1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.Salmon do
6 @httpoison Application.get_env(:pleroma, :httpoison)
10 alias Pleroma.Instances
12 alias Pleroma.Web.OStatus.ActivityRepresenter
18 doc = XML.parse_document(salmon)
20 {:xmlObj, :string, data} = :xmerl_xpath.string('string(//me:data[1])', doc)
21 {:xmlObj, :string, sig} = :xmerl_xpath.string('string(//me:sig[1])', doc)
22 {:xmlObj, :string, alg} = :xmerl_xpath.string('string(//me:alg[1])', doc)
23 {:xmlObj, :string, encoding} = :xmerl_xpath.string('string(//me:encoding[1])', doc)
24 {:xmlObj, :string, type} = :xmerl_xpath.string('string(//me:data[1]/@type)', doc)
26 {:ok, data} = Base.url_decode64(to_string(data), ignore: :whitespace)
27 {:ok, sig} = Base.url_decode64(to_string(sig), ignore: :whitespace)
29 encoding = to_string(encoding)
30 type = to_string(type)
32 [data, type, encoding, alg, sig]
35 def fetch_magic_key(salmon) do
36 with [data, _, _, _, _] <- decode(salmon),
37 doc <- XML.parse_document(data),
38 uri when not is_nil(uri) <- XML.string_from_xpath("/entry/author[1]/uri", doc),
39 {:ok, public_key} <- User.get_public_key_for_ap_id(uri),
40 magic_key <- encode_key(public_key) do
45 def decode_and_validate(magickey, salmon) do
46 [data, type, encoding, alg, sig] = decode(salmon)
49 [data, type, encoding, alg]
50 |> Enum.map(&Base.url_encode64/1)
53 key = decode_key(magickey)
55 verify = :public_key.verify(signed_text, :sha256, sig, key)
64 def decode_key("RSA." <> magickey) do
65 make_integer = fn bin ->
66 list = :erlang.binary_to_list(bin)
67 Enum.reduce(list, 0, fn el, acc -> acc <<< 8 ||| el end)
73 |> Enum.map(fn n -> Base.url_decode64!(n, padding: false) end)
74 |> Enum.map(make_integer)
76 {:RSAPublicKey, modulus, exponent}
79 def encode_key({:RSAPublicKey, modulus, exponent}) do
80 modulus_enc = :binary.encode_unsigned(modulus) |> Base.url_encode64()
81 exponent_enc = :binary.encode_unsigned(exponent) |> Base.url_encode64()
83 "RSA.#{modulus_enc}.#{exponent_enc}"
86 # Native generation of RSA keys is only available since OTP 20+ and in default build conditions
87 # We try at compile time to generate natively an RSA key otherwise we fallback on the old way.
89 _ = :public_key.generate_key({:rsa, 2048, 65_537})
91 def generate_rsa_pem do
92 key = :public_key.generate_key({:rsa, 2048, 65_537})
93 entry = :public_key.pem_entry_encode(:RSAPrivateKey, key)
94 pem = :public_key.pem_encode([entry]) |> String.trim_trailing()
99 def generate_rsa_pem do
100 port = Port.open({:spawn, "openssl genrsa"}, [:binary])
104 {^port, {:data, pem}} -> {:ok, pem}
109 if Regex.match?(~r/RSA PRIVATE KEY/, pem) do
117 def keys_from_pem(pem) do
118 [private_key_code] = :public_key.pem_decode(pem)
119 private_key = :public_key.pem_entry_decode(private_key_code)
120 {:RSAPrivateKey, _, modulus, exponent, _, _, _, _, _, _, _} = private_key
121 public_key = {:RSAPublicKey, modulus, exponent}
122 {:ok, private_key, public_key}
125 def encode(private_key, doc) do
126 type = "application/atom+xml"
127 encoding = "base64url"
131 [doc, type, encoding, alg]
132 |> Enum.map(&Base.url_encode64/1)
137 |> :public_key.sign(:sha256, private_key)
139 |> Base.url_encode64()
143 |> Base.url_encode64()
145 # Don't need proper xml building, these strings are safe to leave unescaped
147 <?xml version="1.0" encoding="UTF-8"?>
148 <me:env xmlns:me="http://salmon-protocol.org/ns/magic-env">
149 <me:data type="application/atom+xml">#{doc_base64}</me:data>
150 <me:encoding>#{encoding}</me:encoding>
151 <me:alg>#{alg}</me:alg>
152 <me:sig>#{signature}</me:sig>
159 def remote_users(%{data: %{"to" => to} = data}) do
160 to = to ++ (data["cc"] || [])
163 |> Enum.map(fn id -> User.get_cached_by_ap_id(id) end)
164 |> Enum.filter(fn user -> user && !user.local end)
167 @doc "Pushes an activity to remote account."
168 def send_to_user(%{recipient: %{info: %{salmon: salmon}}} = params),
169 do: send_to_user(Map.put(params, :recipient, salmon))
171 def send_to_user(%{recipient: url, feed: feed, poster: poster} = params) when is_binary(url) do
172 with {:ok, %{status: code}} when code in 200..299 <-
176 [{"Content-Type", "application/magic-envelope+xml"}]
178 if !Map.has_key?(params, :unreachable_since) || params[:unreachable_since],
179 do: Instances.set_reachable(url)
181 Logger.debug(fn -> "Pushed to #{url}, code #{code}" end)
185 unless params[:unreachable_since], do: Instances.set_reachable(url)
186 Logger.debug(fn -> "Pushing Salmon to #{url} failed, #{inspect(e)}" end)
191 def send_to_user(_), do: :noop
193 @supported_activities [
203 Publishes an activity to remote accounts
205 @spec publish(User.t(), Pleroma.Activity.t(), Pleroma.HTTP.t()) :: none
206 def publish(user, activity, poster \\ &@httpoison.post/3)
208 def publish(%{info: %{keys: keys}} = user, %{data: %{"type" => type}} = activity, poster)
209 when type in @supported_activities do
210 feed = ActivityRepresenter.to_simple_form(activity, user, true)
214 ActivityRepresenter.wrap_with_entry(feed)
215 |> :xmerl.export_simple(:xmerl_xml)
218 {:ok, private, _} = keys_from_pem(keys)
219 {:ok, feed} = encode(private, feed)
221 remote_users = remote_users(activity)
223 salmon_urls = Enum.map(remote_users, & &1.info.salmon)
224 reachable_urls_metadata = Instances.filter_reachable(salmon_urls)
225 reachable_urls = Map.keys(reachable_urls_metadata)
228 |> Enum.filter(&(&1.info.salmon in reachable_urls))
229 |> Enum.each(fn remote_user ->
230 Logger.debug(fn -> "Sending Salmon to #{remote_user.ap_id}" end)
232 Pleroma.Web.Federator.publish_single_salmon(%{
233 recipient: remote_user,
236 unreachable_since: reachable_urls_metadata[remote_user.info.salmon]
242 def publish(%{id: id}, _, _), do: Logger.debug(fn -> "Keys missing for user #{id}" end)
projects / akkoma / blob