.
func (a *sideEffectActor) PostInboxRequestBodyHook(c context.Context, r *http.Request, activity Activity) (context.Context, error) { func (a *SideEffectActor) PostInboxRequestBodyHook(c context.Context, r *http.Request, activity Activity) (context.Context, error) {
return a.s2s.PostInboxRequestBodyHook(c, r, activity) return a.s2s.PostInboxRequestBodyHook(c, r, activity)
} }
// PostOutboxRequestBodyHook defers to the delegate. // PostOutboxRequestBodyHook defers to the delegate.
func (a *sideEffectActor) PostOutboxRequestBodyHook(c context.Context, r *http.Request, data vocab.Type) (context.Context, error) { func (a *SideEffectActor) PostOutboxRequestBodyHook(c context.Context, r *http.Request, data vocab.Type) (context.Context, error) {
return a.c2s.PostOutboxRequestBodyHook(c, r, data) return a.c2s.PostOutboxRequestBodyHook(c, r, data)
} }
// AuthenticatePostInbox defers to the delegate to authenticate the request. // AuthenticatePostInbox defers to the delegate to authenticate the request.
func (a *sideEffectActor) AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (out context.Context, authenticated bool, err error) { func (a *SideEffectActor) AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (out context.Context, authenticated bool, err error) {
return a.s2s.AuthenticatePostInbox(c, w, r) return a.s2s.AuthenticatePostInbox(c, w, r)
} }
// AuthenticateGetInbox defers to the delegate to authenticate the request. // AuthenticateGetInbox defers to the delegate to authenticate the request.
func (a *sideEffectActor) AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (out context.Context, authenticated bool, err error) { func (a *SideEffectActor) AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (out context.Context, authenticated bool, err error) {
return a.common.AuthenticateGetInbox(c, w, r) return a.common.AuthenticateGetInbox(c, w, r)
} }
// AuthenticatePostOutbox defers to the delegate to authenticate the request. // AuthenticatePostOutbox defers to the delegate to authenticate the request.
func (a *sideEffectActor) AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (out context.Context, authenticated bool, err error) { func (a *SideEffectActor) AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (out context.Context, authenticated bool, err error) {
return a.c2s.AuthenticatePostOutbox(c, w, r) return a.c2s.AuthenticatePostOutbox(c, w, r)
} }
// AuthenticateGetOutbox defers to the delegate to authenticate the request. // AuthenticateGetOutbox defers to the delegate to authenticate the request.
func (a *sideEffectActor) AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (out context.Context, authenticated bool, err error) { func (a *SideEffectActor) AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (out context.Context, authenticated bool, err error) {
return a.common.AuthenticateGetOutbox(c, w, r) return a.common.AuthenticateGetOutbox(c, w, r)
} }
// GetOutbox delegates to the SocialProtocol. // GetOutbox delegates to the SocialProtocol.
func (a *sideEffectActor) GetOutbox(c context.Context, r *http.Request) (vocab.ActivityStreamsOrderedCollectionPage, error) { func (a *SideEffectActor) GetOutbox(c context.Context, r *http.Request) (vocab.ActivityStreamsOrderedCollectionPage, error) {
return a.common.GetOutbox(c, r) return a.common.GetOutbox(c, r)
} }
// GetInbox delegates to the FederatingProtocol. // GetInbox delegates to the FederatingProtocol.
func (a *sideEffectActor) GetInbox(c context.Context, r *http.Request) (vocab.ActivityStreamsOrderedCollectionPage, error) { func (a *SideEffectActor) GetInbox(c context.Context, r *http.Request) (vocab.ActivityStreamsOrderedCollectionPage, error) {
return a.s2s.GetInbox(c, r) return a.s2s.GetInbox(c, r)
} }
// AuthorizePostInbox defers to the federating protocol whether the peer request // AuthorizePostInbox defers to the federating protocol whether the peer request
// is authorized based on the actors' ids. // is authorized based on the actors' ids.
