diff options
Diffstat (limited to 'lib')
46 files changed, 1740 insertions, 352 deletions
diff --git a/lib/mix/tasks/generate_invite_token.ex b/lib/mix/tasks/generate_invite_token.ex new file mode 100644 index 000000000..c4daa9a6c --- /dev/null +++ b/lib/mix/tasks/generate_invite_token.ex @@ -0,0 +1,25 @@ +defmodule Mix.Tasks.GenerateInviteToken do + use Mix.Task + + @shortdoc "Generate invite token for user" + def run([]) do + Mix.Task.run("app.start") + + with {:ok, token} <- Pleroma.UserInviteToken.create_token() do + IO.puts("Generated user invite token") + + IO.puts( + "Url: #{ + Pleroma.Web.Router.Helpers.redirect_url( + Pleroma.Web.Endpoint, + :registration_page, + token.token + ) + }" + ) + else + _ -> + IO.puts("Error creating token") + end + end +end diff --git a/lib/mix/tasks/make_moderator.ex b/lib/mix/tasks/make_moderator.ex index 20f04c54c..a454a958e 100644 --- a/lib/mix/tasks/make_moderator.ex +++ b/lib/mix/tasks/make_moderator.ex @@ -5,7 +5,7 @@ defmodule Mix.Tasks.SetModerator do @shortdoc "Set moderator status" def run([nickname | rest]) do - ensure_started(Repo, []) + Application.ensure_all_started(:pleroma) moderator = case rest do @@ -19,7 +19,7 @@ defmodule Mix.Tasks.SetModerator do |> Map.put("is_moderator", !!moderator) cng = User.info_changeset(user, %{info: info}) - user = Repo.update!(cng) + {:ok, user} = User.update_and_set_cache(cng) IO.puts("Moderator status of #{nickname}: #{user.info["is_moderator"]}") else diff --git a/lib/mix/tasks/sample_config.eex b/lib/mix/tasks/sample_config.eex index e37c864c0..6db36fa09 100644 --- a/lib/mix/tasks/sample_config.eex +++ b/lib/mix/tasks/sample_config.eex @@ -8,7 +8,8 @@ config :pleroma, :instance, name: "<%= name %>", email: "<%= email %>", limit: 5000, - registrations_open: true + registrations_open: true, + dedupe_media: false config :pleroma, :media_proxy, enabled: false, diff --git a/lib/mix/tasks/set_locked.ex b/lib/mix/tasks/set_locked.ex new file mode 100644 index 000000000..2b3b18b09 --- /dev/null +++ b/lib/mix/tasks/set_locked.ex @@ -0,0 +1,30 @@ +defmodule Mix.Tasks.SetLocked do + use Mix.Task + import Mix.Ecto + alias Pleroma.{Repo, User} + + @shortdoc "Set locked status" + def run([nickname | rest]) do + ensure_started(Repo, []) + + locked = + case rest do + [locked] -> locked == "true" + _ -> true + end + + with %User{local: true} = user <- User.get_by_nickname(nickname) do + info = + user.info + |> Map.put("locked", !!locked) + + cng = User.info_changeset(user, %{info: info}) + user = Repo.update!(cng) + + IO.puts("locked status of #{nickname}: #{user.info["locked"]}") + else + _ -> + IO.puts("No local user #{nickname}") + end + end +end diff --git a/lib/pleroma/activity.ex b/lib/pleroma/activity.ex index c7502981e..bed96861f 100644 --- a/lib/pleroma/activity.ex +++ b/lib/pleroma/activity.ex @@ -72,8 +72,14 @@ defmodule Pleroma.Activity do ) end - def get_create_activity_by_object_ap_id(ap_id) do + def get_create_activity_by_object_ap_id(ap_id) when is_binary(ap_id) do create_activity_by_object_id_query([ap_id]) |> Repo.one() end + + def get_create_activity_by_object_ap_id(_), do: nil + + def normalize(obj) when is_map(obj), do: Activity.get_by_ap_id(obj["id"]) + def normalize(ap_id) when is_binary(ap_id), do: Activity.get_by_ap_id(ap_id) + def normalize(_), do: nil end diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index 53e2c204f..d199c9243 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -116,7 +116,28 @@ defmodule Pleroma.Formatter do _ -> [] end) - @emoji @finmoji_with_filenames ++ @emoji_from_file + @emoji_from_globs ( + static_path = Path.join(:code.priv_dir(:pleroma), "static") + + globs = + Application.get_env(:pleroma, :emoji, []) + |> Keyword.get(:shortcode_globs, []) + + paths = + Enum.map(globs, fn glob -> + Path.join(static_path, glob) + |> Path.wildcard() + end) + |> Enum.concat() + + Enum.map(paths, fn path -> + shortcode = Path.basename(path, Path.extname(path)) + external_path = Path.join("/", Path.relative_to(path, static_path)) + {shortcode, external_path} + end) + ) + + @emoji @finmoji_with_filenames ++ @emoji_from_globs ++ @emoji_from_file def emojify(text, emoji \\ @emoji) def emojify(text, nil), do: text @@ -200,7 +221,9 @@ defmodule Pleroma.Formatter do ap_id = info["source_data"]["url"] || ap_id short_match = String.split(match, "@") |> tl() |> hd() - {uuid, "<span><a href='#{ap_id}'>@<span>#{short_match}</span></a></span>"} + + {uuid, + "<span><a class='mention' href='#{ap_id}'>@<span>#{short_match}</span></a></span>"} end) {subs, uuid_text} @@ -221,8 +244,8 @@ defmodule Pleroma.Formatter do subs = subs ++ - Enum.map(tags, fn {_, tag, uuid} -> - url = "<a href='#{Pleroma.Web.base_url()}/tag/#{tag}' rel='tag'>##{tag}</a>" + Enum.map(tags, fn {tag_text, tag, uuid} -> + url = "<a href='#{Pleroma.Web.base_url()}/tag/#{tag}' rel='tag'>#{tag_text}</a>" {uuid, url} end) diff --git a/lib/pleroma/gopher/server.ex b/lib/pleroma/gopher/server.ex index f6abcd4d0..97a1dea77 100644 --- a/lib/pleroma/gopher/server.ex +++ b/lib/pleroma/gopher/server.ex @@ -54,7 +54,7 @@ defmodule Pleroma.Gopher.Server.ProtocolHandler do String.split(text, "\r") |> Enum.map(fn text -> - "i#{text}\tfake\(NULL)\t0\r\n" + "i#{text}\tfake\t(NULL)\t0\r\n" end) |> Enum.join("") end @@ -77,14 +77,14 @@ defmodule Pleroma.Gopher.Server.ProtocolHandler do link("Post ##{activity.id} by #{user.nickname}", "/notices/#{activity.id}") <> info("#{like_count} likes, #{announcement_count} repeats") <> - "\r\n" <> + "i\tfake\t(NULL)\t0\r\n" <> info( HtmlSanitizeEx.strip_tags( String.replace(activity.data["object"]["content"], "<br>", "\r") ) ) end) - |> Enum.join("\r\n") + |> Enum.join("i\tfake\t(NULL)\t0\r\n") end def response("") do diff --git a/lib/pleroma/list.ex b/lib/pleroma/list.ex index 9d0b9285b..53d98665b 100644 --- a/lib/pleroma/list.ex +++ b/lib/pleroma/list.ex @@ -1,7 +1,7 @@ defmodule Pleroma.List do use Ecto.Schema import Ecto.{Changeset, Query} - alias Pleroma.{User, Repo} + alias Pleroma.{User, Repo, Activity} schema "lists" do belongs_to(:user, Pleroma.User) @@ -56,6 +56,19 @@ defmodule Pleroma.List do {:ok, Repo.all(q)} end + # Get lists the activity should be streamed to. + def get_lists_from_activity(%Activity{actor: ap_id}) do + actor = User.get_cached_by_ap_id(ap_id) + + query = + from( + l in Pleroma.List, + where: fragment("? && ?", l.following, ^[actor.follower_address]) + ) + + Repo.all(query) + end + def rename(%Pleroma.List{} = list, title) do list |> title_changeset(%{title: title}) diff --git a/lib/pleroma/object.ex b/lib/pleroma/object.ex index ff2af4a6f..1bcff5a7b 100644 --- a/lib/pleroma/object.ex +++ b/lib/pleroma/object.ex @@ -27,6 +27,10 @@ defmodule Pleroma.Object do Repo.one(from(object in Object, where: fragment("(?)