projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'add-secure-and-samesite-cookie-flags' into 'develop'
[akkoma] / lib / pleroma / user.ex
1 defmodule Pleroma.User do
2 use Ecto.Schema
3
4 import Ecto.{Changeset, Query}
5 alias Pleroma.{Repo, User, Object, Web, Activity, Notification}
6 alias Comeonin.Pbkdf2
7 alias Pleroma.Web.{OStatus, Websub}
8 alias Pleroma.Web.ActivityPub.{Utils, ActivityPub}
9
10 schema "users" do
11 field(:bio, :string)
12 field(:email, :string)
13 field(:name, :string)
14 field(:nickname, :string)
15 field(:password_hash, :string)
16 field(:password, :string, virtual: true)
17 field(:password_confirmation, :string, virtual: true)
18 field(:following, {:array, :string}, default: [])
19 field(:ap_id, :string)
20 field(:avatar, :map)
21 field(:local, :boolean, default: true)
22 field(:info, :map, default: %{})
23 field(:follower_address, :string)
24 field(:search_distance, :float, virtual: true)
25 has_many(:notifications, Notification)
26
27 timestamps()
28 end
29
30 def avatar_url(user) do
31 case user.avatar do
32 %{"url" => [%{"href" => href} | _]} -> href
33 _ -> "#{Web.base_url()}/images/avi.png"
34 end
35 end
36
37 def banner_url(user) do
38 case user.info["banner"] do
39 %{"url" => [%{"href" => href} | _]} -> href
40 _ -> "#{Web.base_url()}/images/banner.png"
41 end
42 end
43
44 def ap_id(%User{nickname: nickname}) do
45 "#{Web.base_url()}/users/#{nickname}"
46 end
47
48 def ap_followers(%User{} = user) do
49 "#{ap_id(user)}/followers"
50 end
51
52 def follow_changeset(struct, params \\ %{}) do
53 struct
54 |> cast(params, [:following])
55 |> validate_required([:following])
56 end
57
58 def info_changeset(struct, params \\ %{}) do
59 struct
60 |> cast(params, [:info])
61 |> validate_required([:info])
62 end
63
64 def user_info(%User{} = user) do
65 oneself = if user.local, do: 1, else: 0
66
67 %{
68 following_count: length(user.following) - oneself,
69 note_count: user.info["note_count"] || 0,
70 follower_count: user.info["follower_count"] || 0,
71 locked: user.info["locked"] || false,
72 default_scope: user.info["default_scope"] || "public"
73 }
74 end
75
76 @email_regex ~r/^[a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/
77 def remote_user_creation(params) do
78 changes =
79 %User{}
80 |> cast(params, [:bio, :name, :ap_id, :nickname, :info, :avatar])
81 |> validate_required([:name, :ap_id])
82 |> unique_constraint(:nickname)
83 |> validate_format(:nickname, @email_regex)
84 |> validate_length(:bio, max: 5000)
85 |> validate_length(:name, max: 100)
86 |> put_change(:local, false)
87
88 if changes.valid? do
89 case changes.changes[:info]["source_data"] do
90 %{"followers" => followers} ->
91 changes
92 |> put_change(:follower_address, followers)
93
94 _ ->
95 followers = User.ap_followers(%User{nickname: changes.changes[:nickname]})
96
97 changes
98 |> put_change(:follower_address, followers)
99 end
100 else
101 changes
102 end
103 end
104
105 def update_changeset(struct, params \\ %{}) do
106 struct
107 |> cast(params, [:bio, :name])
108 |> unique_constraint(:nickname)
109 |> validate_format(:nickname, ~r/^[a-zA-Z\d]+$/)
110 |> validate_length(:bio, max: 5000)
111 |> validate_length(:name, min: 1, max: 100)
112 end
113
114 def upgrade_changeset(struct, params \\ %{}) do
115 struct
116 |> cast(params, [:bio, :name, :info, :follower_address, :avatar])
117 |> unique_constraint(:nickname)
118 |> validate_format(:nickname, ~r/^[a-zA-Z\d]+$/)
119 |> validate_length(:bio, max: 5000)
120 |> validate_length(:name, max: 100)
121 end
122
123 def password_update_changeset(struct, params) do
124 changeset =
125 struct
126 |> cast(params, [:password, :password_confirmation])
127 |> validate_required([:password, :password_confirmation])
128 |> validate_confirmation(:password)
129
130 if changeset.valid? do
131 hashed = Pbkdf2.hashpwsalt(changeset.changes[:password])
132
133 changeset