func (a *sideEffectActor) AuthorizePostInbox(c context.Context, w http.ResponseWriter, activity Activity) (authorized bool, err error) { func (a *SideEffectActor) AuthorizePostInbox(c context.Context, w http.ResponseWriter, activity Activity) (authorized bool, err error) {
authorized = false authorized = false
actor := activity.GetActivityStreamsActor() actor := activity.GetActivityStreamsActor()
if actor == nil { if actor == nil {
@ -105,7 +129,7 @@ func (a *sideEffectActor) AuthorizePostInbox(c context.Context, w http.ResponseW
// PostInbox handles the side effects of determining whether to block the peer's // PostInbox handles the side effects of determining whether to block the peer's
// request, adding the activity to the actor's inbox, and triggering side // request, adding the activity to the actor's inbox, and triggering side
// effects based on the activity's type. // effects based on the activity's type.
func (a *sideEffectActor) PostInbox(c context.Context, inboxIRI *url.URL, activity Activity) error { func (a *SideEffectActor) PostInbox(c context.Context, inboxIRI *url.URL, activity Activity) error {
isNew, err := a.addToInboxIfNew(c, inboxIRI, activity) isNew, err := a.addToInboxIfNew(c, inboxIRI, activity)
if err != nil { if err != nil {
return err return err
@ -142,7 +166,7 @@ func (a *sideEffectActor) PostInbox(c context.Context, inboxIRI *url.URL, activi
// outbound requests as a side effect. // outbound requests as a side effect.
// //
// InboxForwarding sets the federated data in the database. // InboxForwarding sets the federated data in the database.
func (a *sideEffectActor) InboxForwarding(c context.Context, inboxIRI *url.URL, activity Activity) error { func (a *SideEffectActor) InboxForwarding(c context.Context, inboxIRI *url.URL, activity Activity) error {
// 1. Must be first time we have seen this Activity. // 1. Must be first time we have seen this Activity.
// //
// Obtain the id of the activity // Obtain the id of the activity
@ -322,7 +346,7 @@ func (a *sideEffectActor) InboxForwarding(c context.Context, inboxIRI *url.URL,
// //
// This implementation assumes all types are meant to be delivered except for // This implementation assumes all types are meant to be delivered except for
// the ActivityStreams Block type. // the ActivityStreams Block type.
func (a *sideEffectActor) PostOutbox(c context.Context, activity Activity, outboxIRI *url.URL, rawJSON map[string]interface{}) (deliverable bool, err error) { func (a *SideEffectActor) PostOutbox(c context.Context, activity Activity, outboxIRI *url.URL, rawJSON map[string]interface{}) (deliverable bool, err error) {
// TODO: Determine this if c2s is nil // TODO: Determine this if c2s is nil
deliverable = true deliverable = true
if a.c2s != nil { if a.c2s != nil {
@ -363,7 +387,7 @@ func (a *sideEffectActor) PostOutbox(c context.Context, activity Activity, outbo
// AddNewIDs creates new 'id' entries on an activity and its objects if it is a // AddNewIDs creates new 'id' entries on an activity and its objects if it is a
// Create activity. // Create activity.
func (a *sideEffectActor) AddNewIDs(c context.Context, activity Activity) error { func (a *SideEffectActor) AddNewIDs(c context.Context, activity Activity) error {
id, err := a.db.NewID(c, activity) id, err := a.db.NewID(c, activity)
if err != nil { if err != nil {
return err return err
@ -399,7 +423,7 @@ func (a *sideEffectActor) AddNewIDs(c context.Context, activity Activity) error
// another server. // another server.