->>'id' = ?", object.data, ^ap_id))) end + def normalize(obj) when is_map(obj), do: Object.get_by_ap_id(obj["id"]) + def normalize(ap_id) when is_binary(ap_id), do: Object.get_by_ap_id(ap_id) + def normalize(_), do: nil + def get_cached_by_ap_id(ap_id) do if Mix.env() == :test do get_by_ap_id(ap_id) diff --git a/lib/pleroma/plugs/digest.ex b/lib/pleroma/plugs/digest.ex new file mode 100644 index 000000000..9d6bbb085 --- /dev/null +++ b/lib/pleroma/plugs/digest.ex @@ -0,0 +1,10 @@ +defmodule Pleroma.Web.Plugs.DigestPlug do + alias Plug.Conn + require Logger + + def read_body(conn, opts) do + {:ok, body, conn} = Conn.read_body(conn, opts) + digest = "SHA-256=" <> (:crypto.hash(:sha256, body) |> Base.encode64()) + {:ok, body, Conn.assign(conn, :digest, digest)} + end +end diff --git a/lib/pleroma/plugs/http_signature.ex b/lib/pleroma/plugs/http_signature.ex index 2d0e10cad..9e53371b7 100644 --- a/lib/pleroma/plugs/http_signature.ex +++ b/lib/pleroma/plugs/http_signature.ex @@ -13,12 +13,14 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do end def call(conn, _opts) do - user = Utils.normalize_actor(conn.params["actor"]) + user = Utils.get_ap_id(conn.params["actor"]) Logger.debug("Checking sig for #{user}") [signature | _] = get_req_header(conn, "signature") cond do signature && String.contains?(signature, user) -> + # set (request-target) header to the appropriate value + # we also replace the digest header with the one we computed conn = conn |> put_req_header( @@ -26,6 +28,14 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do String.downcase("#{conn.method}") <> " #{conn.request_path}" ) + conn = + if conn.assigns[:digest] do + conn + |> put_req_header("digest", conn.assigns[:digest]) + else + conn + end + assign(conn, :valid_signature, HTTPSignatures.validate_conn(conn)) signature -> diff --git a/lib/pleroma/upload.ex b/lib/pleroma/upload.ex index e5df94009..e0cb545b0 100644 --- a/lib/pleroma/upload.ex +++ b/lib/pleroma/upload.ex @@ -2,47 +2,74 @@ defmodule Pleroma.Upload do alias Ecto.UUID alias Pleroma.Web - def store(%Plug.Upload{} = file) do - uuid = UUID.generate() - upload_folder = Path.join(upload_path(), uuid) + def store(%Plug.Upload{} = file, should_dedupe) do + content_type = get_content_type(file.path) + uuid = get_uuid(file, should_dedupe) + name = get_name(file, uuid, content_type, should_dedupe) + upload_folder = get_upload_path(uuid, should_dedupe) + url_path = get_url(name, uuid, should_dedupe) + File.mkdir_p!(upload_folder) - result_file = Path.join(upload_folder, file.filename) - File.cp!(file.path, result_file) + result_file = Path.join(upload_folder, name) - # fix content type on some image uploads - content_type = - if file.content_type in [nil, "application/octet-stream"] do - get_content_type(file.path) - else - file.content_type - end + if File.exists?(result_file) do + File.rm!(file.path) + else + File.cp!(file.path, result_file) + end + + strip_exif_data(content_type, result_file) %{ - "type" => "Image", + "type" => "Document", "url" => [ %{ "type" => "Link", "mediaType" => content_type, - "href" => url_for(Path.join(uuid, :cow_uri.urlencode(file.filename))) + "href" => url_path } ], - "name" => file.filename, - "uuid" => uuid + "name" => name } end - def store(%{"img" => "data:image/" <> image_data}) do + def store(%{"img" => "data:image/" <> image_data}, should_dedupe) do parsed = Regex.named_captures(~r/(?<filetype>jpeg|png|gif);base64,(?<data>.*)/, image_data) - data = Base.decode64!(parsed["data"]) + data = Base.decode64!(parsed["data"], ignore: :whitespace) + uuid = UUID.generate() + uuidpath = Path.join(upload_path(), uuid) uuid = UUID.generate() - upload_folder = Path.join(upload_path(), uuid) + + File.mkdir_p!(upload_path()) + + File.write!(uuidpath, data) + + content_type = get_content_type(uuidpath) + + name = + create_name( + String.downcase(Base.encode16(:crypto.hash(:sha256, data))), + parsed["filetype"], + content_type + ) + + upload_folder = get_upload_path(uuid, should_dedupe) + url_path = get_url(name, uuid, should_dedupe) + File.mkdir_p!(upload_folder) - filename = Base.encode16(:crypto.hash(:sha256, data)) <> ".#{parsed["filetype"]}" - result_file = Path.join(upload_folder, filename) + result_file = Path.join(upload_folder, name) - File.write!(result_file, data) + if should_dedupe do + if !File.exists?(result_file) do + File.rename(uuidpath, result_file) + else + File.rm!(uuidpath) + end + else + File.rename(uuidpath, result_file) + end - content_type = "image/#{parsed["filetype"]}" + strip_exif_data(content_type, result_file) %{ "type" => "Image", @@ -50,19 +77,87 @@ defmodule Pleroma.Upload do %{ "type" => "Link", "mediaType" => content_type, - "href" => url_for(Path.join(uuid, :cow_uri.urlencode(filename))) + "href" => url_path } ], - "name" => filename, - "uuid" => uuid + "name" => name } end + def strip_exif_data(content_type, file) do + settings = Application.get_env(:pleroma, Pleroma.Upload) + do_strip = Keyword.fetch!(settings, :strip_exif) + [filetype, ext] = String.split(content_type, "/") + + if filetype == "image" and do_strip == true do + Mogrify.open(file) |> Mogrify.custom("strip") |> Mogrify.save(in_place: true) + end + end + def upload_path do settings = Application.get_env(:pleroma, Pleroma.Upload) Keyword.fetch!(settings, :uploads) end + defp create_name(uuid, ext, type) do + case type do + "application/octet-stream" -> + String.downcase(Enum.join([uuid, ext], ".")) + + "audio/mpeg" -> + String.downcase(Enum.join([uuid, "mp3"], ".")) + + _ -> + String.downcase(Enum.join([uuid, List.last(String.split(type, "/"))], ".")) + end + end + + defp get_uuid(file, should_dedupe) do + if should_dedupe do + Base.encode16(:crypto.hash(:sha256, File.read!