diff options
Diffstat (limited to 'app/services')
-rw-r--r-- | app/services/activitypub/fetch_remote_account_service.rb | 66 | ||||
-rw-r--r-- | app/services/activitypub/fetch_remote_actor_service.rb | 80 | ||||
-rw-r--r-- | app/services/activitypub/fetch_remote_key_service.rb | 48 | ||||
-rw-r--r-- | app/services/activitypub/process_account_service.rb | 2 | ||||
-rw-r--r-- | app/services/activitypub/process_collection_service.rb | 11 | ||||
-rw-r--r-- | app/services/fetch_resource_service.rb | 2 | ||||
-rw-r--r-- | app/services/follow_service.rb | 13 | ||||
-rw-r--r-- | app/services/import_service.rb | 2 | ||||
-rw-r--r-- | app/services/keys/claim_service.rb | 2 | ||||
-rw-r--r-- | app/services/process_mentions_service.rb | 2 | ||||
-rw-r--r-- | app/services/resolve_account_service.rb | 12 | ||||
-rw-r--r-- | app/services/resolve_url_service.rb | 4 | ||||
-rw-r--r-- | app/services/translate_status_service.rb | 27 |
13 files changed, 172 insertions, 99 deletions
diff --git a/app/services/activitypub/fetch_remote_account_service.rb b/app/services/activitypub/fetch_remote_account_service.rb index 9d01f5386..ca7a8c6ca 100644 --- a/app/services/activitypub/fetch_remote_account_service.rb +++ b/app/services/activitypub/fetch_remote_account_service.rb @@ -1,66 +1,12 @@ # frozen_string_literal: true -class ActivityPub::FetchRemoteAccountService < BaseService - include JsonLdHelper - include DomainControlHelper - include WebfingerHelper - - SUPPORTED_TYPES = %w(Application Group Organization Person Service).freeze - +class ActivityPub::FetchRemoteAccountService < ActivityPub::FetchRemoteActorService # Does a WebFinger roundtrip on each call, unless `only_key` is true - def call(uri, id: true, prefetched_body: nil, break_on_redirect: false, only_key: false) - return if domain_not_allowed?(uri) - return ActivityPub::TagManager.instance.uri_to_resource(uri, Account) if ActivityPub::TagManager.instance.local_uri?(uri) - - @json = begin - if prefetched_body.nil? - fetch_resource(uri, id) - else - body_to_json(prefetched_body, compare_id: id ? uri : nil) - end - end - - return if !supported_context? || !expected_type? || (break_on_redirect && @json['movedTo'].present?) - - @uri = @json['id'] - @username = @json['preferredUsername'] - @domain = Addressable::URI.parse(@uri).normalized_host - - return unless only_key || verified_webfinger? - - ActivityPub::ProcessAccountService.new.call(@username, @domain, @json, only_key: only_key, verified_webfinger: !only_key) - rescue Oj::ParseError - nil - end - - private - - def verified_webfinger? - webfinger = webfinger!("acct:#{@username}@#{@domain}") - confirmed_username, confirmed_domain = split_acct(webfinger.subject) - - return webfinger.link('self', 'href') == @uri if @username.casecmp(confirmed_username).zero? && @domain.casecmp(confirmed_domain).zero? - - webfinger = webfinger!("acct:#{confirmed_username}@#{confirmed_domain}") - @username, @domain = split_acct(webfinger.subject) - - return false unless @username.casecmp(confirmed_username).zero? && @domain.casecmp(confirmed_domain).zero? - return false if webfinger.link('self', 'href') != @uri - - true - rescue Webfinger::Error - false - end - - def split_acct(acct) - acct.gsub(/\Aacct:/, '').split('@') - end - - def supported_context? - super(@json) - end + def call(uri, id: true, prefetched_body: nil, break_on_redirect: false, only_key: false, suppress_errors: true) + actor = super + return actor if actor.nil? || actor.is_a?(Account) - def expected_type? - equals_or_includes_any?(@json['type'], SUPPORTED_TYPES) + Rails.logger.debug "Fetching account #{uri} failed: Expected Account, got #{actor.class.name}" + raise Error, "Expected Account, got #{actor.class.name}" unless suppress_errors end end diff --git a/app/services/activitypub/fetch_remote_actor_service.rb b/app/services/activitypub/fetch_remote_actor_service.rb new file mode 100644 index 000000000..17bf2f287 --- /dev/null +++ b/app/services/activitypub/fetch_remote_actor_service.rb @@ -0,0 +1,80 @@ +# frozen_string_literal: true + +class ActivityPub::FetchRemoteActorService < BaseService + include JsonLdHelper + include DomainControlHelper + include WebfingerHelper + + class Error < StandardError; end + + SUPPORTED_TYPES = %w(Application Group Organization Person Service).freeze + + # Does a WebFinger roundtrip on each call, unless `only_key` is true + def call(uri, id: true, prefetched_body: nil, break_on_redirect: false, only_key: false, suppress_errors: true) + return if domain_not_allowed?