summaryrefslogtreecommitdiff
path: root/internal/processing/fedi
diff options
context:
space:
mode:
Diffstat (limited to 'internal/processing/fedi')
-rw-r--r--internal/processing/fedi/collections.go224
-rw-r--r--internal/processing/fedi/emoji.go60
-rw-r--r--internal/processing/fedi/fedi.go43
-rw-r--r--internal/processing/fedi/status.go231
-rw-r--r--internal/processing/fedi/user.go88
-rw-r--r--internal/processing/fedi/wellknown.go126
6 files changed, 772 insertions, 0 deletions
diff --git a/internal/processing/fedi/collections.go b/internal/processing/fedi/collections.go
new file mode 100644
index 000000000..62fc9d7b8
--- /dev/null
+++ b/internal/processing/fedi/collections.go
@@ -0,0 +1,224 @@
+/*
+ GoToSocial
+ Copyright (C) 2021-2023 GoToSocial Authors admin@gotosocial.org
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package fedi
+
+import (
+ "context"
+ "fmt"
+ "net/http"
+ "net/url"
+
+ "github.com/superseriousbusiness/activity/streams"
+ "github.com/superseriousbusiness/gotosocial/internal/db"
+ "github.com/superseriousbusiness/gotosocial/internal/gtserror"
+ "github.com/superseriousbusiness/gotosocial/internal/transport"
+)
+
+// FollowersGet handles the getting of a fedi/activitypub representation of a user/account's followers, performing appropriate
+// authentication before returning a JSON serializable interface to the caller.
+func (p *Processor) FollowersGet(ctx context.Context, requestedUsername string, requestURL *url.URL) (interface{}, gtserror.WithCode) {
+ // get the account the request is referring to
+ requestedAccount, err := p.db.GetAccountByUsernameDomain(ctx, requestedUsername, "")
+ if err != nil {
+ return nil, gtserror.NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))
+ }
+
+ // authenticate the request
+ requestingAccountURI, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUsername)
+ if errWithCode != nil {
+ return nil, errWithCode
+ }
+
+ requestingAccount, err := p.federator.GetAccountByURI(
+ transport.WithFastfail(ctx), requestedUsername, requestingAccountURI, false,
+ )
+ if err != nil {
+ return nil, gtserror.NewErrorUnauthorized(err)
+ }
+
+ blocked, err := p.db.IsBlocked(ctx, requestedAccount.ID, requestingAccount.ID, true)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ if blocked {
+ return nil, gtserror.NewErrorUnauthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
+ }
+
+ requestedAccountURI, err := url.Parse(requestedAccount.URI)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(fmt.Errorf("error parsing url %s: %s", requestedAccount.URI, err))
+ }
+
+ requestedFollowers, err := p.federator.FederatingDB().Followers(ctx, requestedAccountURI)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(fmt.Errorf("error fetching followers for uri %s: %s", requestedAccountURI.String(), err))
+ }
+
+ data, err := streams.Serialize(requestedFollowers)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ return data, nil
+}
+
+// FollowingGet handles the getting of a fedi/activitypub representation of a user/account's following, performing appropriate
+// authentication before returning a JSON serializable interface to the caller.
+func (p *Processor) FollowingGet(ctx context.Context, requestedUsername string, requestURL *url.URL) (interface{}, gtserror.WithCode) {
+ // get the account the request is referring to
+ requestedAccount, err := p.db.GetAccountByUsernameDomain(ctx, requestedUsername, "")
+ if err != nil {
+ return nil, gtserror.NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))
+ }
+
+ // authenticate the request
+ requestingAccountURI, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUsername)
+ if errWithCode != nil {
+ return nil, errWithCode
+ }
+
+ requestingAccount, err := p.federator.GetAccountByURI(
+ transport.WithFastfail(ctx), requestedUsername, requestingAccountURI, false,
+ )
+ if err != nil {
+ return nil, gtserror.NewErrorUnauthorized(err)
+ }
+
+ blocked, err := p.db.IsBlocked(ctx, requestedAccount.ID, requestingAccount.ID, true)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ if blocked {
+ return nil, gtserror.NewErrorUnauthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
+ }
+
+ requestedAccountURI, err := url.Parse(requestedAccount.URI)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(fmt.Errorf("error parsing url %s: %s", requestedAccount.URI, err))
+ }
+
+ requestedFollowing, err := p.federator.FederatingDB().Following(ctx, requestedAccountURI)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(fmt.Errorf("error fetching following for uri %s: %s", requestedAccountURI.String(), err))
+ }
+
+ data, err := streams.Serialize(requestedFollowing)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ return data, nil
+}
+
+// OutboxGet returns the activitypub representation of a local user's outbox.