134 |> put_change(:password_hash, hashed)
135 else
136 changeset
137 end
138 end
139
140 def reset_password(user, data) do
141 update_and_set_cache(password_update_changeset(user, data))
142 end
143
144 def register_changeset(struct, params \\ %{}) do
145 changeset =
146 struct
147 |> cast(params, [:bio, :email, :name, :nickname, :password, :password_confirmation])
148 |> validate_required([:email, :name, :nickname, :password, :password_confirmation])
149 |> validate_confirmation(:password)
150 |> unique_constraint(:email)
151 |> unique_constraint(:nickname)
152 |> validate_format(:nickname, ~r/^[a-zA-Z\d]+$/)
153 |> validate_format(:email, @email_regex)
154 |> validate_length(:bio, max: 1000)
155 |> validate_length(:name, min: 1, max: 100)
156
157 if changeset.valid? do
158 hashed = Pbkdf2.hashpwsalt(changeset.changes[:password])
159 ap_id = User.ap_id(%User{nickname: changeset.changes[:nickname]})
160 followers = User.ap_followers(%User{nickname: changeset.changes[:nickname]})
161
162 changeset
163 |> put_change(:password_hash, hashed)
164 |> put_change(:ap_id, ap_id)
165 |> put_change(:following, [followers])
166 |> put_change(:follower_address, followers)
167 else
168 changeset
169 end
170 end
171
172 def maybe_direct_follow(%User{} = follower, %User{info: info} = followed) do
173 user_config = Application.get_env(:pleroma, :user)
174 deny_follow_blocked = Keyword.get(user_config, :deny_follow_blocked)
175
176 user_info = user_info(followed)
177
178 should_direct_follow =
179 cond do
180 # if the account is locked, don't pre-create the relationship
181 user_info[:locked] == true ->
182 false
183
184 # if the users are blocking each other, we shouldn't even be here, but check for it anyway
185 deny_follow_blocked and
186 (User.blocks?(follower, followed) or User.blocks?(followed, follower)) ->
187 false
188
189 # if OStatus, then there is no three-way handshake to follow
190 User.ap_enabled?(followed) != true ->
191 true
192
193 # if there are no other reasons not to, just pre-create the relationship
194 true ->
195 true
196 end
197
198 if should_direct_follow do
199 follow(follower, followed)
200 else
201 {:ok, follower}
202 end
203 end
204
205 def maybe_follow(%User{} = follower, %User{info: info} = followed) do
206 if not following?(follower, followed) do
207 follow(follower, followed)
208 else
209 {:ok, follower}
210 end
211 end
212
213 def follow(%User{} = follower, %User{info: info} = followed) do
214 user_config = Application.get_env(:pleroma, :user)
215 deny_follow_blocked = Keyword.get(user_config, :deny_follow_blocked)
216
217 ap_followers = followed.follower_address
218
219 cond do
220 following?(follower, followed) or info["deactivated"] ->
221 {:error, "Could not follow user: #{followed.nickname} is already on your list."}
222
223 deny_follow_blocked and blocks?(followed, follower) ->
224 {:error, "Could not follow user: #{followed.nickname} blocked you."}
225
226 true ->
227 if !followed.local && follower.local && !ap_enabled?(followed) do
228 Websub.subscribe(follower, followed)
229 end
230
231 following =
232 [ap_followers | follower.following]
233 |> Enum.uniq()
234
235 follower =
236 follower
237 |> follow_changeset(%{following: following})
238 |> update_and_set_cache
239
240 {:ok, _} = update_follower_count(followed)
241
242 follower
243 end
244 end
245
246 def unfollow(%User{} = follower, %User{} = followed) do
247 ap_followers = followed.follower_address
248
249 if following?(follower, followed) and follower.ap_id != followed.ap_id do
250 following =
251 follower.following
252 |> List.delete(ap_followers)
253
254 {:ok, follower} =
255 follower
256 |> follow_changeset(%{following: following})
257 |> update_and_set_cache
258
259 {:ok, followed} = update_follower_count(followed)
260
261 {:ok, follower, Utils.fetch_latest_follow(follower, followed)}
262 else
263 {:error, "Not subscribed!"}
264 end
265 end
266
