2021-08-25 04:29:26 +09:00
|
|
|
<?php
|
|
|
|
|
2021-12-24 10:58:41 +09:00
|
|
|
declare(strict_types = 1);
|
2021-10-10 17:26:18 +09:00
|
|
|
|
2021-08-25 04:29:26 +09:00
|
|
|
// {{{ License
|
|
|
|
// This file is part of GNU social - https://www.gnu.org/software/social
|
|
|
|
//
|
|
|
|
// GNU social is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// GNU social is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU Affero General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
|
|
// along with GNU social. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
// }}}
|
|
|
|
|
2021-12-04 13:07:08 +09:00
|
|
|
/**
|
|
|
|
* ActivityPub implementation for GNU social
|
|
|
|
*
|
|
|
|
* @package GNUsocial
|
|
|
|
* @category ActivityPub
|
2021-12-24 10:58:41 +09:00
|
|
|
*
|
2021-12-04 13:07:08 +09:00
|
|
|
* @author Diogo Peralta Cordeiro <@diogo.site>
|
|
|
|
* @copyright 2018-2019, 2021 Free Software Foundation, Inc http://www.fsf.org
|
|
|
|
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
|
|
|
|
*/
|
|
|
|
|
2021-08-25 04:29:26 +09:00
|
|
|
namespace Plugin\ActivityPub\Controller;
|
|
|
|
|
|
|
|
use App\Core\Controller;
|
|
|
|
use App\Core\DB\DB;
|
2021-12-24 10:58:41 +09:00
|
|
|
use function App\Core\I18n\_m;
|
2021-12-01 01:47:31 +09:00
|
|
|
use App\Core\Log;
|
|
|
|
use App\Core\Router\Router;
|
|
|
|
use App\Entity\Actor;
|
2021-12-04 13:07:08 +09:00
|
|
|
use App\Util\Exception\ClientException;
|
2021-12-02 13:25:58 +09:00
|
|
|
use Component\FreeNetwork\Entity\FreeNetworkActorProtocol;
|
2021-12-04 13:07:08 +09:00
|
|
|
use Component\FreeNetwork\Util\Discovery;
|
2021-12-01 01:47:31 +09:00
|
|
|
use Exception;
|
2021-12-24 10:58:41 +09:00
|
|
|
use const PHP_URL_HOST;
|
2021-12-01 01:47:31 +09:00
|
|
|
use Plugin\ActivityPub\Entity\ActivitypubActor;
|
|
|
|
use Plugin\ActivityPub\Entity\ActivitypubRsa;
|
|
|
|
use Plugin\ActivityPub\Util\Explorer;
|
|
|
|
use Plugin\ActivityPub\Util\HTTPSignature;
|
2021-12-04 13:07:08 +09:00
|
|
|
use Plugin\ActivityPub\Util\Model;
|
|
|
|
use Plugin\ActivityPub\Util\TypeResponse;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ActivityPub Inbox Handler
|
|
|
|
*
|
|
|
|
* @copyright 2018-2019, 2021 Free Software Foundation, Inc http://www.fsf.org
|
|
|
|
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
|
|
|
|
*/
|
2021-08-25 04:29:26 +09:00
|
|
|
class Inbox extends Controller
|
|
|
|
{
|
|
|
|
/**
|
2021-12-04 13:07:08 +09:00
|
|
|
* Create an Inbox Handler to receive something from someone.