+// This contains links to PUBLIC posts made by this user.
+func (p *Processor) OutboxGet(ctx context.Context, requestedUsername string, page bool, maxID string, minID string, requestURL *url.URL) (interface{}, gtserror.WithCode) {
+ // get the account the request is referring to
+ requestedAccount, err := p.db.GetAccountByUsernameDomain(ctx, requestedUsername, "")
+ if err != nil {
+ return nil, gtserror.NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))
+ }
+
+ // authenticate the request
+ requestingAccountURI, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUsername)
+ if errWithCode != nil {
+ return nil, errWithCode
+ }
+
+ requestingAccount, err := p.federator.GetAccountByURI(
+ transport.WithFastfail(ctx), requestedUsername, requestingAccountURI, false,
+ )
+ if err != nil {
+ return nil, gtserror.NewErrorUnauthorized(err)
+ }
+
+ // authorize the request:
+ // 1. check if a block exists between the requester and the requestee
+ blocked, err := p.db.IsBlocked(ctx, requestedAccount.ID, requestingAccount.ID, true)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+ if blocked {
+ return nil, gtserror.NewErrorUnauthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
+ }
+
+ var data map[string]interface{}
+ // now there are two scenarios:
+ // 1. we're asked for the whole collection and not a page -- we can just return the collection, with no items, but a link to 'first' page.
+ // 2. we're asked for a specific page; this can be either the first page or any other page
+
+ if !page {
+ /*
+ scenario 1: return the collection with no items
+ we want something that looks like this:
+ {
+ "@context": "https://www.w3.org/ns/activitystreams",
+ "id": "https://example.org/users/whatever/outbox",
+ "type": "OrderedCollection",
+ "first": "https://example.org/users/whatever/outbox?page=true",
+ "last": "https://example.org/users/whatever/outbox?min_id=0&page=true"
+ }
+ */
+ collection, err := p.tc.OutboxToASCollection(ctx, requestedAccount.OutboxURI)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ data, err = streams.Serialize(collection)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ return data, nil
+ }
+
+ // scenario 2 -- get the requested page
+ // limit pages to 30 entries per page
+ publicStatuses, err := p.db.GetAccountStatuses(ctx, requestedAccount.ID, 30, true, true, maxID, minID, false, false, true)
+ if err != nil && err != db.ErrNoEntries {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ outboxPage, err := p.tc.StatusesToASOutboxPage(ctx, requestedAccount.OutboxURI, maxID, minID, publicStatuses)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+ data, err = streams.Serialize(outboxPage)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ return data, nil
+}
+
+// InboxPost handles POST requests to a user's inbox for new activitypub messages.
+//
+// InboxPost returns true if the request was handled as an ActivityPub POST to an actor's inbox.
+// If false, the request was not an ActivityPub request and may still be handled by the caller in another way, such as serving a web page.
+//
+// If the error is nil, then the ResponseWriter's headers and response has already been written. If a non-nil error is returned, then no response has been written.
+//
+// If the Actor was constructed with the Federated Protocol enabled, side effects will occur.
+//
+// If the Federated Protocol is not enabled, writes the http.StatusMethodNotAllowed status code in the response. No side effects occur.
+func (p *Processor) InboxPost(ctx context.Context, w http.ResponseWriter, r *http.Request) (bool, error) {
+ return p.federator.FederatingActor().PostInbox(ctx, w, r)
+}
diff --git a/internal/processing/fedi/emoji.go b/internal/processing/fedi/emoji.go
new file mode 100644
index 000000000..a2eb2688f
--- /dev/null
+++ b/internal/processing/fedi/emoji.go
@@ -0,0 +1,60 @@
+/*
+ GoToSocial
+ Copyright (C) 2021-2023 GoToSocial Authors admin@gotosocial.org
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package fedi
+
+import (
+ "context"
+ "fmt"
+ "net/url"
+
+ "github.com/superseriousbusiness/activity/streams"
+ "github.com/superseriousbusiness/gotosocial/internal/gtserror"
+)
+
+// EmojiGet handles the GET for a federated emoji originating from this instance.