(uri) + return ActivityPub::TagManager.instance.uri_to_actor(uri) if ActivityPub::TagManager.instance.local_uri?(uri) + + @json = begin + if prefetched_body.nil? + fetch_resource(uri, id) + else + body_to_json(prefetched_body, compare_id: id ? uri : nil) + end + rescue Oj::ParseError + raise Error, "Error parsing JSON-LD document #{uri}" + end + + raise Error, "Error fetching actor JSON at #{uri}" if @json.nil? + raise Error, "Unsupported JSON-LD context for document #{uri}" unless supported_context? + raise Error, "Unexpected object type for actor #{uri} (expected any of: #{SUPPORTED_TYPES})" unless expected_type? + raise Error, "Actor #{uri} has moved to #{@json['movedTo']}" if break_on_redirect && @json['movedTo'].present? + + @uri = @json['id'] + @username = @json['preferredUsername'] + @domain = Addressable::URI.parse(@uri).normalized_host + + check_webfinger! unless only_key + + ActivityPub::ProcessAccountService.new.call(@username, @domain, @json, only_key: only_key, verified_webfinger: !only_key) + rescue Error => e + Rails.logger.debug "Fetching actor #{uri} failed: #{e.message}" + raise unless suppress_errors + end + + private + + def check_webfinger! + webfinger = webfinger!("acct:#{@username}@#{@domain}") + confirmed_username, confirmed_domain = split_acct(webfinger.subject) + + if @username.casecmp(confirmed_username).zero? && @domain.casecmp(confirmed_domain).zero? + raise Error, "Webfinger response for #{@username}@#{@domain} does not loop back to #{@uri}" if webfinger.link('self', 'href') != @uri + return + end + + webfinger = webfinger!("acct:#{confirmed_username}@#{confirmed_domain}") + @username, @domain = split_acct(webfinger.subject) + + unless confirmed_username.casecmp(@username).zero? && confirmed_domain.casecmp(@domain).zero? + raise Webfinger::RedirectError, "Too many webfinger redirects for URI #{uri} (stopped at #{@username}@#{@domain})" + end + + raise Error, "Webfinger response for #{@username}@#{@domain} does not loop back to #{@uri}" if webfinger.link('self', 'href') != @uri + rescue Webfinger::RedirectError => e + raise Error, e.message + rescue Webfinger::Error => e + raise Error, "Webfinger error when resolving #{@username}@#{@domain}: #{e.message}" + end + + def split_acct(acct) + acct.gsub(/\Aacct:/, '').split('@') + end + + def supported_context? + super(@json) + end + + def expected_type? + equals_or_includes_any?(@json['type'], SUPPORTED_TYPES) + end +end diff --git a/app/services/activitypub/fetch_remote_key_service.rb b/app/services/activitypub/fetch_remote_key_service.rb index c48288b3b..32e82b47a 100644 --- a/app/services/activitypub/fetch_remote_key_service.rb +++ b/app/services/activitypub/fetch_remote_key_service.rb @@ -3,17 +3,19 @@ class ActivityPub::FetchRemoteKeyService < BaseService include JsonLdHelper - # Returns account that owns the key - def call(uri, id: true, prefetched_body: nil) - return if uri.blank? + class Error < StandardError; end + + # Returns actor that owns the key + def call(uri, id: true, prefetched_body: nil, suppress_errors: true) + raise Error, 'No key URI given' if uri.blank? if prefetched_body.nil? if id @json = fetch_resource_without_id_validation(uri) - if person? + if actor_type? @json = fetch_resource(@json['id'], true) elsif uri != @json['id'] - return + raise Error, "Fetched URI #{uri} has wrong id #{@json['id']}" end else @json = fetch_resource(uri, id) @@ -22,30 +24,38 @@ class ActivityPub::FetchRemoteKeyService < BaseService @json = body_to_json(prefetched_body, compare_id: id ? uri : nil) end - return unless supported_context?(@json) && expected_type? - return find_account(@json['id'], @json) if person? + raise Error, "Unable to fetch key JSON at #{uri}" if @json.nil? + raise Error, "Unsupported JSON-LD context for document #{uri}" unless supported_context?(@json) + raise Error, "Unexpected object type for key #{uri}" unless expected_type? + return find_actor(@json['id'], @json, suppress_errors) if actor_type? @owner = fetch_resource(owner_uri, true) - return unless supported_context?(@owner) && confirmed_owner? + raise Error, "Unable to fetch actor JSON #{owner_uri}" if @owner.nil? + raise Error, "Unsupported JSON-LD context for document #{owner_uri}" unless supported_context?