crates/apub/src/http/routes.rs

   1 use crate::http::{
   2   comment::get_apub_comment,
   3   community::{
   4     community_inbox, get_apub_community_followers, get_apub_community_http,
   5     get_apub_community_moderators, get_apub_community_outbox,
   6   },
   7   get_activity,
   8   person::{get_apub_person_http, get_apub_person_outbox, person_inbox},
   9   post::get_apub_post,
  10   shared_inbox,
  11 };
  12 use actix_web::{
  13   guard::{Guard, GuardContext},
  14   http::Method,
  15   web,
  16 };
  17 use http_signature_normalization_actix::digest::middleware::VerifyDigest;
  18 use lemmy_utils::settings::structs::Settings;
  19 use sha2::{Digest, Sha256};
  20
  21 pub fn config(cfg: &mut web::ServiceConfig, settings: &Settings) {
  22   if settings.federation.enabled {
  23     println!("federation enabled, host is {}", settings.hostname);
  24
  25     cfg
  26       .route(
  27         "/c/{community_name}",
  28         web::get().to(get_apub_community_http),
  29       )
  30       .route(
  31         "/c/{community_name}/followers",
  32         web::get().to(get_apub_community_followers),
  33       )
  34       .route(
  35         "/c/{community_name}/outbox",
  36         web::get().to(get_apub_community_outbox),
  37       )
  38       .route(
  39         "/c/{community_name}/moderators",
  40         web::get().to(get_apub_community_moderators),
  41       )
  42       .route("/u/{user_name}", web::get().to(get_apub_person_http))
  43       .route(
  44         "/u/{user_name}/outbox",
  45         web::get().to(get_apub_person_outbox),
  46       )
  47       .route("/post/{post_id}", web::get().to(get_apub_post))
  48       .route("/comment/{comment_id}", web::get().to(get_apub_comment))
  49       .route("/activities/{type_}/{id}", web::get().to(get_activity));
  50
  51     cfg.service(
  52       web::scope("")
  53         .wrap(VerifyDigest::new(Sha256::new()))
  54         .guard(InboxRequestGuard)
  55         .route("/c/{community_name}/inbox", web::post().to(community_inbox))
  56         .route("/u/{user_name}/inbox", web::post().to(person_inbox))
  57         .route("/inbox", web::post().to(shared_inbox)),
  58     );
  59   }
  60 }
  61
  62 /// Without this, things like webfinger or RSS feeds stop working, as all requests seem to get
  63 /// routed into the inbox service (because it covers the root path). So we filter out anything that
  64 /// definitely can't be an inbox request (based on Accept header and request method).
  65 struct InboxRequestGuard;
  66
  67 impl Guard for InboxRequestGuard {
  68   fn check(&self, request: &GuardContext) -> bool {
  69     if request.head().method != Method::POST {
  70       return false;
  71     }
  72     if let Some(val) = request.head().headers.get("Content-Type") {
  73       return val
  74         .to_str()
  75         .expect("Content-Type header contains non-ascii chars.")
  76         .starts_with("application/");
  77     }
  78     false
  79   }
  80 }