git.squeep.com Git - akkoma/blob - lib/pleroma/web/activity_pub/activity_pub_controller.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.ActivityPub.ActivityPubController do
   6   use Pleroma.Web, :controller
   7   alias Pleroma.{Activity, User, Object}
   8   alias Pleroma.Web.ActivityPub.{ObjectView, UserView}
   9   alias Pleroma.Web.ActivityPub.ActivityPub
  10   alias Pleroma.Web.ActivityPub.Relay
  11   alias Pleroma.Web.ActivityPub.Utils
  12   alias Pleroma.Web.ActivityPub.Transmogrifier
  13   alias Pleroma.Web.Federator
  14
  15   require Logger
  16
  17   action_fallback(:errors)
  18
  19   plug(Pleroma.Web.FederatingPlug when action in [:inbox, :relay])
  20   plug(:relay_active? when action in [:relay])
  21
  22   def relay_active?(conn, _) do
  23     if Keyword.get(Application.get_env(:pleroma, :instance), :allow_relay) do
  24       conn
  25     else
  26       conn
  27       |> put_status(404)
  28       |> json(%{error: "not found"})
  29       |> halt
  30     end
  31   end
  32
  33   def user(conn, %{"nickname" => nickname}) do
  34     with %User{} = user <- User.get_cached_by_nickname(nickname),
  35          {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
  36       conn
  37       |> put_resp_header("content-type", "application/activity+json")
  38       |> json(UserView.render("user.json", %{user: user}))
  39     else
  40       nil -> {:error, :not_found}
  41     end
  42   end
  43
  44   def object(conn, %{"uuid" => uuid}) do
  45     with ap_id <- o_status_url(conn, :object, uuid),
  46          %Object{} = object <- Object.get_cached_by_ap_id(ap_id),
  47          {_, true} <- {:public?, ActivityPub.is_public?(object)} do
  48       conn
  49       |> put_resp_header("content-type", "application/activity+json")
  50       |> json(ObjectView.render("object.json", %{object: object}))
  51     else
  52       {:public?, false} ->
  53         {:error, :not_found}
  54     end
  55   end
  56
  57   def following(conn, %{"nickname" => nickname, "page" => page}) do
  58     with %User{} = user <- User.get_cached_by_nickname(nickname),
  59          {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
  60       {page, _} = Integer.parse(page)
  61
  62       conn
  63       |> put_resp_header("content-type", "application/activity+json")
  64       |> json(UserView.render("following.json", %{user: user, page: page}))
  65     end
  66   end
  67
  68   def following(conn, %{"nickname" => nickname}) do
  69     with %User{} = user <- User.get_cached_by_nickname(nickname),
  70          {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
  71       conn
  72       |> put_resp_header("content-type", "application/activity+json")
  73       |> json(UserView.render("following.json", %{user: user}))
  74     end
  75   end
  76
  77   def followers(conn, %{"nickname" => nickname, "page" => page}) do
  78     with %User{} = user <- User.get_cached_by_nickname(nickname),
  79          {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
  80       {page, _} = Integer.parse(page)
  81
  82       conn
  83       |> put_resp_header("content-type", "application/activity+json")
  84       |> json(UserView.render("followers.json", %{user: user, page: page}))
  85     end
  86   end
  87
  88   def followers(conn, %{"nickname" => nickname}) do
  89     with %User{} = user <- User.get_cached_by_nickname(nickname),
  90          {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
  91       conn
  92       |> put_resp_header("content-type", "application/activity+json")
  93       |> json(UserView.render("followers.json", %{user: user}))
  94     end
  95   end
  96
  97   def outbox(conn, %{"nickname" => nickname} = params) do
  98     with %User{} = user <- User.get_cached_by_nickname(nickname),
  99          {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
 100       conn
 101       |> put_resp_header("content-type", "application/activity+json")
