-#[macro_use]
-extern crate lazy_static;
-
-pub mod activities;
-pub mod activity_queue;
-pub mod extensions;
-pub mod fetcher;
-pub mod http;
-pub mod inbox;
-pub mod objects;
-
-use crate::extensions::{
- group_extensions::GroupExtension,
- page_extension::PageExtension,
- signatures::{PublicKey, PublicKeyExtension},
-};
-use activitystreams::{
- activity::Follow,
- actor::{ApActor, Group, Person},
- base::AnyBase,
- object::{ApObject, Note, Page},
+use crate::fetcher::post_or_comment::PostOrComment;
+use activitypub_federation::{
+ core::signatures::PublicKey,
+ traits::{Actor, ApubObject},
+ InstanceSettings,
+ LocalInstance,
};
-use activitystreams_ext::{Ext1, Ext2};
-use anyhow::{anyhow, Context};
-use diesel::NotFound;
-use lemmy_db_queries::{source::activity::Activity_, ApubObject, DbPool};
-use lemmy_db_schema::source::{
- activity::Activity,
- comment::Comment,
- community::Community,
- post::Post,
- private_message::PrivateMessage,
- user::User_,
+use anyhow::Context;
+use diesel::PgConnection;
+use lemmy_api_common::utils::blocking;
+use lemmy_db_schema::{
+ newtypes::DbUrl,
+ source::{activity::Activity, instance::Instance, local_site::LocalSite},
+ utils::DbPool,
};
-use lemmy_structs::blocking;
-use lemmy_utils::{location_info, settings::Settings, LemmyError};
+use lemmy_utils::{error::LemmyError, location_info, settings::structs::Settings};
use lemmy_websocket::LemmyContext;
-use serde::Serialize;
-use std::net::IpAddr;
+use once_cell::sync::{Lazy, OnceCell};
use url::{ParseError, Url};
-/// Activitystreams type for community
-type GroupExt = Ext2<ApActor<ApObject<Group>>, GroupExtension, PublicKeyExtension>;
-/// Activitystreams type for user
-type PersonExt = Ext1<ApActor<ApObject<Person>>, PublicKeyExtension>;
-/// Activitystreams type for post
-type PageExt = Ext1<ApObject<Page>, PageExtension>;
-type NoteExt = ApObject<Note>;
-
-pub static APUB_JSON_CONTENT_TYPE: &str = "application/activity+json";
+pub mod activities;
+pub(crate) mod activity_lists;
+pub(crate) mod collections;
+pub mod fetcher;
+pub mod http;
+pub(crate) mod mentions;
+pub mod objects;
+pub mod protocol;
+
+static CONTEXT: Lazy<Vec<serde_json::Value>> = Lazy::new(|| {
+ serde_json::from_str(include_str!("../assets/lemmy/context.json")).expect("parse context")
+});
+
+// TODO: store this in context? but its only used in this crate, no need to expose it elsewhere
+// TODO this singleton needs to be redone to account for live data.
+fn local_instance(context: &LemmyContext) -> &'static LocalInstance {
+ static LOCAL_INSTANCE: OnceCell<LocalInstance> = OnceCell::new();
+ LOCAL_INSTANCE.get_or_init(|| {
+ let conn = &mut context
+ .pool()
+ .get()
+ .expect("getting connection for LOCAL_INSTANCE init");
+ // Local site may be missing
+ let local_site = &LocalSite::read(conn);
+ let worker_count = local_site
+ .as_ref()
+ .map(|l| l.federation_worker_count)
+ .unwrap_or(64) as u64;
+ let http_fetch_retry_limit = local_site
+ .as_ref()
+ .map(|l| l.federation_http_fetch_retry_limit)
+ .unwrap_or(25);
+ let federation_debug = local_site
+ .as_ref()
+ .map(|l| l.federation_debug)
+ .unwrap_or(true);
+
+ let settings = InstanceSettings::builder()
+ .http_fetch_retry_limit(http_fetch_retry_limit)
+ .worker_count(worker_count)
+ .debug(federation_debug)
+ // TODO No idea why, but you can't pass context.settings() to the verify_url_function closure
+ // without the value getting captured.