(@owner) + raise Error, "Unexpected object type for actor #{owner_uri} (expected any of: #{SUPPORTED_TYPES})" unless expected_owner_type? + raise Error, "publicKey id for #{owner_uri} does not correspond to #{@json['id']}" unless confirmed_owner? - find_account(owner_uri, @owner) + find_actor(owner_uri, @owner, suppress_errors) + rescue Error => e + Rails.logger.debug "Fetching key #{uri} failed: #{e.message}" + raise unless suppress_errors end private - def find_account(uri, prefetched_body) - account = ActivityPub::TagManager.instance.uri_to_resource(uri, Account) - account ||= ActivityPub::FetchRemoteAccountService.new.call(uri, prefetched_body: prefetched_body) - account + def find_actor(uri, prefetched_body, suppress_errors) + actor = ActivityPub::TagManager.instance.uri_to_actor(uri) + actor ||= ActivityPub::FetchRemoteActorService.new.call(uri, prefetched_body: prefetched_body, suppress_errors: suppress_errors) + actor end def expected_type? - person? || public_key? + actor_type? || public_key? end - def person? - equals_or_includes_any?(@json['type'], ActivityPub::FetchRemoteAccountService::SUPPORTED_TYPES) + def actor_type? + equals_or_includes_any?(@json['type'], ActivityPub::FetchRemoteActorService::SUPPORTED_TYPES) end def public_key? @@ -56,7 +66,11 @@ class ActivityPub::FetchRemoteKeyService < BaseService @owner_uri ||= value_or_id(@json['owner']) end + def expected_owner_type? + equals_or_includes_any?(@owner['type'], ActivityPub::FetchRemoteActorService::SUPPORTED_TYPES) + end + def confirmed_owner? - equals_or_includes_any?(@owner['type'], ActivityPub::FetchRemoteAccountService::SUPPORTED_TYPES) && value_or_id(@owner['publicKey']) == @json['id'] + value_or_id(@owner['publicKey']) == @json['id'] end end diff --git a/app/services/activitypub/process_account_service.rb b/app/services/activitypub/process_account_service.rb index 34750dba6..456b3524b 100644 --- a/app/services/activitypub/process_account_service.rb +++ b/app/services/activitypub/process_account_service.rb @@ -32,8 +32,6 @@ class ActivityPub::ProcessAccountService < BaseService process_duplicate_accounts! if @options[:verified_webfinger] end - return if @account.nil? - after_protocol_change! if protocol_changed? after_key_change! if key_changed? && !@options[:signed_with_known_key] clear_tombstones! if key_changed? diff --git a/app/services/activitypub/process_collection_service.rb b/app/services/activitypub/process_collection_service.rb index eb008c40a..fffe30195 100644 --- a/app/services/activitypub/process_collection_service.rb +++ b/app/services/activitypub/process_collection_service.rb @@ -3,8 +3,8 @@ class ActivityPub::ProcessCollectionService < BaseService include JsonLdHelper - def call(body, account, **options) - @account = account + def call(body, actor, **options) + @account = actor @json = original_json = Oj.load(body, mode: :strict) @options = options @@ -16,6 +16,7 @@ class ActivityPub::ProcessCollectionService < BaseService end return if !supported_context? || (different_actor? && verify_account!.nil?) || suspended_actor? || @account.local? + return unless @account.is_a?(Account) if @json['signature'].present? # We have verified the signature, but in the compaction step above, might @@ -66,8 +67,10 @@ class ActivityPub::ProcessCollectionService < BaseService end def verify_account! - @options[:relayed_through_account] = @account - @account = ActivityPub::LinkedDataSignature.new(@json).verify_account! + @options[:relayed_through_actor] = @account + @account = ActivityPub::LinkedDataSignature.new(@json).verify_actor! + @account = nil unless @account.is_a?(Account) + @account rescue JSON::LD::JsonLdError => e Rails.logger.debug "Could not verify LD-Signature for #{value_or_id(@json['actor'])}: #{e.message}" nil diff --git a/app/services/fetch_resource_service.rb b/app/services/fetch_resource_service.rb index 6c0093cd4..73204e55d 100644 --- a/app/services/fetch_resource_service.rb +++ b/app/services/fetch_resource_service.rb @@ -47,7 +47,7 @@ class FetchResourceService < BaseService body = response.body_with_limit json = body_to_json(body) - [json['id'], { prefetched_body: body, id: true }] if supported_context?(json) && (equals_or_includes_any?(json['type'], ActivityPub::FetchRemoteAccountService::SUPPORTED_TYPES) || expected_type?