mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-10-30 22:12:25 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

fiddling with federation

Browse source
This commit is contained in:
tsmethurst 2021-05-02 19:51:12 +02:00
commit 74d5a0588f
15 changed files with 587 additions and 416 deletions
Download patch file Download diff file Expand all files Collapse all files

8
internal/apimodule/apimodule.go
View file

@ -31,3 +31,11 @@ type ClientAPIModule interface {
Route(s router.Router) error
CreateTables(db db.DB) error
}
// FederationAPIModule represents a chunk of code (usually contained in a single package) that adds a set
// of functionalities and/or side effects to a router, by mapping routes and/or middlewares onto it--in other words, a REST API ;)
// Unlike ClientAPIModule, federation API module is not intended to be interacted with by clients directly -- it is primarily a server-to-server interface.
type FederationAPIModule interface {
Route(s router.Router) error
CreateTables(db db.DB) error
}

90
internal/apimodule/federation/federation.go Normal file
View file

@ -0,0 +1,90 @@
/*
GoToSocial
Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package federation
import (
"net/http"
"github.com/sirupsen/logrus"
"github.com/superseriousbusiness/gotosocial/internal/apimodule"
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/db"
"github.com/superseriousbusiness/gotosocial/internal/federation"
"github.com/superseriousbusiness/gotosocial/internal/router"
"github.com/superseriousbusiness/gotosocial/internal/typeutils"
"github.com/superseriousbusiness/gotosocial/internal/util"
)
const (
// UsernameKey is for account usernames.
UsernameKey = "username"
// UsersBasePath is the base path for serving information about Users eg https://example.org/users
UsersBasePath = "/" + util.UsersPath
// UsersBasePathWithID is just the users base path with the Username key in it.
// Use this anywhere you need to know the username of the user being queried.
// Eg https://example.org/users/:username
UsersBasePathWithID = UsersBasePath + "/:" + UsernameKey
)
// ActivityPubAcceptHeaders represents the Accept headers mentioned here:
// https://www.w3.org/TR/activitypub/#retrieving-objects
var ActivityPubAcceptHeaders = []string{
`application/activity+json`,
`application/ld+json; profile="https://www.w3.org/ns/activitystreams"`,
}
// Module implements the FederationAPIModule interface
type Module struct {
federator federation.Federator
config *config.Config
db db.DB
tc typeutils.TypeConverter
log *logrus.Logger
}
// New returns a new auth module
func New(db db.DB, federator federation.Federator, tc typeutils.TypeConverter, config *config.Config, log *logrus.Logger) apimodule.FederationAPIModule {
return &Module{
federator: federator,
config: config,
db: db,
tc: tc,
log: log,
}
}
// Route satisfies the RESTAPIModule interface
func (m *Module) Route(s router.Router) error {
s.AttachHandler(http.MethodGet, UsersBasePathWithID, m.UsersGETHandler)
return nil
}
// CreateTables populates necessary tables in the given DB
func (m *Module) CreateTables(db db.DB) error {
// models := []interface{}{
// &gtsmodel.MediaAttachment{},
// }
// for _, m := range models {
// if err := db.CreateTable(m); err != nil {
// return fmt.Errorf("error creating table: %s", err)
// }
// }
return nil
}

122
internal/apimodule/federation/users.go Normal file
View file

@ -0,0 +1,122 @@
/*
GoToSocial
Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package federation
import (
"encoding/json"
"errors"
"fmt"
"net/http"
"github.com/gin-gonic/gin"
"github.com/sirupsen/logrus"
"github.com/superseriousbusiness/gotosocial/internal/db/gtsmodel"
"github.com/superseriousbusiness/gotosocial/internal/federation"
)
// UsersGETHandler should be served at https://example.org/users/:username.
//
// The goal here is to return the activitypub representation of an account
// in the form of a vocab.ActivityStreamsPerson. This should only be served
// to REMOTE SERVERS that present a valid signature on the GET request, on
// behalf of a user, otherwise we risk leaking information about users publicly.
//
// And of course, the request should be refused if the account or server making the
// request is blocked.
func (m *Module) UsersGETHandler(c *gin.Context) {
l := m.log.WithFields(logrus.Fields{
"func": "UsersGETHandler",
"url": c.Request.RequestURI,
})
requestedUsername := c.Param(UsernameKey)
if requestedUsername == "" {
err := errors.New("no username specified in request")
l.Debug(err)
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
// make sure this actually an AP request
format := c.NegotiateFormat(ActivityPubAcceptHeaders...)
if format == "" {
err := errors.New("could not negotiate format with given Accept header(s)")
l.Debug(err)
c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
return
}
l.Tracef("negotiated format: %s", format)
// get the account the request is referring to
requestedAccount := &gtsmodel.Account{}
if err := m.db.GetLocalAccountByUsername(requestedUsername, requestedAccount); err != nil {
l.Errorf("database error getting account with username %s: %s", requestedUsername, err)
// we'll just return not authorized here to avoid giving anything away
c.JSON(http.StatusUnauthorized, gin.H{"error": "not authorized"})
return
}
// and create a transport for it
transport, err := m.federator.TransportController().NewTransport(requestedAccount.PublicKeyURI, requestedAccount.PrivateKey)
if err != nil {
l.Errorf("error creating transport for username %s: %s", requestedUsername, err)
// we'll just return not authorized here to avoid giving anything away
c.JSON(http.StatusUnauthorized, gin.H{"error": "not authorized"})
return
}
// authenticate the request
authentication, err := federation.AuthenticateFederatedRequest(transport, c.Request)
if err != nil {
l.Errorf("error authenticating GET user request: %s", err)
c.JSON(http.StatusUnauthorized, gin.H{"error": "not authorized"})
return
}
if !authentication.Authenticated {
l.Debug("request not authorized")
c.JSON(http.StatusUnauthorized, gin.H{"error": "not authorized"})
return
}
requestingAccount := &gtsmodel.Account{}
if authentication.RequestingPublicKeyID != nil {
if err := m.db.GetWhere("public_key_uri", authentication.RequestingPublicKeyID.String(), requestingAccount); err != nil {
}
}
authorization, err := federation.AuthorizeFederatedRequest
person, err := m.tc.AccountToAS(requestedAccount)
if err != nil {
l.Errorf("error converting account to ap person: %s", err)
c.JSON(http.StatusUnauthorized, gin.H{"error": "not authorized"})
return
}
data, err := person.Serialize()
if err != nil {
l.Errorf("error serializing user: %s", err)
c.JSON(http.StatusUnauthorized, gin.H{"error": "not authorized"})
return
}
c.JSON(http.StatusOK, data)
}

10
internal/federation/clock.go
View file

@ -18,7 +18,11 @@
package federation
import "time"
import (
"time"
"github.com/go-fed/activity/pub"
)
/*
GOFED CLOCK INTERFACE
@ -32,3 +36,7 @@ type Clock struct{}
func (c *Clock) Now() time.Time {
return time.Now()
}
func NewClock() pub.Clock {
return &Clock{}
}