(file.path))) + else + UUID.generate() + end + end + + defp get_name(file, uuid, type, should_dedupe) do + if should_dedupe do + create_name(uuid, List.last(String.split(file.filename, ".")), type) + else + parts = String.split(file.filename, ".") + + new_filename = + if length(parts) > 1 do + Enum.drop(parts, -1) |> Enum.join(".") + else + Enum.join(parts) + end + + case type do + "application/octet-stream" -> file.filename + "audio/mpeg" -> new_filename <> ".mp3" + "image/jpeg" -> new_filename <> ".jpg" + _ -> Enum.join([new_filename, String.split(type, "/") |> List.last()], ".") + end + end + end + + defp get_upload_path(uuid, should_dedupe) do + if should_dedupe do + upload_path() + else + Path.join(upload_path(), uuid) + end + end + + defp get_url(name, uuid, should_dedupe) do + if should_dedupe do + url_for(:cow_uri.urlencode(name)) + else + url_for(Path.join(uuid, :cow_uri.urlencode(name))) + end + end + defp url_for(file) do "#{Web.base_url()}/media/#{file}" end @@ -89,6 +184,9 @@ defmodule Pleroma.Upload do <<0x49, 0x44, 0x33, _, _, _, _, _>> -> "audio/mpeg" + <<255, 251, _, 68, 0, 0, 0, 0>> -> + "audio/mpeg" + <<0x4F, 0x67, 0x67, 0x53, 0x00, 0x02, 0x00, 0x00>> -> "audio/ogg" diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 508f14584..fa0ea171d 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -67,7 +67,8 @@ defmodule Pleroma.User do %{ following_count: length(user.following) - oneself, note_count: user.info["note_count"] || 0, - follower_count: user.info["follower_count"] || 0 + follower_count: user.info["follower_count"] || 0, + locked: user.info["locked"] || false } end @@ -167,14 +168,58 @@ defmodule Pleroma.User do end end + def maybe_direct_follow(%User{} = follower, %User{info: info} = followed) do + user_config = Application.get_env(:pleroma, :user) + deny_follow_blocked = Keyword.get(user_config, :deny_follow_blocked) + + user_info = user_info(followed) + + should_direct_follow = + cond do + # if the account is locked, don't pre-create the relationship + user_info[:locked] == true -> + false + + # if the users are blocking each other, we shouldn't even be here, but check for it anyway + deny_follow_blocked and + (User.blocks?(follower, followed) or User.blocks?(followed, follower)) -> + false + + # if OStatus, then there is no three-way handshake to follow + User.ap_enabled?(followed) != true -> + true + + # if there are no other reasons not to, just pre-create the relationship + true -> + true + end + + if should_direct_follow do + follow(follower, followed) + else + {:ok, follower} + end + end + + def maybe_follow(%User{} = follower, %User{info: info} = followed) do + if not following?(follower, followed) do + follow(follower, followed) + else + {:ok, follower} + end + end + def follow(%User{} = follower, %User{info: info} = followed) do + user_config = Application.get_env(:pleroma, :user) + deny_follow_blocked = Keyword.get(user_config, :deny_follow_blocked) + ap_followers = followed.follower_address cond do following?(follower, followed) or info["deactivated"] -> {:error, "Could not follow user: #{followed.nickname} is already on your list."} - blocks?(followed, follower) -> + deny_follow_blocked and blocks?(followed, follower) -> {:error, "Could not follow user: #{followed.nickname} blocked you."} true -> @@ -222,6 +267,10 @@ defmodule Pleroma.User do Enum.member?(follower.following, followed.follower_address) end + def locked?(%User{} = user) do + user.info["locked"] || false + end + def get_by_ap_id(ap_id) do Repo.get_by(User, ap_id: ap_id) end @@ -319,6 +368,41 @@ defmodule Pleroma.User do {:ok, Repo.all(q)} end + def get_follow_requests_query(%User{} = user) do + from( + a in Activity, + where: + fragment( + "? ->> 'type' = 'Follow'", + a.data + ), + where: + fragment( + "? ->> 'state' = 'pending'", + a.data + ), + where: + fragment( + "? @> ?", + a.data, + ^%{"object" => user.ap_id} + ) + ) + end + + def get_follow_requests(%User{} = user) do + q = get_follow_requests_query(user) + reqs = Repo.all(q) + + users = + Enum.map(reqs, fn req -> req.actor end) + |> Enum.uniq() + |> Enum.map(fn ap_id -> get_by_ap_id(ap_id) end) + |> Enum.filter(fn u -> !following?(u, user) end) + + {:ok, users} + end + def increase_note_count(%User{} = user) do note_count = (user.info["note_count"] || 0) + 1 new_info = Map.put(user.info, "note_count", note_count) @@ -429,15 +513,33 @@ defmodule Pleroma.User do Repo.all(q) end - def block(user, %{ap_id: ap_id}) do - blocks = user.info["blocks"] || [] + def block(blocker, %User{ap_id: ap_id} = blocked) do + # sever any follow relationships to prevent leaks per activitypub (Pleroma issue #213) + blocker = + if following?(blocker, blocked) do + {:ok, blocker, _} = unfollow(blocker, blocked) + blocker + else + blocker + end + + if following?(blocked, blocker) do + unfollow(blocked, blocker) + end + + blocks = blocker.info["blocks"] || [] new_blocks = Enum.uniq([ap_id | blocks]) - new_info = Map.put(user.info, "blocks", new_blocks) + new_info = Map.put(blocker.info, "blocks", new_blocks) - cs = User.info_changeset(user, %{info: new_info}) + cs = User.info_changeset(blocker, %{info: new_info}) update_and_set_cache(cs) end + # helper to handle the block given only an actor's AP id + def block(blocker, %{ap_id: ap_id}) do + block(blocker, User.get_by_ap_id(ap_id)) + end + def unblock(user, %{ap_id: ap_id}) do blocks = user.info["blocks"] || [] new_blocks = List.delete(blocks, ap_id) @@ -449,7 +551,31 @@ defmodule Pleroma.User do def blocks?(user, %{ap_id: ap_id}) do blocks = user.info["blocks"] || [] - Enum.member?(blocks, ap_id) + domain_blocks = user.info["domain_blocks"] || [] + %{host: host} = URI.parse(ap_id) + + Enum.member?(blocks, ap_id) || + Enum.any?(domain_blocks, fn domain -> + host == domain + end) + end + + def block_domain(user, domain) do + domain_blocks = user.info["domain_blocks"] || [] + new_blocks = Enum.uniq([domain | domain_blocks]) + new_info = Map.put(user.info, "domain_blocks", new_blocks) + + cs = User.info_changeset(user, %{info: new_info}) + update_and_set_cache(cs) + end + + def unblock_domain(user, domain) do + blocks = user.info["domain_blocks"] || [] + new_blocks = List.delete(blocks, domain) + new_info = Map.put(user.info, "domain_blocks", new_blocks) + + cs = User.info_changeset(user, %{info: new_info}) + update_and_set_cache(cs) end def local_user_query() do @@ -482,7 +608,7 @@ defmodule Pleroma.User do |> Enum.each(fn activity -> case activity.data["type"] do "Create" -> - ActivityPub.delete(Object.get_by_ap_id(activity.data["object"]["id"])) + ActivityPub.delete(Object.normalize(activity.data["object"])) # TODO: Do something with likes, follows, repeats. _ -> diff --git a/lib/pleroma/user_invite_token.ex b/lib/pleroma/user_invite_token.ex new file mode 100644 index 000000000..48ee1019a --- /dev/null +++ b/lib/pleroma/user_invite_token.ex @@ -0,0 +1,40 @@ +defmodule Pleroma.UserInviteToken do + use Ecto.Schema + + import Ecto.Changeset + + alias Pleroma.