+func (p *Processor) EmojiGet(ctx context.Context, requestedEmojiID string, requestURL *url.URL) (interface{}, gtserror.WithCode) {
+ if _, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, ""); errWithCode != nil {
+ return nil, errWithCode
+ }
+
+ requestedEmoji, err := p.db.GetEmojiByID(ctx, requestedEmojiID)
+ if err != nil {
+ return nil, gtserror.NewErrorNotFound(fmt.Errorf("database error getting emoji with id %s: %s", requestedEmojiID, err))
+ }
+
+ if requestedEmoji.Domain != "" {
+ return nil, gtserror.NewErrorNotFound(fmt.Errorf("emoji with id %s doesn't belong to this instance (domain %s)", requestedEmojiID, requestedEmoji.Domain))
+ }
+
+ if *requestedEmoji.Disabled {
+ return nil, gtserror.NewErrorNotFound(fmt.Errorf("emoji with id %s has been disabled", requestedEmojiID))
+ }
+
+ apEmoji, err := p.tc.EmojiToAS(ctx, requestedEmoji)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(fmt.Errorf("error converting gtsmodel emoji with id %s to ap emoji: %s", requestedEmojiID, err))
+ }
+
+ data, err := streams.Serialize(apEmoji)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ return data, nil
+}
diff --git a/internal/processing/fedi/fedi.go b/internal/processing/fedi/fedi.go
new file mode 100644
index 000000000..e72d037f5
--- /dev/null
+++ b/internal/processing/fedi/fedi.go
@@ -0,0 +1,43 @@
+/*
+ GoToSocial
+ Copyright (C) 2021-2023 GoToSocial Authors admin@gotosocial.org
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package fedi
+
+import (
+ "github.com/superseriousbusiness/gotosocial/internal/db"
+ "github.com/superseriousbusiness/gotosocial/internal/federation"
+ "github.com/superseriousbusiness/gotosocial/internal/typeutils"
+ "github.com/superseriousbusiness/gotosocial/internal/visibility"
+)
+
+type Processor struct {
+ db db.DB
+ federator federation.Federator
+ tc typeutils.TypeConverter
+ filter visibility.Filter
+}
+
+// New returns a new fedi processor.
+func New(db db.DB, tc typeutils.TypeConverter, federator federation.Federator) Processor {
+ return Processor{
+ db: db,
+ federator: federator,
+ tc: tc,
+ filter: visibility.NewFilter(db),
+ }
+}
diff --git a/internal/processing/fedi/status.go b/internal/processing/fedi/status.go
new file mode 100644
index 000000000..0e4c99b60
--- /dev/null
+++ b/internal/processing/fedi/status.go
@@ -0,0 +1,231 @@
+/*
+ GoToSocial
+ Copyright (C) 2021-2023 GoToSocial Authors admin@gotosocial.org
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package fedi
+
+import (
+ "context"
+ "fmt"
+ "net/url"
+
+ "github.com/superseriousbusiness/activity/streams"
+ "github.com/superseriousbusiness/gotosocial/internal/db"
+ "github.com/superseriousbusiness/gotosocial/internal/gtserror"
+ "github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+ "github.com/superseriousbusiness/gotosocial/internal/transport"
+)
+
+// StatusGet handles the getting of a fedi/activitypub representation of a particular status, performing appropriate
+// authentication before returning a JSON serializable interface to the caller.
