From 0c7c188c459117770ac1f74f70a9e65ed2be606f Mon Sep 17 00:00:00 2001 From: Sorin Davidoi Date: Thu, 13 Jul 2017 22:15:32 +0200 Subject: Web Push Notifications (#3243) * feat: Register push subscription * feat: Notify when mentioned * feat: Boost, favourite, reply, follow, follow request * feat: Notification interaction * feat: Handle change of public key * feat: Unsubscribe if things go wrong * feat: Do not send normal notifications if push is enabled * feat: Focus client if open * refactor: Move push logic to WebPushSubscription * feat: Better title and body * feat: Localize messages * chore: Fix lint errors * feat: Settings * refactor: Lazy load * fix: Check if push settings exist * feat: Device-based preferences * refactor: Simplify logic * refactor: Pull request feedback * refactor: Pull request feedback * refactor: Create /api/web/push_subscriptions endpoint * feat: Spec PushSubscriptionController * refactor: WebPushSubscription => Web::PushSubscription * feat: Spec Web::PushSubscription * feat: Display first media attachment * feat: Support direction * fix: Stuff broken while rebasing * refactor: Integration with session activations * refactor: Cleanup * refactor: Simplify implementation * feat: Set VAPID keys via environment * chore: Comments * fix: Crash when no alerts * fix: Set VAPID keys in testing environment * fix: Follow link * feat: Notification actions * fix: Delete previous subscription * chore: Temporary logs * refactor: Move migration to a later date * fix: Fetch the correct session activation and misc bugs * refactor: Move migration to a later date * fix: Remove follow request (no notifications) * feat: Send administrator contact to push service * feat: Set time-to-live * fix: Do not show sensitive images * fix: Reducer crash in error handling * feat: Add badge * chore: Fix lint error * fix: Checkbox label overlap * fix: Check for payload support * fix: Rename action "type" (crash in latest Chrome) * feat: Action to expand notification * fix: Lint errors * fix: Unescape notification body * fix: Do not allow boosting if the status is hidden * feat: Add VAPID keys to the production sample environment * fix: Strip HTML tags from status * refactor: Better error messages * refactor: Handle browser not implementing the VAPID protocol (Samsung Internet) * fix: Error when target_status is nil * fix: Handle lack of image * fix: Delete reference to invalid subscriptions * feat: Better error handling * fix: Unescape HTML characters after tags are striped * refactor: Simpify code * fix: Modify to work with #4091 * Sort strings alphabetically * i18n: Updated Polish translation it annoys me that it's not fully localized :P * refactor: Use current_session in PushSubscriptionController * fix: Rebase mistake * fix: Set cacheName to mastodon * refactor: Pull request feedback * refactor: Remove logging statements * chore(yarn): Fix conflicts with master * chore(yarn): Copy latest from master * chore(yarn): Readd offline-plugin * refactor: Use save! and update! * refactor: Send notifications async * fix: Allow retry when push fails * fix: Save track for failed pushes * fix: Minify sw.js * fix: Remove account_id from fabricator --- .../api/web/push_subscriptions_controller.rb | 39 ++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 app/controllers/api/web/push_subscriptions_controller.rb (limited to 'app/controllers/api') diff --git a/app/controllers/api/web/push_subscriptions_controller.rb b/app/controllers/api/web/push_subscriptions_controller.rb new file mode 100644 index 000000000..8425db7b4 --- /dev/null +++ b/app/controllers/api/web/push_subscriptions_controller.rb @@ -0,0 +1,39 @@ +# frozen_string_literal: true + +class Api::Web::PushSubscriptionsController < Api::BaseController + respond_to :json + + before_action :require_user! + + def create + params.require(:data).require(:endpoint) + params.require(:data).require(:keys).require([:auth, :p256dh]) + + active_session = current_session + + unless active_session.web_push_subscription.nil? + active_session.web_push_subscription.destroy! + active_session.update!(web_push_subscription: nil) + end + + web_subscription = ::Web::PushSubscription.create!( + endpoint: params[:data][:endpoint], + key_p256dh: params[:data][:keys][:p256dh], + key_auth: params[:data][:keys][:auth] + ) + + active_session.update!(web_push_subscription: web_subscription) + + render json: web_subscription.as_payload + end + + def update + params.require([:id, :data]) + + web_subscription = ::Web::PushSubscription.find(params[:id]) + + web_subscription.update!(data: params[:data]) + + render json: web_subscription.as_payload + end +end -- cgit From 1618b68bfa740ed655ac45d7d5f4f46fed6c8c62 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Fri, 14 Jul 2017 20:41:49 +0200 Subject: HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug) --- app/controllers/accounts_controller.rb | 1 + app/controllers/api/subscriptions_controller.rb | 2 +- app/controllers/concerns/signature_verification.rb | 87 ++++++++++++++++++++++ app/controllers/stream_entries_controller.rb | 1 + app/helpers/http_helper.rb | 17 ----- app/lib/provider_discovery.rb | 4 +- app/lib/request.rb | 70 +++++++++++++++++ app/models/account.rb | 2 +- app/models/concerns/remotable.rb | 3 +- app/models/subscription.rb | 4 +- app/services/fetch_atom_service.rb | 8 +- app/services/fetch_link_card_service.rb | 6 +- app/services/resolve_remote_account_service.rb | 3 +- app/services/send_interaction_service.rb | 14 +++- app/services/subscribe_service.rb | 48 ++++++++---- app/services/unsubscribe_service.rb | 31 +++++--- app/workers/pubsubhubbub/confirmation_worker.rb | 12 ++- app/workers/pubsubhubbub/delivery_worker.rb | 11 ++- .../concerns/signature_verification_spec.rb | 74 ++++++++++++++++++ spec/helpers/http_helper_spec.rb | 13 ---- spec/lib/request_spec.rb | 54 ++++++++++++++ .../pubsubhubbub/confirmation_worker_spec.rb | 2 +- spec/workers/pubsubhubbub/delivery_worker_spec.rb | 2 +- 23 files changed, 379 insertions(+), 90 deletions(-) create mode 100644 app/controllers/concerns/signature_verification.rb delete mode 100644 app/helpers/http_helper.rb create mode 100644 app/lib/request.rb create mode 100644 spec/controllers/concerns/signature_verification_spec.rb delete mode 100644 spec/helpers/http_helper_spec.rb create mode 100644 spec/lib/request_spec.rb (limited to 'app/controllers/api') diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb index 11402ab79..69b520df1 100644 --- a/app/controllers/accounts_controller.rb +++ b/app/controllers/accounts_controller.rb @@ -2,6 +2,7 @@ class AccountsController < ApplicationController include AccountControllerConcern + include SignatureVerification def show respond_to do |format| diff --git a/app/controllers/api/subscriptions_controller.rb b/app/controllers/api/subscriptions_controller.rb index d3ea98676..89007f3d6 100644 --- a/app/controllers/api/subscriptions_controller.rb +++ b/app/controllers/api/subscriptions_controller.rb @@ -42,7 +42,7 @@ class Api::SubscriptionsController < Api::BaseController end def lease_seconds_or_default - (params['hub.lease_seconds'] || 86_400).to_i.seconds + (params['hub.lease_seconds'] || 1.day).to_i.seconds end def set_account diff --git a/app/controllers/concerns/signature_verification.rb b/app/controllers/concerns/signature_verification.rb new file mode 100644 index 000000000..abe845d93 --- /dev/null +++ b/app/controllers/concerns/signature_verification.rb @@ -0,0 +1,87 @@ +# frozen_string_literal: true + +# Implemented according to HTTP signatures (Draft 6) +# +module SignatureVerification + extend ActiveSupport::Concern + + def signed_request? + request.headers['Signature'].present? + end + + def signed_request_account + return @signed_request_account if defined?(@signed_request_account) + + unless signed_request? + @signed_request_account = nil + return + end + + raw_signature = request.headers['Signature'] + signature_params = {} + + raw_signature.split(',').each do |part| + parsed_parts = part.match(/([a-z]+)="([^"]+)"/i) + next if parsed_parts.nil? || parsed_parts.size != 3 + signature_params[parsed_parts[1]] = parsed_parts[2] + end + + if incompatible_signature?(signature_params) + @signed_request_account = nil + return + end + + account = ResolveRemoteAccountService.new.call(signature_params['keyId'].gsub(/\Aacct:/, '')) + + if account.nil? + @signed_request_account = nil + return + end + + signature = Base64.decode64(signature_params['signature']) + compare_signed_string = build_signed_string(signature_params['headers']) + + if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string) + @signed_request_account = account + @signed_request_account + else + @signed_request_account = nil + end + end + + private + + def build_signed_string(signed_headers) + signed_headers = 'date' if signed_headers.blank? + + signed_headers.split(' ').map do |signed_header| + if signed_header == Request::REQUEST_TARGET + "#{Request::REQUEST_TARGET}: #{request.method.downcase} #{request.path}" + else + "#{signed_header}: #{request.headers[to_header_name(signed_header)]}" + end + end.join("\n") + end + + def matches_time_window? + begin + time_sent = DateTime.httpdate(request.headers['Date']) + rescue ArgumentError + return false + end + + (Time.now.utc - time_sent).abs <= 30 + end + + def to_header_name(name) + name.split(/-/).map(&:capitalize).join('-') + end + + def incompatible_signature?(signature_params) + signature_params['keyId'].blank? || + signature_params['signature'].blank? || + signature_params['algorithm'].blank? || + signature_params['algorithm'] != 'rsa-sha256' || + !signature_params['keyId'].start_with?('acct:') + end +end diff --git a/app/controllers/stream_entries_controller.rb b/app/controllers/stream_entries_controller.rb index 314d59619..54a435238 100644 --- a/app/controllers/stream_entries_controller.rb +++ b/app/controllers/stream_entries_controller.rb @@ -2,6 +2,7 @@ class StreamEntriesController < ApplicationController include Authorization + include SignatureVerification layout 'public' diff --git a/app/helpers/http_helper.rb b/app/helpers/http_helper.rb deleted file mode 100644 index e39a52da0..000000000 --- a/app/helpers/http_helper.rb +++ /dev/null @@ -1,17 +0,0 @@ -# frozen_string_literal: true - -module HttpHelper - def http_client(options = {}) - timeout = { write: 10, connect: 10, read: 10 }.merge(options) - - HTTP.headers(user_agent: user_agent) - .timeout(:per_operation, timeout) - .follow - end - - private - - def user_agent - @user_agent ||= "#{HTTP::Request::USER_AGENT} (Mastodon/#{Mastodon::Version}; +http://#{Rails.configuration.x.local_domain}/)" - end -end diff --git a/app/lib/provider_discovery.rb b/app/lib/provider_discovery.rb index 6d48cae2f..5e02e6806 100644 --- a/app/lib/provider_discovery.rb +++ b/app/lib/provider_discovery.rb @@ -1,11 +1,9 @@ # frozen_string_literal: true class ProviderDiscovery < OEmbed::ProviderDiscovery - extend HttpHelper - class << self def discover_provider(url, options = {}) - res = http_client.get(url) + res = Request.new(:get, url).perform format = options[:format] raise OEmbed::NotFound, url if res.code != 200 || res.mime_type != 'text/html' diff --git a/app/lib/request.rb b/app/lib/request.rb new file mode 100644 index 000000000..e73c5ac20 --- /dev/null +++ b/app/lib/request.rb @@ -0,0 +1,70 @@ +# frozen_string_literal: true + +class Request + REQUEST_TARGET = '(request-target)' + + include RoutingHelper + + def initialize(verb, url, options = {}) + @verb = verb + @url = Addressable::URI.parse(url).normalize + @options = options + @headers = {} + + set_common_headers! + end + + def on_behalf_of(account) + raise ArgumentError unless account.local? + @account = account + end + + def add_headers(new_headers) + @headers.merge!