1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
|
// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package federation
import (
"context"
"encoding/json"
"fmt"
"io"
"net/http"
"net/url"
"strings"
"codeberg.org/gruf/go-kv"
"github.com/superseriousbusiness/activity/pub"
"github.com/superseriousbusiness/activity/streams"
"github.com/superseriousbusiness/activity/streams/vocab"
"github.com/superseriousbusiness/gotosocial/internal/ap"
"github.com/superseriousbusiness/gotosocial/internal/log"
)
// Potential incoming Content-Type header values; be
// lenient with whitespace and quotation mark placement.
var activityStreamsMediaTypes = []string{
"application/activity+json",
"application/ld+json;profile=https://www.w3.org/ns/activitystreams",
"application/ld+json;profile=\"https://www.w3.org/ns/activitystreams\"",
"application/ld+json ;profile=https://www.w3.org/ns/activitystreams",
"application/ld+json ;profile=\"https://www.w3.org/ns/activitystreams\"",
"application/ld+json ; profile=https://www.w3.org/ns/activitystreams",
"application/ld+json ; profile=\"https://www.w3.org/ns/activitystreams\"",
"application/ld+json; profile=https://www.w3.org/ns/activitystreams",
"application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"",
}
// federatingActor wraps the pub.FederatingActor interface
// with some custom GoToSocial-specific logic.
type federatingActor struct {
sideEffectActor pub.DelegateActor
wrapped pub.FederatingActor
}
// newFederatingProtocol returns a new federatingActor, which
// implements the pub.FederatingActor interface.
func newFederatingActor(c pub.CommonBehavior, s2s pub.FederatingProtocol, db pub.Database, clock pub.Clock) pub.FederatingActor {
sideEffectActor := pub.NewSideEffectActor(c, s2s, nil, db, clock)
customActor := pub.NewCustomActor(sideEffectActor, false, true, clock)
return &federatingActor{
sideEffectActor: sideEffectActor,
wrapped: customActor,
}
}
func (f *federatingActor) Send(c context.Context, outbox *url.URL, t vocab.Type) (pub.Activity, error) {
log.Infof(c, "send activity %s via outbox %s", t.GetTypeName(), outbox)
return f.wrapped.Send(c, outbox, t)
}
func (f *federatingActor) PostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (bool, error) {
return f.PostInboxScheme(c, w, r, "https")
}
// PostInboxScheme is a reimplementation of the default baseActor
// implementation of PostInboxScheme in pub/base_actor.go.
//
// Key differences from that implementation:
// - More explicit debug logging when a request is not processed.
// - Normalize content of activity object.
// - Return code 202 instead of 200 on successful POST, to reflect
// that we process most side effects asynchronously.
func (f *federatingActor) PostInboxScheme(ctx context.Context, w http.ResponseWriter, r *http.Request, scheme string) (bool, error) {
l := log.
WithContext(ctx).
WithFields([]kv.Field{
{"userAgent", r.UserAgent()},
{"path", r.URL.Path},
}...)
// Do nothing if this is not an ActivityPub POST request.
if !func() bool {
if r.Method != http.MethodPost {
l.Debugf("inbox request was %s rather than required POST", r.Method)
return false
}
contentType := r.Header.Get("Content-Type")
for _, mediaType := range activityStreamsMediaTypes {
if strings.Contains(contentType, mediaType) {
return true
}
}
l.Debugf("inbox POST request content-type %s was not recognized", contentType)
return false
}() {
return false, nil
}
// Check the peer request is authentic.
ctx, authenticated, err := f.sideEffectActor.AuthenticatePostInbox(ctx, w, r)
if err != nil {
return true, err
} else if !authenticated {
return true, nil
}
// Begin processing the request, but note that we have
// not yet applied authorization (ex: blocks).
//
// Obtain the activity and reject unknown activities.
b, err := io.ReadAll(r.Body)
if err != nil {
err = fmt.Errorf("PostInboxScheme: error reading request body: %w", err)
return true, err
}
var rawActivity map[string]interface{}
if err := json.Unmarshal(b, &rawActivity); err != nil {
err = fmt.Errorf("PostInboxScheme: error unmarshalling request body: %w", err)
return true, err
}
t, err := streams.ToType(ctx, rawActivity)
if err != nil {
if !streams.IsUnmatchedErr(err) {
// Real error.
err = fmt.Errorf("PostInboxScheme: error matching json to type: %w", err)
return true, err
}
// Respond with bad request; we just couldn't
// match the type to one that we know about.
l.Debug("json could not be resolved to ActivityStreams value")
w.WriteHeader(http.StatusBadRequest)
return true, nil
}
activity, ok := t.(pub.Activity)
if !ok {
err = fmt.Errorf("ActivityStreams value with type %T is not a pub.Activity", t)
return true, err
}
if activity.GetJSONLDId() == nil {
l.Debugf("incoming Activity %s did not have required id property set", activity.GetTypeName())
w.WriteHeader(http.StatusBadRequest)
return true, nil
}
// If activity Object is a Statusable, we'll want to replace the
// parsed `content` value with the value from the raw JSON instead.
// See https://github.com/superseriousbusiness/gotosocial/issues/1661
ap.NormalizeActivityObject(activity, rawActivity)
// Allow server implementations to set context data with a hook.
ctx, err = f.sideEffectActor.PostInboxRequestBodyHook(ctx, r, activity)
if err != nil {
return true, err
}
// Check authorization of the activity.
authorized, err := f.sideEffectActor.AuthorizePostInbox(ctx, w, activity)
if err != nil {
return true, err
} else if !authorized {
return true, nil
}
// Copy existing URL + add request host and scheme.
inboxID := func() *url.URL {
id := &url.URL{}
*id = *r.URL
id.Host = r.Host
id.Scheme = scheme
return id
}()
// Post the activity to the actor's inbox and trigger side effects for
// that particular Activity type. It is up to the delegate to resolve
// the given map.
if err := f.sideEffectActor.PostInbox(ctx, inboxID, activity); err != nil {
// Special case: We know it is a bad request if the object or
// target properties needed to be populated, but weren't.
//
// Send the rejection to the peer.
if err == pub.ErrObjectRequired || err == pub.ErrTargetRequired {
l.Debugf("malformed incoming Activity: %s", err)
w.WriteHeader(http.StatusBadRequest)
return true, nil
}
err = fmt.Errorf("PostInboxScheme: error calling sideEffectActor.PostInbox: %w", err)
return true, err
}
// Our side effects are complete, now delegate determining whether to do inbox forwarding, as well as the action to do it.
if err := f.sideEffectActor.InboxForwarding(ctx, inboxID, activity); err != nil {
err = fmt.Errorf("PostInboxScheme: error calling sideEffectActor.InboxForwarding: %w", err)
return true, err
}
// Request is now undergoing processing.
// Respond with an Accepted status.
w.WriteHeader(http.StatusAccepted)
return true, nil
}
func (f *federatingActor) GetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (bool, error) {
return f.wrapped.GetInbox(c, w, r)
}
func (f *federatingActor) PostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (bool, error) {
return f.wrapped.PostOutbox(c, w, r)
}
func (f *federatingActor) PostOutboxScheme(c context.Context, w http.ResponseWriter, r *http.Request, scheme string) (bool, error) {
return f.wrapped.PostOutboxScheme(c, w, r, scheme)
}
func (f *federatingActor) GetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (bool, error) {
return f.wrapped.GetOutbox(c, w, r)
}
|