267 def following?(%User{} = follower, %User{} = followed) do
268 Enum.member?(follower.following, followed.follower_address)
269 end
270
271 def locked?(%User{} = user) do
272 user.info["locked"] || false
273 end
274
275 def get_by_ap_id(ap_id) do
276 Repo.get_by(User, ap_id: ap_id)
277 end
278
279 def update_and_set_cache(changeset) do
280 with {:ok, user} <- Repo.update(changeset) do
281 Cachex.put(:user_cache, "ap_id:#{user.ap_id}", user)
282 Cachex.put(:user_cache, "nickname:#{user.nickname}", user)
283 Cachex.put(:user_cache, "user_info:#{user.id}", user_info(user))
284 {:ok, user}
285 else
286 e -> e
287 end
288 end
289
290 def invalidate_cache(user) do
291 Cachex.del(:user_cache, "ap_id:#{user.ap_id}")
292 Cachex.del(:user_cache, "nickname:#{user.nickname}")
293 end
294
295 def get_cached_by_ap_id(ap_id) do
296 key = "ap_id:#{ap_id}"
297 Cachex.fetch!(:user_cache, key, fn _ -> get_by_ap_id(ap_id) end)
298 end
299
300 def get_cached_by_nickname(nickname) do
301 key = "nickname:#{nickname}"
302 Cachex.fetch!(:user_cache, key, fn _ -> get_or_fetch_by_nickname(nickname) end)
303 end
304
305 def get_by_nickname(nickname) do
306 Repo.get_by(User, nickname: nickname)
307 end
308
309 def get_by_nickname_or_email(nickname_or_email) do
310 case user = Repo.get_by(User, nickname: nickname_or_email) do
311 %User{} -> user
312 nil -> Repo.get_by(User, email: nickname_or_email)
313 end
314 end
315
316 def get_cached_user_info(user) do
317 key = "user_info:#{user.id}"
318 Cachex.fetch!(:user_cache, key, fn _ -> user_info(user) end)
319 end
320
321 def fetch_by_nickname(nickname) do
322 ap_try = ActivityPub.make_user_from_nickname(nickname)
323
324 case ap_try do
325 {:ok, user} -> {:ok, user}
326 _ -> OStatus.make_user(nickname)
327 end
328 end
329
330 def get_or_fetch_by_nickname(nickname) do
331 with %User{} = user <- get_by_nickname(nickname) do
332 user
333 else
334 _e ->
335 with [_nick, _domain] <- String.split(nickname, "@"),
336 {:ok, user} <- fetch_by_nickname(nickname) do
337 user
338 else
339 _e -> nil
340 end
341 end
342 end
343
344 def get_followers_query(%User{id: id, follower_address: follower_address}) do
345 from(
346 u in User,
347 where: fragment("? <@ ?", ^[follower_address], u.following),
348 where: u.id != ^id
349 )
350 end
351
352 def get_followers(user) do
353 q = get_followers_query(user)
354
355 {:ok, Repo.all(q)}
356 end
357
358 def get_friends_query(%User{id: id, following: following}) do
359 from(
360 u in User,
361 where: u.follower_address in ^following,
362 where: u.id != ^id
363 )
364 end
365
366 def get_friends(user) do
367 q = get_friends_query(user)
368
369 {:ok, Repo.all(q)}
370 end
371
372 def get_follow_requests_query(%User{} = user) do
373 from(
374 a in Activity,
375 where:
376 fragment(
377 "? ->> 'type' = 'Follow'",
378 a.data
379 ),
380 where:
381 fragment(
382 "? ->> 'state' = 'pending'",
383 a.data
384 ),
385 where:
386 fragment(
387 "? @> ?",
388 a.data,
389 ^%{"object" => user.ap_id}
390 )
391 )
392 end
393
394 def get_follow_requests(%User{} = user) do
395 q = get_follow_requests_query(user)
396 reqs = Repo.all(q)
397
398 users =
399 Enum.map(reqs, fn req -> req.actor end)
400 |> Enum.uniq()
401 |> Enum.map(fn ap_id -> get_by_ap_id(ap_id) end)
402 |> Enum.filter(fn u -> !following?(u, user) end)
403
404 {:ok, users}
405 end
406
407 def increase_note_count(%User{} = user) do
408 note_count = (user.info["note_count"] || 0) + 1
409 new_info = Map.put(user.info, "note_count", note_count)
410
411 cs = info_changeset(user, %{info: new_info})
412
413 update_and_set_cache(cs)
414 end
415
416 def decrease_note_count(%User{} = user) do
417 note_count = user.info["note_count"] || 0
418 note_count = if note_count <= 0, do: 0, else: note_count - 1
419 new_info = Map.put(user.info, "note_count", note_count)
420
421 cs = info_changeset(user, %{info: new_info})
422
423 update_and_set_cache(cs)
424 end
425
