Implement separate mod activities for feature, lock post (#2716)

[lemmy.git] / crates / apub / src / http / routes.rs

diff --git a/crates/apub/src/http/routes.rs b/crates/apub/src/http/routes.rs
index 1afc3f1e509cbdaa7893d34200f49ac01376f755..4d4941f534d83def72239d750e30a34a87b8e02c 100644 (file)
--- a/crates/apub/src/http/routes.rs
+++ b/crates/apub/src/http/routes.rs
@@ -1,82 +1,84 @@
-use crate::{
-  http::{
-    comment::get_apub_comment,
-    community::{
-      community_inbox,
-      get_apub_community_followers,
-      get_apub_community_http,
-      get_apub_community_inbox,
-      get_apub_community_moderators,
-      get_apub_community_outbox,
-    },
-    get_activity,
-    person::{get_apub_person_http, get_apub_person_inbox, get_apub_person_outbox, person_inbox},
-    post::get_apub_post,
-    shared_inbox,
+use crate::http::{
+  comment::get_apub_comment,
+  community::{
+    community_inbox,
+    get_apub_community_featured,
+    get_apub_community_followers,
+    get_apub_community_http,
+    get_apub_community_moderators,
+    get_apub_community_outbox,
   },
-  APUB_JSON_CONTENT_TYPE,
+  get_activity,
+  person::{get_apub_person_http, get_apub_person_outbox, person_inbox},
+  post::get_apub_post,
+  shared_inbox,
+  site::{get_apub_site_http, get_apub_site_inbox, get_apub_site_outbox},
+};
+use actix_web::{
+  guard::{Guard, GuardContext},
+  http::{header, Method},
+  web,
 };
-use actix_web::*;
 use http_signature_normalization_actix::digest::middleware::VerifyDigest;
-use lemmy_utils::settings::structs::Settings;
 use sha2::{Digest, Sha256};
 
-static APUB_JSON_CONTENT_TYPE_LONG: &str =
-  "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"";
-
 pub fn config(cfg: &mut web::ServiceConfig) {
-  if Settings::get().federation().enabled {
-    println!("federation enabled, host is {}", Settings::get().hostname());
-    let digest_verifier = VerifyDigest::new(Sha256::new());
+  cfg
+    .route("/", web::get().to(get_apub_site_http))
+    .route("/site_outbox", web::get().to(get_apub_site_outbox))
+    .route(
+      "/c/{community_name}",
+      web::get().to(get_apub_community_http),
+    )
+    .route(
+      "/c/{community_name}/followers",
+      web::get().to(get_apub_community_followers),
+    )
+    .route(
+      "/c/{community_name}/outbox",
+      web::get().to(get_apub_community_outbox),
+    )
+    .route(
+      "/c/{community_name}/featured",
+      web::get().to(get_apub_community_featured),
+    )
+    .route(
+      "/c/{community_name}/moderators",
+      web::get().to(get_apub_community_moderators),
+    )
+    .route("/u/{user_name}", web::get().to(get_apub_person_http))
+    .route(
+      "/u/{user_name}/outbox",
+      web::get().to(get_apub_person_outbox),
+    )
+    .route("/post/{post_id}", web::get().to(get_apub_post))
+    .route("/comment/{comment_id}", web::get().to(get_apub_comment))
+    .route("/activities/{type_}/{id}", web::get().to(get_activity));
+
+  cfg.service(
+    web::scope("")
+      .wrap(VerifyDigest::new(Sha256::new()))
+      .guard(InboxRequestGuard)
+      .route("/c/{community_name}/inbox", web::post().to(community_inbox))
+      .route("/u/{user_name}/inbox", web::post().to(person_inbox))
+      .route("/inbox", web::post().to(shared_inbox))
+      .route("/site_inbox", web::post().to(get_apub_site_inbox)),
+  );
+}
 
-    let header_guard_accept = guard::Any(guard::Header("Accept", APUB_JSON_CONTENT_TYPE))
-      .or(guard::Header("Accept", APUB_JSON_CONTENT_TYPE_LONG));
-    let header_guard_content_type =
-      guard::Any(guard::Header("Content-Type", APUB_JSON_CONTENT_TYPE))
-        .or(guard::Header("Content-Type", APUB_JSON_CONTENT_TYPE_LONG));
+/// Without this, things like webfinger or RSS feeds stop working, as all requests seem to get
+/// routed into the inbox service (because it covers the root path). So we filter out anything that
+/// definitely can't be an inbox request (based on Accept header and request method).
+struct InboxRequestGuard;
 
-    cfg
-      .service(
-        web::scope("/")
-          .guard(header_guard_accept)
-          .route(
-            "/c/{community_name}",
-            web::get().to(get_apub_community_http),
-          )
-          .route(
-            "/c/{community_name}/followers",
-            web::get().to(get_apub_community_followers),
-          )
-          .route(
-            "/c/{community_name}/outbox",
-            web::get().to(get_apub_community_outbox),
-          )
-          .route(
-            "/c/{community_name}/inbox",
-            web::get().to(get_apub_community_inbox),
-          )
-          .route(
-            "/c/{community_name}/moderators",
-            web::get().to(get_apub_community_moderators),
-          )
-          .route("/u/{user_name}", web::get().to(get_apub_person_http))
-          .route(
-            "/u/{user_name}/outbox",
-            web::get().to(get_apub_person_outbox),
-          )
-          .route("/u/{user_name}/inbox", web::get().to(get_apub_person_inbox))
-          .route("/post/{post_id}", web::get().to(get_apub_post))
-          .route("/comment/{comment_id}", web::get().to(get_apub_comment))
-          .route("/activities/{type_}/{id}", web::get().to(get_activity)),
-      )
-      // Inboxes dont work with the header guard for some reason.
-      .service(
-        web::scope("/")
-          .wrap(digest_verifier)
-          .guard(header_guard_content_type)
-          .route("/c/{community_name}/inbox", web::post().to(community_inbox))
-          .route("/u/{user_name}/inbox", web::post().to(person_inbox))
-          .route("/inbox", web::post().to(shared_inbox)),
-      );
+impl Guard for InboxRequestGuard {
+  fn check(&self, ctx: &GuardContext) -> bool {
+    if ctx.head().method != Method::POST {
+      return false;
+    }
+    if let Some(val) = ctx.head().headers.get(header::CONTENT_TYPE) {
+      return val.as_bytes().starts_with(b"application/");
+    }
+    false
   }
 }