12
internal/federation/commonbehavior.go
View file

@ -34,7 +34,7 @@ import (
"github.com/superseriousbusiness/gotosocial/internal/util"
)
// commonBehavior implements the go-fed common behavior interface
// commonBehavior implements the GTSCommonBehavior interface
type commonBehavior struct {
db db.DB
log *logrus.Logger
@ -42,7 +42,8 @@ type commonBehavior struct {
transportController transport.Controller
}
// newCommonBehavior returns an implementation of the pub.CommonBehavior interface that uses the given db, log, config, and transportController
// newCommonBehavior returns an implementation of the GTSCommonBehavior interface that uses the given db, log, config, and transportController.
// This interface is a superset of the pub.CommonBehavior interface, so it can be used anywhere that interface would be used.
func newCommonBehavior(db db.DB, log *logrus.Logger, config *config.Config, transportController transport.Controller) pub.CommonBehavior {
return &commonBehavior{
db: db,
@ -172,3 +173,10 @@ func (c *commonBehavior) NewTransport(ctx context.Context, actorBoxIRI *url.URL,
return c.transportController.NewTransport(account.PublicKeyURI, account.PrivateKey)
}
// GetUser returns the activitypub representation of the user specified in the path of r, eg https://example.org/users/example_user.
// AuthenticateGetUser should be called first, to make sure the requester has permission to view the requested user.
// The returned user should be a translation from a *gtsmodel.Account to a serializable ActivityStreamsPerson.
func (c *commonBehavior) GetUser(ctx context.Context, r *http.Request) (vocab.ActivityStreamsPerson, error) {
return nil, nil
}

136
internal/federation/federatingactor.go Normal file
View file

@ -0,0 +1,136 @@
/*
GoToSocial
Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package federation
import (
"context"
"net/http"
"net/url"
"github.com/go-fed/activity/pub"
"github.com/go-fed/activity/streams/vocab"
)
// federatingActor implements the go-fed federating protocol interface
type federatingActor struct {
actor pub.FederatingActor
}
// newFederatingProtocol returns the gotosocial implementation of the GTSFederatingProtocol interface
func newFederatingActor(c pub.CommonBehavior, s2s pub.FederatingProtocol, db pub.Database, clock pub.Clock) pub.FederatingActor {
actor := pub.NewFederatingActor(c, s2s, db, clock)
return &federatingActor{
actor: actor,
}
}
// Send a federated activity.
//
// The provided url must be the outbox of the sender. All processing of
// the activity occurs similarly to the C2S flow:
// - If t is not an Activity, it is wrapped in a Create activity.
// - A new ID is generated for the activity.
// - The activity is added to the specified outbox.
// - The activity is prepared and delivered to recipients.
//
// Note that this function will only behave as expected if the
// implementation has been constructed to support federation. This
// method will guaranteed work for non-custom Actors. For custom actors,
// care should be used to not call this method if only C2S is supported.
func (f *federatingActor) Send(c context.Context, outbox *url.URL, t vocab.Type) (pub.Activity, error) {
return f.actor.Send(c, outbox, t)
}
// PostInbox returns true if the request was handled as an ActivityPub
// POST to an actor's inbox. If false, the request was not an
// ActivityPub request and may still be handled by the caller in
// another way, such as serving a web page.
//
// If the error is nil, then the ResponseWriter's headers and response
// has already been written. If a non-nil error is returned, then no
// response has been written.
//
// If the Actor was constructed with the Federated Protocol enabled,
// side effects will occur.
//
// If the Federated Protocol is not enabled, writes the
// http.StatusMethodNotAllowed status code in the response. No side
// effects occur.
func (f *federatingActor) PostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (bool, error) {
return f.actor.PostInbox(c, w, r)
}
// GetInbox returns true if the request was handled as an ActivityPub
// GET to an actor's inbox. If false, the request was not an ActivityPub
// request and may still be handled by the caller in another way, such
// as serving a web page.
//
// If the error is nil, then the ResponseWriter's headers and response
// has already been written. If a non-nil error is returned, then no
// response has been written.
//
// If the request is an ActivityPub request, the Actor will defer to the
// application to determine the correct authorization of the request and
// the resulting OrderedCollection to respond with. The Actor handles
// serializing this OrderedCollection and responding with the correct
// headers and http.StatusOK.
func (f *federatingActor) GetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (bool, error) {
return f.actor.GetInbox(c, w, r)
}
// PostOutbox returns true if the request was handled as an ActivityPub
// POST to an actor's outbox. If false, the request was not an
// ActivityPub request and may still be handled by the caller in another
// way, such as serving a web page.
//
// If the error is nil, then the ResponseWriter's headers and response
// has already been written. If a non-nil error is returned, then no
// response has been written.
//
// If the Actor was constructed with the Social Protocol enabled, side
// effects will occur.
//
// If the Social Protocol is not enabled, writes the
// http.StatusMethodNotAllowed status code in the response. No side
// effects occur.
//
// If the Social and Federated Protocol are both enabled, it will handle
// the side effects of receiving an ActivityStream Activity, and then
// federate the Activity to peers.
func (f *federatingActor) PostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (bool, error) {
return f.actor.PostOutbox(c, w, r)
}
// GetOutbox returns true if the request was handled as an ActivityPub
// GET to an actor's outbox. If false, the request was not an
// ActivityPub request.
//
// If the error is nil, then the ResponseWriter's headers and response
// has already been written. If a non-nil error is returned, then no
// response has been written.
//
// If the request is an ActivityPub request, the Actor will defer to the
// application to determine the correct authorization of the request and
// the resulting OrderedCollection to respond with. The Actor handles
// serializing this OrderedCollection and responding with the correct
// headers and http.StatusOK.
func (f *federatingActor) GetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (bool, error) {
return f.actor.GetOutbox(c, w, r)
}

