From 27e95fd1237d13edafc557531932067d329e9733 Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Wed, 8 Feb 2023 15:10:56 +0100
Subject: [chore/bugfix] Serve + throttle publickey separately from rest of
ActivityPub API (#1461)
* serve publickey separately from AP, don't throttle it
* update nginx cache documentation, cache main-key too
* throttle public key, but separately from other endpoints
---
internal/api/activitypub.go | 38 ++++++------
internal/api/activitypub/publickey/publickey.go | 48 +++++++++++++++
internal/api/activitypub/publickey/publickeyget.go | 71 ++++++++++++++++++++++
internal/api/activitypub/users/publickeyget.go | 71 ----------------------
internal/api/activitypub/users/user.go | 3 -
5 files changed, 139 insertions(+), 92 deletions(-)
create mode 100644 internal/api/activitypub/publickey/publickey.go
create mode 100644 internal/api/activitypub/publickey/publickeyget.go
delete mode 100644 internal/api/activitypub/users/publickeyget.go
(limited to 'internal/api')
diff --git a/internal/api/activitypub.go b/internal/api/activitypub.go
index df48afb18..72a8f6e26 100644
--- a/internal/api/activitypub.go
+++ b/internal/api/activitypub.go
@@ -19,11 +19,9 @@
package api
import (
- "context"
- "net/url"
-
"github.com/gin-gonic/gin"
"github.com/superseriousbusiness/gotosocial/internal/api/activitypub/emoji"
+ "github.com/superseriousbusiness/gotosocial/internal/api/activitypub/publickey"
"github.com/superseriousbusiness/gotosocial/internal/api/activitypub/users"
"github.com/superseriousbusiness/gotosocial/internal/db"
"github.com/superseriousbusiness/gotosocial/internal/middleware"
@@ -32,10 +30,10 @@ import (
)
type ActivityPub struct {
- emoji *emoji.Module
- users *users.Module
-
- isURIBlocked func(context.Context, *url.URL) (bool, db.Error)
+ emoji *emoji.Module
+ users *users.Module
+ publicKey *publickey.Module
+ signatureCheckMiddleware gin.HandlerFunc
}
func (a *ActivityPub) Route(r router.Router, m ...gin.HandlerFunc) {
@@ -43,25 +41,29 @@ func (a *ActivityPub) Route(r router.Router, m ...gin.HandlerFunc) {
emojiGroup := r.AttachGroup("emoji")
usersGroup := r.AttachGroup("users")
- // instantiate + attach shared, non-global middlewares to both of these groups
- var (
- signatureCheckMiddleware = middleware.SignatureCheck(a.isURIBlocked)
- cacheControlMiddleware = middleware.CacheControl("no-store")
- )
+ // attach shared, non-global middlewares to both of these groups
+ cacheControlMiddleware := middleware.CacheControl("no-store")
emojiGroup.Use(m...)
usersGroup.Use(m...)
- emojiGroup.Use(signatureCheckMiddleware, cacheControlMiddleware)
- usersGroup.Use(signatureCheckMiddleware, cacheControlMiddleware)
+ emojiGroup.Use(a.signatureCheckMiddleware, cacheControlMiddleware)
+ usersGroup.Use(a.signatureCheckMiddleware, cacheControlMiddleware)
a.emoji.Route(emojiGroup.Handle)
a.users.Route(usersGroup.Handle)
}
+// Public key endpoint requires different middleware + cache policies from other AP endpoints.
+func (a *ActivityPub) RoutePublicKey(r router.Router, m ...gin.HandlerFunc) {
+ publicKeyGroup := r.AttachGroup(publickey.PublicKeyPath)
+ publicKeyGroup.Use(a.signatureCheckMiddleware, middleware.CacheControl("public,max-age=604800"))
+ a.publicKey.Route(publicKeyGroup.Handle)
+}
+
func NewActivityPub(db db.DB, p processing.Processor) *ActivityPub {
return &ActivityPub{
- emoji: emoji.New(p),
- users: users.New(p),
-
- isURIBlocked: db.IsURIBlocked,
+ emoji: emoji.New(p),
+ users: users.New(p),
+ publicKey: publickey.New(p),
+ signatureCheckMiddleware: middleware.SignatureCheck(db.IsURIBlocked),
}
}
diff --git a/internal/api/activitypub/publickey/publickey.go b/internal/api/activitypub/publickey/publickey.go
new file mode 100644
index 000000000..7b3882628
--- /dev/null
+++ b/internal/api/activitypub/publickey/publickey.go
@@ -0,0 +1,48 @@
+/*
+ GoToSocial
+ Copyright (C) 2021-2023 GoToSocial Authors admin@gotosocial.org
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see .
+*/
+
+package publickey
+
+import (
+ "net/http"
+
+ "github.com/gin-gonic/gin"
+ "github.com/superseriousbusiness/gotosocial/internal/processing"
+ "github.com/superseriousbusiness/gotosocial/internal/uris"
+)
+
+const (
+ // UsernameKey is for account usernames.
+ UsernameKey = "username"
+ // PublicKeyPath is a path to a user's public key, for serving bare minimum AP representations.