+ .http_signature_compat(true)
+ .build()
+ .expect("configure federation");
+ LocalInstance::new(
+ context.settings().hostname.to_owned(),
+ context.client().clone(),
+ settings,
+ )
+ })
+}
/// Checks if the ID is allowed for sending or receiving.
///
/// - URL being in the allowlist (if it is active)
/// - URL not being in the blocklist (if it is active)
///
-/// Note that only one of allowlist and blacklist can be enabled, not both.
-fn check_is_apub_id_valid(apub_id: &Url) -> Result<(), LemmyError> {
- let settings = Settings::get();
- let domain = apub_id.domain().context(location_info!())?.to_string();
- let local_instance = settings.get_hostname_without_port()?;
-
- if !settings.federation.enabled {
- return if domain == local_instance {
- Ok(())
- } else {
- Err(
- anyhow!(
- "Trying to connect with {}, but federation is disabled",
- domain
- )
- .into(),
- )
- };
+/// `use_strict_allowlist` should be true only when parsing a remote community, or when parsing a
+/// post/comment in a local community.
+#[tracing::instrument(skip(settings, local_site_data))]
+// TODO This function needs to be called by incoming activities
+fn check_apub_id_valid(
+ apub_id: &Url,
+ local_site_data: &LocalSiteData,
+ settings: &Settings,
+) -> Result<(), &'static str> {
+ let domain = apub_id.domain().expect("apud id has domain").to_string();
+ let local_instance = settings
+ .get_hostname_without_port()
+ .expect("local hostname is valid");
+ if domain == local_instance {
+ return Ok(());
}
- let host = apub_id.host_str().context(location_info!())?;
- let host_as_ip = host.parse::<IpAddr>();
- if host == "localhost" || host_as_ip.is_ok() {
- return Err(anyhow!("invalid hostname: {:?}", host).into());
+ if !local_site_data
+ .local_site
+ .as_ref()
+ .map(|l| l.federation_enabled)
+ .unwrap_or(true)
+ {
+ return Err("Federation disabled");
}
- if apub_id.scheme() != Settings::get().get_protocol_string() {
- return Err(anyhow!("invalid apub id scheme: {:?}", apub_id.scheme()).into());
+ if apub_id.scheme() != settings.get_protocol_string() {
+ return Err("Invalid protocol scheme");
}
- let mut allowed_instances = Settings::get().get_allowed_instances();
- let blocked_instances = Settings::get().get_blocked_instances();
- if allowed_instances.is_empty() && blocked_instances.is_empty() {
- Ok(())
- } else if !allowed_instances.is_empty() {
- // need to allow this explicitly because apub receive might contain objects from our local
- // instance. split is needed to remove the port in our federation test setup.
- allowed_instances.push(local_instance);
-
- if allowed_instances.contains(&domain) {
- Ok(())
- } else {
- Err(anyhow!("{} not in federation allowlist", domain).into())
+ if let Some(blocked) = local_site_data.blocked_instances.as_ref() {
+ if blocked.contains(&domain) {
+ return Err("Domain is blocked");
}
- } else if !blocked_instances.is_empty() {
- if blocked_instances.contains(&domain) {
- Err(anyhow!("{} is in federation blocklist", domain).into())
- } else {
- Ok(())
+ }
+
+ if let Some(allowed) = local_site_data.allowed_instances.as_ref() {
+ if !allowed.contains(&domain) {
+ return Err("Domain is not in allowlist");
}
- } else {
- panic!("Invalid config, both allowed_instances and blocked_instances are specified");
}
-}
-/// Common functions for ActivityPub objects, which are implemented by most (but not all) objects
-/// and actors in Lemmy.