+func (p *Processor) StatusGet(ctx context.Context, requestedUsername string, requestedStatusID string, requestURL *url.URL) (interface{}, gtserror.WithCode) {
+ // get the account the request is referring to
+ requestedAccount, err := p.db.GetAccountByUsernameDomain(ctx, requestedUsername, "")
+ if err != nil {
+ return nil, gtserror.NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))
+ }
+
+ // authenticate the request
+ requestingAccountURI, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUsername)
+ if errWithCode != nil {
+ return nil, errWithCode
+ }
+
+ requestingAccount, err := p.federator.GetAccountByURI(
+ transport.WithFastfail(ctx), requestedUsername, requestingAccountURI, false,
+ )
+ if err != nil {
+ return nil, gtserror.NewErrorUnauthorized(err)
+ }
+
+ // authorize the request:
+ // 1. check if a block exists between the requester and the requestee
+ blocked, err := p.db.IsBlocked(ctx, requestedAccount.ID, requestingAccount.ID, true)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ if blocked {
+ return nil, gtserror.NewErrorUnauthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
+ }
+
+ // get the status out of the database here
+ s, err := p.db.GetStatusByID(ctx, requestedStatusID)
+ if err != nil {
+ return nil, gtserror.NewErrorNotFound(fmt.Errorf("database error getting status with id %s and account id %s: %s", requestedStatusID, requestedAccount.ID, err))
+ }
+
+ if s.AccountID != requestedAccount.ID {
+ return nil, gtserror.NewErrorNotFound(fmt.Errorf("status with id %s does not belong to account with id %s", s.ID, requestedAccount.ID))
+ }
+
+ visible, err := p.filter.StatusVisible(ctx, s, requestingAccount)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+ if !visible {
+ return nil, gtserror.NewErrorNotFound(fmt.Errorf("status with id %s not visible to user with id %s", s.ID, requestingAccount.ID))
+ }
+
+ // requester is authorized to view the status, so convert it to AP representation and serialize it
+ asStatus, err := p.tc.StatusToAS(ctx, s)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ data, err := streams.Serialize(asStatus)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ return data, nil
+}
+
+// GetStatus handles the getting of a fedi/activitypub representation of replies to a status, performing appropriate
+// authentication before returning a JSON serializable interface to the caller.
+func (p *Processor) StatusRepliesGet(ctx context.Context, requestedUsername string, requestedStatusID string, page bool, onlyOtherAccounts bool, minID string, requestURL *url.URL) (interface{}, gtserror.WithCode) {
+ // get the account the request is referring to
+ requestedAccount, err := p.db.GetAccountByUsernameDomain(ctx, requestedUsername, "")
+ if err != nil {
+ return nil, gtserror.NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))
+ }
+
+ // authenticate the request
+ requestingAccountURI, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUsername)
+ if errWithCode != nil {
+ return nil, errWithCode
+ }
+
+ requestingAccount, err := p.federator.GetAccountByURI(
+ transport.WithFastfail(ctx), requestedUsername, requestingAccountURI, false,
+ )
+ if err != nil {
+ return nil, gtserror.NewErrorUnauthorized(err)
+ }
+
+ // authorize the request:
+ // 1. check if a block exists between the requester and the requestee
+ blocked, err := p.db.IsBlocked(ctx, requestedAccount.ID, requestingAccount.ID, true)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ if blocked {
+ return nil, gtserror.NewErrorUnauthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
+ }
+
+ // get the status out of the database here
+ s := &gtsmodel.Status{}
+ if err := p.db.GetWhere(ctx, []db.Where{
+ {Key: "id", Value: requestedStatusID},
+ {Key: "account_id", Value: requestedAccount.ID},
+ }, s); err != nil {
+ return nil, gtserror.NewErrorNotFound(fmt.Errorf("database error getting status with id %s and account id %s: %s", requestedStatusID, requestedAccount.ID, err))
+ }
+
+ visible, err := p.filter.StatusVisible(ctx, s, requestingAccount)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+ if !visible {
+ return nil, gtserror.NewErrorNotFound(fmt.Errorf("status with id %s not visible to user with id %s", s.ID, requestingAccount.ID))
+ }
+
+ var data map[string]interface{}
+
+ // now there are three scenarios:
+ // 1. we're asked for the whole collection and not a page -- we can just return the collection, with no items, but a link to 'first' page.
+ // 2. we're asked for a page but only_other_accounts has not been set in the query -- so we should just return the first page of the collection, with no items.
+ // 3. we're asked for a page, and only_other_accounts has been set, and min_id has optionally been set -- so we need to return some actual items!
