do not allow non-admins to register tokens with admin scopes
[akkoma] / lib / pleroma / web / federator.ex
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.Federator do
6 alias Pleroma.Activity
7 alias Pleroma.Object.Containment
8 alias Pleroma.User
9 alias Pleroma.Web.ActivityPub.ActivityPub
10 alias Pleroma.Web.ActivityPub.Transmogrifier
11 alias Pleroma.Web.ActivityPub.Utils
12 alias Pleroma.Web.Federator.Publisher
13 alias Pleroma.Workers.PublisherWorker
14 alias Pleroma.Workers.ReceiverWorker
15
16 require Logger
17
18 @behaviour Pleroma.Web.Federator.Publishing
19
20 @doc """
21 Returns `true` if the distance to target object does not exceed max configured value.
22 Serves to prevent fetching of very long threads, especially useful on smaller instances.
23 Addresses [memory leaks on recursive replies fetching](https://git.pleroma.social/pleroma/pleroma/issues/161).
24 Applies to fetching of both ancestor (reply-to) and child (reply) objects.
25 """
26 # credo:disable-for-previous-line Credo.Check.Readability.MaxLineLength
27 def allowed_thread_distance?(distance) do
28 max_distance = Pleroma.Config.get([:instance, :federation_incoming_replies_max_depth])
29
30 if max_distance && max_distance >= 0 do
31 # Default depth is 0 (an object has zero distance from itself in its thread)
32 (distance || 0) <= max_distance
33 else
34 true
35 end
36 end
37
38 # Client API
39
40 def incoming_ap_doc(params) do
41 ReceiverWorker.enqueue("incoming_ap_doc", %{"params" => params})
42 end
43
44 @impl true
45 def publish(%{id: "pleroma:fakeid"} = activity) do
46 perform(:publish, activity)
47 end
48
49 @impl true
50 def publish(%{data: %{"object" => object}} = activity) when is_binary(object) do
51 PublisherWorker.enqueue("publish", %{"activity_id" => activity.id, "object_data" => nil},
52 priority: publish_priority(activity)
53 )
54 end
55
56 @impl true
57 def publish(%{data: %{"object" => object}} = activity) when is_map(object) or is_list(object) do
58 PublisherWorker.enqueue(
59 "publish",
60 %{
61 "activity_id" => activity.id,
62 "object_data" => Jason.encode!(object)
63 },
64 priority: publish_priority(activity)
65 )
66 end
67
68 defp publish_priority(%{data: %{"type" => "Delete"}}), do: 3
69 defp publish_priority(_), do: 0
70
71 # Job Worker Callbacks
72
73 @spec perform(atom(), module(), any()) :: {:ok, any()} | {:error, any()}
74 def perform(:publish_one, module, params) do
75 apply(module, :publish_one, [params])
76 end
77
78 def perform(:publish, activity) do
79 Logger.debug(fn -> "Running publish for #{activity.data["id"]}" end)
80
81 %User{} = actor = User.get_cached_by_ap_id(activity.data["actor"])
82 Publisher.publish(actor, activity)
83 end
84
85 def perform(:incoming_ap_doc, params) do
86 Logger.debug("Handling incoming AP activity")
87
88 actor =
89 params
90 |> Map.get("actor")
91 |> Utils.get_ap_id()
92
93 # NOTE: we use the actor ID to do the containment, this is fine because an
94 # actor shouldn't be acting on objects outside their own AP server.
95 with {_, {:ok, _user}} <- {:actor, ap_enabled_actor(actor)},
96 nil <- Activity.normalize(params["id"]),
97 {_, :ok} <-
98 {:correct_origin?, Containment.contain_origin_from_id(actor, params)},
99 {:ok, activity} <- Transmogrifier.handle_incoming(params) do
100 {:ok, activity}
101 else
102 {:correct_origin?, _} ->
103 Logger.debug("Origin containment failure for #{params["id"]}")
104 {:error, :origin_containment_failed}
105
106 %Activity{} ->
107 Logger.debug("Already had #{params["id"]}")
108 {:error, :already_present}
109
110 {:actor, e} ->
111 Logger.debug("Unhandled actor #{actor}, #{inspect(e)}")
112 {:error, e}
113
114 {:error, {:validate_object, _}} = e ->
115 Logger.error("Incoming AP doc validation error: #{inspect(e)}")
116 Logger.debug(Jason.encode!(params, pretty: true))
117 e
118
119 e ->
120 # Just drop those for now
121 Logger.debug(fn -> "Unhandled activity\n" <> Jason.encode!(params, pretty: true) end)
122 {:error, e}
123 end
124 end
125
126 def ap_enabled_actor(id) do
127 user = User.get_cached_by_ap_id(id)
128
129 if User.ap_enabled?(user) do
130 {:ok, user}
131 else
132 ActivityPub.make_user_from_ap_id(id)
133 end
134 end
135 end