+ PublicKeyPath = "users/:" + UsernameKey + "/" + uris.PublicKeyPath
+)
+
+type Module struct {
+ processor processing.Processor
+}
+
+func New(processor processing.Processor) *Module {
+ return &Module{
+ processor: processor,
+ }
+}
+
+func (m *Module) Route(attachHandler func(method string, path string, f ...gin.HandlerFunc) gin.IRoutes) {
+ attachHandler(http.MethodGet, "", m.PublicKeyGETHandler)
+}
diff --git a/internal/api/activitypub/publickey/publickeyget.go b/internal/api/activitypub/publickey/publickeyget.go
new file mode 100644
index 000000000..36e1c3569
--- /dev/null
+++ b/internal/api/activitypub/publickey/publickeyget.go
@@ -0,0 +1,71 @@
+/*
+ GoToSocial
+ Copyright (C) 2021-2023 GoToSocial Authors admin@gotosocial.org
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see .
+*/
+
+package publickey
+
+import (
+ "encoding/json"
+ "errors"
+ "net/http"
+ "strings"
+
+ "github.com/gin-gonic/gin"
+ apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
+ "github.com/superseriousbusiness/gotosocial/internal/gtserror"
+)
+
+// PublicKeyGETHandler should be served at eg https://example.org/users/:username/main-key.
+//
+// The goal here is to return a MINIMAL activitypub representation of an account
+// in the form of a vocab.ActivityStreamsPerson. The account will only contain the id,
+// public key, username, and type of the account.
+func (m *Module) PublicKeyGETHandler(c *gin.Context) {
+ // usernames on our instance are always lowercase
+ requestedUsername := strings.ToLower(c.Param(UsernameKey))
+ if requestedUsername == "" {
+ err := errors.New("no username specified in request")
+ apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
+ return
+ }
+
+ format, err := apiutil.NegotiateAccept(c, apiutil.HTMLOrActivityPubHeaders...)
+ if err != nil {
+ apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
+ return
+ }
+
+ if format == string(apiutil.TextHTML) {
+ // redirect to the user's profile
+ c.Redirect(http.StatusSeeOther, "/@"+requestedUsername)
+ return
+ }
+
+ resp, errWithCode := m.processor.GetFediUser(apiutil.TransferSignatureContext(c), requestedUsername, c.Request.URL)
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+ return
+ }
+
+ b, err := json.Marshal(resp)
+ if err != nil {
+ apiutil.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1)
+ return
+ }
+
+ c.Data(http.StatusOK, format, b)
+}
diff --git a/internal/api/activitypub/users/publickeyget.go b/internal/api/activitypub/users/publickeyget.go
deleted file mode 100644
index 27457f107..000000000
--- a/internal/api/activitypub/users/publickeyget.go
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- GoToSocial
- Copyright (C) 2021-2023 GoToSocial Authors admin@gotosocial.org
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see .
-*/
-
-package users
-
-import (
- "encoding/json"
- "errors"
- "net/http"
- "strings"
-
- "github.com/gin-gonic/gin"
- apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
- "github.com/superseriousbusiness/gotosocial/internal/gtserror"
-)
-
-// PublicKeyGETHandler should be served at eg https://example.org/users/:username/main-key.
-//
-// The goal here is to return a MINIMAL activitypub representation of an account
-// in the form of a vocab.ActivityStreamsPerson. The account will only contain the id,
-// public key, username, and type of the account.
-func (m *Module) PublicKeyGETHandler(c *gin.Context) {
- // usernames on our instance are always lowercase
- requestedUsername := strings.ToLower(c.Param(UsernameKey))
- if requestedUsername == "" {
- err := errors.New("no username specified in request")
- apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
- return
- }
-
- format, err := apiutil.NegotiateAccept(c, apiutil.HTMLOrActivityPubHeaders...)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
- return
- }
-
- if format == string(apiutil.TextHTML) {
- // redirect to the user's profile
- c.Redirect(http.StatusSeeOther, "/@"+requestedUsername)
- return
- }
-
- resp, errWithCode := m.processor.GetFediUser(apiutil.TransferSignatureContext(c), requestedUsername, c.Request.URL)
- if errWithCode != nil {
- apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
- return
- }
-
- b, err := json.Marshal(resp)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1)
- return
- }
-
- c.Data(http.StatusOK, format, b)
-}
diff --git a/internal/api/activitypub/users/user.go b/internal/api/activitypub/users/user.go
index 71e47d7e9..257453bcb 100644
--- a/internal/api/activitypub/users/user.go
+++ b/internal/api/activitypub/users/user.go
@@ -42,8 +42,6 @@ const (
// BasePath is the base path for serving AP 'users' requests, minus the 'users' prefix.
BasePath = "/:" + UsernameKey
- // PublicKeyPath is a path to a user's public key, for serving bare minimum AP representations.
- PublicKeyPath = BasePath + "/" + uris.PublicKeyPath
// InboxPath is for serving POST requests to a user's inbox with the given username key.
InboxPath = BasePath + "/" + uris.InboxPath
// OutboxPath is for serving GET requests to a user's outbox with the given username key.
@@ -74,7 +72,6 @@ func (m *Module) Route(attachHandler func(method string, path string, f ...gin.H
attachHandler(http.MethodGet, FollowersPath, m.FollowersGETHandler)
attachHandler(http.MethodGet, FollowingPath, m.FollowingGETHandler)
attachHandler(http.MethodGet, StatusPath, m.StatusGETHandler)
- attachHandler(http.MethodGet, PublicKeyPath, m.PublicKeyGETHandler)
attachHandler(http.MethodGet, StatusRepliesPath, m.StatusRepliesGETHandler)
attachHandler(http.MethodGet, OutboxPath, m.OutboxGETHandler)
}
--
cgit v1.2.3