X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Fostatus%2Fostatus_controller.ex;h=09d1b1110906673f36047bc2aa1cc7d3c36023f8;hb=305d2194136d4560e02c110d528164034d3727b2;hp=a02f55fe6383b85ace1eedbafab0f70bd059adf4;hpb=6ff583e5e10e59fe76cb51ce3d04587307af9eae;p=akkoma diff --git a/lib/pleroma/web/ostatus/ostatus_controller.ex b/lib/pleroma/web/ostatus/ostatus_controller.ex index a02f55fe6..bab3da2b0 100644 --- a/lib/pleroma/web/ostatus/ostatus_controller.ex +++ b/lib/pleroma/web/ostatus/ostatus_controller.ex @@ -1,45 +1,69 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + defmodule Pleroma.Web.OStatus.OStatusController do use Pleroma.Web, :controller - alias Pleroma.{User, Activity} - alias Pleroma.Web.OStatus.{FeedRepresenter, ActivityRepresenter} - alias Pleroma.Repo - alias Pleroma.Web.{OStatus, Federator} - alias Pleroma.Web.XML - alias Pleroma.Web.ActivityPub.ActivityPubController + alias Pleroma.Activity + alias Pleroma.Object + alias Pleroma.User alias Pleroma.Web.ActivityPub.ActivityPub - import Ecto.Query + alias Pleroma.Web.ActivityPub.ActivityPubController + alias Pleroma.Web.ActivityPub.ObjectView + alias Pleroma.Web.OStatus.ActivityRepresenter + alias Pleroma.Web.OStatus.FeedRepresenter + alias Pleroma.Web.Federator + alias Pleroma.Web.OStatus + alias Pleroma.Web.XML + + plug(Pleroma.Web.FederatingPlug when action in [:salmon_incoming]) - def feed_redirect(conn, %{"nickname" => nickname} = params) do - user = User.get_cached_by_nickname(nickname) + action_fallback(:errors) + def feed_redirect(conn, %{"nickname" => nickname}) do case get_format(conn) do - "html" -> Fallback.RedirectController.redirector(conn, nil) - "activity+json" -> ActivityPubController.user(conn, params) - _ -> redirect(conn, external: OStatus.feed_path(user)) + "html" -> + with %User{} = user <- User.get_cached_by_nickname_or_id(nickname) do + Fallback.RedirectController.redirector_with_meta(conn, %{user: user}) + else + nil -> {:error, :not_found} + end + + "activity+json" -> + ActivityPubController.call(conn, :user) + + _ -> + with %User{} = user <- User.get_cached_by_nickname(nickname) do + redirect(conn, external: OStatus.feed_path(user)) + else + nil -> {:error, :not_found} + end end end def feed(conn, %{"nickname" => nickname} = params) do - user = User.get_cached_by_nickname(nickname) - - query_params = - Map.take(params, ["max_id"]) - |> Map.merge(%{"whole_db" => true, "actor_id" => user.ap_id}) - - activities = - ActivityPub.fetch_public_activities(query_params) - |> Enum.reverse() - - response = - user - |> FeedRepresenter.to_simple_form(activities, [user]) - |> :xmerl.export_simple(:xmerl_xml) - |> to_string - - conn - |> put_resp_content_type("application/atom+xml") - |> send_resp(200, response) + with %User{} = user <- User.get_cached_by_nickname(nickname) do + query_params = + Map.take(params, ["max_id"]) + |> Map.merge(%{"whole_db" => true, "actor_id" => user.ap_id}) + + activities = + ActivityPub.fetch_public_activities(query_params) + |> Enum.reverse() + + response = + user + |> FeedRepresenter.to_simple_form(activities, [user]) + |> :xmerl.export_simple(:xmerl_xml) + |> to_string + + conn + |> put_resp_content_type("application/atom+xml") + |> send_resp(200, response) + else + nil -> {:error, :not_found} + end end defp decode_or_retry(body) do @@ -63,57 +87,121 @@ defmodule Pleroma.Web.OStatus.OStatusController do {:ok, body, _conn} = read_body(conn) {:ok, doc} = decode_or_retry(body) - Federator.enqueue(:incoming_doc, doc) + Federator.incoming_doc(doc) conn |> send_resp(200, "") end - # TODO: Data leak - def object(conn, %{"uuid" => uuid} = params) do + def object(conn, %{"uuid" => uuid}) do if get_format(conn) == "activity+json" do - ActivityPubController.object(conn, params) + ActivityPubController.call(conn, :object) else with id <- o_status_url(conn, :object, uuid), - %Activity{} = activity <- Activity.get_create_activity_by_object_ap_id(id), + {_, %Activity{} = activity} <- {:activity, Activity.get_create_by_object_ap_id(id)}, + {_, true} <- {:public?, ActivityPub.is_public?