- LEMMY_DATABASE_URL=postgres://lemmy:password@postgres_alpha:5432/lemmy
- LEMMY_JWT_SECRET=changeme
- LEMMY_FRONT_END_DIR=/app/dist
- - LEMMY_FEDERATION_ENABLED=true
- - LEMMY_FEDERATED_INSTANCE=lemmy_beta:8541
+ - LEMMY_FEDERATION__ENABLED=true
+ - LEMMY_FEDERATION__FOLLOWED_INSTANCES=lemmy_beta:8541
+ - LEMMY_FEDERATION__TLS_ENABLED=false
- LEMMY_PORT=8540
- RUST_BACKTRACE=1
restart: always
- LEMMY_DATABASE_URL=postgres://lemmy:password@postgres_beta:5432/lemmy
- LEMMY_JWT_SECRET=changeme
- LEMMY_FRONT_END_DIR=/app/dist
- - LEMMY_FEDERATION_ENABLED=true
- - LEMMY_FEDERATED_INSTANCE=lemmy_alpha:8540
+ - LEMMY_FEDERATION__ENABLED=true
+ - LEMMY_FEDERATION__FOLLOWED_INSTANCES=lemmy_alpha:8540
+ - LEMMY_FEDERATION__TLS_ENABLED=false
- LEMMY_PORT=8541
- RUST_BACKTRACE=1
restart: always
jwt_secret: "changeme"
# The dir for the front end
front_end_dir: "../ui/dist"
- # whether to enable activitypub federation. this feature is in alpha, do not enable in production.
- federation_enabled: false
- // another instance to federate with. this should be a list, but it seems like lists cant be set from environment
- // https://github.com/mehcode/config-rs/issues/117
- federated_instance: null
# rate limits for various user actions, by user ip
rate_limit: {
# maximum number of messages created in interval
# interval length for registration limit
register_per_second: 3600
}
+ # settings related to activitypub federation
+ federation: {
+ # whether to enable activitypub federation. this feature is in alpha, do not enable in production.
+ enabled: false
+ # comma seperated list of instances to follow
+ followed_instances: ""
+ # whether tls is required for activitypub. only disable this for debugging, never for producion.
+ tls_enabled: true
+ }
# # email sending configuration
# email: {
# # hostname of the smtp server
let data: &GetCommunity = &self.data;
if data.name.is_some()
- && Settings::get().federation_enabled
+ && Settings::get().federation.enabled
&& data.name.as_ref().unwrap().contains('@')
{
return get_remote_community(data.name.as_ref().unwrap());
let data: &ListCommunities = &self.data;
let local_only = data.local_only.unwrap_or(false);
- if Settings::get().federation_enabled && !local_only {
+ if Settings::get().federation.enabled && !local_only {
return Ok(ListCommunitiesResponse {
communities: get_all_communities()?,
});
fn perform(&self, conn: &PgConnection) -> Result<GetPostsResponse, Error> {
let data: &GetPosts = &self.data;
- if Settings::get().federation_enabled {
+ if Settings::get().federation.enabled {
// TODO: intercept here (but the type is wrong)
//get_remote_community_posts(get_posts.community_id.unwrap())
}
}
pub fn get_apub_protocol_string() -> &'static str {
- "http"
+ if Settings::get().federation.tls_enabled {
+ "https"
+ } else {
+ "http"
+ }
}
use crate::api::community::{GetCommunityResponse, ListCommunitiesResponse};
use crate::api::post::GetPostsResponse;
+use crate::apub::get_apub_protocol_string;
use crate::db::community_view::CommunityView;
use crate::db::post_view::PostView;
use crate::naive_now;
use serde::Deserialize;
fn fetch_node_info(domain: &str) -> Result<NodeInfo, Error> {
- let well_known: NodeInfoWellKnown =
- reqwest::get(&format!("http://{}/.well-known/nodeinfo", domain))?.json()?;
- Ok(reqwest::get(&well_known.links.href)?.json()?)
+ let well_known_uri = format!(
+ "{}://{}/.well-known/nodeinfo",
+ get_apub_protocol_string(),
+ domain
+ );
+ let well_known = fetch_remote_object::<NodeInfoWellKnown>(&well_known_uri)?;
+ Ok(fetch_remote_object::<NodeInfo>(&well_known.links.href)?)
}
+
fn fetch_communities_from_instance(domain: &str) -> Result<Vec<CommunityView>, Error> {
let node_info = fetch_node_info(domain)?;
if node_info.software.name != "lemmy" {
where
Response: for<'de> Deserialize<'de>,
{
+ if Settings::get().federation.tls_enabled && !uri.starts_with("https") {
+ return Err(format_err!("Activitypub uri is insecure: {}", uri));
+ }
// TODO: should cache responses here when we are in production
// TODO: this function should return a future
// TODO: in production mode, fail if protocol is not https
})
}
-pub fn get_following_instances() -> Vec<String> {
- match Settings::get().federated_instance.clone() {
- Some(f) => vec![f, Settings::get().hostname.clone()],
- None => vec![Settings::get().hostname.clone()],
- }
+pub fn get_following_instances() -> Vec<&'static str> {
+ Settings::get()
+ .federation
+ .followed_instances
+ .split(',')
+ .collect()
}
pub fn get_all_communities() -> Result<Vec<CommunityView>, Error> {
use diesel::PgConnection;
pub fn config(cfg: &mut web::ServiceConfig) {
- if Settings::get().federation_enabled {
+ if Settings::get().federation.enabled {
println!("federation enabled, host is {}", Settings::get().hostname);
cfg
.route(
Ok(site_view) => site_view,
Err(_) => return Err(format_err!("not_found")),
};
- let protocols = if Settings::get().federation_enabled {
+ let protocols = if Settings::get().federation.enabled {
vec!["activitypub".to_string()]
} else {
vec![]
}
pub fn config(cfg: &mut web::ServiceConfig) {
- if Settings::get().federation_enabled {
+ if Settings::get().federation.enabled {
cfg.route(
".well-known/webfinger",
web::get().to(get_webfinger_response),
pub front_end_dir: String,
pub rate_limit: RateLimitConfig,
pub email: Option<EmailConfig>,
- pub federation_enabled: bool,
- pub federated_instance: Option<String>,
+ pub federation: Federation,
}
#[derive(Debug, Deserialize)]
pub pool_size: u32,
}
+#[derive(Debug, Deserialize)]
+pub struct Federation {
+ pub enabled: bool,
+ pub followed_instances: String,
+ pub tls_enabled: bool,
+}
+
lazy_static! {
static ref SETTINGS: Settings = {
match Settings::init() {
projects / lemmy.git / commitdiff