{User, UserInviteToken, Repo} + + schema "user_invite_tokens" do + field(:token, :string) + field(:used, :boolean, default: false) + + timestamps() + end + + def create_token do + token = :crypto.strong_rand_bytes(32) |> Base.url_encode64() + + token = %UserInviteToken{ + used: false, + token: token + } + + Repo.insert(token) + end + + def used_changeset(struct) do + struct + |> cast(%{}, []) + |> put_change(:used, true) + end + + def mark_as_used(token) do + with %{used: false} = token <- Repo.get_by(UserInviteToken, %{token: token}), + {:ok, token} <- Repo.update(used_changeset(token)) do + {:ok, token} + else + _e -> {:error, token} + end + end +end diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 8485a8009..ec605b694 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -30,7 +30,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end def insert(map, local \\ true) when is_map(map) do - with nil <- Activity.get_by_ap_id(map["id"]), + with nil <- Activity.normalize(map), map <- lazy_put_activity_defaults(map), :ok <- check_actor_is_active(map["actor"]), {:ok, map} <- MRF.filter(map), @@ -53,15 +53,33 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end def stream_out(activity) do + public = "https://www.w3.org/ns/activitystreams#Public" + if activity.data["type"] in ["Create", "Announce"] do Pleroma.Web.Streamer.stream("user", activity) + Pleroma.Web.Streamer.stream("list", activity) - if Enum.member?(activity.data["to"], "https://www.w3.org/ns/activitystreams#Public") do + if Enum.member?(activity.data["to"], public) do Pleroma.Web.Streamer.stream("public", activity) if activity.local do Pleroma.Web.Streamer.stream("public:local", activity) end + + if activity.data["object"]["attachment"] != [] do + Pleroma.Web.Streamer.stream("public:media", activity) + + if activity.local do + Pleroma.Web.Streamer.stream("public:local:media", activity) + end + end + else + if !Enum.member?(activity.data["cc"] || [], public) && + !Enum.member?( + activity.data["to"], + User.get_by_ap_id(activity.data["actor"]).follower_address + ), + do: Pleroma.Web.Streamer.stream("direct", activity) end end end @@ -95,6 +113,17 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end end + def reject(%{to: to, actor: actor, object: object} = params) do + # only accept false as false value + local = !(params[:local] == false) + + with data <- %{"to" => to, "type" => "Reject", "actor" => actor, "object" => object}, + {:ok, activity} <- insert(data, local), + :ok <- maybe_federate(activity) do + {:ok, activity} + end + end + def update(%{to: to, cc: cc, actor: actor, object: object} = params) do # only accept false as false value local = !(params[:local] == false) @@ -178,7 +207,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do :ok <- maybe_federate(unannounce_activity), {:ok, _activity} <- Repo.delete(announce_activity), {:ok, object} <- remove_announce_from_object(announce_activity, object) do - {:ok, unannounce_activity, announce_activity, object} + {:ok, unannounce_activity, object} else _e -> {:ok, object} end @@ -194,6 +223,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do def unfollow(follower, followed, activity_id \\ nil, local \\ true) do with %Activity{} = follow_activity <- fetch_latest_follow(follower, followed), + {:ok, follow_activity} <- update_follow_state(follow_activity, "cancelled"), unfollow_data <- make_unfollow_data(follower, followed, follow_activity, activity_id), {:ok, activity} <- insert(unfollow_data, local), :ok <- maybe_federate(activity) do @@ -221,16 +251,25 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end def block(blocker, blocked, activity_id \\ nil, local \\ true) do - follow_activity = fetch_latest_follow(blocker, blocked) + ap_config = Application.get_env(:pleroma, :activitypub) + unfollow_blocked = Keyword.get(ap_config, :unfollow_blocked) + outgoing_blocks = Keyword.get(ap_config, :outgoing_blocks) + + with true <- unfollow_blocked do + follow_activity = fetch_latest_follow(blocker, blocked) - if follow_activity do - unfollow(blocker, blocked, nil, local) + if follow_activity do + unfollow(blocker, blocked, nil, local) + end end - with block_data <- make_block_data(blocker, blocked, activity_id), + with true <- outgoing_blocks, + block_data <- make_block_data(blocker, blocked, activity_id), {:ok, activity} <- insert(block_data, local), :ok <- maybe_federate(activity) do {:ok, activity} + else + _e -> {:ok, nil} end end @@ -282,6 +321,32 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do |> Enum.reverse() end + @valid_visibilities ~w[direct unlisted public private] + + defp restrict_visibility(query, %{visibility: "direct"}) do + public = "https://www.w3.org/ns/activitystreams#Public" + + from( + activity in query, + join: sender in User, + on: sender.ap_id == activity.actor, + # Are non-direct statuses with no to/cc possible? + where: + fragment( + "not (? && ?)", + [^public, sender.follower_address], + activity.recipients + ) + ) + end + + defp restrict_visibility(_query, %{visibility: visibility}) + when visibility not in @valid_visibilities do + Logger.error("Could not restrict visibility to #{visibility}") + end + + defp restrict_visibility(query, _visibility), do: query + def fetch_user_activities(user, reading_user, params \\ %{}) do params = params @@ -382,6 +447,15 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do defp restrict_media(query, _), do: query + defp restrict_replies(query, %{"exclude_replies" => val}) when val == "true" or val == "1" do + from( + activity in query, + where: fragment("?->'object'->>'inReplyTo' is null", activity.data) + ) + end + + defp restrict_replies(query, _), do: query + # Only search through last 100_000 activities by default defp restrict_recent(query, %{"whole_db" => true}), do: query @@ -393,11 +467,13 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do defp restrict_blocked(query, %{"blocking_user" => %User{info: info}}) do blocks = info["blocks"] || [] + domain_blocks = info["domain_blocks"] || [] from( activity in query, where: fragment("not (? = ANY(?))", activity.actor, ^blocks), - where: fragment("not (?->'to' \\?| ?)", activity.data, ^blocks) + where: fragment("not (?->'to' \\?| ?)", activity.data, ^blocks), + where: fragment("not (split_part(?, '/', 3) = ANY(?))", activity.actor, ^domain_blocks) ) end @@ -436,6 +512,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do |> restrict_recent(opts) |> restrict_blocked(opts) |> restrict_media(opts) + |> restrict_visibility(opts) + |> restrict_replies(opts) end def fetch_activities(recipients, opts \\ %{}) do @@ -445,7 +523,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end def upload(file) do - data = Upload.store(file) + data = Upload.store(file, Application.get_env(:pleroma, :instance)[:dedupe_media]) Repo.insert(%Object{data: data}) end @@ -464,6 +542,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do "url" => [%{"href" => data["image"]["url"]}] } + locked = data["manuallyApprovesFollowers"] || false data = Transmogrifier.maybe_fix_user_object(data) user_data = %{ @@ -471,7 +550,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do info: %{ "ap_enabled" => true, "source_data" => data, - "banner" => banner + "banner" => banner, + "locked" => locked }, avatar: avatar, nickname: "#{data["preferredUsername"]}@#{URI.parse(data["id"]).host}", @@ -513,6 +593,17 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end end + @quarantined_instances Keyword.get(@instance, :quarantined_instances, []) + + def should_federate?