(new_headers) + end + + def perform + http_client.headers(headers).public_send(@verb, @url.to_s, @options) + end + + def headers + (@account ? @headers.merge('Signature' => signature) : @headers).without(REQUEST_TARGET) + end + + private + + def set_common_headers! + @headers[REQUEST_TARGET] = "#{@verb} #{@url.path}" + @headers['User-Agent'] = user_agent + @headers['Host'] = @url.host + @headers['Date'] = Time.now.utc.httpdate + end + + def signature + key_id = @account.to_webfinger_s + algorithm = 'rsa-sha256' + signature = Base64.strict_encode64(@account.keypair.sign(OpenSSL::Digest::SHA256.new, signed_string)) + + "keyId=\"#{key_id}\",algorithm=\"#{algorithm}\",headers=\"#{signed_headers}\",signature=\"#{signature}\"" + end + + def signed_string + @headers.map { |key, value| "#{key.downcase}: #{value}" }.join("\n") + end + + def signed_headers + @headers.keys.join(' ').downcase + end + + def user_agent + @user_agent ||= "#{HTTP::Request::USER_AGENT} (Mastodon/#{Mastodon::Version}; +#{root_url})" + end + + def timeout + { write: 10, connect: 10, read: 10 } + end + + def http_client + HTTP.timeout(:per_operation, timeout).follow + end +end diff --git a/app/models/account.rb b/app/models/account.rb index 7243cb1a5..58b0a1086 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -130,7 +130,7 @@ class Account < ApplicationRecord end def subscription(webhook_url) - OStatus2::Subscription.new(remote_url, secret: secret, lease_seconds: 86_400 * 30, webhook: webhook_url, hub: hub_url) + OStatus2::Subscription.new(remote_url, secret: secret, lease_seconds: 30.days.seconds, webhook: webhook_url, hub: hub_url) end def save_with_optional_media! diff --git a/app/models/concerns/remotable.rb b/app/models/concerns/remotable.rb index b4f169649..1bd87a642 100644 --- a/app/models/concerns/remotable.rb +++ b/app/models/concerns/remotable.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true module Remotable - include HttpHelper extend ActiveSupport::Concern included do @@ -20,7 +19,7 @@ module Remotable return if !%w(http https).include?(parsed_url.scheme) || parsed_url.host.empty? || self[attribute_name] == url begin - response = http_client.get(url) + response = Request.new(:get, url).perform return if response.code != 200 diff --git a/app/models/subscription.rb b/app/models/subscription.rb index 35a228df0..d9d5024a9 100644 --- a/app/models/subscription.rb +++ b/app/models/subscription.rb @@ -16,8 +16,8 @@ # class Subscription < ApplicationRecord - MIN_EXPIRATION = 7.days.seconds.to_i - MAX_EXPIRATION = 30.days.seconds.to_i + MIN_EXPIRATION = 1.day.to_i + MAX_EXPIRATION = 30.days.to_i belongs_to :account, required: true diff --git a/app/services/fetch_atom_service.rb b/app/services/fetch_atom_service.rb index d430b22e9..3ac441e3e 100644 --- a/app/services/fetch_atom_service.rb +++ b/app/services/fetch_atom_service.rb @@ -1,16 +1,14 @@ # frozen_string_literal: true class FetchAtomService < BaseService - include HttpHelper - def call(url) return if url.blank? - response = http_client.head(url) + response = Request.new(:head, url).perform Rails.logger.debug "Remote status HEAD request returned code #{response.code}" - response = http_client.get(url) if response.code == 405 + response = Request.new(:get, url).perform if response.code == 405 Rails.logger.debug "Remote status GET request returned code #{response.code}" @@ -49,6 +47,6 @@ class FetchAtomService < BaseService end def fetch(url) - http_client.get(url).to_s + Request.new(:get, url).perform.to_s end end diff --git a/app/services/fetch_link_card_service.rb b/app/services/fetch_link_card_service.rb index 6ef3abb66..20c85e0ea 100644 --- a/app/services/fetch_link_card_service.rb +++ b/app/services/fetch_link_card_service.rb @@ -1,8 +1,6 @@ # frozen_string_literal: true class FetchLinkCardService < BaseService - include HttpHelper - URL_PATTERN = %r{https?://\S+} def call(status) @@ -13,7 +11,7 @@ class FetchLinkCardService < BaseService url = url.to_s card = PreviewCard.where(status: status).first_or_initialize(status: status, url: url) - res = http_client.head(url) + res = Request.new(:head, url).perform return if res.code != 200 || res.mime_type != 'text/html' @@ -80,7 +78,7 @@ class FetchLinkCardService < BaseService end def attempt_opengraph(card, url) - response = http_client.get(url) + response = Request.new(:get, url).perform return if response.code != 200 || response.mime_type != 'text/html' diff --git a/app/services/resolve_remote_account_service.rb b/app/services/resolve_remote_account_service.rb index 362d0df98..d2dfda824 100644 --- a/app/services/resolve_remote_account_service.rb +++ b/app/services/resolve_remote_account_service.rb @@ -2,7 +2,6 @@ class ResolveRemoteAccountService < BaseService include OStatus2::MagicKey - include HttpHelper DFRN_NS = 'http://purl.org/macgirvin/dfrn/1.0' @@ -79,7 +78,7 @@ class ResolveRemoteAccountService < BaseService end def get_feed(url) - response = http_client(write: 20, connect: 20, read: 50).get(Addressable::URI.parse(url).normalize) + response = Request.new(:get, url).perform raise Goldfinger::Error, "Feed attempt failed for #{url}: HTTP #{response.code}" unless response.code == 200 [response.to_s, Nokogiri::XML(response)] end diff --git a/app/services/send_interaction_service.rb b/app/services/send_interaction_service.rb index 34c8f9e34..ef38a748b 100644 --- a/app/services/send_interaction_service.rb +++ b/app/services/send_interaction_service.rb @@ -12,13 +12,23 @@ class SendInteractionService < BaseService return if block_notification? - envelope = salmon.pack(@xml, @source_account.keypair) - delivery = salmon.post(@target_account.salmon_url, envelope) + delivery = build_request.perform + raise "Delivery failed for #{target_account.salmon_url}: HTTP #{delivery.code}" unless delivery.code > 199 && delivery.code < 300 end private + def build_request + request = Request.new(:post, @target_account.salmon_url, body: envelope) + request.add_headers('Content-Type' => 'application/magic-envelope+xml') + request + end + + def envelope + salmon.pack(@xml, @source_account.keypair) + end + def block_notification? DomainBlock.blocked?(@target_account.domain) end diff --git a/app/services/subscribe_service.rb b/app/services/subscribe_service.rb index 1e7984a7f..f58067038 100644 --- a/app/services/subscribe_service.rb +++ b/app/services/subscribe_service.rb @@ -2,34 +2,54 @@ class SubscribeService < BaseService def call(account) - account.secret = SecureRandom.hex + @account = account + @account.secret = SecureRandom.hex + @response = build_request.perform - subscription = account.subscription(api_subscription_url(account.id)) - response = subscription.subscribe - - if response_failed_permanently?(response) + if response_failed_permanently? # We're not allowed to subscribe. Fail and move on. - account.secret = '' - account.save! - elsif response_successful?(response) + @account.secret = '' + @account.save! + elsif response_successful? # The subscription will be confirmed asynchronously. - account.save! + @account.save! else # The response was either a 429 rate limit, or a 5xx error. # We need to retry at a later time. Fail loudly! - raise "Subscription attempt failed for #{account.acct} (#{account.hub_url}): HTTP #{response.code}" + raise "Subscription attempt failed for #{@account.acct} (#{@account.hub_url}): HTTP #{@response.code}" end end private + def build_request + request = Request.new(:post, @account.hub_url, form: subscription_params) + request.on_behalf_of(some_local_account) if some_local_account + request + end + + def subscription_params + { + 'hub.topic': @account.remote_url, + 'hub.mode': 'subscribe', + 'hub.callback': api_subscription_url(@account.id), + 'hub.verify': 'async', + 'hub.secret': @account.secret, + 'hub.lease_seconds': 7.days.seconds, + } + end + + def some_local_account + @some_local_account ||= Account.local.first + end + # Any response in the 3xx or 4xx range, except for 429 (rate limit) - def response_failed_permanently?(response) - (response.status.redirect? || response.status.client_error?) && !response.status.too_many_requests? + def response_failed_permanently? + (@response.status.redirect? || @response.status.client_error?) && !@response.status.too_many_requests? end # Any response in the 2xx range - def response_successful?(response) - response.status.success? + def response_successful? + @response.status.success? end end diff --git a/app/services/unsubscribe_service.rb b/app/services/unsubscribe_service.rb index 6db8dbdc4..c2f022d7d 100644 --- a/app/services/unsubscribe_service.rb +++ b/app/services/unsubscribe_service.rb @@ -2,17 +2,30 @@ class UnsubscribeService < BaseService def call(account) - subscription = account.subscription(api_subscription_url(account.id)) - response = subscription.unsubscribe + @account = account + @response = build_request.perform - unless response.status.success? - Rails.logger.debug "PuSH unsubscribe for #{account.acct} failed: #{response.status}" - end + Rails.logger.debug "PuSH unsubscribe for #{@account.acct} failed: #{@response.status}" unless @response.status.success? - account.secret = '' - account.subscription_expires_at = nil - account.save! + @account.secret = '' + @account.subscription_expires_at = nil + @account.save! rescue HTTP::Error, OpenSSL::SSL::SSLError - Rails.logger.debug "PuSH subscription request for #{account.acct} could not be made due to HTTP or SSL error" + Rails.logger.debug "PuSH subscription request for #{@account.acct} could not be made due to HTTP or SSL error" + end + + private + + def build_request + Request.new(:post, @account.hub_url, form: subscription_params) + end + + def subscription_params + { + 'hub.topic': @account.remote_url, + 'hub.mode': 'unsubscribe', + 'hub.callback': api_subscription_url(@account.id), + 'hub.verify': 'async', + } end end diff --git a/app/workers/pubsubhubbub/confirmation_worker.rb b/app/workers/pubsubhubbub/confirmation_worker.rb index 9186c5d7d..e1ccfb99c 100644 --- a/app/workers/pubsubhubbub/confirmation_worker.rb +++ b/app/workers/pubsubhubbub/confirmation_worker.rb @@ -60,9 +60,7 @@ class Pubsubhubbub::ConfirmationWorker end def callback_get_with_params - HTTP.headers(user_agent: 'Mastodon/PubSubHubbub') - .timeout(:per_operation, write: 20, connect: 20, read: 50) - .get(subscription.callback_url, params: callback_params) + Request.new(:get, subscription.callback_url, params: callback_params).perform end def callback_response_body @@ -71,10 +69,10 @@ class Pubsubhubbub::ConfirmationWorker def callback_params { - 'hub.topic' => account_url(subscription.account, format: :atom), - 'hub.mode' => mode, - 'hub.challenge' => challenge, - 'hub.lease_seconds' => subscription.lease_seconds, + 'hub.topic': account_url(subscription.account, format: :atom), + 'hub.mode': mode, + 'hub.challenge': challenge, + 'hub.lease_seconds': subscription.lease_seconds, } end diff --git a/app/workers/pubsubhubbub/delivery_worker.rb b/app/workers/pubsubhubbub/delivery_worker.rb index 981838f33..05d160cf7 100644 --- a/app/workers/pubsubhubbub/delivery_worker.rb +++ b/app/workers/pubsubhubbub/delivery_worker.rb @@ -33,9 +33,9 @@ class Pubsubhubbub::DeliveryWorker end def callback_post_payload - HTTP.timeout(:per_operation, write: 50, connect: 20, read: 50) - .headers(headers) - .post(subscription.callback_url, body: payload) + request = Request.new(:post, subscription.callback_url, body: payload) + request.add_headers(headers) + request.perform end def blocked_domain? @@ -48,13 +48,12 @@ class Pubsubhubbub::DeliveryWorker def headers { - 'User-Agent' => 'Mastodon/PubSubHubbub', 'Content-Type' => 'application/atom+xml', - 'Link' => link_headers, + 'Link' => link_header, }.merge(signature_headers.to_h) end - def link_headers + def link_header LinkHeader.new([hub_link_header, self_link_header]).to_s end diff --git a/spec/controllers/concerns/signature_verification_spec.rb b/spec/controllers/concerns/signature_verification_spec.rb new file mode 100644 index 000000000..b371795ab --- /dev/null +++ b/spec/controllers/concerns/signature_verification_spec.rb @@ -0,0 +1,74 @@ +# frozen_string_literal: true + +require 'rails_helper' + +describe ApplicationController, type: :controller do + controller do + include SignatureVerification + + def success + head 200 + end + + def alternative_success + head 200 + end + end + + before do + routes.draw { get 'success' => 'anonymous#success' } + end + + context 'without signature header' do + before do + get :success + end + + describe '#signed_request?' do + it 'returns false' do + expect(controller.signed_request?).to be false + end + end + + describe '#signed_request_account' do + it 'returns nil' do + expect(controller.signed_request_account).to be_nil + end + end + end + + context 'with signature header' do + let!(:author) { Fabricate(:account) } + + before do + get :success + + fake_request = Request.new(:get, request.url) + fake_request.on_behalf_of(author) + + request.headers.merge!