426 def update_note_count(%User{} = user) do
427 note_count_query =
428 from(
429 a in Object,
430 where: fragment("?->>'actor' = ? and ?->>'type' = 'Note'", a.data, ^user.ap_id, a.data),
431 select: count(a.id)
432 )
433
434 note_count = Repo.one(note_count_query)
435
436 new_info = Map.put(user.info, "note_count", note_count)
437
438 cs = info_changeset(user, %{info: new_info})
439
440 update_and_set_cache(cs)
441 end
442
443 def update_follower_count(%User{} = user) do
444 follower_count_query =
445 from(
446 u in User,
447 where: ^user.follower_address in u.following,
448 where: u.id != ^user.id,
449 select: count(u.id)
450 )
451
452 follower_count = Repo.one(follower_count_query)
453
454 new_info = Map.put(user.info, "follower_count", follower_count)
455
456 cs = info_changeset(user, %{info: new_info})
457
458 update_and_set_cache(cs)
459 end
460
461 def get_notified_from_activity_query(to) do
462 from(
463 u in User,
464 where: u.ap_id in ^to,
465 where: u.local == true
466 )
467 end
468
469 def get_notified_from_activity(%Activity{recipients: to, data: %{"type" => "Announce"} = data}) do
470 object = Object.normalize(data["object"])
471 actor = User.get_cached_by_ap_id(data["actor"])
472
473 # ensure that the actor who published the announced object appears only once
474 to =
475 if actor.nickname != nil do
476 to ++ [object.data["actor"]]
477 else
478 to
479 end
480 |> Enum.uniq()
481
482 query = get_notified_from_activity_query(to)
483
484 Repo.all(query)
485 end
486
487 def get_notified_from_activity(%Activity{recipients: to}) do
488 query = get_notified_from_activity_query(to)
489
490 Repo.all(query)
491 end
492
493 def get_recipients_from_activity(%Activity{recipients: to}) do
494 query =
495 from(
496 u in User,
497 where: u.ap_id in ^to,
498 or_where: fragment("? && ?", u.following, ^to)
499 )
500
501 query = from(u in query, where: u.local == true)
502
503 Repo.all(query)
504 end
505
506 def search(query, resolve) do
507 # strip the beginning @ off if there is a query
508 query = String.trim_leading(query, "@")
509
510 if resolve do
511 User.get_or_fetch_by_nickname(query)
512 end
513
514 inner =
515 from(
516 u in User,
517 select_merge: %{
518 search_distance:
519 fragment(
520 "? <-> (? || ?)",
521 ^query,
522 u.nickname,
523 u.name
524 )
525 },
526 where: not is_nil(u.nickname)
527 )
528
529 q =
530 from(
531 s in subquery(inner),
532 order_by: s.search_distance,
533 limit: 20
534 )
535
536 Repo.all(q)
537 end
538
539 def block(blocker, %User{ap_id: ap_id} = blocked) do
540 # sever any follow relationships to prevent leaks per activitypub (Pleroma issue #213)
541 blocker =
542 if following?(blocker, blocked) do
543 {:ok, blocker, _} = unfollow(blocker, blocked)
544 blocker
545 else
546 blocker
547 end
548
549 if following?(blocked, blocker) do
550 unfollow(blocked, blocker)
551 end
552
553 blocks = blocker.info["blocks"] || []
554 new_blocks = Enum.uniq([ap_id | blocks])
555 new_info = Map.put(blocker.info, "blocks", new_blocks)
556
557 cs = User.info_changeset(blocker, %{info: new_info})
558 update_and_set_cache(cs)
559 end
560
561 # helper to handle the block given only an actor's AP id
562 def block(blocker, %{ap_id: ap_id}) do
563 block(blocker, User.get_by_ap_id(ap_id))
564 end
565
566 def unblock(user, %{ap_id: ap_id}) do
567 blocks = user.info["blocks"] || []
568 new_blocks = List.delete(blocks, ap_id)
569 new_info = Map.put(user.info, "blocks", new_blocks)
570
571 cs = User.info_changeset(user, %{info: new_info})
572 update_and_set_cache(cs)
573 end
574
575 def blocks?(user, %{ap_id: ap_id}) do
576 blocks = user.info["blocks"] || []
577 domain_blocks = user.info["domain_blocks"] || []
578 %{host: host} = URI.parse(ap_id)
579
580 Enum.member?(blocks, ap_id) ||
581 Enum.any?(domain_blocks, fn domain ->
582 host == domain
583 end)
584 end
585
586 def block_domain(user, domain) do
587 domain_blocks = user.info["domain_blocks"] || []