(inbox, public) do + if public do + true + else + inbox_info = URI.parse(inbox) + inbox_info.host not in @quarantined_instances + end + end + def publish(actor, activity) do followers = if actor.follower_address in activity.recipients do @@ -522,6 +613,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do [] end + public = is_public?(activity) + remote_inboxes = (Pleroma.Web.Salmon.remote_users(activity) ++ followers) |> Enum.filter(fn user -> User.ap_enabled?(user) end) @@ -529,6 +622,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do (data["endpoints"] && data["endpoints"]["sharedInbox"]) || data["inbox"] end) |> Enum.uniq() + |> Enum.filter(fn inbox -> should_federate?(inbox, public) end) {:ok, data} = Transmogrifier.prepare_outgoing(activity.data) json = Jason.encode!(data) @@ -547,13 +641,23 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do Logger.info("Federating #{id} to #{inbox}") host = URI.parse(inbox).host + digest = "SHA-256=" <> (:crypto.hash(:sha256, json) |> Base.encode64()) + signature = - Pleroma.Web.HTTPSignatures.sign(actor, %{host: host, "content-length": byte_size(json)}) + Pleroma.Web.HTTPSignatures.sign(actor, %{ + host: host, + "content-length": byte_size(json), + digest: digest + }) @httpoison.post( inbox, json, - [{"Content-Type", "application/activity+json"}, {"signature", signature}], + [ + {"Content-Type", "application/activity+json"}, + {"signature", signature}, + {"digest", digest} + ], hackney: [pool: :default] ) end @@ -576,7 +680,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do recv_timeout: 20000 ), {:ok, data} <- Jason.decode(body), - nil <- Object.get_by_ap_id(data["id"]), + nil <- Object.normalize(data), params <- %{ "type" => "Create", "to" => data["to"], @@ -585,7 +689,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do "object" => data }, {:ok, activity} <- Transmogrifier.handle_incoming(params) do - {:ok, Object.get_by_ap_id(activity.data["object"]["id"])} + {:ok, Object.normalize(activity.data["object"])} else object = %Object{} -> {:ok, object} @@ -594,7 +698,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do Logger.info("Couldn't get object via AP, trying out OStatus fetching...") case OStatus.fetch_activity_from_url(id) do - {:ok, [activity | _]} -> {:ok, Object.get_by_ap_id(activity.data["object"]["id"])} + {:ok, [activity | _]} -> {:ok, Object.normalize(activity.data["object"])} e -> e end end diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex index c7d50893f..d337532d0 100644 --- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex +++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex @@ -15,15 +15,21 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do conn |> put_resp_header("content-type", "application/activity+json") |> json(UserView.render("user.json", %{user: user})) + else + nil -> {:error, :not_found} end end def object(conn, %{"uuid" => uuid}) do with ap_id <- o_status_url(conn, :object, uuid), - %Object{} = object <- Object.get_cached_by_ap_id(ap_id) do + %Object{} = object <- Object.get_cached_by_ap_id(ap_id), + {_, true} <- {:public?, ActivityPub.is_public?(object)} do conn |> put_resp_header("content-type", "application/activity+json") |> json(ObjectView.render("object.json", %{object: object})) + else + {:public?, false} -> + {:error, :not_found} end end @@ -101,6 +107,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do json(conn, "ok") end + def errors(conn, {:error, :not_found}) do + conn + |> put_status(404) + |> json("Not found") + end + def errors(conn, _e) do conn |> put_status(500) diff --git a/lib/pleroma/web/activity_pub/mrf/reject_non_public.ex b/lib/pleroma/web/activity_pub/mrf/reject_non_public.ex new file mode 100644 index 000000000..b6936fe90 --- /dev/null +++ b/lib/pleroma/web/activity_pub/mrf/reject_non_public.ex @@ -0,0 +1,49 @@ +defmodule Pleroma.Web.ActivityPub.MRF.RejectNonPublic do + alias Pleroma.User + @behaviour Pleroma.Web.ActivityPub.MRF + + @mrf_rejectnonpublic Application.get_env(:pleroma, :mrf_rejectnonpublic) + @allow_followersonly Keyword.get(@mrf_rejectnonpublic, :allow_followersonly) + @allow_direct Keyword.get(@mrf_rejectnonpublic, :allow_direct) + + @impl true + def filter(object) do + if object["type"] == "Create" do + user = User.get_cached_by_ap_id(object["actor"]) + public = "https://www.w3.org/ns/activitystreams#Public" + + # Determine visibility + visibility = + cond do + public in object["to"] -> "public" + public in object["cc"] -> "unlisted" + user.follower_address in object["to"] -> "followers" + true -> "direct" + end + + case visibility do + "public" -> + {:ok, object} + + "unlisted" -> + {:ok, object} + + "followers" -> + with true <- @allow_followersonly do + {:ok, object} + else + _e -> {:reject, nil} + end + + "direct" -> + with true <- @allow_direct do + {:ok, object} + else + _e -> {:reject, nil} + end + end + else + {:ok, object} + end + end +end diff --git a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex index 8d770387d..7fecb8a4f 100644 --- a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex @@ -4,6 +4,15 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do @mrf_policy Application.get_env(:pleroma, :mrf_simple) + @accept Keyword.get(@mrf_policy, :accept) + defp check_accept(actor_info, object) do + if length(@accept) > 0 and not (actor_info.host in @accept) do + {:reject, nil} + else + {:ok, object} + end + end + @reject Keyword.get(@mrf_policy, :reject) defp check_reject(actor_info, object) do if actor_info.host in @reject do @@ -74,7 +83,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do def filter(object) do actor_info = URI.parse(object["actor"]) - with {:ok, object} <- check_reject(actor_info, object), + with {:ok, object} <- check_accept(actor_info, object), + {:ok, object} <- check_reject(actor_info, object), {:ok, object} <- check_media_removal(actor_info, object), {:ok, object} <- check_media_nsfw(actor_info, object), {:ok, object} <- check_ftl_removal(actor_info, object) do diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 803445011..2ebc526df 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -7,36 +7,61 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do alias Pleroma.Activity alias Pleroma.Repo alias Pleroma.Web.ActivityPub.ActivityPub + alias Pleroma.Web.ActivityPub.Utils import Ecto.Query require Logger + def get_actor(%{"actor" => actor}) when is_binary(actor) do + actor + end + + def get_actor(%{"actor" => actor}) when is_list(actor) do + Enum.at(actor, 0) + end + + def get_actor(%{"actor" => actor_list}) do + Enum.find(actor_list, fn %{"type" => type} -> type == "Person" end) + |> Map.get("id") + end + @doc """ Modifies an incoming AP object (mastodon format) to our internal format. """ def fix_object(object) do object - |> Map.put("actor", object["attributedTo"]) + |> fix_actor |> fix_attachments |> fix_context |> fix_in_reply_to |> fix_emoji |> fix_tag + |> fix_content_map + end + + def fix_actor(%{"attributedTo" => actor} = object) do + object + |> Map.put("actor", get_actor(%{"actor" => actor})) end def fix_in_reply_to(%{"inReplyTo" => in_reply_to_id} = object) when not is_nil(in_reply_to_id) do case ActivityPub.fetch_object_from_id(in_reply_to_id) do {:ok, replied_object} -> - activity = Activity.get_create_activity_by_object_ap_id(replied_object.data["id"]) - - object - |> Map.put("inReplyTo", replied_object.data["id"]) - |> Map.put("inReplyToAtomUri", object["inReplyToAtomUri"] || in_reply_to_id) - |> Map.put("inReplyToStatusId", activity.id) - |> Map.put("conversation", replied_object.data["context"] || object["conversation"]) - |> Map.put("context", replied_object.data["context"] || object["conversation"]) + with %Activity{} = activity <- + Activity.get_create_activity_by_object_ap_id(replied_object.data["id"]) do + object + |> Map.put("inReplyTo", replied_object.data["id"]) + |> Map.put("inReplyToAtomUri", object["inReplyToAtomUri"] || in_reply_to_id) + |> Map.put("inReplyToStatusId", activity.id) + |> Map.put("conversation", replied_object.data["context"] || object["conversation"]) + |> Map.put("context", replied_object.data["context"] || object["conversation"]) + else + e -> + Logger.error("Couldn't fetch #{object["inReplyTo"]} #{inspect(e)}") + object + end e -> Logger.error("Couldn't fetch #{object["inReplyTo"]} #{inspect(e)}") @@ -101,10 +126,25 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do |> Map.put("tag", combined) end + # content map usually only has one language so this will do for now. + def fix_content_map(%{"contentMap" => content_map} = object) do + content_groups = Map.to_list(content_map) + {_, content} = Enum.at(content_groups, 0) + + object + |> Map.put("content", content) + end + + def fix_content_map(object), do: object + # TODO: validate those with a Ecto scheme # - tags # - emoji - def handle_incoming(%{"type" => "Create", "object" => %{"type" => "Note"} = object} = data) do + def handle_incoming(%{"type" => "Create", "object" => %{"type" => objtype} = object} = data) + when objtype in ["Article", "Note"] do + actor = get_actor(data) + data = Map.put(data, "actor", actor) + with nil <- Activity.get_create_activity_by_object_ap_id(object["id"]), %User{} = user <- User.get_or_fetch_by_ap_id(data["actor"]) do object = fix_object(data["object"]) @@ -136,9 +176,89 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do with %User{local: true} = followed <- User.get_cached_by_ap_id(followed), %User{} = follower <- User.get_or_fetch_by_ap_id(follower), {:ok, activity} <- ActivityPub.follow(follower, followed, id, false) do - ActivityPub.accept(%{to: [follower.ap_id], actor: followed.ap_id, object: data, local: true}) + if not User.locked?(followed) do + ActivityPub.accept(%{ + to: [follower.ap_id], + actor: followed.ap_id, + object: data, + local: true + }) + + User.follow(follower, followed) + end + + {:ok, activity} + else + _e -> :error + end + end + + defp mastodon_follow_hack(%{"id" => id, "actor" => follower_id}, followed) do + with true <- id =~ "follows", + %User{local: true} = follower <- User.get_cached_by_ap_id(follower_id), + %Activity{} = activity <- Utils.fetch_latest_follow(follower, followed) do + {:ok, activity} + else + _ -> {:error, nil} + end + end + + defp mastodon_follow_hack(_), do: {:error, nil} + + defp get_follow_activity(follow_object, followed) do + with object_id when not is_nil(object_id) <- Utils.get_ap_id(follow_object), + {_, %Activity{} = activity} <- {:activity, Activity.get_by_ap_id(object_id)} do + {:ok, activity} + else + # Can't find the activity. This might a Mastodon 2.3 "Accept" + {:activity, nil} -> + mastodon_follow_hack(follow_object, followed) + + _ -> + {:error, nil} + end + end + + def handle_incoming( + %{"type" => "Accept", "object" => follow_object, "actor" => actor, "id" => id} = data + ) do + with %User{} = followed <- User.get_or_fetch_by_ap_id(actor), + {:ok, follow_activity} <- get_follow_activity(follow_object, followed), + %User{local: true} = follower <- User.get_cached_by_ap_id(follow_activity.data["actor"]), + {:ok, activity} <- + ActivityPub.accept(%{ + to: follow_activity.data["to"], + type: "Accept", + actor: followed.ap_id, + object: follow_activity.data["id"], + local: false + }) do + if not User.following?(follower, followed) do + {:ok, follower} = User.follow(follower, followed) + end + + {:ok, activity} + else + _e -> :error + end + end + + def handle_incoming( + %{"type" => "Reject", "object" => follow_object, "actor" => actor, "id" => id} = data + ) do + with %User{} = followed <- User.get_or_fetch_by_ap_id(actor), + {:ok, follow_activity} <- get_follow_activity(follow_object, followed), + %User{local: true} = follower <- User.get_cached_by_ap_id(follow_activity.data["actor"]), + {:ok, activity} <- + ActivityPub.accept(%{ + to: follow_activity.data["to"], + type: "Accept", + actor: followed.ap_id, + object: follow_activity.data["id"], + local: false + }) do + User.unfollow(follower, followed) - User.follow(follower, followed) {:ok, activity} else _e -> :error @@ -179,11 +299,12 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do {:ok, new_user_data} = ActivityPub.user_data_from_user_object(object) banner = new_user_data[:info]["banner"] + locked = new_user_data[:info]["locked"] || false update_data = new_user_data |> Map.take([:name, :bio, :avatar]) - |> Map.put(:info, Map.merge(actor.info, %{"banner" => banner})) + |> Map.put(:info, Map.merge(actor.info, %{"banner" => banner, "locked" => locked})) actor |> User.upgrade_changeset(update_data) @@ -207,11 +328,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do def handle_incoming( %{"type" => "Delete", "object" => object_id, "actor" => actor, "id" => _id} = _data ) do - object_id = - case object_id do - %{"id" => id} -> id - id -> id - end + object_id = Utils.get_ap_id(object_id) with %User{} = _actor <- User.get_or_fetch_by_ap_id(actor), {:ok, object} <- @@ -234,7 +351,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do with %User{} = actor <- User.get_or_fetch_by_ap_id(actor), {:ok, object} <- get_obj_helper(object_id) || ActivityPub.fetch_object_from_id(object_id), - {:ok, activity, _, _} <- ActivityPub.unannounce(actor, object, id, false) do + {:ok, activity, _} <- ActivityPub.unannounce(actor, object, id, false) do {:ok, activity} else _e -> :error @@ -259,6 +376,9 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do end end + @ap_config Application.get_env(:pleroma, :activitypub) + @accept_blocks Keyword.get(@ap_config, :accept_blocks) + def handle_incoming( %{ "type" => "Undo", @@ -267,7 +387,8 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do "id" => id } = _data ) do - with %User{local: true} = blocked <- User.get_cached_by_ap_id(blocked), + with true <- @accept_blocks, + %User{local: true} = blocked <- User.get_cached_by_ap_id(blocked), %User{} = blocker <- User.get_or_fetch_by_ap_id(blocker), {:ok, activity} <- ActivityPub.unblock(blocker, blocked, id, false) do User.unblock(blocker, blocked) @@ -280,7 +401,8 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do def handle_incoming( %{"type" => "Block", "object" => blocked, "actor" => blocker, "id" => id} = data ) do - with %User{local: true} = blocked = User.get_cached_by_ap_id(blocked), + with true <- @accept_blocks, + %User{local: true} = blocked = User.get_cached_by_ap_id(blocked), %User{} = blocker = User.get_or_fetch_by_ap_id(blocker), {:ok, activity} <- ActivityPub.block(blocker, blocked, id, false) do User.unfollow(blocker, blocked) @@ -309,13 +431,10 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do end end - # TODO - # Accept - def handle_incoming(_), do: :error def get_obj_helper(id) do - if object = Object.get_by_ap_id(id), do: {:ok, object}, else: nil + if object = Object.normalize(id), do: {:ok, object}, else: nil end def set_reply_to_uri(%{"inReplyTo" => inReplyTo} = object) do @@ -360,6 +479,44 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do {:ok, data} end + # Mastodon Accept/Reject requires a non-normalized object containing the actor URIs, + # because of course it does. + def prepare_outgoing(%{"type" => "Accept"} = data) do + with follow_activity <- Activity.normalize(data["object"]) do + object = %{ + "actor" => follow_activity.actor, + "object" => follow_activity.data["object"], + "id" => follow_activity.data["id"], + "type" => "Follow" + } + + data = + data + |> Map.put("object", object) + |> Map.put("@context", "https://www.w3.org/ns/activitystreams") + + {:ok, data} + end + end + + def prepare_outgoing(%{"type" => "Reject"} = data) do + with follow_activity <- Activity.normalize(data["object"]) do + object = %{ + "actor" => follow_activity.actor, + "object" => follow_activity.data["object"], + "id" => follow_activity.data["id"], + "type" => "Follow" + } + + data = + data + |> Map.put("object", object) + |> Map.put("@context", "https://www.w3.org/ns/activitystreams") + + {:ok, data} + end + end + def prepare_outgoing(%{"type" => _type} = data) do data = data diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index cb2e1e078..8b41a3bec 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -4,21 +4,19 @@ defmodule Pleroma.Web.ActivityPub.Utils do alias Pleroma.Web.Endpoint alias Ecto.{Changeset, UUID} import Ecto.Query + require Logger # Some implementations send the actor URI as the actor field, others send the entire actor object, # so figure out what the actor's URI is based on what we have. - def normalize_actor(actor) do - cond do - is_binary(actor) -> - actor - - is_map(actor) -> - actor["id"] + def get_ap_id(object) do + case object do + %{"id" => id} -> id + id -> id end end def normalize_params(params) do - Map.put(params, "actor", normalize_actor(params["actor"])) + Map.put(params, "actor", get_ap_id(params["actor"])) end def make_json_ld_header do @@ -130,7 +128,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do Inserts a full object if it is contained in an activity. """ def insert_full_object(%{"object" => %{"type" => type} = object_data}) - when is_map(object_data) and type in ["Note"] do + when is_map(object_data) and type in ["Article", "Note"] do with {:ok, _} <- Object.create(object_data) do :ok end @@ -220,9 +218,26 @@ defmodule Pleroma.Web.ActivityPub.Utils do #### Follow-related helpers @doc """ + Updates a follow activity's state (for locked accounts). + """ + def update_follow_state(%Activity{} = activity, state) do + with new_data <- + activity.data + |> Map.put("state", state), + changeset <- Changeset.change(activity, data: new_data), + {:ok, activity} <- Repo.update(changeset) do + {:ok, activity} + end + end + + @doc """ Makes a follow activity data for the given follower and followed """ - def make_follow_data(%User{ap_id: follower_id}, %User{ap_id: followed_id}, activity_id) do + def make_follow_data( + %User{ap_id: follower_id}, + %User{ap_id: followed_id} = followed, + activity_id + ) do data = %{ "type" => "Follow", "actor" => follower_id, @@ -231,7 +246,10 @@ defmodule Pleroma.Web.ActivityPub.Utils do "object" => followed_id } - if activity_id, do: Map.put(data, "id", activity_id), else: data + data = if activity_id, do: Map.put(data, "id", activity_id), else: data + data = if User.locked?