-#[async_trait::async_trait(?Send)]
-pub trait ApubObjectType {
- async fn send_create(&self, creator: &User_, context: &LemmyContext) -> Result<(), LemmyError>;
- async fn send_update(&self, creator: &User_, context: &LemmyContext) -> Result<(), LemmyError>;
- async fn send_delete(&self, creator: &User_, context: &LemmyContext) -> Result<(), LemmyError>;
- async fn send_undo_delete(
- &self,
- creator: &User_,
- context: &LemmyContext,
- ) -> Result<(), LemmyError>;
- async fn send_remove(&self, mod_: &User_, context: &LemmyContext) -> Result<(), LemmyError>;
- async fn send_undo_remove(&self, mod_: &User_, context: &LemmyContext) -> Result<(), LemmyError>;
+ Ok(())
}
-#[async_trait::async_trait(?Send)]
-pub trait ApubLikeableType {
- async fn send_like(&self, creator: &User_, context: &LemmyContext) -> Result<(), LemmyError>;
- async fn send_dislike(&self, creator: &User_, context: &LemmyContext) -> Result<(), LemmyError>;
- async fn send_undo_like(&self, creator: &User_, context: &LemmyContext)
- -> Result<(), LemmyError>;
+#[derive(Clone)]
+pub(crate) struct LocalSiteData {
+ local_site: Option<LocalSite>,
+ allowed_instances: Option<Vec<String>>,
+ blocked_instances: Option<Vec<String>>,
}
-/// Common methods provided by ActivityPub actors (community and user). Not all methods are
-/// implemented by all actors.
-#[async_trait::async_trait(?Send)]
-pub trait ActorType {
- fn actor_id(&self) -> Url;
-
- // TODO: every actor should have a public key, so this shouldnt be an option (needs to be fixed in db)
- fn public_key(&self) -> Option<String>;
- fn private_key(&self) -> Option<String>;
-
- async fn send_follow(
- &self,
- follow_actor_id: &Url,
- context: &LemmyContext,
- ) -> Result<(), LemmyError>;
- async fn send_unfollow(
- &self,
- follow_actor_id: &Url,
- context: &LemmyContext,
- ) -> Result<(), LemmyError>;
+pub(crate) fn fetch_local_site_data(
+ conn: &mut PgConnection,
+) -> Result<LocalSiteData, diesel::result::Error> {
+ // LocalSite may be missing
+ let local_site = LocalSite::read(conn).ok();
+ let allowed = Instance::allowlist(conn)?;
+ let blocked = Instance::blocklist(conn)?;
+
+ // These can return empty vectors, so convert them to options
+ let allowed_instances = (!allowed.is_empty()).then(|| allowed);
+ let blocked_instances = (!blocked.is_empty()).then(|| blocked);
+
+ Ok(LocalSiteData {
+ local_site,
+ allowed_instances,
+ blocked_instances,
+ })
+}
- async fn send_accept_follow(
- &self,
- follow: Follow,
- context: &LemmyContext,
- ) -> Result<(), LemmyError>;
+#[tracing::instrument(skip(settings, local_site_data))]
+pub(crate) fn check_apub_id_valid_with_strictness(
+ apub_id: &Url,
+ is_strict: bool,
+ local_site_data: &LocalSiteData,
+ settings: &Settings,
+) -> Result<(), LemmyError> {
+ check_apub_id_valid(apub_id, local_site_data, settings).map_err(LemmyError::from_message)?;
+ let domain = apub_id.domain().expect("apud id has domain").to_string();
+ let local_instance = settings
+ .get_hostname_without_port()
+ .expect("local hostname is valid");
+ if domain == local_instance {
+ return Ok(());
+ }
- async fn send_delete(&self, context: &LemmyContext) -> Result<(), LemmyError>;
- async fn send_undo_delete(&self, context: &LemmyContext) -> Result<(), LemmyError>;
+ if let Some(allowed) = local_site_data.allowed_instances.as_ref() {
+ // Only check allowlist if this is a community, or strict allowlist is enabled.
+ let strict_allowlist = local_site_data
+ .local_site
+ .as_ref()
+ .map(|l| l.federation_strict_allowlist)
+ .unwrap_or(true);
+ if is_strict || strict_allowlist {
+ // need to allow this explicitly because apub receive might contain objects from our local
+ // instance.