// //
// Must be called if at least the federated protocol is supported. // Must be called if at least the federated protocol is supported.
func (a *sideEffectActor) Deliver(c context.Context, outboxIRI *url.URL, activity Activity) error { func (a *SideEffectActor) Deliver(c context.Context, outboxIRI *url.URL, activity Activity) error {
recipients, err := a.prepare(c, outboxIRI, activity) recipients, err := a.prepare(c, outboxIRI, activity)
if err != nil { if err != nil {
return err return err
@ -408,7 +432,7 @@ func (a *sideEffectActor) Deliver(c context.Context, outboxIRI *url.URL, activit
} }
// WrapInCreate wraps an object with a Create activity. // WrapInCreate wraps an object with a Create activity.
func (a *sideEffectActor) WrapInCreate(c context.Context, obj vocab.Type, outboxIRI *url.URL) (create vocab.ActivityStreamsCreate, err error) { func (a *SideEffectActor) WrapInCreate(c context.Context, obj vocab.Type, outboxIRI *url.URL) (create vocab.ActivityStreamsCreate, err error) {
var unlock func() var unlock func()
unlock, err = a.db.Lock(c, outboxIRI) unlock, err = a.db.Lock(c, outboxIRI)
if err != nil { if err != nil {
@ -426,7 +450,7 @@ func (a *sideEffectActor) WrapInCreate(c context.Context, obj vocab.Type, outbox
// deliverToRecipients will take a prepared Activity and send it to specific // deliverToRecipients will take a prepared Activity and send it to specific
// recipients on behalf of an actor. // recipients on behalf of an actor.
func (a *sideEffectActor) deliverToRecipients(c context.Context, boxIRI *url.URL, activity Activity, recipients []*url.URL) error { func (a *SideEffectActor) deliverToRecipients(c context.Context, boxIRI *url.URL, activity Activity, recipients []*url.URL) error {
m, err := streams.Serialize(activity) m, err := streams.Serialize(activity)
if err != nil { if err != nil {
return err return err
@ -444,7 +468,7 @@ func (a *sideEffectActor) deliverToRecipients(c context.Context, boxIRI *url.URL
// addToOutbox adds the activity to the outbox and creates the activity in the // addToOutbox adds the activity to the outbox and creates the activity in the
// internal database as its own entry. // internal database as its own entry.
func (a *sideEffectActor) addToOutbox(c context.Context, outboxIRI *url.URL, activity Activity) error { func (a *SideEffectActor) addToOutbox(c context.Context, outboxIRI *url.URL, activity Activity) error {
// Set the activity in the database first. // Set the activity in the database first.
id := activity.GetJSONLDId() id := activity.GetJSONLDId()
unlock, err := a.db.Lock(c, id.Get()) unlock, err := a.db.Lock(c, id.Get())
@ -488,7 +512,7 @@ func (a *sideEffectActor) addToOutbox(c context.Context, outboxIRI *url.URL, act
// It does not add the activity to this database's know federated data. // It does not add the activity to this database's know federated data.
// //
// Returns true when the activity is novel. // Returns true when the activity is novel.
func (a *sideEffectActor) addToInboxIfNew(c context.Context, inboxIRI *url.URL, activity Activity) (isNew bool, err error) { func (a *SideEffectActor) addToInboxIfNew(c context.Context, inboxIRI *url.URL, activity Activity) (isNew bool, err error) {
// Acquire a lock to read the inbox. Defer release. // Acquire a lock to read the inbox. Defer release.
var unlock func() var unlock func()
unlock, err = a.db.Lock(c, inboxIRI) unlock, err = a.db.Lock(c, inboxIRI)
@ -528,7 +552,7 @@ func (a *sideEffectActor) addToInboxIfNew(c context.Context, inboxIRI *url.URL,
// //
// Recursion may be limited by providing a 'maxDepth' greater than zero. A // Recursion may be limited by providing a 'maxDepth' greater than zero. A
// value of zero or a negative number will result in infinite recursion. // value of zero or a negative number will result in infinite recursion.
