X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Fwebsub%2Fwebsub_controller.ex;h=9e8b48b80c2c94479cbb2e7873193935bbaa56e4;hb=5402d04e3cd2d45472092942fec2c9302c48f64f;hp=5766dff649d76c535da7b9b1a6ae4fe55a022741;hpb=39dc74f967e3fdbcd949c50df8d2c5ed74f876ff;p=akkoma diff --git a/lib/pleroma/web/websub/websub_controller.ex b/lib/pleroma/web/websub/websub_controller.ex index 5766dff64..9e8b48b80 100644 --- a/lib/pleroma/web/websub/websub_controller.ex +++ b/lib/pleroma/web/websub/websub_controller.ex @@ -1,53 +1,99 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + defmodule Pleroma.Web.Websub.WebsubController do use Pleroma.Web, :controller - alias Pleroma.Web.Websub.WebsubServerSubscription - alias Pleroma.{Repo, User} - alias Pleroma.Web.OStatus + + alias Pleroma.Repo + alias Pleroma.User + alias Pleroma.Web.Federator alias Pleroma.Web.Websub + alias Pleroma.Web.Websub.WebsubClientSubscription + + require Logger + + plug( + Pleroma.Web.FederatingPlug + when action in [ + :websub_subscription_request, + :websub_subscription_confirmation, + :websub_incoming + ] + ) + def websub_subscription_request(conn, %{"nickname" => nickname} = params) do user = User.get_cached_by_nickname(nickname) - with {:ok, topic} <- valid_topic(params, user), - {:ok, lease_time} <- lease_time(params), - secret <- params["hub.secret"] - do - data = %{ - state: "requested", - topic: topic, - secret: secret, - callback: params["hub.callback"] - } + with {:ok, _websub} <- Websub.incoming_subscription_request(user, params) do + conn + |> send_resp(202, "Accepted") + else + {:error, reason} -> + conn + |> send_resp(500, reason) + end + end - change = Ecto.Changeset.change(%WebsubServerSubscription{}, data) - websub = Repo.insert!(change) + # TODO: Extract this into the Websub module + def websub_subscription_confirmation( + conn, + %{ + "id" => id, + "hub.mode" => "subscribe", + "hub.challenge" => challenge, + "hub.topic" => topic + } = params + ) do + Logger.debug("Got WebSub confirmation") + Logger.debug(inspect(params)) - change = Ecto.Changeset.change(websub, %{valid_until: NaiveDateTime.add(websub.inserted_at, lease_time)}) - websub = Repo.update!(change) + lease_seconds = + if params["hub.lease_seconds"] do + String.to_integer(params["hub.lease_seconds"]) + else + # Guess 3 days + 60 * 60 * 24 * 3 + end - # Just spawn that for now, maybe pool later. - spawn(fn -> Websub.verify(websub) end) + with %WebsubClientSubscription{} = websub <- + Repo.get_by(WebsubClientSubscription, id: id, topic: topic) do + valid_until = NaiveDateTime.add(NaiveDateTime.utc_now(), lease_seconds) + change = Ecto.Changeset.change(websub, %{state: "accepted", valid_until: valid_until}) + {:ok, _websub} = Repo.update(change) conn - |> send_resp(202, "Accepted") - else {:error, reason} -> - conn - |> send_resp(500, reason) + |> send_resp(200, challenge) + else + _e -> + conn + |> send_resp(500, "Error") end end - defp lease_time(%{"hub.lease_seconds" => lease_seconds}) do - {:ok, String.to_integer(lease_seconds)} - end + def websub_subscription_confirmation(conn, params) do + Logger.info("Invalid WebSub confirmation request: #{inspect(params)}") - defp lease_time(_) do - {:ok, 60 * 60 * 24 * 3} # three days + conn + |> send_resp(500, "Invalid parameters") end - defp valid_topic(%{"hub.topic" => topic}, user) do - if topic == OStatus.feed_path(user) do - {:ok, topic} + def websub_incoming(conn, %{"id" => id}) do + with "sha1=" <> signature <- hd(get_req_header(conn, "x-hub-signature")), + signature <- String.downcase(signature), + %WebsubClientSubscription{} = websub <- Repo.get(WebsubClientSubscription, id), + {:ok, body, _conn} = read_body(conn), + ^signature <- Websub.sign(websub.secret, body) do + Federator.incoming_doc(body) + + conn + |> send_resp(200, "OK") else - {:error, "Wrong topic requested, expected #{OStatus.feed_path(user)}, got #{topic}"} + _e -> + Logger.debug("Can't handle incoming subscription post") + + conn + |> send_resp(500, "Error") end end end