+ switch {
+ case !page:
+ // scenario 1
+ // get the collection
+ collection, err := p.tc.StatusToASRepliesCollection(ctx, s, onlyOtherAccounts)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ data, err = streams.Serialize(collection)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+ case page && requestURL.Query().Get("only_other_accounts") == "":
+ // scenario 2
+ // get the collection
+ collection, err := p.tc.StatusToASRepliesCollection(ctx, s, onlyOtherAccounts)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+ // but only return the first page
+ data, err = streams.Serialize(collection.GetActivityStreamsFirst().GetActivityStreamsCollectionPage())
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+ default:
+ // scenario 3
+ // get immediate children
+ replies, err := p.db.GetStatusChildren(ctx, s, true, minID)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ // filter children and extract URIs
+ replyURIs := map[string]*url.URL{}
+ for _, r := range replies {
+ // only show public or unlocked statuses as replies
+ if r.Visibility != gtsmodel.VisibilityPublic && r.Visibility != gtsmodel.VisibilityUnlocked {
+ continue
+ }
+
+ // respect onlyOtherAccounts parameter
+ if onlyOtherAccounts && r.AccountID == requestedAccount.ID {
+ continue
+ }
+
+ // only show replies that the status owner can see
+ visibleToStatusOwner, err := p.filter.StatusVisible(ctx, r, requestedAccount)
+ if err != nil || !visibleToStatusOwner {
+ continue
+ }
+
+ // only show replies that the requester can see
+ visibleToRequester, err := p.filter.StatusVisible(ctx, r, requestingAccount)
+ if err != nil || !visibleToRequester {
+ continue
+ }
+
+ rURI, err := url.Parse(r.URI)
+ if err != nil {
+ continue
+ }
+
+ replyURIs[r.ID] = rURI
+ }
+
+ repliesPage, err := p.tc.StatusURIsToASRepliesPage(ctx, s, onlyOtherAccounts, minID, replyURIs)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+ data, err = streams.Serialize(repliesPage)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+ }
+
+ return data, nil
+}
diff --git a/internal/processing/fedi/user.go b/internal/processing/fedi/user.go
new file mode 100644
index 000000000..899d063d1
--- /dev/null
+++ b/internal/processing/fedi/user.go
@@ -0,0 +1,88 @@
+/*
+ GoToSocial
+ Copyright (C) 2021-2023 GoToSocial Authors admin@gotosocial.org
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package fedi
+
+import (
+ "context"
+ "fmt"
+ "net/url"
+
+ "github.com/superseriousbusiness/activity/streams"
+ "github.com/superseriousbusiness/activity/streams/vocab"
+ "github.com/superseriousbusiness/gotosocial/internal/gtserror"
+ "github.com/superseriousbusiness/gotosocial/internal/transport"
+ "github.com/superseriousbusiness/gotosocial/internal/uris"
+)
+
+// UserGet handles the getting of a fedi/activitypub representation of a user/account, performing appropriate authentication
+// before returning a JSON serializable interface to the caller.
+func (p *Processor) UserGet(ctx context.Context, requestedUsername string, requestURL *url.URL) (interface{}, gtserror.WithCode) {
+ // Get the instance-local account the request is referring to.
+ requestedAccount, err := p.db.GetAccountByUsernameDomain(ctx, requestedUsername, "")
+ if err != nil {
+ return nil, gtserror.NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))
+ }
+
+ var requestedPerson vocab.ActivityStreamsPerson
+
+ if uris.IsPublicKeyPath(requestURL) {
+ // if it's a public key path, we don't need to authenticate but we'll only serve the bare minimum user profile needed for the public key
+ requestedPerson, err = p.tc.AccountToASMinimal(ctx, requestedAccount)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+ } else {
+ // if it's any other path, we want to fully authenticate the request before we serve any data, and then we can serve a more complete profile
+ requestingAccountURI, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUsername)
+ if errWithCode != nil {
+ return nil, errWithCode
+ }
+
+ // if we're not already handshaking/dereferencing a remote account, dereference it now
+ if !p.federator.Handshaking(requestedUsername, requestingAccountURI) {
+ requestingAccount, err := p.federator.GetAccountByURI(
