Wire up stub routes for client calls of activitypub inbox/outbox

author sxsdv1 <sxsdv1@gmail.com>

Sat, 29 Dec 2018 17:01:15 +0000 (18:01 +0100)

committer sxsdv1 <sxsdv1@gmail.com>

Sat, 29 Dec 2018 21:22:03 +0000 (22:22 +0100)
author sxsdv1 <sxsdv1@gmail.com>
Sat, 29 Dec 2018 17:01:15 +0000 (18:01 +0100)
committer sxsdv1 <sxsdv1@gmail.com>
Sat, 29 Dec 2018 21:22:03 +0000 (22:22 +0100)
diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex

index 7fd6a45f5dcc2f0c5f229eb52dac3e614643fc70..dfa7eb94b6e8ffa0e2d26bea570128b6faa58f3e 100644 (file)
--- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
@@ -93,19 +93,15 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
      end
    end
  
-  def outbox(conn, %{"nickname" => nickname, "max_id" => max_id}) do
+  def outbox(conn, %{"nickname" => nickname} = params) do
      with %User{} = user <- User.get_cached_by_nickname(nickname),
           {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
        conn
        |> put_resp_header("content-type", "application/activity+json")
-      |> json(UserView.render("outbox.json", %{user: user, max_id: max_id}))
+      |> json(UserView.render("outbox.json", %{user: user, max_id: params["max_id"]}))
      end
    end
  
-  def outbox(conn, %{"nickname" => nickname}) do
-    outbox(conn, %{"nickname" => nickname, "max_id" => nil})
-  end
-
    def inbox(%{assigns: %{valid_signature: true}} = conn, %{"nickname" => nickname} = params) do
      with %User{} = user <- User.get_cached_by_nickname(nickname),
           true <- Utils.recipient_in_message(user.ap_id, params),
@@ -156,6 +152,34 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
      end
    end
  
+  def read_inbox(%{assigns: %{user: user}} = conn, %{"nickname" => nickname} = params) do
+    if nickname == user.nickname do
+      Logger.info("read inbox #{inspect(params)}")
+
+      conn
+      |> put_resp_header("content-type", "application/activity+json")
+      |> json("ok!")
+    else
+      conn
+      |> put_status(:forbidden)
+      |> json("can't read inbox of #{nickname} as #{user.nickname}")
+    end
+  end
+
+  def update_outbox(%{assigns: %{user: user}} = conn, %{"nickname" => nickname} = params) do
+    if nickname == user.nickname do
+      Logger.info("update outbox #{inspect(params)}")
+
+      conn
+      |> put_status(:created)
+      |> json("ok!")
+    else
+      conn
+      |> put_status(:forbidden)
+      |> json("can't update outbox of #{nickname} as #{user.nickname}")
+    end
+  end
+
    def errors(conn, {:error, :not_found}) do
      conn
      |> put_status(404)
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex

index 43b04e50808d0009eae150491d29e08ecefd138c..33c573d4681cf5562ec32971574dd3e7946f04c9 100644 (file)
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -412,6 +412,27 @@ defmodule Pleroma.Web.Router do
      get("/users/:nickname/outbox", ActivityPubController, :outbox)
    end
  
+  pipeline :activitypub_client do
+    plug(:accepts, ["activity+json"])
+    plug(:fetch_session)
+    plug(Pleroma.Plugs.OAuthPlug)
+    plug(Pleroma.Plugs.BasicAuthDecoderPlug)
+    plug(Pleroma.Plugs.UserFetcherPlug)
+    plug(Pleroma.Plugs.SessionAuthenticationPlug)
+    plug(Pleroma.Plugs.LegacyAuthenticationPlug)
+    plug(Pleroma.Plugs.AuthenticationPlug)
+    plug(Pleroma.Plugs.UserEnabledPlug)
+    plug(Pleroma.Plugs.SetUserSessionIdPlug)
+    plug(Pleroma.Plugs.EnsureUserKeyPlug)
+  end
+
+  scope "/", Pleroma.Web.ActivityPub do
+    pipe_through([:activitypub_client])
+
+    get("/users/:nickname/inbox", ActivityPubController, :read_inbox)
+    post("/users/:nickname/outbox", ActivityPubController, :update_outbox)
+  end
+
    scope "/relay", Pleroma.Web.ActivityPub do
      pipe_through(:ap_relay)
      get("/", ActivityPubController, :relay)
diff --git a/test/fixtures/activitypub-client-post-activity.json b/test/fixtures/activitypub-client-post-activity.json

new file mode 100644 (file)

index 0000000..c985e07
--- /dev/null
+++ b/test/fixtures/activitypub-client-post-activity.json
@@ -0,0 +1,9 @@
+{
+  "@context": ["https://www.w3.org/ns/activitystreams", {"@language": "en-GB"}],
+  "type": "Create",
+  "object": {
+    "type": "Note",
+    "content": "It's a note"
+  },
+  "to": ["https://www.w3.org/ns/activitystreams#Public"]
+}
diff --git a/test/web/activity_pub/activity_pub_controller_test.exs b/test/web/activity_pub/activity_pub_controller_test.exs

index 9fdf15505572ecc98b359795296fac678e277591..95027f8550b8f625a0dc67c902e6aa52ab621a92 100644 (file)
--- a/test/web/activity_pub/activity_pub_controller_test.exs
+++ b/test/web/activity_pub/activity_pub_controller_test.exs
@@ -112,6 +112,19 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
        :timer.sleep(500)
        assert Activity.get_by_ap_id(data["id"])
      end
+
+    test "it rejects reads from other users", %{conn: conn} do
+      user = insert(:user)
+      otheruser = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, otheruser)
+        |> put_req_header("accept", "application/activity+json")
+        |> get("/users/#{user.nickname}/inbox")
+
+      assert json_response(conn, 403)
+    end
    end
  
    describe "/users/:nickname/outbox" do
@@ -138,6 +151,20 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
  
        assert response(conn, 200) =~ announce_activity.data["object"]
      end
+
+    test "it rejects posts from other users", %{conn: conn} do
+      data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
+      user = insert(:user)
+      otheruser = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, otheruser)
+        |> put_req_header("content-type", "application/activity+json")
+        |> post("/users/#{user.nickname}/outbox", data)
+
+      assert json_response(conn, 403)
+    end
    end
  
    describe "/users/:nickname/followers" do
author	sxsdv1 <sxsdv1@gmail.com>
	Sat, 29 Dec 2018 17:01:15 +0000 (18:01 +0100)
committer	sxsdv1 <sxsdv1@gmail.com>
	Sat, 29 Dec 2018 21:22:03 +0000 (22:22 +0100)
lib/pleroma/web/activity_pub/activity_pub_controller.ex		patch \| blob \| history
lib/pleroma/web/router.ex		patch \| blob \| history
test/fixtures/activitypub-client-post-activity.json	[new file with mode: 0644]	patch \| blob
test/web/activity_pub/activity_pub_controller_test.exs		patch \| blob \| history