139
internal/federation/federatingprotocol.go
View file

@ -27,30 +27,32 @@ import (
"github.com/go-fed/activity/pub"
"github.com/go-fed/activity/streams/vocab"
"github.com/go-fed/httpsig"
"github.com/sirupsen/logrus"
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/db"
"github.com/superseriousbusiness/gotosocial/internal/db/gtsmodel"
"github.com/superseriousbusiness/gotosocial/internal/transport"
"github.com/superseriousbusiness/gotosocial/internal/typeutils"
"github.com/superseriousbusiness/gotosocial/internal/util"
)
// FederatingProtocol implements the go-fed federating protocol interface
type FederatingProtocol struct {
// federatingProtocol implements the go-fed federating protocol interface
type federatingProtocol struct {
db db.DB
log *logrus.Logger
config *config.Config
transportController transport.Controller
typeConverter typeutils.TypeConverter
}
// NewFederatingProtocol returns the gotosocial implementation of the go-fed FederatingProtocol interface
func NewFederatingProtocol(db db.DB, log *logrus.Logger, config *config.Config, transportController transport.Controller) pub.FederatingProtocol {
return &FederatingProtocol{
// newFederatingProtocol returns the gotosocial implementation of the GTSFederatingProtocol interface
func newFederatingProtocol(db db.DB, log *logrus.Logger, config *config.Config, transportController transport.Controller, typeConverter typeutils.TypeConverter) pub.FederatingProtocol {
return &federatingProtocol{
db: db,
log: log,
config: config,
transportController: transportController,
typeConverter: typeConverter,
}
}
@ -80,7 +82,7 @@ func NewFederatingProtocol(db db.DB, log *logrus.Logger, config *config.Config,
// PostInbox. In this case, the DelegateActor implementation must not
// write a response to the ResponseWriter as is expected that the caller
// to PostInbox will do so when handling the error.
func (f *FederatingProtocol) PostInboxRequestBodyHook(ctx context.Context, r *http.Request, activity pub.Activity) (context.Context, error) {
func (f *federatingProtocol) PostInboxRequestBodyHook(ctx context.Context, r *http.Request, activity pub.Activity) (context.Context, error) {
l := f.log.WithFields(logrus.Fields{
"func": "PostInboxRequestBodyHook",
"useragent": r.UserAgent(),
@ -93,33 +95,7 @@ func (f *FederatingProtocol) PostInboxRequestBodyHook(ctx context.Context, r *ht
return nil, err
}
if !util.IsInboxPath(r.URL) {
err := fmt.Errorf("url %s did not correspond to inbox path", r.URL.String())
l.Debug(err)
return nil, err
}
inboxUsername, err := util.ParseInboxPath(r.URL)
if err != nil {
err := fmt.Errorf("could not parse username from url: %s", r.URL.String())
l.Debug(err)
return nil, err
}
l.Tracef("parsed username %s from %s", inboxUsername, r.URL.String())
l.Tracef("signature: %s", r.Header.Get("Signature"))
// get the gts account from the username
inboxAccount := &gtsmodel.Account{}
if err := f.db.GetLocalAccountByUsername(inboxUsername, inboxAccount); err != nil {
err := fmt.Errorf("AuthenticateGetInbox: error fetching inbox account for %s from database: %s", r.URL.String(), err)
l.Error(err)
// return an abridged version of the error so we don't leak anything to the caller
return nil, errors.New("database error")
}
ctxWithUsername := context.WithValue(ctx, util.APUsernameKey, inboxUsername)
ctxWithAccount := context.WithValue(ctxWithUsername, util.APAccountKey, inboxAccount)
ctxWithActivity := context.WithValue(ctxWithAccount, util.APActivityKey, activity)
ctxWithActivity := context.WithValue(ctx, util.APActivity, activity)
return ctxWithActivity, nil
}
@ -139,17 +115,7 @@ func (f *FederatingProtocol) PostInboxRequestBodyHook(ctx context.Context, r *ht
// Finally, if the authentication and authorization succeeds, then
// authenticated must be true and error nil. The request will continue
// to be processed.
//
// IMPLEMENTATION NOTES:
// AuthenticatePostInbox validates an incoming federation request (!!) by deriving the public key
// of the requester from the request, checking the owner of the inbox that's being requested, and doing
// some fiddling around with http signatures.
//
// A *side effect* of calling this function is that the name of the host making the request will be set
// onto the returned context, using APRequestingHostKey. If known to us already, the remote account making
// the request will also be set on the context, using APRequestingAccountKey. If not known to us already,
// the value of this key will be set to nil and the account will have to be fetched further down the line.
func (f *FederatingProtocol) AuthenticatePostInbox(ctx context.Context, w http.ResponseWriter, r *http.Request) (context.Context, bool, error) {
func (f *federatingProtocol) AuthenticatePostInbox(ctx context.Context, w http.ResponseWriter, r *http.Request) (context.Context, bool, error) {
l := f.log.WithFields(logrus.Fields{
"func": "AuthenticatePostInbox",
"useragent": r.UserAgent(),
@ -157,64 +123,47 @@ func (f *FederatingProtocol) AuthenticatePostInbox(ctx context.Context, w http.R
})
l.Trace("received request to authenticate")
// account should have been set in PostInboxRequestBodyHook
// if it's not set, we should bail because we can't do anything
i := ctx.Value(util.APAccountKey)
if i == nil {
return nil, false, errors.New("could not retrieve inbox owner")
}
requestedAccount, ok := i.(*gtsmodel.Account)
if !ok {
return nil, false, errors.New("could not cast inbox owner")
requestedAccountI := ctx.Value(util.APAccount)
if requestedAccountI == nil {
return ctx, false, errors.New("requested account not set in context")
}
v, err := httpsig.NewVerifier(r)
if err != nil {
return ctx, false, fmt.Errorf("could not create http sig verifier: %s", err)
}
requestingPublicKeyID, err := url.Parse(v.KeyId())
if err != nil {
return ctx, false, fmt.Errorf("could not create parse key id into a url: %s", err)
requestedAccount, ok := requestedAccountI.(*gtsmodel.Account)
if !ok || requestedAccount == nil {
return ctx, false, errors.New("requested account not parsebale from context")
}
transport, err := f.transportController.NewTransport(requestedAccount.PublicKeyURI, requestedAccount.PrivateKey)
if err != nil {