(fake_request.headers) + end + + describe '#signed_request?' do + it 'returns true' do + expect(controller.signed_request?).to be true + end + end + + describe '#signed_request_account' do + it 'returns an account' do + expect(controller.signed_request_account).to eq author + end + + it 'returns nil when path does not match' do + request.path = '/alternative-path' + expect(controller.signed_request_account).to be_nil + end + + it 'returns nil when method does not match' do + post :success + expect(controller.signed_request_account).to be_nil + end + end + end +end diff --git a/spec/helpers/http_helper_spec.rb b/spec/helpers/http_helper_spec.rb deleted file mode 100644 index b8e31b8e6..000000000 --- a/spec/helpers/http_helper_spec.rb +++ /dev/null @@ -1,13 +0,0 @@ -# frozen_string_literal: true - -require 'rails_helper' - -describe HttpHelper do - describe 'http_client' do - it 'returns HTTP::Client with default options' do - options = helper.http_client.default_options - expect(options.headers['User-Agent']).to match /.+ \(Mastodon\/.+;\ \+http:\/\/cb6e6126\.ngrok\.io\/\)/ - expect(options.timeout_options).to eq read_timeout: 10, write_timeout: 10, connect_timeout: 10 - end - end -end diff --git a/spec/lib/request_spec.rb b/spec/lib/request_spec.rb new file mode 100644 index 000000000..782f14b18 --- /dev/null +++ b/spec/lib/request_spec.rb @@ -0,0 +1,54 @@ +# frozen_string_literal: true + +require 'rails_helper' + +describe Request do + subject { Request.new(:get, 'http://example.com') } + + describe '#headers' do + it 'returns user agent' do + expect(subject.headers['User-Agent']).to be_present + end + + it 'returns the date header' do + expect(subject.headers['Date']).to be_present + end + + it 'returns the host header' do + expect(subject.headers['Host']).to be_present + end + + it 'does not return virtual request-target header' do + expect(subject.headers['(request-target)']).to be_nil + end + end + + describe '#on_behalf_of' do + it 'when used, adds signature header' do + subject.on_behalf_of(Fabricate(:account)) + expect(subject.headers['Signature']).to be_present + end + end + + describe '#add_headers' do + it 'adds headers to the request' do + subject.add_headers('Test' => 'Foo') + expect(subject.headers['Test']).to eq 'Foo' + end + end + + describe '#perform' do + before do + stub_request(:get, 'http://example.com') + subject.perform + end + + it 'executes a HTTP request' do + expect(a_request(:get, 'http://example.com')).to have_been_made.once + end + + it 'sets headers' do + expect(a_request(:get, 'http://example.com').with(headers: subject.headers)).to have_been_made + end + end +end diff --git a/spec/workers/pubsubhubbub/confirmation_worker_spec.rb b/spec/workers/pubsubhubbub/confirmation_worker_spec.rb index 1199d5801..8f66b4520 100644 --- a/spec/workers/pubsubhubbub/confirmation_worker_spec.rb +++ b/spec/workers/pubsubhubbub/confirmation_worker_spec.rb @@ -83,6 +83,6 @@ describe Pubsubhubbub::ConfirmationWorker do end def http_headers - { 'Connection' => 'close', 'Host' => 'example.com', 'User-Agent' => 'Mastodon/PubSubHubbub' } + { 'Connection' => 'close', 'Host' => 'example.com', 'User-Agent' => 'http.rb/2.2.2 (Mastodon/1.4.7; +https://cb6e6126.ngrok.io/)' } end end diff --git a/spec/workers/pubsubhubbub/delivery_worker_spec.rb b/spec/workers/pubsubhubbub/delivery_worker_spec.rb index 081dfa41c..a83245786 100644 --- a/spec/workers/pubsubhubbub/delivery_worker_spec.rb +++ b/spec/workers/pubsubhubbub/delivery_worker_spec.rb @@ -59,7 +59,7 @@ describe Pubsubhubbub::DeliveryWorker do 'Content-Type' => 'application/atom+xml', 'Host' => 'example.com', 'Link' => "; rel=\"hub\", ; rel=\"self\"", - 'User-Agent' => 'Mastodon/PubSubHubbub', + 'User-Agent' => 'http.rb/2.2.2 (Mastodon/1.4.7; +https://cb6e6126.ngrok.io/)', }.tap do |basic| known_digest = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), subscription.secret.to_s, payload) basic.merge('X-Hub-Signature' => "sha1=#{known_digest}") if subscription.secret? -- cgit From 1896a154f5f5edd4f94c58e5c69dd70ebc728e3d Mon Sep 17 00:00:00 2001 From: unarist Date: Sat, 15 Jul 2017 03:44:53 +0900 Subject: Fix response of unreblog/unfavourite APIs (#4204) Both APIs process asynchronously, so reblogged/favourited fields in the response should be set to `false` manually. --- app/controllers/api/v1/statuses/favourites_controller.rb | 2 +- app/controllers/api/v1/statuses/reblogs_controller.rb | 2 +- app/presenters/status_relationships_presenter.rb | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) (limited to 'app/controllers/api') diff --git a/app/controllers/api/v1/statuses/favourites_controller.rb b/app/controllers/api/v1/statuses/favourites_controller.rb index 4c4b0c160..35f8a48cd 100644 --- a/app/controllers/api/v1/statuses/favourites_controller.rb +++ b/app/controllers/api/v1/statuses/favourites_controller.rb @@ -19,7 +19,7 @@ class Api::V1::Statuses::FavouritesController < Api::BaseController UnfavouriteWorker.perform_async(current_user.account_id, @status.id) - render json: @status, serializer: REST::StatusSerializer + render json: @status, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_user&.account_id, favourites_map: @favourites_map) end private diff --git a/app/controllers/api/v1/statuses/reblogs_controller.rb b/app/controllers/api/v1/statuses/reblogs_controller.rb index f7f4b5a5c..634af474f 100644 --- a/app/controllers/api/v1/statuses/reblogs_controller.rb +++ b/app/controllers/api/v1/statuses/reblogs_controller.rb @@ -20,7 +20,7 @@ class Api::V1::Statuses::ReblogsController < Api::BaseController authorize status_for_destroy, :unreblog? RemovalWorker.perform_async(status_for_destroy.id) - render json: @status, serializer: REST::StatusSerializer + render json: @status, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_user&.account_id, reblogs_map: @reblogs_map) end private diff --git a/app/presenters/status_relationships_presenter.rb b/app/presenters/status_relationships_presenter.rb index caf00791a..03294015f 100644 --- a/app/presenters/status_relationships_presenter.rb +++ b/app/presenters/status_relationships_presenter.rb @@ -3,7 +3,7 @@ class StatusRelationshipsPresenter attr_reader :reblogs_map, :favourites_map, :mutes_map - def initialize(statuses, current_account_id = nil) + def initialize(statuses, current_account_id = nil, reblogs_map: {}, favourites_map: {}, mutes_map: {}) if current_account_id.nil? @reblogs_map = {} @favourites_map = {} @@ -11,9 +11,9 @@ class StatusRelationshipsPresenter else status_ids = statuses.compact.flat_map { |s| [s.id, s.reblog_of_id] }.uniq conversation_ids = statuses.compact.map(&:conversation_id).compact.uniq - @reblogs_map = Status.reblogs_map(status_ids, current_account_id) - @favourites_map = Status.favourites_map(status_ids, current_account_id) - @mutes_map = Status.mutes_map(conversation_ids, current_account_id) + @reblogs_map = Status.reblogs_map(status_ids, current_account_id).merge(reblogs_map) + @favourites_map = Status.favourites_map(status_ids, current_account_id).merge(favourites_map) + @mutes_map = Status.mutes_map(conversation_ids, current_account_id).merge(mutes_map) end end end -- cgit From cd9b2ab2f70b6c1da5d0abeaa88eecdfc1b41f78 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Fri, 14 Jul 2017 23:01:20 +0200 Subject: Fix #2672 - Connect signed PuSH subscription requests to instance domain (#4205) * Fix #2672 - Connect signed PuSH subscription requests to instance domain Resolves #2739 * Fix return of locate_subscription * Fix tests --- app/controllers/api/push_controller.rb | 8 +++++++- app/models/subscription.rb | 2 +- app/services/pubsubhubbub/subscribe_service.rb | 16 +++++++++++++--- app/workers/pubsubhubbub/distribution_worker.rb | 8 ++++---- db/migrate/20170714184731_add_domain_to_subscriptions.rb | 5 +++++ db/schema.rb | 3 ++- spec/controllers/api/push_controller_spec.rb | 1 + 7 files changed, 33 insertions(+), 10 deletions(-) create mode 100644 db/migrate/20170714184731_add_domain_to_subscriptions.rb (limited to 'app/controllers/api') diff --git a/app/controllers/api/push_controller.rb b/app/controllers/api/push_controller.rb index 951867140..e04d19125 100644 --- a/app/controllers/api/push_controller.rb +++ b/app/controllers/api/push_controller.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class Api::PushController < Api::BaseController + include SignatureVerification + def update response, status = process_push_request render plain: response, status: status @@ -11,7 +13,7 @@ class Api::PushController < Api::BaseController def process_push_request case hub_mode when 'subscribe' - Pubsubhubbub::SubscribeService.new.call(account_from_topic, hub_callback, hub_secret, hub_lease_seconds) + Pubsubhubbub::SubscribeService.new.call(account_from_topic, hub_callback, hub_secret, hub_lease_seconds, verified_domain) when 'unsubscribe' Pubsubhubbub::UnsubscribeService.new.call(account_from_topic, hub_callback) else @@ -57,6 +59,10 @@ class Api::PushController < Api::BaseController TagManager.instance.web_domain?(hub_topic_domain) end + def verified_domain + return signed_request_account.domain if signed_request_account + end + def hub_topic_domain hub_topic_uri.host + (hub_topic_uri.port ? ":#{hub_topic_uri.port}" : '') end diff --git a/app/models/subscription.rb b/app/models/subscription.rb index d9d5024a9..bf643c1f9 100644 --- a/app/models/subscription.rb +++ b/app/models/subscription.rb @@ -1,5 +1,4 @@ # frozen_string_literal: true - # == Schema Information # # Table name: subscriptions @@ -13,6 +12,7 @@ # created_at :datetime not null # updated_at :datetime not null # last_successful_delivery_at :datetime +# domain :string # class Subscription < ApplicationRecord diff --git a/app/services/pubsubhubbub/subscribe_service.rb b/app/services/pubsubhubbub/subscribe_service.rb index eeb7ab258..2dba05b12 100644 --- a/app/services/pubsubhubbub/subscribe_service.rb +++ b/app/services/pubsubhubbub/subscribe_service.rb @@ -3,13 +3,15 @@ class Pubsubhubbub::SubscribeService < BaseService URL_PATTERN = /\A#{URI.regexp(%w(http https))}\z/ - attr_reader :account, :callback, :secret, :lease_seconds + attr_reader :account, :callback, :secret, + :lease_seconds, :domain - def call(account, callback, secret, lease_seconds) + def call(account, callback, secret, lease_seconds, verified_domain = nil) @account = account @callback = Addressable::URI.parse(callback).normalize.to_s @secret = secret @lease_seconds = lease_seconds + @domain = verified_domain process_subscribe end @@ -56,6 +58,14 @@ class Pubsubhubbub::SubscribeService < BaseService end def locate_subscription - Subscription.where(account: account, callback_url: callback).first_or_create!(account: account, callback_url: callback) + subscription = Subscription.find_by(account: account, callback_url: callback) + + if subscription.nil? + subscription = Subscription.new(account: account, callback_url: callback) + end + + subscription.domain = domain + subscription.save! + subscription end end diff --git a/app/workers/pubsubhubbub/distribution_worker.rb b/app/workers/pubsubhubbub/distribution_worker.rb index b41cec90d..7592354cc 100644 --- a/app/workers/pubsubhubbub/distribution_worker.rb +++ b/app/workers/pubsubhubbub/distribution_worker.rb @@ -35,16 +35,16 @@ class Pubsubhubbub::DistributionWorker @payload = AtomSerializer.render(AtomSerializer.new.feed(@account, stream_entries)) @domains = @account.followers.domains - Pubsubhubbub::DeliveryWorker.push_bulk(@subscriptions.reject { |s| !allowed_to_receive?(s.callback_url) }) do |subscription| + Pubsubhubbub::DeliveryWorker.push_bulk(@subscriptions.reject { |s| !allowed_to_receive?(s.callback_url, s.domain) }) do |subscription| [subscription.id, @payload] end end def active_subscriptions - Subscription.where(account: @account).active.select('id, callback_url') + Subscription.where(account: @account).active.select('id, callback_url, domain') end - def allowed_to_receive?(callback_url) - @domains.include?(Addressable::URI.parse(callback_url).host) + def allowed_to_receive?(callback_url, domain) + (!domain.nil? && @domains.include?(domain)) || @domains.include?