crates/apub/src/http/routes.rs

   1 use crate::http::{
   2   comment::get_apub_comment,
   3   community::{
   4     community_inbox,
   5     get_apub_community_followers,
   6     get_apub_community_http,
   7     get_apub_community_moderators,
   8     get_apub_community_outbox,
   9   },
  10   get_activity,
  11   person::{get_apub_person_http, get_apub_person_outbox, person_inbox},
  12   post::get_apub_post,
  13   shared_inbox,
  14   site::{get_apub_site_http, get_apub_site_inbox, get_apub_site_outbox},
  15 };
  16 use actix_web::{
  17   guard::{Guard, GuardContext},
  18   http::{header, Method},
  19   web,
  20 };
  21 use http_signature_normalization_actix::digest::middleware::VerifyDigest;
  22 use lemmy_utils::settings::structs::Settings;
  23 use sha2::{Digest, Sha256};
  24
  25 pub fn config(cfg: &mut web::ServiceConfig, settings: &Settings) {
  26   if settings.federation.enabled {
  27     println!("federation enabled, host is {}", settings.hostname);
  28
  29     cfg
  30       .route("/", web::get().to(get_apub_site_http))
  31       .route("/site_outbox", web::get().to(get_apub_site_outbox))
  32       .route(
  33         "/c/{community_name}",
  34         web::get().to(get_apub_community_http),
  35       )
  36       .route(
  37         "/c/{community_name}/followers",
  38         web::get().to(get_apub_community_followers),
  39       )
  40       .route(
  41         "/c/{community_name}/outbox",
  42         web::get().to(get_apub_community_outbox),
  43       )
  44       .route(
  45         "/c/{community_name}/moderators",
  46         web::get().to(get_apub_community_moderators),
  47       )
  48       .route("/u/{user_name}", web::get().to(get_apub_person_http))
  49       .route(
  50         "/u/{user_name}/outbox",
  51         web::get().to(get_apub_person_outbox),
  52       )
  53       .route("/post/{post_id}", web::get().to(get_apub_post))
  54       .route("/comment/{comment_id}", web::get().to(get_apub_comment))
  55       .route("/activities/{type_}/{id}", web::get().to(get_activity));
  56
  57     cfg.service(
  58       web::scope("")
  59         .wrap(VerifyDigest::new(Sha256::new()))
  60         .guard(InboxRequestGuard)
  61         .route("/c/{community_name}/inbox", web::post().to(community_inbox))
  62         .route("/u/{user_name}/inbox", web::post().to(person_inbox))
  63         .route("/inbox", web::post().to(shared_inbox))
  64         .route("/site_inbox", web::post().to(get_apub_site_inbox)),
  65     );
  66   }
  67 }
  68
  69 /// Without this, things like webfinger or RSS feeds stop working, as all requests seem to get
  70 /// routed into the inbox service (because it covers the root path). So we filter out anything that
  71 /// definitely can't be an inbox request (based on Accept header and request method).
  72 struct InboxRequestGuard;
  73
  74 impl Guard for InboxRequestGuard {
  75   fn check(&self, ctx: &GuardContext) -> bool {
  76     if ctx.head().method != Method::POST {
  77       return false;
  78     }
  79     if let Some(val) = ctx.head().headers.get(header::CONTENT_TYPE) {
  80       return val.as_bytes().starts_with(b"application/");
  81     }
  82     false
  83   }
  84 }