return ctx, false, fmt.Errorf("error creating new transport: %s", err)
return ctx, false, fmt.Errorf("error creating transport: %s", err)
}
b, err := transport.Dereference(ctx, requestingPublicKeyID)
requestingPublicKeyID, err := AuthenticateFederatedRequest(transport, r)
if err != nil {
return ctx, false, fmt.Errorf("error deferencing key %s: %s", requestingPublicKeyID.String(), err)
l.Debugf("request not authenticated: %s", err)
return ctx, false, fmt.Errorf("not authenticated: %s", err)
}
requestingPublicKey, err := getPublicKeyFromResponse(ctx, b, requestingPublicKeyID)
if err != nil {
return ctx, false, fmt.Errorf("error getting key %s from response %s: %s", requestingPublicKeyID.String(), string(b), err)
}
algo := httpsig.RSA_SHA256
if err := v.Verify(requestingPublicKey, algo); err != nil {
return ctx, false, fmt.Errorf("error verifying key %s: %s", requestingPublicKeyID.String(), err)
}
var requestingAccount *gtsmodel.Account
a := &gtsmodel.Account{}
if err := f.db.GetWhere("public_key_uri", requestingPublicKeyID.String(), a); err == nil {
// we know about this account already so we can set it on the context
requestingAccount = a
} else {
requestingAccount := &gtsmodel.Account{}
if err := f.db.GetWhere("public_key_uri", requestingPublicKeyID.String(), requestingAccount); err != nil {
// there's been a proper error so return it
if _, ok := err.(db.ErrNoEntries); !ok {
return ctx, false, fmt.Errorf("database error finding account with public key uri %s: %s", requestingPublicKeyID.String(), err)
return ctx, false, fmt.Errorf("error getting requesting account with public key id %s: %s", requestingPublicKeyID.String(), err)
}
// do nothing here, requestingAccount will stay nil and we'll have to figure it out further down the line
// we just don't know this account (yet) so try to dereference it
// TODO: slow-fed
person, err := DereferenceAccount(transport, requestingPublicKeyID)
if err != nil {
return ctx, false, fmt.Errorf("error dereferencing account with public key id %s: %s", requestingPublicKeyID.String(), err)
}
a, err := f.typeConverter.ASPersonToAccount(person)
if err != nil {
return ctx, false, fmt.Errorf("error converting person with public key id %s to account: %s", requestingPublicKeyID.String(), err)
}
requestingAccount = a
}
// all good at this point, so just set some stuff on the context
contextWithHost := context.WithValue(ctx, util.APRequestingHostKey, requestingPublicKeyID.Host)
contextWithRequestingAccount := context.WithValue(contextWithHost, util.APRequestingAccountKey, requestingAccount)
return contextWithRequestingAccount, true, nil
return newContext, true, nil
}
// Blocked should determine whether to permit a set of actors given by
@ -231,7 +180,7 @@ func (f *FederatingProtocol) AuthenticatePostInbox(ctx context.Context, w http.R
// Finally, if the authentication and authorization succeeds, then
// blocked must be false and error nil. The request will continue
// to be processed.
func (f *FederatingProtocol) Blocked(ctx context.Context, actorIRIs []*url.URL) (bool, error) {
func (f *federatingProtocol) Blocked(ctx context.Context, actorIRIs []*url.URL) (bool, error) {
// TODO
return false, nil
}
@ -255,7 +204,7 @@ func (f *FederatingProtocol) Blocked(ctx context.Context, actorIRIs []*url.URL)
//
// Applications are not expected to handle every single ActivityStreams
// type and extension. The unhandled ones are passed to DefaultCallback.
func (f *FederatingProtocol) FederatingCallbacks(ctx context.Context) (pub.FederatingWrappedCallbacks, []interface{}, error) {
func (f *federatingProtocol) FederatingCallbacks(ctx context.Context) (pub.FederatingWrappedCallbacks, []interface{}, error) {
// TODO
return pub.FederatingWrappedCallbacks{}, nil, nil
}
@ -267,7 +216,7 @@ func (f *FederatingProtocol) FederatingCallbacks(ctx context.Context) (pub.Feder
// Applications are not expected to handle every single ActivityStreams
// type and extension, so the unhandled ones are passed to
// DefaultCallback.
func (f *FederatingProtocol) DefaultCallback(ctx context.Context, activity pub.Activity) error {
func (f *federatingProtocol) DefaultCallback(ctx context.Context, activity pub.Activity) error {
l := f.log.WithFields(logrus.Fields{
"func": "DefaultCallback",
"aptype": activity.GetTypeName(),
@ -280,7 +229,7 @@ func (f *FederatingProtocol) DefaultCallback(ctx context.Context, activity pub.A
// an activity to determine if inbox forwarding needs to occur.
//
// Zero or negative numbers indicate infinite recursion.
func (f *FederatingProtocol) MaxInboxForwardingRecursionDepth(ctx context.Context) int {
func (f *federatingProtocol) MaxInboxForwardingRecursionDepth(ctx context.Context) int {
// TODO
return 0
}
@ -290,7 +239,7 @@ func (f *FederatingProtocol) MaxInboxForwardingRecursionDepth(ctx context.Contex
// delivery.
//
// Zero or negative numbers indicate infinite recursion.
func (f *FederatingProtocol) MaxDeliveryRecursionDepth(ctx context.Context) int {
func (f *federatingProtocol) MaxDeliveryRecursionDepth(ctx context.Context) int {
// TODO
return 0
}
@ -302,7 +251,7 @@ func (f *FederatingProtocol) MaxDeliveryRecursionDepth(ctx context.Context) int
//
// The activity is provided as a reference for more intelligent
// logic to be used, but the implementation must not modify it.
func (f *FederatingProtocol) FilterForwarding(ctx context.Context, potentialRecipients []*url.URL, a pub.Activity) ([]*url.URL, error) {
func (f *federatingProtocol) FilterForwarding(ctx context.Context, potentialRecipients []*url.URL, a pub.Activity) ([]*url.URL, error) {
// TODO
return nil, nil
}
@ -315,7 +264,7 @@ func (f *FederatingProtocol) FilterForwarding(ctx context.Context, potentialReci
//
// Always called, regardless whether the Federated Protocol or Social
// API is enabled.
func (f *FederatingProtocol) GetInbox(ctx context.Context, r *http.Request) (vocab.ActivityStreamsOrderedCollectionPage, error) {
func (f *federatingProtocol) GetInbox(ctx context.Context, r *http.Request) (vocab.ActivityStreamsOrderedCollectionPage, error) {
// IMPLEMENTATION NOTE: For GoToSocial, we serve outboxes and inboxes through
// the CLIENT API, not through the federation API, so we just do nothing here.
return nil, nil

