Merge remote-tracking branch 'origin' into follower-hiding

[akkoma] / lib / pleroma / web / salmon / salmon.ex

diff --git a/lib/pleroma/web/salmon/salmon.ex b/lib/pleroma/web/salmon/salmon.ex
index 7f1c63a5f15a4f9a9f34460bf2ca17dace7d9848..97251c05e6eb0ea42f5f25e1137ec25f24f6542b 100644 (file)
--- a/lib/pleroma/web/salmon/salmon.ex
+++ b/lib/pleroma/web/salmon/salmon.ex
@@ -1,8 +1,14 @@
 defmodule Pleroma.Web.Salmon do
+  @httpoison Application.get_env(:pleroma, :httpoison)
+
   use Bitwise
+  alias Pleroma.Web.XML
+  alias Pleroma.Web.OStatus.ActivityRepresenter
+  alias Pleroma.User
+  require Logger
 
-  def decode_and_validate(magickey, salmon) do
-    {doc, _rest} = :xmerl_scan.string(to_charlist(salmon))
+  def decode(salmon) do
+    doc = XML.parse_document(salmon)
 
     {:xmlObj, :string, data} = :xmerl_xpath.string('string(//me:data[1])', doc)
     {:xmlObj, :string, sig} = :xmerl_xpath.string('string(//me:sig[1])', doc)
@@ -10,16 +16,32 @@ defmodule Pleroma.Web.Salmon do
     {:xmlObj, :string, encoding} = :xmerl_xpath.string('string(//me:encoding[1])', doc)
     {:xmlObj, :string, type} = :xmerl_xpath.string('string(//me:data[1]/@type)', doc)
 
-
     {:ok, data} = Base.url_decode64(to_string(data), ignore: :whitespace)
     {:ok, sig} = Base.url_decode64(to_string(sig), ignore: :whitespace)
     alg = to_string(alg)
     encoding = to_string(encoding)
     type = to_string(type)
 
-    signed_text = [data, type, encoding, alg]
-    |> Enum.map(&Base.url_encode64/1)
-    |> Enum.join(".")
+    [data, type, encoding, alg, sig]
+  end
+
+  def fetch_magic_key(salmon) do
+    with [data, _, _, _, _] <- decode(salmon),
+         doc <- XML.parse_document(data),
+         uri when not is_nil(uri) <- XML.string_from_xpath("/entry/author[1]/uri", doc),
+         {:ok, public_key} <- User.get_public_key_for_ap_id(uri),
+         magic_key <- encode_key(public_key) do
+      {:ok, magic_key}
+    end
+  end
+
+  def decode_and_validate(magickey, salmon) do
+    [data, type, encoding, alg, sig] = decode(salmon)
+
+    signed_text =
+      [data, type, encoding, alg]
+      |> Enum.map(&Base.url_encode64/1)
+      |> Enum.join(".")
 
     key = decode_key(magickey)
 
@@ -32,17 +54,161 @@ defmodule Pleroma.Web.Salmon do
     end
   end
 
-  defp decode_key("RSA." <> magickey) do
-    make_integer = fn(bin) ->
+  def decode_key("RSA." <> magickey) do
+    make_integer = fn bin ->
       list = :erlang.binary_to_list(bin)
-      Enum.reduce(list, 0, fn (el, acc) -> (acc <<< 8) ||| el end)
+      Enum.reduce(list, 0, fn el, acc -> acc <<< 8 ||| el end)
     end
 
-    [modulus, exponent] = magickey
-    |> String.split(".")
-    |> Enum.map(&Base.url_decode64!/1)
-    |> Enum.map(make_integer)
+    [modulus, exponent] =
+      magickey
+      |> String.split(".")
+      |> Enum.map(fn n -> Base.url_decode64!(n, padding: false) end)
+      |> Enum.map(make_integer)
 