func (a *sideEffectActor) hasInboxForwardingValues(c context.Context, inboxIRI *url.URL, val vocab.Type, maxDepth, currDepth int) (bool, error) { func (a *SideEffectActor) hasInboxForwardingValues(c context.Context, inboxIRI *url.URL, val vocab.Type, maxDepth, currDepth int) (bool, error) {
// Stop recurring if we are exceeding the maximum depth and the maximum // Stop recurring if we are exceeding the maximum depth and the maximum
// is a positive number. // is a positive number.
if maxDepth > 0 && currDepth >= maxDepth { if maxDepth > 0 && currDepth >= maxDepth {
@ -615,7 +639,7 @@ func (a *sideEffectActor) hasInboxForwardingValues(c context.Context, inboxIRI *
// hidden recipients ("bto" and "bcc") stripped from it. // hidden recipients ("bto" and "bcc") stripped from it.
// //
// Only call if both the social and federated protocol are supported. // Only call if both the social and federated protocol are supported.
func (a *sideEffectActor) prepare(c context.Context, outboxIRI *url.URL, activity Activity) (r []*url.URL, err error) { func (a *SideEffectActor) prepare(c context.Context, outboxIRI *url.URL, activity Activity) (r []*url.URL, err error) {
// Get inboxes of recipients // Get inboxes of recipients
if to := activity.GetActivityStreamsTo(); to != nil { if to := activity.GetActivityStreamsTo(); to != nil {
for iter := to.Begin(); iter != to.End(); iter = iter.Next() { for iter := to.Begin(); iter != to.End(); iter = iter.Next() {
@ -774,7 +798,7 @@ func (a *sideEffectActor) prepare(c context.Context, outboxIRI *url.URL, activit
// dereference the collection, WITH the user's credentials. // dereference the collection, WITH the user's credentials.
// //
// Note that this also applies to CollectionPage and OrderedCollectionPage. // Note that this also applies to CollectionPage and OrderedCollectionPage.
func (a *sideEffectActor) resolveActors(c context.Context, t Transport, r []*url.URL, depth, maxDepth int) (actors []vocab.Type, err error) { func (a *SideEffectActor) resolveActors(c context.Context, t Transport, r []*url.URL, depth, maxDepth int) (actors []vocab.Type, err error) {
if maxDepth > 0 && depth >= maxDepth { if maxDepth > 0 && depth >= maxDepth {
return return
} }
@ -806,7 +830,7 @@ func (a *sideEffectActor) resolveActors(c context.Context, t Transport, r []*url
// //
// The returned actor could be nil, if it wasn't an actor (ex: a Collection or // The returned actor could be nil, if it wasn't an actor (ex: a Collection or
// OrderedCollection). // OrderedCollection).
func (a *sideEffectActor) dereferenceForResolvingInboxes(c context.Context, t Transport, actorIRI *url.URL) (actor vocab.Type, moreActorIRIs []*url.URL, err error) { func (a *SideEffectActor) dereferenceForResolvingInboxes(c context.Context, t Transport, actorIRI *url.URL) (actor vocab.Type, moreActorIRIs []*url.URL, err error) {
var resp []byte var resp []byte
resp, err = t.Dereference(c, actorIRI) resp, err = t.Dereference(c, actorIRI)
if err != nil { if err != nil {

2
vendor/modules.txt vendored
View file

@ -445,7 +445,7 @@ github.com/stretchr/testify/suite
# github.com/subosito/gotenv v1.4.2 # github.com/subosito/gotenv v1.4.2
## explicit; go 1.18 ## explicit; go 1.18
github.com/subosito/gotenv github.com/subosito/gotenv
# github.com/superseriousbusiness/activity v1.2.1-gts # github.com/superseriousbusiness/activity v1.2.2-gts
## explicit; go 1.18 ## explicit; go 1.18
github.com/superseriousbusiness/activity/pub github.com/superseriousbusiness/activity/pub
github.com/superseriousbusiness/activity/streams github.com/superseriousbusiness/activity/streams