288
internal/federation/federator.go
View file

@ -19,292 +19,62 @@
package federation
import (
"context"
"net/http"
"net/url"
"github.com/go-fed/activity/pub"
"github.com/go-fed/activity/streams/vocab"
"github.com/sirupsen/logrus"
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/db"
"github.com/superseriousbusiness/gotosocial/internal/distributor"
"github.com/superseriousbusiness/gotosocial/internal/transport"
"github.com/superseriousbusiness/gotosocial/internal/typeutils"
)
// Federator wraps everything needed to manage activitypub federation from gotosocial
// Federator wraps various interfaces and functions to manage activitypub federation from gotosocial
type Federator interface {
// Send a federated activity.
//
// The provided url must be the outbox of the sender. All processing of
// the activity occurs similarly to the C2S flow:
// - If t is not an Activity, it is wrapped in a Create activity.
// - A new ID is generated for the activity.
// - The activity is added to the specified outbox.
// - The activity is prepared and delivered to recipients.
//
// Note that this function will only behave as expected if the
// implementation has been constructed to support federation. This
// method will guaranteed work for non-custom Actors. For custom actors,
// care should be used to not call this method if only C2S is supported.
Send(c context.Context, outbox *url.URL, t vocab.Type) (pub.Activity, error)
// Hook callback after parsing the request body for a federated request
// to the Actor's inbox.
//
// Can be used to set contextual information based on the Activity
// received.
//
// Only called if the Federated Protocol is enabled.
//
// Warning: Neither authentication nor authorization has taken place at
// this time. Doing anything beyond setting contextual information is
// strongly discouraged.
//
// If an error is returned, it is passed back to the caller of
// PostInbox. In this case, the DelegateActor implementation must not
// write a response to the ResponseWriter as is expected that the caller
// to PostInbox will do so when handling the error.
PostInboxRequestBodyHook(c context.Context, r *http.Request, activity pub.Activity) (context.Context, error)
// AuthenticatePostInbox delegates the authentication of a POST to an
// inbox.
//
// If an error is returned, it is passed back to the caller of
// PostInbox. In this case, the implementation must not write a
// response to the ResponseWriter as is expected that the client will
// do so when handling the error. The 'authenticated' is ignored.
//
// If no error is returned, but authentication or authorization fails,
// then authenticated must be false and error nil. It is expected that
// the implementation handles writing to the ResponseWriter in this
// case.
//
// Finally, if the authentication and authorization succeeds, then
// authenticated must be true and error nil. The request will continue
// to be processed.
AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (out context.Context, authenticated bool, err error)
// Blocked should determine whether to permit a set of actors given by
// their ids are able to interact with this particular end user due to
// being blocked or other application-specific logic.
//
// If an error is returned, it is passed back to the caller of
// PostInbox.
//
// If no error is returned, but authentication or authorization fails,
// then blocked must be true and error nil. An http.StatusForbidden
// will be written in the wresponse.
//
// Finally, if the authentication and authorization succeeds, then
// blocked must be false and error nil. The request will continue
// to be processed.
Blocked(c context.Context, actorIRIs []*url.URL) (blocked bool, err error)
// FederatingCallbacks returns the application logic that handles
// ActivityStreams received from federating peers.
//
// Note that certain types of callbacks will be 'wrapped' with default
// behaviors supported natively by the library. Other callbacks
// compatible with streams.TypeResolver can be specified by 'other'.
//
// For example, setting the 'Create' field in the
// FederatingWrappedCallbacks lets an application dependency inject
// additional behaviors they want to take place, including the default
// behavior supplied by this library. This is guaranteed to be compliant
// with the ActivityPub Social protocol.
//
// To override the default behavior, instead supply the function in
// 'other', which does not guarantee the application will be compliant
// with the ActivityPub Social Protocol.
//
// Applications are not expected to handle every single ActivityStreams
// type and extension. The unhandled ones are passed to DefaultCallback.
FederatingCallbacks(c context.Context) (wrapped pub.FederatingWrappedCallbacks, other []interface{}, err error)
// DefaultCallback is called for types that go-fed can deserialize but
// are not handled by the application's callbacks returned in the
// Callbacks method.
//
// Applications are not expected to handle every single ActivityStreams
// type and extension, so the unhandled ones are passed to
// DefaultCallback.
DefaultCallback(c context.Context, activity pub.Activity) error
// MaxInboxForwardingRecursionDepth determines how deep to search within
// an activity to determine if inbox forwarding needs to occur.
//
// Zero or negative numbers indicate infinite recursion.
MaxInboxForwardingRecursionDepth(c context.Context) int
// MaxDeliveryRecursionDepth determines how deep to search within
// collections owned by peers when they are targeted to receive a
// delivery.
//
// Zero or negative numbers indicate infinite recursion.
MaxDeliveryRecursionDepth(c context.Context) int
// FilterForwarding allows the implementation to apply business logic
// such as blocks, spam filtering, and so on to a list of potential
// Collections and OrderedCollections of recipients when inbox
// forwarding has been triggered.
//
// The activity is provided as a reference for more intelligent
// logic to be used, but the implementation must not modify it.
FilterForwarding(c context.Context, potentialRecipients []*url.URL, a pub.Activity) (filteredRecipients []*url.URL, err error)
// GetInbox returns the OrderedCollection inbox of the actor for this
// context. It is up to the implementation to provide the correct
// collection for the kind of authorization given in the request.
//
// AuthenticateGetInbox will be called prior to this.
//
// Always called, regardless whether the Federated Protocol or Social
// API is enabled.
GetInbox(c context.Context, r *http.Request) (vocab.ActivityStreamsOrderedCollectionPage, error)
// AuthenticateGetInbox delegates the authentication of a GET to an
// inbox.
//
// Always called, regardless whether the Federated Protocol or Social
// API is enabled.
//
// If an error is returned, it is passed back to the caller of
// GetInbox. In this case, the implementation must not write a
// response to the ResponseWriter as is expected that the client will
// do so when handling the error. The 'authenticated' is ignored.
//
// If no error is returned, but authentication or authorization fails,
// then authenticated must be false and error nil. It is expected that
// the implementation handles writing to the ResponseWriter in this