 102       |> json(UserView.render("outbox.json", %{user: user, max_id: params["max_id"]}))
 103     end
 104   end
 105
 106   def inbox(%{assigns: %{valid_signature: true}} = conn, %{"nickname" => nickname} = params) do
 107     with %User{} = user <- User.get_cached_by_nickname(nickname),
 108          true <- Utils.recipient_in_message(user.ap_id, params),
 109          params <- Utils.maybe_splice_recipient(user.ap_id, params) do
 110       Federator.enqueue(:incoming_ap_doc, params)
 111       json(conn, "ok")
 112     end
 113   end
 114
 115   def inbox(%{assigns: %{valid_signature: true}} = conn, params) do
 116     Federator.enqueue(:incoming_ap_doc, params)
 117     json(conn, "ok")
 118   end
 119
 120   # only accept relayed Creates
 121   def inbox(conn, %{"type" => "Create"} = params) do
 122     Logger.info(
 123       "Signature missing or not from author, relayed Create message, fetching object from source"
 124     )
 125
 126     ActivityPub.fetch_object_from_id(params["object"]["id"])
 127
 128     json(conn, "ok")
 129   end
 130
 131   def inbox(conn, params) do
 132     headers = Enum.into(conn.req_headers, %{})
 133
 134     if String.contains?(headers["signature"], params["actor"]) do
 135       Logger.info(
 136         "Signature validation error for: #{params["actor"]}, make sure you are forwarding the HTTP Host header!"
 137       )
 138
 139       Logger.info(inspect(conn.req_headers))
 140     end
 141
 142     json(conn, "error")
 143   end
 144
 145   def relay(conn, _params) do
 146     with %User{} = user <- Relay.get_actor(),
 147          {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
 148       conn
 149       |> put_resp_header("content-type", "application/activity+json")
 150       |> json(UserView.render("user.json", %{user: user}))
 151     else
 152       nil -> {:error, :not_found}
 153     end
 154   end
 155
 156   def read_inbox(%{assigns: %{user: user}} = conn, %{"nickname" => nickname} = params) do
 157     if nickname == user.nickname do
 158       conn
 159       |> put_resp_header("content-type", "application/activity+json")
 160       |> json(UserView.render("inbox.json", %{user: user, max_id: params["max_id"]}))
 161     else
 162       conn
 163       |> put_status(:forbidden)
 164       |> json("can't read inbox of #{nickname} as #{user.nickname}")
 165     end
 166   end
 167
 168   def update_outbox(
 169         %{assigns: %{user: user}} = conn,
 170         %{"nickname" => nickname, "type" => "Create"} = params
 171       ) do
 172     if nickname == user.nickname do
 173       actor = user.ap_id()
 174
 175       params =
 176         params
 177         |> Map.drop(["id"])
 178         |> Map.put("actor", actor)
 179         |> Transmogrifier.fix_addressing()
 180
 181       object =
 182         params["object"]
 183         |> Map.merge(Map.take(params, ["to", "cc"]))
 184         |> Map.put("attributedTo", actor)
 185         |> Transmogrifier.fix_object()
 186
 187       with {:ok, %Activity{} = activity} <-
 188              ActivityPub.create(%{
 189                to: params["to"],
 190                actor: user,
 191                context: object["context"],
 192                object: object,
 193                additional: Map.take(params, ["cc"])
 194              }) do
 195         conn
 196         |> put_status(:created)
 197         |> put_resp_header("location", activity.data["id"])
 198         |> json(activity.data)
 199       end
 200     else
 201       conn
 202       |> put_status(:forbidden)
 203       |> json("can't update outbox of #{nickname} as #{user.nickname}")
 204     end
 205   end
 206
 207   def errors(conn, {:error, :not_found}) do
 208     conn
 209     |> put_status(404)
 210     |> json("Not found")
 211   end
 212
 213   def errors(conn, _e) do
 214     conn
 215     |> put_status(500)
 216     |> json("error")
 217   end
 218 end