(json)) + [json['id'], { prefetched_body: body, id: true }] if supported_context?(json) && (equals_or_includes_any?(json['type'], ActivityPub::FetchRemoteActorService::SUPPORTED_TYPES) || expected_type?(json)) elsif !terminal link_header = response['Link'] && parse_link_header(response) diff --git a/app/services/follow_service.rb b/app/services/follow_service.rb index ed28e1371..feea40e3c 100644 --- a/app/services/follow_service.rb +++ b/app/services/follow_service.rb @@ -11,6 +11,7 @@ class FollowService < BaseService # @param [Hash] options # @option [Boolean] :reblogs Whether or not to show reblogs, defaults to true # @option [Boolean] :notify Whether to create notifications about new posts, defaults to false + # @option [Array<String>] :languages Which languages to allow on the home feed from this account, defaults to all # @option [Boolean] :bypass_locked # @option [Boolean] :bypass_limit Allow following past the total follow number # @option [Boolean] :with_rate_limit @@ -57,15 +58,15 @@ class FollowService < BaseService end def change_follow_options! - @source_account.follow!(@target_account, reblogs: @options[:reblogs], notify: @options[:notify]) + @source_account.follow!(@target_account, **follow_options) end def change_follow_request_options! - @source_account.request_follow!(@target_account, reblogs: @options[:reblogs], notify: @options[:notify]) + @source_account.request_follow!(@target_account, **follow_options) end def request_follow! - follow_request = @source_account.request_follow!(@target_account, reblogs: @options[:reblogs], notify: @options[:notify], rate_limit: @options[:with_rate_limit], bypass_limit: @options[:bypass_limit]) + follow_request = @source_account.request_follow!(@target_account, **follow_options.merge(rate_limit: @options[:with_rate_limit], bypass_limit: @options[:bypass_limit])) if @target_account.local? LocalNotificationWorker.perform_async(@target_account.id, follow_request.id, follow_request.class.name, 'follow_request') @@ -77,7 +78,7 @@ class FollowService < BaseService end def direct_follow! - follow = @source_account.follow!(@target_account, reblogs: @options[:reblogs], notify: @options[:notify], rate_limit: @options[:with_rate_limit], bypass_limit: @options[:bypass_limit]) + follow = @source_account.follow!(@target_account, **follow_options.merge(rate_limit: @options[:with_rate_limit], bypass_limit: @options[:bypass_limit])) LocalNotificationWorker.perform_async(@target_account.id, follow.id, follow.class.name, 'follow') MergeWorker.perform_async(@target_account.id, @source_account.id) @@ -88,4 +89,8 @@ class FollowService < BaseService def build_json(follow_request) Oj.dump(serialize_payload(follow_request, ActivityPub::FollowSerializer)) end + + def follow_options + @options.slice(:reblogs, :notify, :languages) + end end diff --git a/app/services/import_service.rb b/app/services/import_service.rb index 8e6640b9d..676c37bde 100644 --- a/app/services/import_service.rb +++ b/app/services/import_service.rb @@ -27,7 +27,7 @@ class ImportService < BaseService def import_follows! parse_import_data!(['Account address']) - import_relationships!('follow', 'unfollow', @account.following, ROWS_PROCESSING_LIMIT, reblogs: { header: 'Show boosts', default: true }) + import_relationships!('follow', 'unfollow', @account.following, ROWS_PROCESSING_LIMIT, reblogs: { header: 'Show boosts', default: true }, notify: { header: 'Notify on new posts', default: false }, languages: { header: 'Languages', default: nil }) end def import_blocks! diff --git a/app/services/keys/claim_service.rb b/app/services/keys/claim_service.rb index 69568a0d1..ae9e24a24 100644 --- a/app/services/keys/claim_service.rb +++ b/app/services/keys/claim_service.rb @@ -72,7 +72,7 @@ class Keys::ClaimService < BaseService def build_post_request(uri) Request.new(:post, uri).tap do |request| - request.on_behalf_of(@source_account, :uri) + request.on_behalf_of(@source_account) request.add_headers(HEADERS) end end diff --git a/app/services/process_mentions_service.rb b/app/services/process_mentions_service.rb index 8c63b611d..c9c158af1 100644 --- a/app/services/process_mentions_service.rb +++ b/app/services/process_mentions_service.rb @@ -38,7 +38,7 @@ class ProcessMentionsService < BaseService mentioned_account = Account.find_remote(username, domain) # Unapproved and unconfirmed accounts should not be mentionable - next if mentioned_account&.local? && !