// case.
//
// Finally, if the authentication and authorization succeeds, then
// authenticated must be true and error nil. The request will continue
// to be processed.
AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (out context.Context, authenticated bool, err error)
// AuthenticateGetOutbox delegates the authentication of a GET to an
// outbox.
//
// Always called, regardless whether the Federated Protocol or Social
// API is enabled.
//
// If an error is returned, it is passed back to the caller of
// GetOutbox. In this case, the implementation must not write a
// response to the ResponseWriter as is expected that the client will
// do so when handling the error. The 'authenticated' is ignored.
//
// If no error is returned, but authentication or authorization fails,
// then authenticated must be false and error nil. It is expected that
// the implementation handles writing to the ResponseWriter in this
// case.
//
// Finally, if the authentication and authorization succeeds, then
// authenticated must be true and error nil. The request will continue
// to be processed.
AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (out context.Context, authenticated bool, err error)
// GetOutbox returns the OrderedCollection inbox of the actor for this
// context. It is up to the implementation to provide the correct
// collection for the kind of authorization given in the request.
//
// AuthenticateGetOutbox will be called prior to this.
//
// Always called, regardless whether the Federated Protocol or Social
// API is enabled.
GetOutbox(c context.Context, r *http.Request) (vocab.ActivityStreamsOrderedCollectionPage, error)
// NewTransport returns a new Transport on behalf of a specific actor.
//
// The actorBoxIRI will be either the inbox or outbox of an actor who is
// attempting to do the dereferencing or delivery. Any authentication
// scheme applied on the request must be based on this actor. The
// request must contain some sort of credential of the user, such as a
// HTTP Signature.
//
// The gofedAgent passed in should be used by the Transport
// implementation in the User-Agent, as well as the application-specific
// user agent string. The gofedAgent will indicate this library's use as
// well as the library's version number.
//
// Any server-wide rate-limiting that needs to occur should happen in a
// Transport implementation. This factory function allows this to be
// created, so peer servers are not DOS'd.
//
// Any retry logic should also be handled by the Transport
// implementation.
//
// Note that the library will not maintain a long-lived pointer to the
// returned Transport so that any private credentials are able to be
// garbage collected.
NewTransport(c context.Context, actorBoxIRI *url.URL, gofedAgent string) (t pub.Transport, err error)
FederatingActor() pub.FederatingActor
TransportController() transport.Controller
FederatingProtocol() pub.FederatingProtocol
CommonBehavior() pub.CommonBehavior
}
type federator struct {
actor pub.FederatingActor
distributor distributor.Distributor
federatingProtocol pub.FederatingProtocol
commonBehavior pub.CommonBehavior
clock pub.Clock
actor pub.FederatingActor
distributor distributor.Distributor
federatingProtocol pub.FederatingProtocol
commonBehavior pub.CommonBehavior
clock pub.Clock
transportController transport.Controller
}
// NewFederator returns a new federator
func NewFederator(db db.DB, transportController transport.Controller, config *config.Config, log *logrus.Logger, distributor distributor.Distributor) Federator {
func NewFederator(db db.DB, transportController transport.Controller, config *config.Config, log *logrus.Logger, distributor distributor.Distributor, typeConverter typeutils.TypeConverter) Federator {
clock := &Clock{}
federatingProtocol := NewFederatingProtocol(db, log, config, transportController)
federatingProtocol := newFederatingProtocol(db, log, config, transportController, typeConverter)
commonBehavior := newCommonBehavior(db, log, config, transportController)
actor := pub.NewFederatingActor(commonBehavior, federatingProtocol, db.Federation(), clock)
actor := newFederatingActor(commonBehavior, federatingProtocol, db.Federation(), clock)
return &federator{
actor: actor,
distributor: distributor,
federatingProtocol: federatingProtocol,
commonBehavior: commonBehavior,
clock: clock,
actor: actor,
distributor: distributor,
federatingProtocol: federatingProtocol,
commonBehavior: commonBehavior,
clock: clock,
transportController: transportController,
}
}
func (f *federator) Send(c context.Context, outbox *url.URL, t vocab.Type) (pub.Activity, error) {
return f.actor.Send(c, outbox, t)
func (f *federator) FederatingActor() pub.FederatingActor {
return f.actor
}
func (f *federator) PostInboxRequestBodyHook(c context.Context, r *http.Request, activity pub.Activity) (context.Context, error) {
return f.federatingProtocol.PostInboxRequestBodyHook(c, r, activity)
func (f *federator) TransportController() transport.Controller {
return f.transportController
}
func (f *federator) AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (out context.Context, authenticated bool, err error) {
return f.federatingProtocol.AuthenticatePostInbox(c, w, r)
func (f *federator) FederatingProtocol() pub.FederatingProtocol {
return f.federatingProtocol
}
func (f *federator) Blocked(c context.Context, actorIRIs []*url.URL) (blocked bool, err error) {
return f.federatingProtocol.Blocked(c, actorIRIs)
}
func (f *federator) FederatingCallbacks(c context.Context) (wrapped pub.FederatingWrappedCallbacks, other []interface{}, err error) {
return f.federatingProtocol.FederatingCallbacks(c)
}
func (f *federator) DefaultCallback(c context.Context, activity pub.Activity) error {
return f.federatingProtocol.DefaultCallback(c, activity)
}
func (f *federator) MaxInboxForwardingRecursionDepth(c context.Context) int {
return f.federatingProtocol.MaxInboxForwardingRecursionDepth(c)
}
func (f *federator) MaxDeliveryRecursionDepth(c context.Context) int {
return f.federatingProtocol.MaxDeliveryRecursionDepth(c)
}
func (f *federator) FilterForwarding(c context.Context, potentialRecipients []*url.URL, a pub.Activity) (filteredRecipients []*url.URL, err error) {
return f.federatingProtocol.FilterForwarding(c, potentialRecipients, a)
}
func (f *federator) GetInbox(c context.Context, r *http.Request) (vocab.ActivityStreamsOrderedCollectionPage, error) {
return f.federatingProtocol.GetInbox(c, r)
}
func (f *federator) AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (out context.Context, authenticated bool, err error) {
return f.commonBehavior.AuthenticateGetInbox(c, w, r)
}
func (f *federator) AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (out context.Context, authenticated bool, err error) {
return f.commonBehavior.AuthenticateGetOutbox(c, w, r)
}
func (f *federator) GetOutbox(c context.Context, r *http.Request) (vocab.ActivityStreamsOrderedCollectionPage, error) {
return f.commonBehavior.GetOutbox(c, r)
}
func (f *federator) NewTransport(c context.Context, actorBoxIRI *url.URL, gofedAgent string) (t pub.Transport, err error) {
return f.commonBehavior.NewTransport(c, actorBoxIRI, gofedAgent)
func (f *federator) CommonBehavior() pub.CommonBehavior {
return f.commonBehavior
}