(Addressable::URI.parse(callback_url).host) end end diff --git a/db/migrate/20170714184731_add_domain_to_subscriptions.rb b/db/migrate/20170714184731_add_domain_to_subscriptions.rb new file mode 100644 index 000000000..7c01a64f5 --- /dev/null +++ b/db/migrate/20170714184731_add_domain_to_subscriptions.rb @@ -0,0 +1,5 @@ +class AddDomainToSubscriptions < ActiveRecord::Migration[5.1] + def change + add_column :subscriptions, :domain, :string + end +end diff --git a/db/schema.rb b/db/schema.rb index b2c59a0f6..5ec78a7c9 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20170713190709) do +ActiveRecord::Schema.define(version: 20170714184731) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -326,6 +326,7 @@ ActiveRecord::Schema.define(version: 20170713190709) do t.datetime "created_at", null: false t.datetime "updated_at", null: false t.datetime "last_successful_delivery_at" + t.string "domain" t.index ["account_id", "callback_url"], name: "index_subscriptions_on_account_id_and_callback_url", unique: true end diff --git a/spec/controllers/api/push_controller_spec.rb b/spec/controllers/api/push_controller_spec.rb index 18bfa70e5..647698bd1 100644 --- a/spec/controllers/api/push_controller_spec.rb +++ b/spec/controllers/api/push_controller_spec.rb @@ -21,6 +21,7 @@ RSpec.describe Api::PushController, type: :controller do 'https://callback.host/api', 'as1234df', '3600', + nil ) expect(response).to have_http_status(:success) end -- cgit From 8c45cd0e3683b528b65f416681c8272d5650f32d Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sat, 15 Jul 2017 03:01:39 +0200 Subject: Improve ActivityPub representations (#3844) * Improve webfinger templates and make tests more flexible * Clean up AS2 representation of actor * Refactor outbox * Create activities representation * Add representations of followers/following collections, do not redirect /users/:username route if format is empty * Remove unused translations * ActivityPub endpoint for single statuses, add ActivityPub::TagManager for better URL/URI generation * Add ActivityPub::TagManager#to * Represent all attachments as Document instead of Image/Video specifically (Because for remote ones we may not know for sure) Add mentions and hashtags representation to AP notes * Add AP-resolvable hashtag URIs * Use ActiveModelSerializers for ActivityPub * Clean up unused translations * Separate route for object and activity * Adjust cc/to matrices * Add to/cc to activities, ensure announce activity embeds target status and not the wrapper status, add "id" to all collections --- app/controllers/accounts_controller.rb | 4 +- app/controllers/activitypub/outboxes_controller.rb | 28 ++++ .../api/activitypub/activities_controller.rb | 27 ---- .../api/activitypub/notes_controller.rb | 19 --- .../api/activitypub/outbox_controller.rb | 69 --------- app/controllers/follower_accounts_controller.rb | 20 +++ app/controllers/following_accounts_controller.rb | 20 +++ app/controllers/statuses_controller.rb | 18 ++- app/controllers/tags_controller.rb | 22 ++- app/helpers/activitystreams2_builder_helper.rb | 8 -- app/lib/activitypub/adapter.rb | 13 ++ app/lib/activitypub/tag_manager.rb | 69 +++++++++ app/presenters/activitypub/collection_presenter.rb | 5 + app/serializers/activitypub/activity_serializer.rb | 27 ++++ app/serializers/activitypub/actor_serializer.rb | 53 +++++++ .../activitypub/collection_serializer.rb | 26 ++++ app/serializers/activitypub/note_serializer.rb | 106 ++++++++++++++ app/views/accounts/show.activitystreams2.rabl | 9 -- app/views/activitypub/base.activitystreams2.rabl | 1 - .../activitypub/intransient.activitystreams2.rabl | 3 - .../types/announce.activitystreams2.rabl | 3 - .../types/collection.activitystreams2.rabl | 3 - .../activitypub/types/create.activitystreams2.rabl | 3 - .../activitypub/types/note.activitystreams2.rabl | 3 - .../types/ordered_collection.activitystreams2.rabl | 3 - .../ordered_collection_page.activitystreams2.rabl | 3 - .../activitypub/types/person.activitystreams2.rabl | 3 - .../activities/_show_status.activitystreams2.rabl | 4 - .../show_status_announce.activitystreams2.rabl | 8 -- .../show_status_create.activitystreams2.rabl | 8 -- .../activitypub/notes/show.activitystreams2.rabl | 11 -- .../activitypub/outbox/show.activitystreams2.rabl | 12 -- .../outbox/show_page.activitystreams2.rabl | 16 --- app/views/well_known/webfinger/show.json.rabl | 6 +- app/views/well_known/webfinger/show.xml.ruby | 5 +- config/initializers/inflections.rb | 2 + config/initializers/mime_types.rb | 5 +- config/locales/ca.yml | 9 -- config/locales/en.yml | 9 -- config/locales/fa.yml | 9 -- config/locales/fr.yml | 9 -- config/locales/he.yml | 9 -- config/locales/id.yml | 9 -- config/locales/ja.yml | 9 -- config/locales/ko.yml | 9 -- config/locales/no.yml | 9 -- config/locales/oc.yml | 9 -- config/locales/pl.yml | 9 -- config/locales/pt-BR.yml | 9 -- config/locales/pt.yml | 9 -- config/locales/th.yml | 9 -- config/locales/tr.yml | 9 -- config/locales/zh-CN.yml | 9 -- config/locales/zh-HK.yml | 9 -- config/routes.rb | 16 +-- spec/controllers/accounts_controller_spec.rb | 2 +- .../api/activitypub/activities_controller_spec.rb | 69 --------- .../api/activitypub/notes_controller_spec.rb | 73 ---------- .../api/activitypub/outbox_controller_spec.rb | 156 --------------------- .../well_known/webfinger_controller_spec.rb | 39 +++--- .../activitystreams2_builder_helper_spec.rb | 15 -- 61 files changed, 443 insertions(+), 725 deletions(-) create mode 100644 app/controllers/activitypub/outboxes_controller.rb delete mode 100644 app/controllers/api/activitypub/activities_controller.rb delete mode 100644 app/controllers/api/activitypub/notes_controller.rb delete mode 100644 app/controllers/api/activitypub/outbox_controller.rb delete mode 100644 app/helpers/activitystreams2_builder_helper.rb create mode 100644 app/lib/activitypub/adapter.rb create mode 100644 app/lib/activitypub/tag_manager.rb create mode 100644 app/presenters/activitypub/collection_presenter.rb create mode 100644 app/serializers/activitypub/activity_serializer.rb create mode 100644 app/serializers/activitypub/actor_serializer.rb create mode 100644 app/serializers/activitypub/collection_serializer.rb create mode 100644 app/serializers/activitypub/note_serializer.rb delete mode 100644 app/views/accounts/show.activitystreams2.rabl delete mode 100644 app/views/activitypub/base.activitystreams2.rabl delete mode 100644 app/views/activitypub/intransient.activitystreams2.rabl delete mode 100644 app/views/activitypub/types/announce.activitystreams2.rabl delete mode 100644 app/views/activitypub/types/collection.activitystreams2.rabl delete mode 100644 app/views/activitypub/types/create.activitystreams2.rabl delete mode 100644 app/views/activitypub/types/note.activitystreams2.rabl delete mode 100644 app/views/activitypub/types/ordered_collection.activitystreams2.rabl delete mode 100644 app/views/activitypub/types/ordered_collection_page.activitystreams2.rabl delete mode 100644 app/views/activitypub/types/person.activitystreams2.rabl delete mode 100644 app/views/api/activitypub/activities/_show_status.activitystreams2.rabl delete mode 100644 app/views/api/activitypub/activities/show_status_announce.activitystreams2.rabl delete mode 100644 app/views/api/activitypub/activities/show_status_create.activitystreams2.rabl delete mode 100644 app/views/api/activitypub/notes/show.activitystreams2.rabl delete mode 100644 app/views/api/activitypub/outbox/show.activitystreams2.rabl delete mode 100644 app/views/api/activitypub/outbox/show_page.activitystreams2.rabl delete mode 100644 spec/controllers/api/activitypub/activities_controller_spec.rb delete mode 100644 spec/controllers/api/activitypub/notes_controller_spec.rb delete mode 100644 spec/controllers/api/activitypub/outbox_controller_spec.rb delete mode 100644 spec/helpers/activitystreams2_builder_helper_spec.rb (limited to 'app/controllers/api') diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb index 69b520df1..a95aabf1d 100644 --- a/app/controllers/accounts_controller.rb +++ b/app/controllers/accounts_controller.rb @@ -16,7 +16,9 @@ class AccountsController < ApplicationController render xml: AtomSerializer.render(AtomSerializer.new.feed(@account, @entries.to_a)) end - format.activitystreams2 + format.json do + render json: @account, serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter + end end end diff --git a/app/controllers/activitypub/outboxes_controller.rb b/app/controllers/activitypub/outboxes_controller.rb new file mode 100644 index 000000000..6a58ccf24 --- /dev/null +++ b/app/controllers/activitypub/outboxes_controller.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +class ActivityPub::OutboxesController < Api::BaseController + before_action :set_account + + def show + @statuses = @account.statuses.permitted_for(@account, current_account).paginate_by_max_id(20, params[:max_id], params[:since_id]) + @statuses = cache_collection(@statuses, Status) + + render json: outbox_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter + end + + private + + def set_account + @account = Account.find_local!(params[:account_username]) + end + + def outbox_presenter + ActivityPub::CollectionPresenter.new( + id: account_outbox_url(@account), + type: :ordered, + current: account_outbox_url(@account), + size: @account.statuses_count, + items: @statuses + ) + end +end diff --git a/app/controllers/api/activitypub/activities_controller.rb b/app/controllers/api/activitypub/activities_controller.rb deleted file mode 100644 index a880ee92f..000000000 --- a/app/controllers/api/activitypub/activities_controller.rb +++ /dev/null @@ -1,27 +0,0 @@ -# frozen_string_literal: true - -class Api::ActivityPub::ActivitiesController < Api::BaseController - include Authorization - - # before_action :set_follow, only: [:show_follow] - before_action :set_status, only: [:show_status] - - respond_to :activitystreams2 - - # Show a status in AS2 format, as either an Announce (reblog) or a Create (post) activity. - def show_status - authorize @status, :show? - - if @status.reblog? - render :show_status_announce - else - render :show_status_create - end - end - - private - - def set_status - @status = Status.find(params[:id]) - end -end diff --git a/app/controllers/api/activitypub/notes_controller.rb b/app/controllers/api/activitypub/notes_controller.rb deleted file mode 100644 index 96652b879..000000000 --- a/app/controllers/api/activitypub/notes_controller.rb +++ /dev/null @@ -1,19 +0,0 @@ -# frozen_string_literal: true - -class Api::ActivityPub::NotesController < Api::BaseController - include Authorization - - before_action :set_status - - respond_to :activitystreams2 - - def show - authorize @status, :show? - end - - private - - def set_status - @status = Status.find(params[:id]) - end -end diff --git a/app/controllers/api/activitypub/outbox_controller.rb b/app/controllers/api/activitypub/outbox_controller.rb deleted file mode 100644 index 1af04cb54..000000000 --- a/app/controllers/api/activitypub/outbox_controller.rb +++ /dev/null @@ -1,69 +0,0 @@ -# frozen_string_literal: true - -class Api::ActivityPub::OutboxController < Api::BaseController - before_action :set_account - - respond_to :activitystreams2 - - def show - if params[:max_id] || params[:since_id] - show_outbox_page - else - show_base_outbox - end - end - - private - - def show_base_outbox - @statuses = Status.as_outbox_timeline(@account) - @statuses = cache_collection(@statuses) - - set_maps(@statuses) - - set_first_last_page(@statuses) - - render :show - end - - def show_outbox_page - all_statuses = Status.as_outbox_timeline(@account) - @statuses = all_statuses.paginate_by_max_id(limit_param(DEFAULT_STATUSES_LIMIT), params[:max_id], params[:since_id]) - - all_statuses = cache_collection(all_statuses) - @statuses = cache_collection(@statuses) - - set_maps(@statuses) - - set_first_last_page(all_statuses) - - @next_page_url = api_activitypub_outbox_url(pagination_params(max_id: @statuses.last.id)) unless @statuses.empty? - @prev_page_url = api_activitypub_outbox_url(pagination_params(since_id: @statuses.first.id)) unless @statuses.empty? - - @paginated = @next_page_url || @prev_page_url - @part_of_url = api_activitypub_outbox_url - - set_pagination_headers(@next_page_url, @prev_page_url) - - render :show_page - end - - def cache_collection(raw) - super(raw, Status) - end - - def set_account - @account = Account.find(params[:id]) - end - - def set_first_last_page(statuses) # rubocop:disable Style/AccessorMethodName - return if statuses.empty? - - @first_page_url = api_activitypub_outbox_url(max_id: statuses.first.id + 1) - @last_page_url = api_activitypub_outbox_url(since_id: statuses.last.id - 1) - end - - def pagination_params(core_params) - params.permit(:local, :limit).merge(core_params) - end -end diff --git a/app/controllers/follower_accounts_controller.rb b/app/controllers/follower_accounts_controller.rb index 1e7c7c406..e58c5ad46 100644 --- a/app/controllers/follower_accounts_controller.rb +++ b/app/controllers/follower_accounts_controller.rb @@ -5,5 +5,25 @@ class FollowerAccountsController < ApplicationController def index @follows = Follow.where(target_account: @account).recent.page(params[:page]).per(FOLLOW_PER_PAGE).preload(:account) + + respond_to do |format| + format.html + + format.json do + render json: collection_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter + end + end + end + + private + + def collection_presenter + ActivityPub::CollectionPresenter.new( + id: account_followers_url(@account), + type: :ordered, + current: account_followers_url(@account), + size: @account.followers_count, + items: @follows.map { |f| ActivityPub::TagManager.instance.uri_for(f.account) } + ) end end diff --git a/app/controllers/following_accounts_controller.rb b/app/controllers/following_accounts_controller.rb index f4488eef5..69f29cd70 100644 --- a/app/controllers/following_accounts_controller.rb +++ b/app/controllers/following_accounts_controller.rb @@ -5,5 +5,25 @@ class FollowingAccountsController < ApplicationController def index @follows = Follow.where(account: @account).recent.page(params[:page]).per(FOLLOW_PER_PAGE).preload(:target_account) + + respond_to do |format| + format.html + + format.json do + render json: collection_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter + end + end + end + + private + + def collection_presenter + ActivityPub::CollectionPresenter.new( + id: account_following_index_url(@account), + type: :ordered, + current: account_following_index_url(@account), + size: @account.following_count, + items: @follows.map { |f| ActivityPub::TagManager.instance.uri_for(f.target_account) } + ) end end diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb index 59c9d0a87..8e0ce0ec3 100644 --- a/app/controllers/statuses_controller.rb +++ b/app/controllers/statuses_controller.rb @@ -11,10 +11,22 @@ class StatusesController < ApplicationController before_action :check_account_suspension def show - @ancestors = @status.reply? ? cache_collection(@status.ancestors(current_account), Status) : [] - @descendants = cache_collection(@status.descendants(current_account), Status) + respond_to do |format| + format.html do + @ancestors = @status.reply? ? cache_collection(@status.ancestors(current_account), Status) : [] + @descendants = cache_collection(@status.descendants(current_account), Status) + + render 'stream_entries/show' + end + + format.json do + render json: @status, serializer: ActivityPub::NoteSerializer, adapter: ActivityPub::Adapter + end + end + end - render 'stream_entries/show' + def activity + render json: @status, serializer: ActivityPub::ActivitySerializer, adapter: ActivityPub::Adapter end private diff --git a/app/controllers/tags_controller.rb b/app/controllers/tags_controller.rb index 53149edf0..8bcce9e13 100644 --- a/app/controllers/tags_controller.rb +++ b/app/controllers/tags_controller.rb @@ -5,7 +5,27 @@ class TagsController < ApplicationController def show @tag = Tag.find_by!(name: params[:id].downcase) - @statuses = @tag.nil? ? [] : Status.as_tag_timeline(@tag, current_account, params[:local]).paginate_by_max_id(20, params[:max_id]) + @statuses = Status.as_tag_timeline(@tag, current_account, params[:local]).paginate_by_max_id(20, params[:max_id]) @statuses = cache_collection(@statuses, Status) + + respond_to do |format| + format.html + + format.json do + render json: collection_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter + end + end + end + + private + + def collection_presenter + ActivityPub::CollectionPresenter.new( + id: tag_url(@tag), + type: :ordered, + current: tag_url(@tag), + size: @tag.statuses.count, + items: @statuses.map { |s| ActivityPub::TagManager.instance.uri_for(s) } + ) end end diff --git a/app/helpers/activitystreams2_builder_helper.rb b/app/helpers/activitystreams2_builder_helper.rb deleted file mode 100644 index 717b470f0..000000000 --- a/app/helpers/activitystreams2_builder_helper.rb +++ /dev/null @@ -1,8 +0,0 @@ -# frozen_string_literal: true - -module Activitystreams2BuilderHelper - # Gets a usable name for an account, using display name or username. - def account_name(account) - account.display_name.presence || account.username - end -end diff --git a/app/lib/activitypub/adapter.rb b/app/lib/activitypub/adapter.rb new file mode 100644 index 000000000..0a70207bc --- /dev/null +++ b/app/lib/activitypub/adapter.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +class ActivityPub::Adapter < ActiveModelSerializers::Adapter::Base + def self.default_key_transform + :camel_lower + end + + def serializable_hash(options = nil) + options = serialization_options(options) + serialized_hash = { '@context': 'https://www.w3.org/ns/activitystreams' }.merge(ActiveModelSerializers::Adapter::Attributes.new(serializer, instance_options).serializable_hash(options)) + self.class.transform_key_casing!(serialized_hash, instance_options) + end +end diff --git a/app/lib/activitypub/tag_manager.rb b/app/lib/activitypub/tag_manager.rb new file mode 100644 index 000000000..ec42bcad3 --- /dev/null +++ b/app/lib/activitypub/tag_manager.rb @@ -0,0 +1,69 @@ +# frozen_string_literal: true + +require 'singleton' + +class ActivityPub::TagManager + include Singleton + include RoutingHelper + + COLLECTIONS = { + public: 'https://www.w3.org/ns/activitystreams#Public', + }.freeze + + def url_for(target) + return target.url if target.respond_to?(:local?) && !target.local? + + case target.object_type + when :person + short_account_url(target) + when :note, :comment, :activity + short_account_status_url(target.account, target) + end + end + + def uri_for(target) + return target.uri if target.respond_to?(:local?) && !target.local? + + case target.object_type + when :person + account_url(target) + when :note, :comment, :activity + account_status_url(target.account, target) + end + end + + # Primary audience of a status + # Public statuses go out to primarily the public collection + # Unlisted and private statuses go out primarily to the followers collection + # Others go out only to the people they mention + def to(status) + case status.visibility + when 'public' + [COLLECTIONS[:public]] + when 'unlisted', 'private' + [account_followers_url(status.account)] + when 'direct' + status.mentions.map { |mention| uri_for(mention.account) } + end + end + + # Secondary audience of a status + # Public statuses go out to followers as well + # Unlisted statuses go to the public as well + # Both of those and private statuses also go to the people mentioned in them + # Direct ones don't have a secondary audience + def cc(status) + cc = [] + + case status.visibility + when 'public' + cc << account_followers_url(status.account) + when 'unlisted' + cc << COLLECTIONS[:public] + end + + cc.concat(status.mentions.map { |mention| uri_for(mention.account) }) unless status.direct_visibility? + + cc + end +end diff --git a/app/presenters/activitypub/collection_presenter.rb b/app/presenters/activitypub/collection_presenter.rb new file mode 100644 index 000000000..6bae2955e --- /dev/null +++ b/app/presenters/activitypub/collection_presenter.rb @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +class ActivityPub::CollectionPresenter < ActiveModelSerializers::Model + attributes :id, :type, :current, :size, :items +end diff --git a/app/serializers/activitypub/activity_serializer.rb b/app/serializers/activitypub/activity_serializer.rb new file mode 100644 index 000000000..69e2160c5 --- /dev/null +++ b/app/serializers/activitypub/activity_serializer.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +class ActivityPub::ActivitySerializer < ActiveModel::Serializer + attributes :id, :type, :actor, :to, :cc + + has_one :proper, key: :object, serializer: ActivityPub::NoteSerializer + + def id + [ActivityPub::TagManager.instance.uri_for(object), '/activity'].join + end + + def type + object.reblog? ? 'Announce' : 'Create' + end + + def actor + ActivityPub::TagManager.instance.uri_for(object.account) + end + + def to + ActivityPub::TagManager.instance.to(object) + end + + def cc + ActivityPub::TagManager.instance.cc(object) + end +end diff --git a/app/serializers/activitypub/actor_serializer.rb b/app/serializers/activitypub/actor_serializer.rb new file mode 100644 index 000000000..56806152e --- /dev/null +++ b/app/serializers/activitypub/actor_serializer.rb @@ -0,0 +1,53 @@ +# frozen_string_literal: true + +class ActivityPub::ActorSerializer < ActiveModel::Serializer + include RoutingHelper + + attributes :id, :type, :following, :followers, + :inbox, :outbox, :preferred_username, + :name, :summary, :icon, :image + + def id + account_url(object) + end + + def type + 'Person' + end + + def following + account_following_index_url(object) + end + + def followers + account_followers_url(object) + end + + def inbox + nil + end + + def outbox + account_outbox_url(object) + end + + def preferred_username + object.username + end + + def name + object.display_name + end + + def summary + Formatter.instance.simplified_format(object) + end + + def icon + full_asset_url(object.avatar.url(:original)) + end + + def image + full_asset_url(object.header.url(:original)) + end +end diff --git a/app/serializers/activitypub/collection_serializer.rb b/app/serializers/activitypub/collection_serializer.rb new file mode 100644 index 000000000..baaba7654 --- /dev/null +++ b/app/serializers/activitypub/collection_serializer.rb @@ -0,0 +1,26 @@ +# frozen_string_literal: true + +class ActivityPub::CollectionSerializer < ActiveModel::Serializer + def self.serializer_for(model, options) + return ActivityPub::ActivitySerializer if model.class.name == 'Status' + super + end + + attributes :id, :type, :total_items, + :current + + has_many :items, key: :ordered_items + + def type + case object.type + when :ordered + 'OrderedCollection' + else + 'Collection' + end + end + + def total_items + object.size + end +end diff --git a/app/serializers/activitypub/note_serializer.rb b/app/serializers/activitypub/note_serializer.rb new file mode 100644 index 000000000..ffdc6175d --- /dev/null +++ b/app/serializers/activitypub/note_serializer.rb @@ -0,0 +1,106 @@ +# frozen_string_literal: true + +class ActivityPub::NoteSerializer < ActiveModel::Serializer + attributes :id, :type, :summary, :content, + :in_reply_to, :published, :url, + :actor, :to, :cc, :sensitive + + has_many :media_attachments, key: :attachment + has_many :virtual_tags, key: :tag + + def id + ActivityPub::TagManager.instance.uri_for(object) + end + + def type + 'Note' + end + + def summary + object.spoiler_text.presence + end + + def content + Formatter.instance.format(object) + end + + def in_reply_to + ActivityPub::TagManager.instance.uri_for(object.thread) if object.reply? + end + + def published + object.created_at.iso8601 + end + + def url + ActivityPub::TagManager.instance.url_for(object) + end + + def actor + ActivityPub::TagManager.instance.uri_for(object.account) + end + + def to + ActivityPub::TagManager.instance.to(object) + end + + def cc + ActivityPub::TagManager.instance.cc(object) + end + + def virtual_tags + object.mentions + object.tags + end + + class MediaAttachmentSerializer < ActiveModel::Serializer + include RoutingHelper + + attributes :type, :media_type, :url + + def type + 'Document' + end + + def media_type + object.file_content_type + end + + def url + object.local? ? full_asset_url(object.file.url(:original, false)) : object.remote_url + end + end + + class MentionSerializer < ActiveModel::Serializer + attributes :type, :href, :name + + def type + 'Mention' + end + + def href + ActivityPub::TagManager.instance.uri_for(object.account) + end + + def name + "@#{object.account.acct}" + end + end + + class TagSerializer < ActiveModel::Serializer + include RoutingHelper + + attributes :type, :href, :name + + def type + 'Hashtag' + end + + def href + tag_url(object) + end + + def name + "##{object.name}" + end + end +end diff --git a/app/views/accounts/show.activitystreams2.rabl b/app/views/accounts/show.activitystreams2.rabl deleted file mode 100644 index 2c0a4ad3a..000000000 --- a/app/views/accounts/show.activitystreams2.rabl +++ /dev/null @@ -1,9 +0,0 @@ -extends 'activitypub/types/person.activitystreams2.rabl' - -object @account - -attributes display_name: :name, username: :preferredUsername, note: :summary - -node(:icon) { |account| full_asset_url(account.avatar.url(:original)) } -node(:image) { |account| full_asset_url(account.header.url(:original)) } -node(:outbox) { |account| api_activitypub_outbox_url(account.id) } diff --git a/app/views/activitypub/base.activitystreams2.rabl b/app/views/activitypub/base.activitystreams2.rabl deleted file mode 100644 index c5e94997a..000000000 --- a/app/views/activitypub/base.activitystreams2.rabl +++ /dev/null @@ -1 +0,0 @@ -node(:'@context') { 'https://www.w3.org/ns/activitystreams' } diff --git a/app/views/activitypub/intransient.activitystreams2.rabl b/app/views/activitypub/intransient.activitystreams2.rabl deleted file mode 100644 index 968e451c2..000000000 --- a/app/views/activitypub/intransient.activitystreams2.rabl +++ /dev/null @@ -1,3 +0,0 @@ -extends 'activitypub/base.activitystreams2.rabl' - -node(:id) { request.original_url } diff --git a/app/views/activitypub/types/announce.activitystreams2.rabl b/app/views/activitypub/types/announce.activitystreams2.rabl deleted file mode 100644 index 4a29aa134..000000000 --- a/app/views/activitypub/types/announce.activitystreams2.rabl +++ /dev/null @@ -1,3 +0,0 @@ -extends 'activitypub/intransient.activitystreams2.rabl' - -node(:type) { 'Announce' } diff --git a/app/views/activitypub/types/collection.activitystreams2.rabl b/app/views/activitypub/types/collection.activitystreams2.rabl deleted file mode 100644 index cc0e532b7..000000000 --- a/app/views/activitypub/types/collection.activitystreams2.rabl +++ /dev/null @@ -1,3 +0,0 @@ -extends 'activitypub/intransient.activitystreams2.rabl' - -node(:type) { 'Collection' } diff --git a/app/views/activitypub/types/create.activitystreams2.rabl b/app/views/activitypub/types/create.activitystreams2.rabl deleted file mode 100644 index e41a056a7..000000000 --- a/app/views/activitypub/types/create.activitystreams2.rabl +++ /dev/null @@ -1,3 +0,0 @@ -extends 'activitypub/intransient.activitystreams2.rabl' - -node(:type) { 'Create' } diff --git a/app/views/activitypub/types/note.activitystreams2.rabl b/app/views/activitypub/types/note.activitystreams2.rabl deleted file mode 100644 index 39c74d4ba..000000000 --- a/app/views/activitypub/types/note.activitystreams2.rabl +++ /dev/null @@ -1,3 +0,0 @@ -extends 'activitypub/intransient.activitystreams2.rabl' - -node(:type) { 'Note' } diff --git a/app/views/activitypub/types/ordered_collection.activitystreams2.rabl b/app/views/activitypub/types/ordered_collection.activitystreams2.rabl deleted file mode 100644 index 2cda6f4d0..000000000 --- a/app/views/activitypub/types/ordered_collection.activitystreams2.rabl +++ /dev/null @@ -1,3 +0,0 @@ -extends 'activitypub/types/collection.activitystreams2.rabl' - -node(:type) { 'OrderedCollection' } diff --git a/app/views/activitypub/types/ordered_collection_page.activitystreams2.rabl b/app/views/activitypub/types/ordered_collection_page.activitystreams2.rabl deleted file mode 100644 index 9937d11e9..000000000 --- a/app/views/activitypub/types/ordered_collection_page.activitystreams2.rabl +++ /dev/null @@ -1,3 +0,0 @@ -extends 'activitypub/types/ordered_collection.activitystreams2.rabl' - -node(:type) { 'OrderedCollectionPage' } diff --git a/app/views/activitypub/types/person.activitystreams2.rabl b/app/views/activitypub/types/person.activitystreams2.rabl deleted file mode 100644 index 487a60791..000000000 --- a/app/views/activitypub/types/person.activitystreams2.rabl +++ /dev/null @@ -1,3 +0,0 @@ -extends 'activitypub/intransient.activitystreams2.rabl' - -node(:type) { 'Person' } diff --git a/app/views/api/activitypub/activities/_show_status.activitystreams2.rabl b/app/views/api/activitypub/activities/_show_status.activitystreams2.rabl deleted file mode 100644 index 472bf5dbd..000000000 --- a/app/views/api/activitypub/activities/_show_status.activitystreams2.rabl +++ /dev/null @@ -1,4 +0,0 @@ -object @status - -node(:actor) { |status| TagManager.instance.url_for(status.account) } -node(:published) { |status| status.created_at.to_time.xmlschema } \ No newline at end of file diff --git a/app/views/api/activitypub/activities/show_status_announce.activitystreams2.rabl b/app/views/api/activitypub/activities/show_status_announce.activitystreams2.rabl deleted file mode 100644 index 44ac1ba2f..000000000 --- a/app/views/api/activitypub/activities/show_status_announce.activitystreams2.rabl +++ /dev/null @@ -1,8 +0,0 @@ -extends 'activitypub/types/announce.activitystreams2.rabl' -extends 'api/activitypub/activities/_show_status.activitystreams2.rabl' - -object @status - -node(:name) { |status| t('activitypub.activity.announce.name', account_name: account_name(status.account)) } -node(:url) { |status| TagManager.instance.url_for(status) } -node(:object) { |status| api_activitypub_status_url(status.reblog_of_id) } diff --git a/app/views/api/activitypub/activities/show_status_create.activitystreams2.rabl b/app/views/api/activitypub/activities/show_status_create.activitystreams2.rabl deleted file mode 100644 index ff4d39eca..000000000 --- a/app/views/api/activitypub/activities/show_status_create.activitystreams2.rabl +++ /dev/null @@ -1,8 +0,0 @@ -extends 'activitypub/types/create.activitystreams2.rabl' -extends 'api/activitypub/activities/_show_status.activitystreams2.rabl' - -object @status - -node(:name) { |status| t('activitypub.activity.create.name', account_name: account_name(status.account)) } -node(:url) { |status| TagManager.instance.url_for(status) } -node(:object) { |status| api_activitypub_note_url(status) } diff --git a/app/views/api/activitypub/notes/show.activitystreams2.rabl b/app/views/api/activitypub/notes/show.activitystreams2.rabl deleted file mode 100644 index d962f4438..000000000 --- a/app/views/api/activitypub/notes/show.activitystreams2.rabl +++ /dev/null @@ -1,11 +0,0 @@ -extends 'activitypub/types/note.activitystreams2.rabl' - -object @status - -attributes :content - -node(:name) { |status| status.content } -node(:url) { |status| TagManager.instance.url_for(status) } -node(:attributedTo) { |status| TagManager.instance.url_for(status.account) } -node(:inReplyTo) { |status| api_activitypub_note_url(status.thread) } if @status.thread -node(:published) { |status| status.created_at.to_time.xmlschema } diff --git a/app/views/api/activitypub/outbox/show.activitystreams2.rabl b/app/views/api/activitypub/outbox/show.activitystreams2.rabl deleted file mode 100644 index 273b15e82..000000000 --- a/app/views/api/activitypub/outbox/show.activitystreams2.rabl +++ /dev/null @@ -1,12 +0,0 @@ -extends 'activitypub/types/ordered_collection.activitystreams2.rabl' - -object @account - -node(:totalItems) { @statuses.count } -node(:current) { @first_page_url } if @first_page_url -node(:first) { @first_page_url } if @first_page_url -node(:last) { @last_page_url } if @last_page_url - -node(:name) { |account| t('activitypub.outbox.name', account_name: account_name(account)) } -node(:summary) { |account| t('activitypub.outbox.summary', account_name: account_name(account)) } -node(:updated) { |account| (@statuses.empty? ? account.created_at.to_time : @statuses.first.updated_at.to_time).xmlschema } diff --git a/app/views/api/activitypub/outbox/show_page.activitystreams2.rabl b/app/views/api/activitypub/outbox/show_page.activitystreams2.rabl deleted file mode 100644 index b6433ccf2..000000000 --- a/app/views/api/activitypub/outbox/show_page.activitystreams2.rabl +++ /dev/null @@ -1,16 +0,0 @@ -extends 'activitypub/types/ordered_collection_page.activitystreams2.rabl' - -object @account - -node(:items) do - @statuses.map { |status| api_activitypub_status_url(status) } -end - -node(:next) { @next_page_url } if @next_page_url -node(:prev) { @prev_page_url } if @prev_page_url -node(:current) { @first_page_url } if @first_page_url -node(:first) { @first_page_url } if @first_page_url -node(:last) { @last_page_url } if @last_page_url -node(:partOf) { @part_of_url } if @part_of_url - -node(:updated) { |account| (@statuses.empty? ? account.created_at.to_time : @statuses.first.updated_at.to_time).xmlschema } diff --git a/app/views/well_known/webfinger/show.json.rabl b/app/views/well_known/webfinger/show.json.rabl index 123d1d11a..af11cd207 100644 --- a/app/views/well_known/webfinger/show.json.rabl +++ b/app/views/well_known/webfinger/show.json.rabl @@ -3,14 +3,14 @@ object @account node(:subject) { @canonical_account_uri } node(:aliases) do - [TagManager.instance.url_for(@account), TagManager.instance.uri_for(@account)] + [short_account_url(@account), account_url(@account)] end node(:links) do [ - { rel: 'http://webfinger.net/rel/profile-page', type: 'text/html', href: TagManager.instance.url_for(@account) }, + { rel: 'http://webfinger.net/rel/profile-page', type: 'text/html', href: account_url(@account) }, { rel: 'http://schemas.google.com/g/2010#updates-from', type: 'application/atom+xml', href: account_url(@account, format: 'atom') }, - { rel: 'self', type: 'application/activity+json', href: TagManager.instance.url_for(@account) }, + { rel: 'self', type: 'application/activity+json', href: account_url(@account) }, { rel: 'salmon', href: api_salmon_url(@account.id) }, { rel: 'magic-public-key', href: "data:application/magic-public-key,#{@magic_key}" }, { rel: 'http://ostatus.org/schema/1.0/subscribe', template: "#{authorize_follow_url}?acct={uri}" }, diff --git a/app/views/well_known/webfinger/show.xml.ruby b/app/views/well_known/webfinger/show.xml.ruby index fc0ab5b84..844742d68 100644 --- a/app/views/well_known/webfinger/show.xml.ruby +++ b/app/views/well_known/webfinger/show.xml.ruby @@ -1,10 +1,11 @@ Nokogiri::XML::Builder.new do |xml| xml.XRD(xmlns: 'http://docs.oasis-open.org/ns/xri/xrd-1.0') do xml.Subject @canonical_account_uri - xml.Alias TagManager.instance.url_for(@account) - xml.Alias TagManager.instance.uri_for(@account) + xml.Alias short_account_url(@account) + xml.Alias account_url(@account) xml.Link(rel: 'http://webfinger.net/rel/profile-page', type: 'text/html', href: TagManager.instance.url_for(@account)) xml.Link(rel: 'http://schemas.google.com/g/2010#updates-from', type: 'application/atom+xml', href: account_url(@account, format: 'atom')) + xml.Link(rel: 'self', type: 'application/activity+json', href: account_url(@account)) xml.Link(rel: 'salmon', href: api_salmon_url(@account.id)) xml.Link(rel: 'magic-public-key', href: "data:application/magic-public-key,#{@magic_key}") xml.Link(rel: 'http://ostatus.org/schema/1.0/subscribe', template: "#{authorize_follow_url}?acct={uri}") diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb index a7b1ef690..26275d092 100644 --- a/config/initializers/inflections.rb +++ b/config/initializers/inflections.rb @@ -14,4 +14,6 @@ ActiveSupport::Inflector.inflections(:en) do |inflect| inflect.acronym 'StatsD' inflect.acronym 'OEmbed' inflect.acronym 'ActivityPub' + inflect.acronym 'PubSubHubbub' + inflect.acronym 'ActivityStreams' end diff --git a/config/initializers/mime_types.rb b/config/initializers/mime_types.rb index b1b73c846..30e91ad63 100644 --- a/config/initializers/mime_types.rb +++ b/config/initializers/mime_types.rb @@ -1,5 +1,4 @@ # Be sure to restart your server when you modify this file. -Mime::Type.register "application/json", :json, %w( text/x-json application/jsonrequest application/jrd+json ) -Mime::Type.register "text/xml", :xml, %w( application/xml application/atom+xml application/xrd+xml ) -Mime::Type.register "application/activity+json", :activitystreams2 +Mime::Type.register 'application/json', :json, %w(text/x-json application/jsonrequest application/jrd+json application/activity+json) +Mime::Type.register 'text/xml', :xml, %w(application/xml application/atom+xml application/xrd+xml) diff --git a/config/locales/ca.yml b/config/locales/ca.yml index f63aee3e6..0ba893a12 100644 --- a/config/locales/ca.yml +++ b/config/locales/ca.yml @@ -30,15 +30,6 @@ ca: remote_follow: Seguir reserved_username: El nom d'usuari està reservat unfollow: Deixar de seguir - activitypub: - activity: - announce: - name: "%{account_name} shared an activity." - create: - name: "%{account_name} created a note." - outbox: - name: "%{account_name}'s Outbox" - summary: A collection of activities from user %{account_name}. admin: accounts: are_you_sure: Estàs segur? diff --git a/config/locales/en.yml b/config/locales/en.yml index 79efddfad..be1f15e25 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -44,15 +44,6 @@ en: remote_follow: Remote follow reserved_username: The username is reserved unfollow: Unfollow - activitypub: - activity: - announce: - name: "%{account_name} shared an activity." - create: - name: "%{account_name} created a note." - outbox: - name: "%{account_name}'s Outbox" - summary: A collection of activities from user %{account_name}. admin: accounts: are_you_sure: Are you sure? diff --git a/config/locales/fa.yml b/config/locales/fa.yml index ade76d670..218d859bb 100644 --- a/config/locales/fa.yml +++ b/config/locales/fa.yml @@ -29,15 +29,6 @@ fa: posts: نوشته remote_follow: پیگیری غیرمستقیم unfollow: پایان پیگیری - activitypub: - activity: - announce: - name: "%{account_name} فعالیتی آغاز کرد." - create: - name: "%{account_name} یادداشتی نوشت." - outbox: - name: صندوق خروجی %{account_name} - summary: مجموعه‌ای از فعالیت‌های کاربر %{account_name}. admin: accounts: are_you_sure: آیا مطمئن هستید؟ diff --git a/config/locales/fr.yml b/config/locales/fr.yml index cba217651..65e681b20 100644 --- a/config/locales/fr.yml +++ b/config/locales/fr.yml @@ -30,15 +30,6 @@ fr: remote_follow: Suivre à distance reserved_username: Ce nom d’utilisateur⋅ice est réservé unfollow: Ne plus suivre - activitypub: - activity: - announce: - name: "%{account_name} a partagé une activité." - create: - name: "%{account_name} a créé une note." - outbox: - name: Boîte d’envoi de %{account_name} - summary: Liste d’activités de %{account_name} admin: accounts: are_you_sure: Êtes-vous certain⋅e ? diff --git a/config/locales/he.yml b/config/locales/he.yml index 21f8f1dc4..251b6914e 100644 --- a/config/locales/he.yml +++ b/config/locales/he.yml @@ -29,15 +29,6 @@ he: posts: הודעות remote_follow: מעקב מרחוק unfollow: הפסקת מעקב - activitypub: - activity: - announce: - name: הודעה שותפה על ידי %{account_name}. - create: - name: הודעה חדשה מאת %{account_name}. - outbox: - name: תיבת הדוא"ל היוצא של %{account_name} - summary: אוסף הפעילויות של %{account_name}. admin: accounts: are_you_sure: בטוח? diff --git a/config/locales/id.yml b/config/locales/id.yml index e3fe96331..7bda52c78 100644 --- a/config/locales/id.yml +++ b/config/locales/id.yml @@ -29,15 +29,6 @@ id: posts: Postingan remote_follow: Mengikuti unfollow: Berhenti mengikuti - activitypub: - activity: - announce: - name: "%{account_name} membagikan aktivitas." - create: - name: "%{account_name} membuat catatan." - outbox: - name: "%{account_name} Outbox" - summary: Koleksi aktivitas dari pengguna %{account_name}. admin: accounts: are_you_sure: Anda yakin? diff --git a/config/locales/ja.yml b/config/locales/ja.yml index 37d82a205..fda87526d 100644 --- a/config/locales/ja.yml +++ b/config/locales/ja.yml @@ -30,15 +30,6 @@ ja: remote_follow: リモートフォロー reserved_username: このユーザー名は予約されています。 unfollow: フォロー解除 - activitypub: - activity: - announce: - name: "%{account_name} さんがアクティビティをシェアしました" - create: - name: "%{account_name} さんがノートを作成しました" - outbox: - name: "%{account_name} さんの送信トレイ" - summary: "%{account_name} さんからのアクティビティコレクション" admin: accounts: are_you_sure: 本当に実行しますか? diff --git a/config/locales/ko.yml b/config/locales/ko.yml index bafc19993..c7c310cfe 100644 --- a/config/locales/ko.yml +++ b/config/locales/ko.yml @@ -30,15 +30,6 @@ ko: remote_follow: 리모트 팔로우 reserved_username: 이 아이디는 예약되어 있습니다. unfollow: 팔로우 해제 - activitypub: - activity: - announce: - name: "%{account_name} 님이 액티비티를 공유했습니다" - create: - name: "%{account_name} 님이 노트를 작성했습니다" - outbox: - name: "%{account_name} 님의 송신함" - summary: "%{account_name} 님의 액티비티 모음" admin: accounts: are_you_sure: 정말로 실행하시겠습니까? diff --git a/config/locales/no.yml b/config/locales/no.yml index 004e1ff80..cf94524d2 100644 --- a/config/locales/no.yml +++ b/config/locales/no.yml @@ -29,15 +29,6 @@ posts: Poster remote_follow: Følg fra andre instanser unfollow: Avfølg - activitypub: - activity: - announce: - name: "%{account_name} delte en aktivitet." - create: - name: "%{account_name} laget en aktivitet." - outbox: - name: "%{account_name} sin utboks" - summary: En samling aktiviteter fra brukeren %{account_name}. admin: accounts: are_you_sure: Er du sikker? diff --git a/config/locales/oc.yml b/config/locales/oc.yml index 91a6ca791..2eb85be58 100644 --- a/config/locales/oc.yml +++ b/config/locales/oc.yml @@ -29,15 +29,6 @@ oc: posts: Estatuts remote_follow: Sègre a distància unfollow: Quitar de sègre - activitypub: - activity: - announce: - name: "%{account_name} a partejat una activitat." - create: - name: "%{account_name} a creat una nòta." - outbox: - name: "%{account_name}'s Outbox" - summary: A collection of activities from user %{account_name}. admin: accounts: are_you_sure: Sètz segur ? diff --git a/config/locales/pl.yml b/config/locales/pl.yml index 9ee6c0540..6f2831670 100644 --- a/config/locales/pl.yml +++ b/config/locales/pl.yml @@ -44,15 +44,6 @@ pl: remote_follow: Zdalne śledzenie reserved_username: Ta nazwa użytkownika jest zarezerwowana. unfollow: Przestań śledzić - activitypub: - activity: - announce: - name: "%{account_name} udostępnił(a) aktywność." - create: - name: "%{account_name} utworzył(a) wpis." - outbox: - name: Skrzynka %{account_name} - summary: Zbiór aktywności użytkownika %{account_name}. admin: accounts: are_you_sure: Jesteś tego pewien? diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml index 355c20d05..5ba763ae4 100644 --- a/config/locales/pt-BR.yml +++ b/config/locales/pt-BR.yml @@ -29,15 +29,6 @@ pt-BR: posts: Posts remote_follow: Acesso remoto unfollow: Unfollow - activitypub: - activity: - announce: - name: "%{account_name} compartilhou uma atividade." - create: - name: "%{account_name} criou uma nota." - outbox: - name: "%{account_name}'s Outbox" - summary: Uma coleção de atividades do usuário %{account_name}. admin: accounts: are_you_sure: Você tem certeza? diff --git a/config/locales/pt.yml b/config/locales/pt.yml index 40be8a6c5..346fcdda8 100644 --- a/config/locales/pt.yml +++ b/config/locales/pt.yml @@ -29,15 +29,6 @@ pt: posts: Posts remote_follow: Seguir remotamente unfollow: Deixar de seguir - activitypub: - activity: - announce: - name: "%{account_name} anunciou uma atividade." - create: - name: "%{account_name} criou uma nota." - outbox: - name: "%{account_name}'s Outbox" - summary: Uma coleção de atividades do usuário %{account_name}. admin: accounts: are_you_sure: Tens a certeza? diff --git a/config/locales/th.yml b/config/locales/th.yml index 263babdd0..17eb96110 100644 --- a/config/locales/th.yml +++ b/config/locales/th.yml @@ -29,15 +29,6 @@ th: posts: โพสต์ remote_follow: Remote follow unfollow: เลิกติดตาม - activitypub: - activity: - announce: - name: "%{account_name} แชร์กิจกรรม." - create: - name: "%{account_name} สร้างโน๊ต." - outbox: - name: "%{account_name}'s Outbox" - summary: รวมกิจกรรมของผู้ใช้ %{account_name}. admin: accounts: are_you_sure: แน่ใจนะ? diff --git a/config/locales/tr.yml b/config/locales/tr.yml index e7864cc57..bb83991cd 100644 --- a/config/locales/tr.yml +++ b/config/locales/tr.yml @@ -29,15 +29,6 @@ tr: posts: Gönderiler remote_follow: Uzaktan takip et unfollow: Takibi bırak - activitypub: - activity: - announce: - name: "%{account_name} bir aktivite paylaştı." - create: - name: "%{account_name} bir not oluşturdu." - outbox: - name: "%{account_name}'in Gönderdikleri" - summary: "%{account_name}'den gelen aktiviteler." admin: accounts: are_you_sure: Emin misiniz? diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml index 650d4bd15..0526ec1ba 100644 --- a/config/locales/zh-CN.yml +++ b/config/locales/zh-CN.yml @@ -29,15 +29,6 @@ zh-CN: posts: 嘟文 remote_follow: 跨站关注 unfollow: 取消关注 - activitypub: - activity: - announce: - name: "%{account_name} 分享了一个活动。" - create: - name: "%{account_name} 创建了一个记事。" - outbox: - name: "%{account_name} 的集合" - summary: "%{account_name} 的活动集合" admin: accounts: are_you_sure: 你确定吗? diff --git a/config/locales/zh-HK.yml b/config/locales/zh-HK.yml index d2db78be1..06f9ab63d 100644 --- a/config/locales/zh-HK.yml +++ b/config/locales/zh-HK.yml @@ -29,15 +29,6 @@ zh-HK: posts: 文章 remote_follow: 跨站關注 unfollow: 取消關注 - activitypub: - activity: - announce: - name: "%{account_name} 分享了一項活動。" - create: - name: "%{account_name} 新增了一篇筆記。" - outbox: - name: "%{account_name} 的活動" - summary: "%{account_name} 分享的活動列表。" admin: accounts: are_you_sure: 你確定嗎? diff --git a/config/routes.rb b/config/routes.rb index 9171d02d4..dda3534eb 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -26,7 +26,7 @@ Rails.application.routes.draw do confirmations: 'auth/confirmations', } - get '/users/:username', to: redirect('/@%{username}'), constraints: { format: :html } + get '/users/:username', to: redirect('/@%{username}'), constraints: lambda { |req| req.format.nil? } resources :accounts, path: 'users', only: [:show], param: :username do resources :stream_entries, path: 'updates', only: [:show] do @@ -38,10 +38,17 @@ Rails.application.routes.draw do get :remote_follow, to: 'remote_follow#new' post :remote_follow, to: 'remote_follow#create' + resources :statuses, only: [:show] do + member do + get :activity + end + end + resources :followers, only: [:index], controller: :follower_accounts resources :following, only: [:index], controller: :following_accounts resource :follow, only: [:create], controller: :account_follow resource :unfollow, only: [:create], controller: :account_unfollow + resource :outbox, only: [:show], module: :activitypub end get '/@:username', to: 'accounts#show', as: :short_account @@ -119,13 +126,6 @@ Rails.application.routes.draw do # OEmbed get '/oembed', to: 'oembed#show', as: :oembed - # ActivityPub - namespace :activitypub do - get '/users/:id/outbox', to: 'outbox#show', as: :outbox - get '/statuses/:id', to: 'activities#show_status', as: :status - resources :notes, only: [:show] - end - # JSON / REST API namespace :v1 do resources :statuses, only: [:create, :show, :destroy] do diff --git a/spec/controllers/accounts_controller_spec.rb b/spec/controllers/accounts_controller_spec.rb index 447e2dd53..d61c8c9bd 100644 --- a/spec/controllers/accounts_controller_spec.rb +++ b/spec/controllers/accounts_controller_spec.rb @@ -38,7 +38,7 @@ RSpec.describe AccountsController, type: :controller do context 'activitystreams2' do before do - get :show, params: { username: alice.username }, format: 'activitystreams2' + get :show, params: { username: alice.username }, format: 'json' end it 'assigns @account' do diff --git a/spec/controllers/api/activitypub/activities_controller_spec.rb b/spec/controllers/api/activitypub/activities_controller_spec.rb deleted file mode 100644 index 07df28ac2..000000000 --- a/spec/controllers/api/activitypub/activities_controller_spec.rb +++ /dev/null @@ -1,69 +0,0 @@ -require 'rails_helper' - -RSpec.describe Api::ActivityPub::ActivitiesController, type: :controller do - render_views - - let(:user) { Fabricate(:user, account: Fabricate(:account, username: 'alice')) } - - describe 'GET #show' do - describe 'normal status' do - public_status = nil - - before do - public_status = Fabricate(:status, account: user.account, text: 'Hello world', visibility: :public) - - @request.env['HTTP_ACCEPT'] = 'application/activity+json' - get :show_status, params: { id: public_status.id } - end - - it 'returns http success' do - expect(response).to have_http_status(:success) - end - - it 'sets Content-Type header to AS2' do - expect(response.header['Content-Type']).to include 'application/activity+json' - end - - it 'returns http success' do - json_data = JSON.parse(response.body) - expect(json_data).to include('@context' => 'https://www.w3.org/ns/activitystreams') - expect(json_data).to include('type' => 'Create') - expect(json_data).to include('id' => @request.url) - expect(json_data).to include('type' => 'Create') - expect(json_data).to include('object' => api_activitypub_note_url(public_status)) - expect(json_data).to include('url' => TagManager.instance.url_for(public_status)) - end - end - - describe 'reblog' do - original = nil - reblog = nil - - before do - original = Fabricate(:status, account: user.account, text: 'Hello world', visibility: :public) - reblog = Fabricate(:status, account: user.account, reblog_of_id: original.id, visibility: :public) - - @request.env['HTTP_ACCEPT'] = 'application/activity+json' - get :show_status, params: { id: reblog.id } - end - - it 'returns http success' do - expect(response).to have_http_status(:success) - end - - it 'sets Content-Type header to AS2' do - expect(response.header['Content-Type']).to include 'application/activity+json' - end - - it 'returns http success' do - json_data = JSON.parse(response.body) - expect(json_data).to include('@context' => 'https://www.w3.org/ns/activitystreams') - expect(json_data).to include('type' => 'Announce') - expect(json_data).to