1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.Salmon do
6 @httpoison Application.get_env(:pleroma, :httpoison)
10 alias Pleroma.{Instances, User}
12 alias Pleroma.Web.OStatus.ActivityRepresenter
17 doc = XML.parse_document(salmon)
19 {:xmlObj, :string, data} = :xmerl_xpath.string('string(//me:data[1])', doc)
20 {:xmlObj, :string, sig} = :xmerl_xpath.string('string(//me:sig[1])', doc)
21 {:xmlObj, :string, alg} = :xmerl_xpath.string('string(//me:alg[1])', doc)
22 {:xmlObj, :string, encoding} = :xmerl_xpath.string('string(//me:encoding[1])', doc)
23 {:xmlObj, :string, type} = :xmerl_xpath.string('string(//me:data[1]/@type)', doc)
25 {:ok, data} = Base.url_decode64(to_string(data), ignore: :whitespace)
26 {:ok, sig} = Base.url_decode64(to_string(sig), ignore: :whitespace)
28 encoding = to_string(encoding)
29 type = to_string(type)
31 [data, type, encoding, alg, sig]
34 def fetch_magic_key(salmon) do
35 with [data, _, _, _, _] <- decode(salmon),
36 doc <- XML.parse_document(data),
37 uri when not is_nil(uri) <- XML.string_from_xpath("/entry/author[1]/uri", doc),
38 {:ok, public_key} <- User.get_public_key_for_ap_id(uri),
39 magic_key <- encode_key(public_key) do
44 def decode_and_validate(magickey, salmon) do
45 [data, type, encoding, alg, sig] = decode(salmon)
48 [data, type, encoding, alg]
49 |> Enum.map(&Base.url_encode64/1)
52 key = decode_key(magickey)
54 verify = :public_key.verify(signed_text, :sha256, sig, key)
63 def decode_key("RSA." <> magickey) do
64 make_integer = fn bin ->
65 list = :erlang.binary_to_list(bin)
66 Enum.reduce(list, 0, fn el, acc -> acc <<< 8 ||| el end)
72 |> Enum.map(fn n -> Base.url_decode64!(n, padding: false) end)
73 |> Enum.map(make_integer)
75 {:RSAPublicKey, modulus, exponent}
78 def encode_key({:RSAPublicKey, modulus, exponent}) do
79 modulus_enc = :binary.encode_unsigned(modulus) |> Base.url_encode64()
80 exponent_enc = :binary.encode_unsigned(exponent) |> Base.url_encode64()
82 "RSA.#{modulus_enc}.#{exponent_enc}"
85 # Native generation of RSA keys is only available since OTP 20+ and in default build conditions
86 # We try at compile time to generate natively an RSA key otherwise we fallback on the old way.
88 _ = :public_key.generate_key({:rsa, 2048, 65537})
90 def generate_rsa_pem do
91 key = :public_key.generate_key({:rsa, 2048, 65537})
92 entry = :public_key.pem_entry_encode(:RSAPrivateKey, key)
93 pem = :public_key.pem_encode([entry]) |> String.trim_trailing()
98 def generate_rsa_pem do
99 port = Port.open({:spawn, "openssl genrsa"}, [:binary])
103 {^port, {:data, pem}} -> {:ok, pem}
108 if Regex.match?(~r/RSA PRIVATE KEY/, pem) do
116 def keys_from_pem(pem) do
117 [private_key_code] = :public_key.pem_decode(pem)
118 private_key = :public_key.pem_entry_decode(private_key_code)
119 {:RSAPrivateKey, _, modulus, exponent, _, _, _, _, _, _, _} = private_key
120 public_key = {:RSAPublicKey, modulus, exponent}
121 {:ok, private_key, public_key}
124 def encode(private_key, doc) do
125 type = "application/atom+xml"
126 encoding = "base64url"
130 [doc, type, encoding, alg]
131 |> Enum.map(&Base.url_encode64/1)
136 |> :public_key.sign(:sha256, private_key)
138 |> Base.url_encode64()
142 |> Base.url_encode64()
144 # Don't need proper xml building, these strings are safe to leave unescaped
146 <?xml version="1.0" encoding="UTF-8"?>
147 <me:env xmlns:me="http://salmon-protocol.org/ns/magic-env">
148 <me:data type="application/atom+xml">#{doc_base64}</me:data>
149 <me:encoding>#{encoding}</me:encoding>
150 <me:alg>#{alg}</me:alg>
151 <me:sig>#{signature}</me:sig>
158 def remote_users(%{data: %{"to" => to} = data}) do
159 to = to ++ (data["cc"] || [])
162 |> Enum.map(fn id -> User.get_cached_by_ap_id(id) end)
163 |> Enum.filter(fn user -> user && !user.local end)
166 @doc "Pushes an activity to remote account."
167 def send_to_user(%{recipient: %{info: %{salmon: salmon}}} = params),
168 do: send_to_user(Map.put(params, :recipient, salmon))
170 def send_to_user(%{recipient: url, feed: feed, poster: poster} = params) when is_binary(url) do
171 with {:ok, %{status: code}} when code in 200..299 <-
175 [{"Content-Type", "application/magic-envelope+xml"}]
177 if !Map.has_key?(params, :unreachable_since) || params[:unreachable_since],
178 do: Instances.set_reachable(url)
180 Logger.debug(fn -> "Pushed to #{url}, code #{code}" end)
184 unless params[:unreachable_since], do: Instances.set_reachable(url)
185 Logger.debug(fn -> "Pushing Salmon to #{url} failed, #{inspect(e)}" end)
190 def send_to_user(_), do: :noop
192 @supported_activities [
202 Publishes an activity to remote accounts
204 @spec publish(User.t(), Pleroma.Activity.t(), Pleroma.HTTP.t()) :: none
205 def publish(user, activity, poster \\ &@httpoison.post/3)
207 def publish(%{info: %{keys: keys}} = user, %{data: %{"type" => type}} = activity, poster)
208 when type in @supported_activities do
209 feed = ActivityRepresenter.to_simple_form(activity, user, true)
213 ActivityRepresenter.wrap_with_entry(feed)
214 |> :xmerl.export_simple(:xmerl_xml)
217 {:ok, private, _} = keys_from_pem(keys)
218 {:ok, feed} = encode(private, feed)
220 remote_users = remote_users(activity)
222 salmon_urls = Enum.map(remote_users, & &1.info.salmon)
223 reachable_urls_metadata = Instances.filter_reachable(salmon_urls)
224 reachable_urls = Map.keys(reachable_urls_metadata)
227 |> Enum.filter(&(&1.info.salmon in reachable_urls))
228 |> Enum.each(fn remote_user ->
229 Logger.debug(fn -> "Sending Salmon to #{remote_user.ap_id}" end)
231 Pleroma.Web.Federator.enqueue(:publish_single_salmon, %{
232 recipient: remote_user,
235 unreachable_since: reachable_urls_metadata[remote_user.info.salmon]
241 def publish(%{id: id}, _, _), do: Logger.debug(fn -> "Keys missing for user #{id}" end)