47
internal/federation/federator_test.go
View file

@ -40,18 +40,20 @@ import (
"github.com/superseriousbusiness/gotosocial/internal/db/gtsmodel"
"github.com/superseriousbusiness/gotosocial/internal/distributor"
"github.com/superseriousbusiness/gotosocial/internal/federation"
"github.com/superseriousbusiness/gotosocial/internal/typeutils"
"github.com/superseriousbusiness/gotosocial/internal/util"
"github.com/superseriousbusiness/gotosocial/testrig"
)
type ProtocolTestSuite struct {
suite.Suite
config *config.Config
db db.DB
log *logrus.Logger
distributor distributor.Distributor
accounts map[string]*gtsmodel.Account
activities map[string]testrig.ActivityWithSignature
config *config.Config
db db.DB
log *logrus.Logger
distributor distributor.Distributor
typeConverter typeutils.TypeConverter
accounts map[string]*gtsmodel.Account
activities map[string]testrig.ActivityWithSignature
}
// SetupSuite sets some variables on the suite that we can use as consts (more or less) throughout
@ -61,6 +63,7 @@ func (suite *ProtocolTestSuite) SetupSuite() {
suite.db = testrig.NewTestDB()
suite.log = testrig.NewTestLog()
suite.distributor = testrig.NewTestDistributor()
suite.typeConverter = testrig.NewTestTypeConverter(suite.db)
suite.accounts = testrig.NewTestAccounts()
suite.activities = testrig.NewTestActivities(suite.accounts)
}
@ -86,7 +89,7 @@ func (suite *ProtocolTestSuite) TestPostInboxRequestBodyHook() {
return nil, nil
}))
// setup module being tested
federator := federation.NewFederator(suite.db, tc, suite.config, suite.log, suite.distributor)
federator := federation.NewFederator(suite.db, tc, suite.config, suite.log, suite.distributor, suite.typeConverter)
// setup request
ctx := context.Background()
@ -94,20 +97,12 @@ func (suite *ProtocolTestSuite) TestPostInboxRequestBodyHook() {
request.Header.Set("Signature", activity.SignatureHeader)
// trigger the function being tested, and return the new context it creates
newContext, err := federator.PostInboxRequestBodyHook(ctx, request, activity.Activity)
newContext, err := federator.FederatingProtocol().PostInboxRequestBodyHook(ctx, request, activity.Activity)
assert.NoError(suite.T(), err)
assert.NotNil(suite.T(), newContext)
// username should be set on context now
usernameI := newContext.Value(util.APUsernameKey)
assert.NotNil(suite.T(), usernameI)
username, ok := usernameI.(string)
assert.True(suite.T(), ok)
assert.NotEmpty(suite.T(), username)
assert.Equal(suite.T(), "the_mighty_zork", username)
// activity should be set on context now
activityI := newContext.Value(util.APActivityKey)
activityI := newContext.Value(util.APActivity)
assert.NotNil(suite.T(), activityI)
returnedActivity, ok := activityI.(pub.Activity)
assert.True(suite.T(), ok)
@ -160,15 +155,14 @@ func (suite *ProtocolTestSuite) TestAuthenticatePostInbox() {
}))
// now setup module being tested, with the mock transport controller
federator := federation.NewFederatingProtocol(suite.db, suite.log, suite.config, tc)
federator := federation.NewFederator(suite.db, tc, suite.config, suite.log, suite.distributor, suite.typeConverter)
// setup request
ctx := context.Background()
// by the time AuthenticatePostInbox is called, PostInboxRequestBodyHook should have already been called,
// which should have set the account and username onto the request. We can replicate that behavior here:
ctxWithUsername := context.WithValue(ctx, util.APUsernameKey, inboxAccount.Username)
ctxWithAccount := context.WithValue(ctxWithUsername, util.APAccountKey, inboxAccount)
ctxWithActivity := context.WithValue(ctxWithAccount, util.APActivityKey, activity)
ctxWithAccount := context.WithValue(ctx, util.APAccount, inboxAccount)
ctxWithActivity := context.WithValue(ctxWithAccount, util.APActivity, activity)
request := httptest.NewRequest(http.MethodPost, "http://localhost:8080/users/the_mighty_zork/inbox", nil) // the endpoint we're hitting
// we need these headers for the request to be validated
@ -179,23 +173,16 @@ func (suite *ProtocolTestSuite) TestAuthenticatePostInbox() {
recorder := httptest.NewRecorder()
// trigger the function being tested, and return the new context it creates
newContext, authed, err := federator.AuthenticatePostInbox(ctxWithActivity, recorder, request)
newContext, authed, err := federator.FederatingProtocol().AuthenticatePostInbox(ctxWithActivity, recorder, request)
assert.NoError(suite.T(), err)
assert.True(suite.T(), authed)
// since we know this account already it should be set on the context
requestingAccountI := newContext.Value(util.APRequestingAccountKey)
requestingAccountI := newContext.Value(util.APRequestingAccount)
assert.NotNil(suite.T(), requestingAccountI)
requestingAccount, ok := requestingAccountI.(*gtsmodel.Account)
assert.True(suite.T(), ok)
assert.Equal(suite.T(), sendingAccount.Username, requestingAccount.Username)
// the host making the request should also be set on the context
requestingHostI := newContext.Value(util.APRequestingHostKey)
assert.NotNil(suite.T(), requestingHostI)
requestingHost, ok := requestingHostI.(string)
assert.True(suite.T(), ok)
assert.Equal(suite.T(), sendingAccount.Domain, requestingHost)
}
func TestProtocolTestSuite(t *testing.T) {

85
internal/federation/util.go
View file

@ -24,12 +24,16 @@ import (
"crypto/x509"
"encoding/json"
"encoding/pem"
"errors"
"fmt"
"net/http"
"net/url"
"github.com/go-fed/activity/pub"
"github.com/go-fed/activity/streams"
"github.com/go-fed/activity/streams/vocab"
"github.com/go-fed/httpsig"
"github.com/superseriousbusiness/gotosocial/internal/db/gtsmodel"
)
/*
@ -101,3 +105,84 @@ func getPublicKeyFromResponse(c context.Context, b []byte, keyID *url.URL) (p cr
p, err = x509.ParsePKIXPublicKey(block.Bytes)
return
}
// AuthenticateFederatedRequest authenticates any kind of federated request from a remote server. This includes things like
// GET requests for dereferencing users or statuses etc and POST requests for delivering new Activities.
//
// Error means the request did not pass authentication. No error means it's authentic.
//
// Authenticate in this case is defined as just making sure that the http request is actually signed by whoever claims
// to have signed it, by fetching the public key from the signature and checking it against the remote public key.
//
// The provided transport will be used to dereference the public key ID of the request signature. Ideally you should pass in a transport
// with the credentials of the user *being requested*, so that the remote server can decide how to handle the request based on who's making it.
// Ie., if the request on this server is for https://example.org/users/some_username then you should pass in a transport that's been initialized with
// the keys belonging to local user 'some_username'. The remote server will then know that this is the user making the
// dereferencing request, and they can decide to allow or deny the request depending on their settings.
//
// Note that this function *does not* dereference the remote account that the signature key is associated with, but it will
// return the public key URL associated with that account, so that other functions can dereference it with that, as required.
func AuthenticateFederatedRequest(transport pub.Transport, r *http.Request) (*url.URL, error) {
verifier, err := httpsig.NewVerifier(r)
if err != nil {
return nil, fmt.Errorf("could not create http sig verifier: %s", err)
}
// The key ID should be given in the signature so that we know where to fetch it from the remote server.
// This will be something like https://example.org/users/whatever_requesting_user#main-key
requestingPublicKeyID, err := url.Parse(verifier.KeyId())
if err != nil {
return nil, fmt.Errorf("could not parse key id into a url: %s", err)
}
// use the new transport to fetch the requesting public key from the remote server
b, err := transport.Dereference(context.Background(), requestingPublicKeyID)
if err != nil {
return nil, fmt.Errorf("error deferencing key %s: %s", requestingPublicKeyID.String(), err)
}
// if the key isn't in the response, we can't authenticate the request
requestingPublicKey, err := getPublicKeyFromResponse(context.Background(), b, requestingPublicKeyID)
if err != nil {
return nil, fmt.Errorf("error getting key %s from response %s: %s", requestingPublicKeyID.String(), string(b), err)
}
// do the actual authentication here!
algo := httpsig.RSA_SHA256 // TODO: make this more robust
if err := verifier.Verify(requestingPublicKey, algo); err != nil {
return nil, fmt.Errorf("error verifying key %s: %s", requestingPublicKeyID.String(), err)
}
// all good!
return requestingPublicKeyID, nil
}
func DereferenceAccount(transport pub.Transport, publicKeyID *url.URL) (vocab.ActivityStreamsPerson, error) {
b, err := transport.Dereference(context.Background(), publicKeyID)
if err != nil {
return nil, fmt.Errorf("error deferencing %s: %s", publicKeyID.String(), err)
}
m := make(map[string]interface{})
if err := json.Unmarshal(b, &m); err != nil {
return nil, fmt.Errorf("error unmarshalling bytes into json: %s", err)
}
t, err := streams.ToType(context.Background(), m)
if err != nil {
return nil, fmt.Errorf("error resolving json into ap vocab type: %s", err)
}
switch t.GetTypeName() {
case string(gtsmodel.ActivityStreamsPerson):
p, ok := t.(vocab.ActivityStreamsPerson)
if !ok {
return nil, errors.New("error resolving type as activitystreams person")
}
return p, nil
case string(gtsmodel.ActivityStreamsApplication):
// TODO: convert application into person
}
return nil, fmt.Errorf("type name %s not supported", t.GetTypeName())
}