include('id' => @request.url) - expect(json_data).to include('type' => 'Announce') - expect(json_data).to include('object' => api_activitypub_status_url(original)) - expect(json_data).to include('url' => TagManager.instance.url_for(reblog)) - end - end - end -end diff --git a/spec/controllers/api/activitypub/notes_controller_spec.rb b/spec/controllers/api/activitypub/notes_controller_spec.rb deleted file mode 100644 index a0f05dc65..000000000 --- a/spec/controllers/api/activitypub/notes_controller_spec.rb +++ /dev/null @@ -1,73 +0,0 @@ -require 'rails_helper' - -RSpec.describe Api::ActivityPub::NotesController, type: :controller do - render_views - - let(:user_alice) { Fabricate(:user, account: Fabricate(:account, username: 'alice')) } - let(:user_bob) { Fabricate(:user, account: Fabricate(:account, username: 'bob')) } - - describe 'GET #show' do - describe 'normal status' do - public_status = nil - - before do - public_status = Fabricate(:status, account: user_alice.account, text: 'Hello world', visibility: :public) - - @request.env['HTTP_ACCEPT'] = 'application/activity+json' - get :show, params: { id: public_status.id } - end - - it 'returns http success' do - expect(response).to have_http_status(:success) - end - - it 'sets Content-Type header to AS2' do - expect(response.header['Content-Type']).to include 'application/activity+json' - end - - it 'returns http success' do - json_data = JSON.parse(response.body) - expect(json_data).to include('@context' => 'https://www.w3.org/ns/activitystreams') - expect(json_data).to include('type' => 'Note') - expect(json_data).to include('id' => @request.url) - expect(json_data).to include('name' => 'Hello world') - expect(json_data).to include('content' => 'Hello world') - expect(json_data).to include('published') - expect(json_data).to include('url' => TagManager.instance.url_for(public_status)) - end - end - - describe 'reply' do - original = nil - reply = nil - - before do - original = Fabricate(:status, account: user_alice.account, text: 'Hello world', visibility: :public) - reply = Fabricate(:status, account: user_bob.account, text: 'Hello world', in_reply_to_id: original.id, visibility: :public) - - @request.env['HTTP_ACCEPT'] = 'application/activity+json' - get :show, params: { id: reply.id } - end - - it 'returns http success' do - expect(response).to have_http_status(:success) - end - - it 'sets Content-Type header to AS2' do - expect(response.header['Content-Type']).to include 'application/activity+json' - end - - it 'returns http success' do - json_data = JSON.parse(response.body) - expect(json_data).to include('@context' => 'https://www.w3.org/ns/activitystreams') - expect(json_data).to include('type' => 'Note') - expect(json_data).to include('id' => @request.url) - expect(json_data).to include('name' => 'Hello world') - expect(json_data).to include('content' => 'Hello world') - expect(json_data).to include('published') - expect(json_data).to include('url' => TagManager.instance.url_for(reply)) - expect(json_data).to include('inReplyTo' => api_activitypub_note_url(original)) - end - end - end -end diff --git a/spec/controllers/api/activitypub/outbox_controller_spec.rb b/spec/controllers/api/activitypub/outbox_controller_spec.rb deleted file mode 100644 index 049cf451d..000000000 --- a/spec/controllers/api/activitypub/outbox_controller_spec.rb +++ /dev/null @@ -1,156 +0,0 @@ -require 'rails_helper' - -RSpec.describe Api::ActivityPub::OutboxController, type: :controller do - render_views - - let(:user) { Fabricate(:user, account: Fabricate(:account, username: 'alice')) } - - describe 'GET #show' do - before do - @request.headers['ACCEPT'] = 'application/activity+json' - end - - describe 'collection with small number of statuses' do - public_status = nil - - before do - public_status = Fabricate(:status, account: user.account, text: 'Hello world', visibility: :public) - Fabricate(:status, account: user.account, text: 'Hello world', visibility: :private) - Fabricate(:status, account: user.account, text: 'Hello world', visibility: :unlisted) - Fabricate(:status, account: user.account, text: 'Hello world', visibility: :direct) - - get :show, params: { id: user.account.id } - end - - it 'returns http success' do - expect(response).to have_http_status(:success) - end - - it 'sets Content-Type header to AS2' do - expect(response.header['Content-Type']).to include 'application/activity+json' - end - - it 'returns AS2 JSON body' do - json_data = JSON.parse(response.body) - expect(json_data).to include('@context' => 'https://www.w3.org/ns/activitystreams') - expect(json_data).to include('id' => @request.url) - expect(json_data).to include('type' => 'OrderedCollection') - expect(json_data).to include('totalItems' => 1) - expect(json_data).to include('current') - expect(json_data).to include('first') - expect(json_data).to include('last') - end - end - - describe 'collection with large number of statuses' do - before do - 30.times do - Fabricate(:status, account: user.account, text: 'Hello world', visibility: :public) - end - - Fabricate(:status, account: user.account, text: 'Hello world', visibility: :private) - Fabricate(:status, account: user.account, text: 'Hello world', visibility: :unlisted) - Fabricate(:status, account: user.account, text: 'Hello world', visibility: :direct) - - get :show, params: { id: user.account.id } - end - - it 'returns http success' do - expect(response).to have_http_status(:success) - end - - it 'sets Content-Type header to AS2' do - expect(response.header['Content-Type']).to include 'application/activity+json' - end - - it 'returns AS2 JSON body' do - json_data = JSON.parse(response.body) - expect(json_data).to include('@context' => 'https://www.w3.org/ns/activitystreams') - expect(json_data).to include('id' => @request.url) - expect(json_data).to include('type' => 'OrderedCollection') - expect(json_data).to include('totalItems' => 30) - expect(json_data).to include('current') - expect(json_data).to include('first') - expect(json_data).to include('last') - end - end - - describe 'page with small number of statuses' do - statuses = [] - - before do - 5.times do - statuses << Fabricate(:status, account: user.account, text: 'Hello world', visibility: :public) - end - - Fabricate(:status, account: user.account, text: 'Hello world', visibility: :private) - Fabricate(:status, account: user.account, text: 'Hello world', visibility: :unlisted) - Fabricate(:status, account: user.account, text: 'Hello world', visibility: :direct) - - get :show, params: { id: user.account.id, max_id: statuses.last.id + 1 } - end - - it 'returns http success' do - expect(response).to have_http_status(:success) - end - - it 'sets Content-Type header to AS2' do - expect(response.header['Content-Type']).to include 'application/activity+json' - end - - it 'returns AS2 JSON body' do - json_data = JSON.parse(response.body) - expect(json_data).to include('@context' => 'https://www.w3.org/ns/activitystreams') - expect(json_data).to include('id' => @request.url) - expect(json_data).to include('type' => 'OrderedCollectionPage') - expect(json_data).to include('partOf') - expect(json_data).to include('items') - expect(json_data['items'].length).to eq(5) - expect(json_data).to include('prev') - expect(json_data).to include('next') - expect(json_data).to include('current') - expect(json_data).to include('first') - expect(json_data).to include('last') - end - end - - describe 'page with large number of statuses' do - statuses = [] - - before do - 30.times do - statuses << Fabricate(:status, account: user.account, text: 'Hello world', visibility: :public) - end - - Fabricate(:status, account: user.account, text: 'Hello world', visibility: :private) - Fabricate(:status, account: user.account, text: 'Hello world', visibility: :unlisted) - Fabricate(:status, account: user.account, text: 'Hello world', visibility: :direct) - - get :show, params: { id: user.account.id, max_id: statuses.last.id + 1 } - end - - it 'returns http success' do - expect(response).to have_http_status(:success) - end - - it 'sets Content-Type header to AS2' do - expect(response.header['Content-Type']).to include 'application/activity+json' - end - - it 'returns AS2 JSON body' do - json_data = JSON.parse(response.body) - expect(json_data).to include('@context' => 'https://www.w3.org/ns/activitystreams') - expect(json_data).to include('id' => @request.url) - expect(json_data).to include('type' => 'OrderedCollectionPage') - expect(json_data).to include('partOf') - expect(json_data).to include('items') - expect(json_data['items'].length).to eq(20) - expect(json_data).to include('prev') - expect(json_data).to include('next') - expect(json_data).to include('current') - expect(json_data).to include('first') - expect(json_data).to include('last') - end - end - end -end diff --git a/spec/controllers/well_known/webfinger_controller_spec.rb b/spec/controllers/well_known/webfinger_controller_spec.rb index 3699efb56..466f87c45 100644 --- a/spec/controllers/well_known/webfinger_controller_spec.rb +++ b/spec/controllers/well_known/webfinger_controller_spec.rb @@ -9,7 +9,7 @@ describe WellKnown::WebfingerController, type: :controller do end before do - alice.private_key = < - - acct:alice@cb6e6126.ngrok.io - https://cb6e6126.ngrok.io/@alice - https://cb6e6126.ngrok.io/users/alice - - - - - - -XML + expect(xml.at_xpath('//xmlns:Subject').content).to eq 'acct:alice@cb6e6126.ngrok.io' + expect(xml.xpath('//xmlns:Alias').map(&:content)).to include('https://cb6e6126.ngrok.io/@alice', 'https://cb6e6126.ngrok.io/users/alice') end it 'returns http not found when account cannot be found' do @@ -80,19 +74,22 @@ XML end it 'returns JSON when account can be found with alternate domains' do - Rails.configuration.x.alternate_domains = ["foo.org"] - username, domain = alice.to_webfinger_s.split("@") + Rails.configuration.x.alternate_domains = ['foo.org'] + username, = alice.to_webfinger_s.split('@') get :show, params: { resource: "#{username}@foo.org" }, format: :json + json = body_as_json + expect(response).to have_http_status(:success) expect(response.content_type).to eq 'application/jrd+json' - expect(response.body).to eq "{\"subject\":\"acct:alice@cb6e6126.ngrok.io\",\"aliases\":[\"https://cb6e6126.ngrok.io/@alice\",\"https://cb6e6126.ngrok.io/users/alice\"],\"links\":[{\"rel\":\"http://webfinger.net/rel/profile-page\",\"type\":\"text/html\",\"href\":\"https://cb6e6126.ngrok.io/@alice\"},{\"rel\":\"http://schemas.google.com/g/2010#updates-from\",\"type\":\"application/atom+xml\",\"href\":\"https://cb6e6126.ngrok.io/users/alice.atom\"},{\"rel\":\"self\",\"type\":\"application/activity+json\",\"href\":\"https://cb6e6126.ngrok.io/@alice\"},{\"rel\":\"salmon\",\"href\":\"#{api_salmon_url(alice.id)}\"},{\"rel\":\"magic-public-key\",\"href\":\"data:application/magic-public-key,RSA.x4D6DyZa3zGa1XLhd_VG1bLGvK-Dmyz93WJfWNezIKeSuJkmA0f2NmoOfLUoumq9szN2Xt0GLDX06tDajdYPPXgLtDG0o1qqTrIJ7UTyYhbo94Wotl9iJvEwa5IjP1Mn00YJ_KvFrzKCm15PC7up6r-NtHsqoYS8X1KAqcbnptU=.AQAB\"},{\"rel\":\"http://ostatus.org/schema/1.0/subscribe\",\"template\":\"https://cb6e6126.ngrok.io/authorize_follow?acct={uri}\"}]}" + expect(json[:subject]).to eq 'acct:alice@cb6e6126.ngrok.io' + expect(json[:aliases]).to include('https://cb6e6126.ngrok.io/@alice', 'https://cb6e6126.ngrok.io/users/alice') end it 'returns http not found when account can not be found with alternate domains' do - Rails.configuration.x.alternate_domains = ["foo.org"] - username, domain = alice.to_webfinger_s.split("@") + Rails.configuration.x.alternate_domains = ['foo.org'] + username, = alice.to_webfinger_s.split('@') get :show, params: { resource: "#{username}@bar.org" }, format: :json diff --git a/spec/helpers/activitystreams2_builder_helper_spec.rb b/spec/helpers/activitystreams2_builder_helper_spec.rb deleted file mode 100644 index 612ce6ad2..000000000 --- a/spec/helpers/activitystreams2_builder_helper_spec.rb +++ /dev/null @@ -1,15 +0,0 @@ -# frozen_string_literal: true - -require 'rails_helper' - -describe Activitystreams2BuilderHelper, type: :helper do - it 'returns display name if present' do - account = Fabricate(:account, display_name: 'display name', username: 'username') - expect(account_name(account)).to eq 'display name' - end - - it 'returns username if display name is not present' do - account = Fabricate(:account, display_name: '', username: 'username') - expect(account_name(account)).to eq 'username' - end -end -- cgit