|
2021-08-25 04:29:26 +09:00
|
|
|
*/
|
2021-10-18 21:22:02 +09:00
|
|
|
public function handle(?int $gsactor_id = null): TypeResponse
|
2021-08-25 04:29:26 +09:00
|
|
|
{
|
2021-12-20 04:45:38 +09:00
|
|
|
$error = function (string $m, ?Exception $e = null): TypeResponse {
|
|
|
|
Log::error('ActivityPub Error Answer: ' . ($json = json_encode(['error' => $m, 'exception' => var_export($e, true)])));
|
|
|
|
return new TypeResponse($json, 400);
|
|
|
|
};
|
2021-12-01 01:47:31 +09:00
|
|
|
$path = Router::url('activitypub_inbox', type: Router::ABSOLUTE_PATH);
|
|
|
|
|
2021-12-24 10:58:41 +09:00
|
|
|
if (!\is_null($gsactor_id)) {
|
2021-12-01 01:47:31 +09:00
|
|
|
try {
|
|
|
|
$user = DB::findOneBy('local_user', ['id' => $gsactor_id]);
|
|
|
|
$path = Router::url('activitypub_actor_inbox', ['gsactor_id' => $user->getId()], type: Router::ABSOLUTE_PATH);
|
|
|
|
} catch (Exception $e) {
|
|
|
|
throw new ClientException(_m('No such actor.'), 404, $e);
|
2021-09-21 01:03:23 +09:00
|
|
|
}
|
2021-08-25 04:29:26 +09:00
|
|
|
}
|
|
|
|
|
2021-12-01 01:47:31 +09:00
|
|
|
Log::debug('ActivityPub Inbox: Received a POST request.');
|
2021-12-24 10:58:41 +09:00
|
|
|
$body = (string) $this->request->getContent();
|
|
|
|
Log::debug('ActivityPub Inbox: Request Body content: ' . $body);
|
2021-12-04 13:07:08 +09:00
|
|
|
$type = Model::jsonToType($body);
|
2021-08-25 04:29:26 +09:00
|
|
|
|
2021-12-01 01:47:31 +09:00
|
|
|
if ($type->has('actor') === false) {
|
2021-12-05 12:11:08 +09:00
|
|
|
return $error('Actor not found in the request.');
|
2021-12-01 01:47:31 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
try {
|
2021-12-09 07:24:52 +09:00
|
|
|
$resource_parts = parse_url($type->get('actor'));
|
|
|
|
if ($resource_parts['host'] !== $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) {
|
|
|
|
$ap_actor = ActivitypubActor::fromUri($type->get('actor'));
|
2021-12-24 10:58:41 +09:00
|
|
|
$actor = Actor::getById($ap_actor->getActorId());
|
2021-12-09 07:24:52 +09:00
|
|
|
DB::flush();
|
|
|
|
} else {
|
|
|
|
throw new Exception('Only remote actors can use this endpoint.');
|
|
|
|
}
|
|
|
|
unset($resource_parts);
|
2021-12-04 13:07:08 +09:00
|
|
|
} catch (Exception $e) {
|
2021-12-20 04:45:38 +09:00
|
|
|
return $error('Invalid actor.', $e);
|
2021-12-01 01:47:31 +09:00
|
|
|
}
|
|
|
|
|
2021-12-24 10:58:41 +09:00
|
|
|
$activitypub_rsa = ActivitypubRsa::getByActor($actor);
|
2021-12-05 12:11:08 +09:00
|
|
|
$actor_public_key = $activitypub_rsa->getPublicKey();
|
2021-12-01 01:47:31 +09:00
|
|
|
|
|
|
|
$headers = $this->request->headers->all();
|
2021-12-24 10:58:41 +09:00
|
|
|
Log::debug('ActivityPub Inbox: Request Headers: ' . var_export($headers, true));
|
2021-12-01 01:47:31 +09:00
|
|
|
// Flattify headers
|
|
|
|
foreach ($headers as $key => $val) {
|
|
|
|
$headers[$key] = $val[0];
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!isset($headers['signature'])) {
|
|
|
|
Log::debug('ActivityPub Inbox: HTTP Signature: Missing Signature header.');
|
2021-12-20 04:45:38 +09:00
|
|
|
return $error('Missing Signature header.');
|
2021-12-01 01:47:31 +09:00
|
|
|