588 new_blocks = Enum.uniq([domain | domain_blocks])
589 new_info = Map.put(user.info, "domain_blocks", new_blocks)
590
591 cs = User.info_changeset(user, %{info: new_info})
592 update_and_set_cache(cs)
593 end
594
595 def unblock_domain(user, domain) do
596 blocks = user.info["domain_blocks"] || []
597 new_blocks = List.delete(blocks, domain)
598 new_info = Map.put(user.info, "domain_blocks", new_blocks)
599
600 cs = User.info_changeset(user, %{info: new_info})
601 update_and_set_cache(cs)
602 end
603
604 def local_user_query() do
605 from(
606 u in User,
607 where: u.local == true,
608 where: not is_nil(u.nickname)
609 )
610 end
611
612 def moderator_user_query() do
613 from(
614 u in User,
615 where: u.local == true,
616 where: fragment("?->'is_moderator' @> 'true'", u.info)
617 )
618 end
619
620 def deactivate(%User{} = user) do
621 new_info = Map.put(user.info, "deactivated", true)
622 cs = User.info_changeset(user, %{info: new_info})
623 update_and_set_cache(cs)
624 end
625
626 def delete(%User{} = user) do
627 {:ok, user} = User.deactivate(user)
628
629 # Remove all relationships
630 {:ok, followers} = User.get_followers(user)
631
632 followers
633 |> Enum.each(fn follower -> User.unfollow(follower, user) end)
634
635 {:ok, friends} = User.get_friends(user)
636
637 friends
638 |> Enum.each(fn followed -> User.unfollow(user, followed) end)
639
640 query = from(a in Activity, where: a.actor == ^user.ap_id)
641
642 Repo.all(query)
643 |> Enum.each(fn activity ->
644 case activity.data["type"] do
645 "Create" ->
646 ActivityPub.delete(Object.normalize(activity.data["object"]))
647
648 # TODO: Do something with likes, follows, repeats.
649 _ ->
650 "Doing nothing"
651 end
652 end)
653
654 :ok
655 end
656
657 def get_or_fetch_by_ap_id(ap_id) do
658 if user = get_by_ap_id(ap_id) do
659 user
660 else
661 ap_try = ActivityPub.make_user_from_ap_id(ap_id)
662
663 case ap_try do
664 {:ok, user} ->
665 user
666
667 _ ->
668 case OStatus.make_user(ap_id) do
669 {:ok, user} -> user
670 _ -> {:error, "Could not fetch by AP id"}
671 end
672 end
673 end
674 end
675
676 def get_or_create_instance_user do
677 relay_uri = "#{Pleroma.Web.Endpoint.url()}/relay"
678
679 if user = get_by_ap_id(relay_uri) do
680 user
681 else
682 changes =
683 %User{}
684 |> cast(%{}, [:ap_id, :nickname, :local])
685 |> put_change(:ap_id, relay_uri)
686 |> put_change(:nickname, nil)
687 |> put_change(:local, true)
688 |> put_change(:follower_address, relay_uri <> "/followers")
689
690 {:ok, user} = Repo.insert(changes)
691 user
692 end
693 end
694
695 # AP style
696 def public_key_from_info(%{
697 "source_data" => %{"publicKey" => %{"publicKeyPem" => public_key_pem}}
698 }) do
699 key =
700 :public_key.pem_decode(public_key_pem)
701 |> hd()
702 |> :public_key.pem_entry_decode()
703
704 {:ok, key}
705 end
706
707 # OStatus Magic Key
708 def public_key_from_info(%{"magic_key" => magic_key}) do
709 {:ok, Pleroma.Web.Salmon.decode_key(magic_key)}
710 end
711
712 def get_public_key_for_ap_id(ap_id) do
713 with %User{} = user <- get_or_fetch_by_ap_id(ap_id),
714 {:ok, public_key} <- public_key_from_info(user.info) do
715 {:ok, public_key}
716 else
717 _ -> :error
718 end
719 end
720
721 defp blank?(""), do: nil
722 defp blank?(n), do: n
723
724 def insert_or_update_user(data) do
725 data =
726 data
727 |> Map.put(:name, blank?(data[:name]) || data[:nickname])
728
729 cs = User.remote_user_creation(data)
730 Repo.insert(cs, on_conflict: :replace_all, conflict_target: :nickname)
731 end
732
733 def ap_enabled?(%User{info: info}), do: info["ap_enabled"]
734 def ap_enabled?(_), do: false
735
736 def get_or_fetch(uri_or_nickname) do
737 if String.starts_with?(uri_or_nickname, "http") do
738 get_or_fetch_by_ap_id(uri_or_nickname)
739 else
740 get_or_fetch_by_nickname(uri_or_nickname)
741 end
742 end
743 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git