     {:RSAPublicKey, modulus, exponent}
   end
+
+  def encode_key({:RSAPublicKey, modulus, exponent}) do
+    modulus_enc = :binary.encode_unsigned(modulus) |> Base.url_encode64()
+    exponent_enc = :binary.encode_unsigned(exponent) |> Base.url_encode64()
+
+    "RSA.#{modulus_enc}.#{exponent_enc}"
+  end
+
+  # Native generation of RSA keys is only available since OTP 20+ and in default build conditions
+  # We try at compile time to generate natively an RSA key otherwise we fallback on the old way.
+  try do
+    _ = :public_key.generate_key({:rsa, 2048, 65537})
+
+    def generate_rsa_pem do
+      key = :public_key.generate_key({:rsa, 2048, 65537})
+      entry = :public_key.pem_entry_encode(:RSAPrivateKey, key)
+      pem = :public_key.pem_encode([entry]) |> String.trim_trailing()
+      {:ok, pem}
+    end
+  rescue
+    _ ->
+      def generate_rsa_pem do
+        port = Port.open({:spawn, "openssl genrsa"}, [:binary])
+
+        {:ok, pem} =
+          receive do
+            {^port, {:data, pem}} -> {:ok, pem}
+          end
+
+        Port.close(port)
+
+        if Regex.match?(~r/RSA PRIVATE KEY/, pem) do
+          {:ok, pem}
+        else
+          :error
+        end
+      end
+  end
+
+  def keys_from_pem(pem) do
+    [private_key_code] = :public_key.pem_decode(pem)
+    private_key = :public_key.pem_entry_decode(private_key_code)
+    {:RSAPrivateKey, _, modulus, exponent, _, _, _, _, _, _, _} = private_key
+    public_key = {:RSAPublicKey, modulus, exponent}
+    {:ok, private_key, public_key}
+  end
+
+  def encode(private_key, doc) do
+    type = "application/atom+xml"
+    encoding = "base64url"
+    alg = "RSA-SHA256"
+
+    signed_text =
+      [doc, type, encoding, alg]
+      |> Enum.map(&Base.url_encode64/1)
+      |> Enum.join(".")
+
+    signature =
+      signed_text
+      |> :public_key.sign(:sha256, private_key)
+      |> to_string
+      |> Base.url_encode64()
+
+    doc_base64 =
+      doc
+      |> Base.url_encode64()
+
+    # Don't need proper xml building, these strings are safe to leave unescaped
+    salmon = """
+    <?xml version="1.0" encoding="UTF-8"?>
+    <me:env xmlns:me="http://salmon-protocol.org/ns/magic-env">
+      <me:data type="application/atom+xml">#{doc_base64}</me:data>
+      <me:encoding>#{encoding}</me:encoding>
+      <me:alg>#{alg}</me:alg>
+      <me:sig>#{signature}</me:sig>
+    </me:env>
+    """
+
+    {:ok, salmon}
+  end
+
+  def remote_users(%{data: %{"to" => to} = data}) do
+    to = to ++ (data["cc"] || [])
+
+    to
+    |> Enum.map(fn id -> User.get_cached_by_ap_id(id) end)
+    |> Enum.filter(fn user -> user && !user.local end)
+  end
+
+  defp send_to_user(%{info: %{salmon: salmon}}, feed, poster) do
+    with {:ok, %{status: code}} <-
+           poster.(
+             salmon,
+             feed,
+             [{"Content-Type", "application/magic-envelope+xml"}],
+             adapter: [
+               timeout: 10000,
+               recv_timeout: 20000,
+               pool: :default
+             ]
+           ) do
+      Logger.debug(fn -> "Pushed to #{salmon}, code #{code}" end)
+    else
+      e -> Logger.debug(fn -> "Pushing Salmon to #{salmon} failed, #{inspect(e)}" end)
+    end
+  end
+
+  defp send_to_user(_, _, _), do: nil
+
+  @supported_activities [
+    "Create",
+    "Follow",
+    "Like",
+    "Announce",
+    "Undo",
+    "Delete"
+  ]
+  def publish(user, activity, poster \\ &@httpoison.post/4)
+
+  def publish(%{info: %{keys: keys}} = user, %{data: %{"type" => type}} = activity, poster)
+      when type in @supported_activities do
+    feed = ActivityRepresenter.to_simple_form(activity, user, true)
+
+    if feed do
+      feed =
+        ActivityRepresenter.wrap_with_entry(feed)
+        |> :xmerl.export_simple(:xmerl_xml)
+        |> to_string
+
+      {:ok, private, _} = keys_from_pem(keys)
+      {:ok, feed} = encode(private, feed)
+
+      remote_users(activity)
+      |> Enum.each(fn remote_user ->
+        Task.start(fn ->
+          Logger.debug(fn -> "Sending Salmon to #{remote_user.ap_id}" end)
+          send_to_user(remote_user, feed, poster)
+        end)
+      end)
+    end
+  end
+
+  def publish(%{id: id}, _, _), do: Logger.debug(fn -> "Keys missing for user #{id}" end)
 end