+ transport.WithFastfail(ctx), requestedUsername, requestingAccountURI, false,
+ )
+ if err != nil {
+ return nil, gtserror.NewErrorUnauthorized(err)
+ }
+
+ blocked, err := p.db.IsBlocked(ctx, requestedAccount.ID, requestingAccount.ID, true)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ if blocked {
+ return nil, gtserror.NewErrorUnauthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
+ }
+ }
+
+ requestedPerson, err = p.tc.AccountToAS(ctx, requestedAccount)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+ }
+
+ data, err := streams.Serialize(requestedPerson)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ return data, nil
+}
diff --git a/internal/processing/fedi/wellknown.go b/internal/processing/fedi/wellknown.go
new file mode 100644
index 000000000..75ed34ec2
--- /dev/null
+++ b/internal/processing/fedi/wellknown.go
@@ -0,0 +1,126 @@
+/*
+ GoToSocial
+ Copyright (C) 2021-2023 GoToSocial Authors admin@gotosocial.org
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package fedi
+
+import (
+ "context"
+ "fmt"
+
+ apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+ "github.com/superseriousbusiness/gotosocial/internal/config"
+ "github.com/superseriousbusiness/gotosocial/internal/gtserror"
+)
+
+const (
+ nodeInfoVersion = "2.0"
+ nodeInfoSoftwareName = "gotosocial"
+ nodeInfoRel = "http://nodeinfo.diaspora.software/ns/schema/" + nodeInfoVersion
+ webfingerProfilePage = "http://webfinger.net/rel/profile-page"
+ webFingerProfilePageContentType = "text/html"
+ webfingerSelf = "self"
+ webFingerSelfContentType = "application/activity+json"
+ webfingerAccount = "acct"
+)
+
+var (
+ nodeInfoProtocols = []string{"activitypub"}
+ nodeInfoInbound = []string{}
+ nodeInfoOutbound = []string{}
+ nodeInfoMetadata = make(map[string]interface{})
+)
+
+// NodeInfoRelGet returns a well known response giving the path to node info.
+func (p *Processor) NodeInfoRelGet(ctx context.Context) (*apimodel.WellKnownResponse, gtserror.WithCode) {
+ protocol := config.GetProtocol()
+ host := config.GetHost()
+
+ return &apimodel.WellKnownResponse{
+ Links: []apimodel.Link{
+ {
+ Rel: nodeInfoRel,
+ Href: fmt.Sprintf("%s://%s/nodeinfo/%s", protocol, host, nodeInfoVersion),
+ },
+ },
+ }, nil
+}
+
+// NodeInfoGet returns a node info struct in response to a node info request.
+func (p *Processor) NodeInfoGet(ctx context.Context) (*apimodel.Nodeinfo, gtserror.WithCode) {
+ host := config.GetHost()
+
+ userCount, err := p.db.CountInstanceUsers(ctx, host)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ postCount, err := p.db.CountInstanceStatuses(ctx, host)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ return &apimodel.Nodeinfo{
+ Version: nodeInfoVersion,
+ Software: apimodel.NodeInfoSoftware{
+ Name: nodeInfoSoftwareName,
+ Version: config.GetSoftwareVersion(),
+ },
+ Protocols: nodeInfoProtocols,
+ Services: apimodel.NodeInfoServices{
+ Inbound: nodeInfoInbound,
+ Outbound: nodeInfoOutbound,
+ },
+ OpenRegistrations: config.GetAccountsRegistrationOpen(),
+ Usage: apimodel.NodeInfoUsage{
+ Users: apimodel.NodeInfoUsers{
+ Total: userCount,
+ },
+ LocalPosts: postCount,
+ },
+ Metadata: nodeInfoMetadata,
+ }, nil
+}
+
+// WebfingerGet handles the GET for a webfinger resource. Most commonly, it will be used for returning account lookups.
+func (p *Processor) WebfingerGet(ctx context.Context, requestedUsername string) (*apimodel.WellKnownResponse, gtserror.WithCode) {
+ // Get the local account the request is referring to.
+ requestedAccount, err := p.db.GetAccountByUsernameDomain(ctx, requestedUsername, "")
+ if err != nil {
+ return nil, gtserror.NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))
+ }
+
+ return &apimodel.WellKnownResponse{
+ Subject: webfingerAccount + ":" + requestedAccount.Username + "@" + config.GetAccountDomain(),
+ Aliases: []string{
+ requestedAccount.URI,
+ requestedAccount.URL,
+ },
+ Links: []apimodel.Link{
+ {
+ Rel: webfingerProfilePage,
+ Type: webFingerProfilePageContentType,
+ Href: requestedAccount.URL,
+ },
+ {
+ Rel: webfingerSelf,
+ Type: webFingerSelfContentType,
+ Href: requestedAccount.URI,
+ },
+ },
+ }, nil
+}
generated by cgit v1.2.3 (git 2.46.0) at 2025-07-13 16:39:41 +0000