+ let mut allowed_and_local = allowed.to_owned();
+ allowed_and_local.push(local_instance);
+
+ if !allowed_and_local.contains(&domain) {
+ return Err(LemmyError::from_message(
+ "Federation forbidden by strict allowlist",
+ ));
+ }
+ }
+ }
+ Ok(())
+}
- async fn send_remove(&self, context: &LemmyContext) -> Result<(), LemmyError>;
- async fn send_undo_remove(&self, context: &LemmyContext) -> Result<(), LemmyError>;
+pub enum EndpointType {
+ Community,
+ Person,
+ Post,
+ Comment,
+ PrivateMessage,
+}
- async fn send_announce(
- &self,
- activity: AnyBase,
- context: &LemmyContext,
- ) -> Result<(), LemmyError>;
+/// Generates an apub endpoint for a given domain, IE xyz.tld
+pub fn generate_local_apub_endpoint(
+ endpoint_type: EndpointType,
+ name: &str,
+ domain: &str,
+) -> Result<DbUrl, ParseError> {
+ let point = match endpoint_type {
+ EndpointType::Community => "c",
+ EndpointType::Person => "u",
+ EndpointType::Post => "post",
+ EndpointType::Comment => "comment",
+ EndpointType::PrivateMessage => "private_message",
+ };
+
+ Ok(Url::parse(&format!("{}/{}/{}", domain, point, name))?.into())
+}
- /// For a given community, returns the inboxes of all followers.
- async fn get_follower_inboxes(&self, pool: &DbPool) -> Result<Vec<Url>, LemmyError>;
+pub fn generate_followers_url(actor_id: &DbUrl) -> Result<DbUrl, ParseError> {
+ Ok(Url::parse(&format!("{}/followers", actor_id))?.into())
+}
- // TODO move these to the db rows
- fn get_inbox_url(&self) -> Result<Url, ParseError> {
- Url::parse(&format!("{}/inbox", &self.actor_id()))
- }
+pub fn generate_inbox_url(actor_id: &DbUrl) -> Result<DbUrl, ParseError> {
+ Ok(Url::parse(&format!("{}/inbox", actor_id))?.into())
+}
- fn get_shared_inbox_url(&self) -> Result<Url, LemmyError> {
- let actor_id = self.actor_id();
- let url = format!(
- "{}://{}{}/inbox",
- &actor_id.scheme(),
- &actor_id.host_str().context(location_info!())?,
- if let Some(port) = actor_id.port() {
- format!(":{}", port)
- } else {
- "".to_string()
- },
- );
- Ok(Url::parse(&url)?)
- }
+pub fn generate_site_inbox_url(actor_id: &DbUrl) -> Result<DbUrl, ParseError> {
+ let mut actor_id: Url = actor_id.clone().into();
+ actor_id.set_path("site_inbox");
+ Ok(actor_id.into())
+}
- fn get_outbox_url(&self) -> Result<Url, ParseError> {
- Url::parse(&format!("{}/outbox", &self.actor_id()))
- }
+pub fn generate_shared_inbox_url(actor_id: &DbUrl) -> Result<DbUrl, LemmyError> {
+ let actor_id: Url = actor_id.clone().into();
+ let url = format!(
+ "{}://{}{}/inbox",
+ &actor_id.scheme(),
+ &actor_id.host_str().context(location_info!())?,
+ if let Some(port) = actor_id.port() {
+ format!(":{}", port)
+ } else {
+ "".to_string()
+ },
+ );
+ Ok(Url::parse(&url)?.into())
+}
- fn get_followers_url(&self) -> Result<Url, ParseError> {
- Url::parse(&format!("{}/followers", &self.actor_id()))
- }
+pub fn generate_outbox_url(actor_id: &DbUrl) -> Result<DbUrl, ParseError> {
+ Ok(Url::parse(&format!("{}/outbox", actor_id))?.into())
+}
- fn get_public_key_ext(&self) -> Result<PublicKeyExtension, LemmyError> {
- Ok(
- PublicKey {
- id: format!("{}#main-key", self.actor_id()),
- owner: self.actor_id(),
- public_key_pem: self.public_key().context(location_info!())?,
- }
- .to_ext(),
- )
- }
+fn generate_moderators_url(community_id: &DbUrl) -> Result<DbUrl, LemmyError> {
+ Ok(Url::parse(&format!("{}/moderators", community_id))?.into())
}
/// Store a sent or received activity in the database, for logging purposes. These records are not
/// persistent.