(activity)}, %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do case get_format(conn) do "html" -> redirect(conn, to: "/notice/#{activity.id}") - _ -> represent_activity(conn, activity, user) + _ -> represent_activity(conn, nil, activity, user) end + else + {:public?, false} -> + {:error, :not_found} + + {:activity, nil} -> + {:error, :not_found} + + e -> + e end end end - # TODO: Data leak def activity(conn, %{"uuid" => uuid}) do - with id <- o_status_url(conn, :activity, uuid), - %Activity{} = activity <- Activity.get_by_ap_id(id), - %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do - case get_format(conn) do - "html" -> redirect(conn, to: "/notice/#{activity.id}") - _ -> represent_activity(conn, activity, user) + if get_format(conn) == "activity+json" do + ActivityPubController.call(conn, :activity) + else + with id <- o_status_url(conn, :activity, uuid), + {_, %Activity{} = activity} <- {:activity, Activity.normalize(id)}, + {_, true} <- {:public?, ActivityPub.is_public?(activity)}, + %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do + case format = get_format(conn) do + "html" -> redirect(conn, to: "/notice/#{activity.id}") + _ -> represent_activity(conn, format, activity, user) + end + else + {:public?, false} -> + {:error, :not_found} + + {:activity, nil} -> + {:error, :not_found} + + e -> + e end end end - # TODO: Data leak def notice(conn, %{"id" => id}) do - with %Activity{} = activity <- Repo.get(Activity, id), + with {_, %Activity{} = activity} <- {:activity, Activity.get_by_id(id)}, + {_, true} <- {:public?, ActivityPub.is_public?(activity)}, %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do - case get_format(conn) do + case format = get_format(conn) do "html" -> - conn - |> put_resp_content_type("text/html") - |> send_file(200, "priv/static/index.html") + if activity.data["type"] == "Create" do + %Object{} = object = Object.normalize(activity.data["object"]) + + Fallback.RedirectController.redirector_with_meta(conn, %{ + object: object, + url: + Pleroma.Web.Router.Helpers.o_status_url( + Pleroma.Web.Endpoint, + :notice, + activity.id + ), + user: user + }) + else + Fallback.RedirectController.redirector(conn, nil) + end _ -> - represent_activity(conn, activity, user) + represent_activity(conn, format, activity, user) end + else + {:public?, false} -> + conn + |> put_status(404) + |> Fallback.RedirectController.redirector(nil, 404) + + {:activity, nil} -> + conn + |> Fallback.RedirectController.redirector(nil, 404) + + e -> + e end end - defp represent_activity(conn, activity, user) do + defp represent_activity( + conn, + "activity+json", + %Activity{data: %{"type" => "Create"}} = activity, + _user + ) do + object = Object.normalize(activity.data["object"]) + + conn + |> put_resp_header("content-type", "application/activity+json") + |> json(ObjectView.render("object.json", %{object: object})) + end + + defp represent_activity(_conn, "activity+json", _, _) do + {:error, :not_found} + end + + defp represent_activity(conn, _, activity, user) do response = activity |> ActivityRepresenter.to_simple_form(user, true) @@ -125,4 +213,16 @@ defmodule Pleroma.Web.OStatus.OStatusController do |> put_resp_content_type("application/atom+xml") |> send_resp(200, response) end + + def errors(conn, {:error, :not_found}) do + conn + |> put_status(404) + |> text("Not found") + end + + def errors(conn, _) do + conn + |> put_status(500) + |> text("Something went wrong") + end end