18
internal/gotosocial/actions.go
View file

@ -67,6 +67,9 @@ var Run action.GTSAction = func(ctx context.Context, c *config.Config, log *logr
return fmt.Errorf("error creating storage backend: %s", err)
}
// build converters and util
typeConverter := typeutils.NewConverter(c, dbService)
// build backend handlers
mediaHandler := media.New(c, dbService, storageBackend, log)
oauthServer := oauth.New(dbService, log)
@ -75,19 +78,16 @@ var Run action.GTSAction = func(ctx context.Context, c *config.Config, log *logr
return fmt.Errorf("error starting distributor: %s", err)
}
transportController := transport.NewController(c, &federation.Clock{}, http.DefaultClient, log)
federator := federation.NewFederator(dbService, transportController, c, log, distributor)
// build converters and util
ic := typeutils.NewConverter(c, dbService)
federator := federation.NewFederator(dbService, transportController, c, log, distributor, typeConverter)
// build client api modules
authModule := auth.New(oauthServer, dbService, log)
accountModule := account.New(c, dbService, oauthServer, mediaHandler, ic, log)
appsModule := app.New(oauthServer, dbService, ic, log)
mm := mediaModule.New(dbService, mediaHandler, ic, c, log)
accountModule := account.New(c, dbService, oauthServer, mediaHandler, typeConverter, log)
appsModule := app.New(oauthServer, dbService, typeConverter, log)
mm := mediaModule.New(dbService, mediaHandler, typeConverter, c, log)
fileServerModule := fileserver.New(c, dbService, storageBackend, log)
adminModule := admin.New(c, dbService, mediaHandler, ic, log)
statusModule := status.New(c, dbService, mediaHandler, ic, distributor, log)
adminModule := admin.New(c, dbService, mediaHandler, typeConverter, log)
statusModule := status.New(c, dbService, mediaHandler, typeConverter, distributor, log)
securityModule := security.New(c, log)
apiModules := []apimodule.ClientAPIModule{

10
internal/typeutils/astointernal.go Normal file
View file

@ -0,0 +1,10 @@
package typeutils
import (
"github.com/go-fed/activity/streams/vocab"
"github.com/superseriousbusiness/gotosocial/internal/db/gtsmodel"
)
func (c *converter) ASPersonToAccount(person vocab.ActivityStreamsPerson) (*gtsmodel.Account, error) {
return nil, nil
}

3
internal/typeutils/converter.go
View file

@ -85,6 +85,9 @@ type TypeConverter interface {
ACTIVITYSTREAMS MODEL TO INTERNAL (gts) MODEL
*/
// ASPersonToAccount converts an activitystreams person into a gts model account
ASPersonToAccount(person vocab.ActivityStreamsPerson) (*gtsmodel.Account, error)
/*
INTERNAL (gts) MODEL TO ACTIVITYSTREAMS MODEL
*/

21
internal/util/uri.go
View file

@ -53,19 +53,14 @@ const (
type APContextKey string
const (
// APActivityKey can be used to set and retrieve the actual go-fed pub.Activity within a context.
APActivityKey APContextKey = "activity"
// APUsernameKey can be used to set and retrieve the username of the user being interacted with.
APUsernameKey APContextKey = "username"
// APAccountKey can be used the set and retrieve the account being interacted with
APAccountKey APContextKey = "account"
// APPrivateAccessKey can be used to set and retrieve whether or not the requesting account
// OWNS the inbox or outbox being interacted with. If so, it should be able to see everything in that box.
APPrivateAccessKey APContextKey = "privateAccess"
// APRequestingHostKey can be used to set and retrieve the host of an incoming federation request.
APRequestingHostKey APContextKey = "requestingHost"
// APRequestingAccountKey can be used to set and retrieve the account of an incoming federation request.
APRequestingAccountKey APContextKey = "requestingAccount"
// APActivity can be used to set and retrieve the actual go-fed pub.Activity within a context.
APActivity APContextKey = "activity"
// APAccount can be used the set and retrieve the account being interacted with
APAccount APContextKey = "account"
// APRequestingAccount can be used to set and retrieve the account of an incoming federation request.
APRequestingAccount APContextKey = "requestingAccount"
// APRequestingPublicKeyID can be used to set and retrieve the public key ID of an incoming federation request.
APRequestingPublicKeyID APContextKey = "requestingPublicKeyID"
)
type ginContextKey struct{}

14
testrig/actions.go
View file

@ -57,7 +57,7 @@ var Run action.GTSAction = func(ctx context.Context, _ *config.Config, log *logr
if err := distributor.Start(); err != nil {
return fmt.Errorf("error starting distributor: %s", err)
}
mastoConverter := NewTestTypeConverter(dbService)
typeConverter := NewTestTypeConverter(dbService)
transportController := NewTestTransportController(NewMockHTTPClient(func(req *http.Request) (*http.Response, error) {
r := ioutil.NopCloser(bytes.NewReader([]byte{}))
return &http.Response{
@ -65,19 +65,19 @@ var Run action.GTSAction = func(ctx context.Context, _ *config.Config, log *logr
Body: r,
}, nil
}))
federator := federation.NewFederator(dbService, transportController, c, log, distributor)
federator := federation.NewFederator(dbService, transportController, c, log, distributor, typeConverter)
StandardDBSetup(dbService)
StandardStorageSetup(storageBackend, "./testrig/media")
// build client api modules
authModule := auth.New(oauthServer, dbService, log)
accountModule := account.New(c, dbService, oauthServer, mediaHandler, mastoConverter, log)
appsModule := app.New(oauthServer, dbService, mastoConverter, log)
mm := mediaModule.New(dbService, mediaHandler, mastoConverter, c, log)
accountModule := account.New(c, dbService, oauthServer, mediaHandler, typeConverter, log)
appsModule := app.New(oauthServer, dbService, typeConverter, log)
mm := mediaModule.New(dbService, mediaHandler, typeConverter, c, log)
fileServerModule := fileserver.New(c, dbService, storageBackend, log)
adminModule := admin.New(c, dbService, mediaHandler, mastoConverter, log)
statusModule := status.New(c, dbService, mediaHandler, mastoConverter, distributor, log)
adminModule := admin.New(c, dbService, mediaHandler, typeConverter, log)
statusModule := status.New(c, dbService, mediaHandler, typeConverter, distributor, log)
securityModule := security.New(c, log)
apiModules := []apimodule.ClientAPIModule{