-pub(crate) async fn insert_activity<T>(
+#[tracing::instrument(skip(pool))]
+async fn insert_activity(
ap_id: &Url,
- activity: T,
+ activity: serde_json::Value,
local: bool,
sensitive: bool,
pool: &DbPool,
-) -> Result<(), LemmyError>
-where
- T: Serialize + std::fmt::Debug + Send + 'static,
-{
- let ap_id = ap_id.to_string();
- blocking(pool, move |conn| {
- Activity::insert(conn, ap_id, &activity, local, sensitive)
- })
- .await??;
- Ok(())
-}
-
-pub(crate) enum PostOrComment {
- Comment(Comment),
- Post(Post),
-}
-
-/// Tries to find a post or comment in the local database, without any network requests.
-/// This is used to handle deletions and removals, because in case we dont have the object, we can
-/// simply ignore the activity.
-pub(crate) async fn find_post_or_comment_by_id(
- context: &LemmyContext,
- apub_id: Url,
-) -> Result<PostOrComment, LemmyError> {
- let ap_id = apub_id.clone();
- let post = blocking(context.pool(), move |conn| {
- Post::read_from_apub_id(conn, &ap_id.into())
- })
- .await?;
- if let Ok(p) = post {
- return Ok(PostOrComment::Post(p));
- }
-
- let ap_id = apub_id.clone();
- let comment = blocking(context.pool(), move |conn| {
- Comment::read_from_apub_id(conn, &ap_id.into())
- })
- .await?;
- if let Ok(c) = comment {
- return Ok(PostOrComment::Comment(c));
- }
-
- Err(NotFound.into())
-}
-
-pub(crate) enum Object {
- Comment(Comment),
- Post(Post),
- Community(Community),
- User(User_),
- PrivateMessage(PrivateMessage),
+) -> Result<bool, LemmyError> {
+ let ap_id = ap_id.to_owned().into();
+ Ok(
+ blocking(pool, move |conn| {
+ Activity::insert(conn, ap_id, activity, local, Some(sensitive))
+ })
+ .await??,
+ )
}
-pub(crate) async fn find_object_by_id(
- context: &LemmyContext,
- apub_id: Url,
-) -> Result<Object, LemmyError> {
- let ap_id = apub_id.clone();
- if let Ok(pc) = find_post_or_comment_by_id(context, ap_id.to_owned()).await {
- return Ok(match pc {
- PostOrComment::Post(p) => Object::Post(p),
- PostOrComment::Comment(c) => Object::Comment(c),
- });
- }
-
- let ap_id = apub_id.clone();
- let user = blocking(context.pool(), move |conn| {
- User_::read_from_apub_id(conn, &ap_id.into())
- })
- .await?;
- if let Ok(u) = user {
- return Ok(Object::User(u));
- }
+/// Common methods provided by ActivityPub actors (community and person). Not all methods are
+/// implemented by all actors.
+pub trait ActorType: Actor + ApubObject {
+ fn actor_id(&self) -> Url;
- let ap_id = apub_id.clone();
- let community = blocking(context.pool(), move |conn| {
- Community::read_from_apub_id(conn, &ap_id.into())
- })
- .await?;
- if let Ok(c) = community {
- return Ok(Object::Community(c));
- }
+ fn private_key(&self) -> Option<String>;
- let private_message = blocking(context.pool(), move |conn| {
- PrivateMessage::read_from_apub_id(conn, &apub_id.into())
- })
- .await?;
- if let Ok(pm) = private_message {
- return Ok(Object::PrivateMessage(pm));
+ fn get_public_key(&self) -> PublicKey {
+ PublicKey::new_main_key(self.actor_id(), self.public_key().to_string())
}
-
- Err(NotFound.into())
}
projects / lemmy.git / blobdiff