(mentioned_account.user_confirmed? && mentioned_account.user_approved?) + next match if mentioned_account&.local? && !(mentioned_account.user_confirmed? && mentioned_account.user_approved?) # If the account cannot be found or isn't the right protocol, # first try to resolve it diff --git a/app/services/resolve_account_service.rb b/app/services/resolve_account_service.rb index b55e45409..e3b370968 100644 --- a/app/services/resolve_account_service.rb +++ b/app/services/resolve_account_service.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true class ResolveAccountService < BaseService - include JsonLdHelper include DomainControlHelper include WebfingerHelper include Redisable @@ -13,6 +12,7 @@ class ResolveAccountService < BaseService # @param [Hash] options # @option options [Boolean] :redirected Do not follow further Webfinger redirects # @option options [Boolean] :skip_webfinger Do not attempt any webfinger query or refreshing account data + # @option options [Boolean] :suppress_errors When failing, return nil instead of raising an error # @return [Account] def call(uri, options = {}) return if uri.blank? @@ -52,15 +52,15 @@ class ResolveAccountService < BaseService # either needs to be created, or updated from fresh data fetch_account! - rescue Webfinger::Error, Oj::ParseError => e + rescue Webfinger::Error => e Rails.logger.debug "Webfinger query for #{@uri} failed: #{e}" - nil + raise unless @options[:suppress_errors] end private def process_options!(uri, options) - @options = options + @options = { suppress_errors: true }.merge(options) if uri.is_a?(Account) @account = uri @@ -96,7 +96,7 @@ class ResolveAccountService < BaseService @username, @domain = split_acct(@webfinger.subject) unless confirmed_username.casecmp(@username).zero? && confirmed_domain.casecmp(@domain).zero? - raise Webfinger::RedirectError, "The URI #{uri} tries to hijack #{@username}@#{@domain}" + raise Webfinger::RedirectError, "Too many webfinger redirects for URI #{uri} (stopped at #{@username}@#{@domain})" end rescue Webfinger::GoneError @gone = true @@ -110,7 +110,7 @@ class ResolveAccountService < BaseService return unless activitypub_ready? with_lock("resolve:#{@username}@#{@domain}") do - @account = ActivityPub::FetchRemoteAccountService.new.call(actor_url) + @account = ActivityPub::FetchRemoteAccountService.new.call(actor_url, suppress_errors: @options[:suppress_errors]) end @account diff --git a/app/services/resolve_url_service.rb b/app/services/resolve_url_service.rb index e2c745673..37c856cf8 100644 --- a/app/services/resolve_url_service.rb +++ b/app/services/resolve_url_service.rb @@ -20,8 +20,8 @@ class ResolveURLService < BaseService private def process_url - if equals_or_includes_any?(type, ActivityPub::FetchRemoteAccountService::SUPPORTED_TYPES) - ActivityPub::FetchRemoteAccountService.new.call(resource_url, prefetched_body: body) + if equals_or_includes_any?(type, ActivityPub::FetchRemoteActorService::SUPPORTED_TYPES) + ActivityPub::FetchRemoteActorService.new.call(resource_url, prefetched_body: body) elsif equals_or_includes_any?(type, ActivityPub::Activity::Create::SUPPORTED_TYPES + ActivityPub::Activity::Create::CONVERTED_TYPES) status = FetchRemoteStatusService.new.call(resource_url, body) authorize_with @on_behalf_of, status, :show? unless status.nil? diff --git a/app/services/translate_status_service.rb b/app/services/translate_status_service.rb new file mode 100644 index 000000000..539a0d9db --- /dev/null +++ b/app/services/translate_status_service.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +class TranslateStatusService < BaseService + CACHE_TTL = 1.day.freeze + + include FormattingHelper + + def call(status, target_language) + raise Mastodon::NotPermittedError unless status.public_visibility? || status.unlisted_visibility? + + @status = status + @content = status_content_format(@status) + @target_language = target_language + + Rails.cache.fetch("translations/#{@status.language}/#{@target_language}/#{content_hash}", expires_in: CACHE_TTL) { translation_backend.translate(@content, @status.language, @target_language) } + end + + private + + def translation_backend + TranslationService.configured + end + + def content_hash + Digest::SHA256.base64digest(@content) + end +end |