// TODO: support other methods beyond HTTP Signatures
|
|
|
|
}
|
|
|
|
|
|
|
|
// Extract the signature properties
|
|
|
|
$signatureData = HTTPSignature::parseSignatureHeader($headers['signature']);
|
|
|
|
Log::debug('ActivityPub Inbox: HTTP Signature Data: ' . print_r($signatureData, true));
|
|
|
|
if (isset($signatureData['error'])) {
|
2021-12-24 10:58:41 +09:00
|
|
|
Log::debug('ActivityPub Inbox: HTTP Signature: ' . json_encode($signatureData, \JSON_PRETTY_PRINT));
|
|
|
|
return $error(json_encode($signatureData, \JSON_PRETTY_PRINT));
|
2021-12-01 01:47:31 +09:00
|
|
|
}
|
|
|
|
|
2021-12-05 12:11:08 +09:00
|
|
|
[$verified, /*$headers*/] = HTTPSignature::verify($actor_public_key, $signatureData, $headers, $path, $body);
|
2021-12-01 01:47:31 +09:00
|
|
|
|
|
|
|
// If the signature fails verification the first time, update profile as it might have changed public key
|
|
|
|
if ($verified !== 1) {
|
|
|
|
try {
|
|
|
|
$res = Explorer::get_remote_user_activity($ap_actor->getUri());
|
2021-12-24 10:58:41 +09:00
|
|
|
if (\is_null($res)) {
|
2021-12-20 04:45:38 +09:00
|
|
|
return $error('Invalid remote actor (null response).');
|
2021-12-05 12:11:08 +09:00
|
|
|
}
|
2021-12-20 04:45:38 +09:00
|
|
|
} catch (Exception $e) {
|
|
|
|
return $error('Invalid remote actor.', $e);
|
2021-12-01 01:47:31 +09:00
|
|
|
}
|
|
|
|
try {
|
2021-12-05 12:11:08 +09:00
|
|
|
ActivitypubActor::update_profile($ap_actor, $actor, $activitypub_rsa, $res);
|
2021-12-20 04:45:38 +09:00
|
|
|
} catch (Exception $e) {
|
|
|
|
return $error('Failed to updated remote actor information.', $e);
|
2021-12-01 01:47:31 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
[$verified, /*$headers*/] = HTTPSignature::verify($actor_public_key, $signatureData, $headers, $path, $body);
|
|
|
|
}
|
|
|
|
|
|
|
|
// If it still failed despite profile update
|
|
|
|
if ($verified !== 1) {
|
|
|
|
Log::debug('ActivityPub Inbox: HTTP Signature: Invalid signature.');
|
2021-12-05 12:11:08 +09:00
|
|
|
return $error('Invalid signature.');
|
2021-12-01 01:47:31 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
// HTTP signature checked out, make sure the "actor" of the activity matches that of the signature
|
2021-12-24 10:58:41 +09:00
|
|
|
Log::debug('ActivityPub Inbox: HTTP Signature: Authorised request. Will now start the inbox handler.');
|
2021-08-25 04:29:26 +09:00
|
|
|
|
2021-10-05 01:00:58 +09:00
|
|
|
// TODO: Check if Actor has authority over payload
|
|
|
|
|
|
|
|
// Store Activity
|
2021-12-04 13:07:08 +09:00
|
|
|
$ap_act = Model\Activity::fromJson($type, ['source' => 'ActivityPub']);
|
|
|
|
FreeNetworkActorProtocol::protocolSucceeded(
|
|
|
|
'activitypub',
|
|
|
|
$ap_actor->getActorId(),
|
2021-12-24 10:58:41 +09:00
|
|
|
Discovery::normalize($actor->getNickname() . '@' . parse_url($ap_actor->getInboxUri(), PHP_URL_HOST)),
|
2021-12-04 13:07:08 +09:00
|
|
|
);
|
2021-10-05 01:00:58 +09:00
|
|
|
DB::flush();
|
2021-11-28 00:06:46 +09:00
|
|
|
dd($ap_act, $act = $ap_act->getActivity(), $act->getActor(), $act->getObject());
|
2021-08-25 04:29:26 +09:00
|
|
|
|
|
|
|
return new TypeResponse($type, status: 202);
|
|
|
|
}
|
|
|
|
}
|