(followed), do: Map.put(data, "state", "pending"), else: data + + data end def fetch_latest_follow(%User{ap_id: follower_id}, %User{ap_id: followed_id}) do diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index 719bd128b..0b1d5a9fa 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -12,7 +12,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do def render("user.json", %{user: user}) do {:ok, user} = WebFinger.ensure_keys_present(user) {:ok, _, public_key} = Salmon.keys_from_pem(user.info["keys"]) - public_key = :public_key.pem_entry_encode(:RSAPublicKey, public_key) + public_key = :public_key.pem_entry_encode(:SubjectPublicKeyInfo, public_key) public_key = :public_key.pem_encode([public_key]) %{ @@ -26,7 +26,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do "name" => user.name, "summary" => user.bio, "url" => user.ap_id, - "manuallyApprovesFollowers" => false, + "manuallyApprovesFollowers" => user.info["locked"] || false, "publicKey" => %{ "id" => "#{user.ap_id}#main-key", "owner" => user.ap_id, diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 8845419c2..3f18a68e8 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -7,7 +7,7 @@ defmodule Pleroma.Web.CommonAPI do def delete(activity_id, user) do with %Activity{data: %{"object" => %{"id" => object_id}}} <- Repo.get(Activity, activity_id), - %Object{} = object <- Object.get_by_ap_id(object_id), + %Object{} = object <- Object.normalize(object_id), true <- user.info["is_moderator"] || user.ap_id == object.data["actor"], {:ok, delete} <- ActivityPub.delete(object) do {:ok, delete} @@ -16,7 +16,7 @@ defmodule Pleroma.Web.CommonAPI do def repeat(id_or_ap_id, user) do with %Activity{} = activity <- get_by_id_or_ap_id(id_or_ap_id), - object <- Object.get_by_ap_id(activity.data["object"]["id"]) do + object <- Object.normalize(activity.data["object"]["id"]) do ActivityPub.announce(user, object) else _ -> @@ -26,7 +26,7 @@ defmodule Pleroma.Web.CommonAPI do def unrepeat(id_or_ap_id, user) do with %Activity{} = activity <- get_by_id_or_ap_id(id_or_ap_id), - object <- Object.get_by_ap_id(activity.data["object"]["id"]) do + object <- Object.normalize(activity.data["object"]["id"]) do ActivityPub.unannounce(user, object) else _ -> @@ -37,7 +37,7 @@ defmodule Pleroma.Web.CommonAPI do def favorite(id_or_ap_id, user) do with %Activity{} = activity <- get_by_id_or_ap_id(id_or_ap_id), false <- activity.data["actor"] == user.ap_id, - object <- Object.get_by_ap_id(activity.data["object"]["id"]) do + object <- Object.normalize(activity.data["object"]["id"]) do ActivityPub.like(user, object) else _ -> @@ -48,7 +48,7 @@ defmodule Pleroma.Web.CommonAPI do def unfavorite(id_or_ap_id, user) do with %Activity{} = activity <- get_by_id_or_ap_id(id_or_ap_id), false <- activity.data["actor"] == user.ap_id, - object <- Object.get_by_ap_id(activity.data["object"]["id"]) do + object <- Object.normalize(activity.data["object"]["id"]) do ActivityPub.unlike(user, object) else _ -> diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 9c9951371..30089f553 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -9,11 +9,12 @@ defmodule Pleroma.Web.CommonAPI.Utils do def get_by_id_or_ap_id(id) do activity = Repo.get(Activity, id) || Activity.get_create_activity_by_object_ap_id(id) - if activity.data["type"] == "Create" do - activity - else - Activity.get_create_activity_by_object_ap_id(activity.data["object"]) - end + activity && + if activity.data["type"] == "Create" do + activity + else + Activity.get_create_activity_by_object_ap_id(activity.data["object"]) + end end def get_replied_to_activity(id) when not is_nil(id) do diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index 1a012c1b4..cbedca004 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -35,7 +35,8 @@ defmodule Pleroma.Web.Endpoint do parsers: [:urlencoded, :multipart, :json], pass: ["*/*"], json_decoder: Jason, - length: Application.get_env(:pleroma, :instance) |> Keyword.get(:upload_limit) + length: Application.get_env(:pleroma, :instance) |> Keyword.get(:upload_limit), + body_reader: {Pleroma.Web.Plugs.DigestPlug, :read_body, []} ) plug(Plug.MethodOverride) diff --git a/lib/pleroma/web/federator/federator.ex b/lib/pleroma/web/federator/federator.ex index 8ca530031..ccefb0bdf 100644 --- a/lib/pleroma/web/federator/federator.ex +++ b/lib/pleroma/web/federator/federator.ex @@ -95,7 +95,7 @@ defmodule Pleroma.Web.Federator do params = Utils.normalize_params(params) with {:ok, _user} <- ap_enabled_actor(params["actor"]), - nil <- Activity.get_by_ap_id(params["id"]), + nil <- Activity.normalize(params["id"]), {:ok, _activity} <- Transmogrifier.handle_incoming(params) do else %Activity{} -> diff --git a/lib/pleroma/web/http_signatures/http_signatures.ex b/lib/pleroma/web/http_signatures/http_signatures.ex index 4e0adbc1d..5e42a871b 100644 --- a/lib/pleroma/web/http_signatures/http_signatures.ex +++ b/lib/pleroma/web/http_signatures/http_signatures.ex @@ -32,14 +32,14 @@ defmodule Pleroma.Web.HTTPSignatures do def validate_conn(conn) do # TODO: How to get the right key and see if it is actually valid for that request. # For now, fetch the key for the actor. - with actor_id <- Utils.normalize_actor(conn.params["actor"]), + with actor_id <- Utils.get_ap_id(conn.params["actor"]), {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do if validate_conn(conn, public_key) do true else Logger.debug("Could not validate, re-fetching user and trying one more time") # Fetch user anew and try one more time - with actor_id <- Utils.normalize_actor(conn.params["actor"]), + with actor_id <- Utils.get_ap_id(conn.params["actor"]), {:ok, _user} <- ActivityPub.make_user_from_ap_id(actor_id), {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do validate_conn(conn, public_key) diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 460942f1a..cd9525252 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -1,15 +1,20 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do use Pleroma.Web, :controller - alias Pleroma.{Repo, Activity, User, Notification, Stats} + alias Pleroma.{Repo, Object, Activity, User, Notification, Stats} alias Pleroma.Web alias Pleroma.Web.MastodonAPI.{StatusView, AccountView, MastodonView, ListView} alias Pleroma.Web.ActivityPub.ActivityPub + alias Pleroma.Web.ActivityPub.Utils alias Pleroma.Web.{CommonAPI, OStatus} alias Pleroma.Web.OAuth.{Authorization, Token, App} alias Comeonin.Pbkdf2 import Ecto.Query require Logger + @httpoison Application.get_env(:pleroma, :httpoison) + + action_fallback(:errors) + def create_app(conn, params) do with cs <- App.register_changeset(%App{}, params) |> IO.inspect(), {:ok, app} <- Repo.insert(cs) |> IO.inspect() do @@ -69,6 +74,20 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do user end + user = + if locked = params["locked"] do + with locked <- locked == "true", + new_info <- Map.put(user.info, "locked", locked), + change <- User.info_changeset(user, %{info: new_info}), + {:ok, user} <- User.update_and_set_cache(change) do + user + else + _e -> user + end + else + user + end + with changeset <- User.update_changeset(user, params), {:ok, user} <- User.update_and_set_cache(changeset) do if original_user != user do @@ -108,7 +127,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do response = %{ uri: Web.base_url(), title: Keyword.get(@instance, :name), - description: "A Pleroma instance, an alternative fediverse server", + description: Keyword.get(@instance, :description), version: "#{@mastodon_api_level} (compatible; #{Keyword.get(@instance, :version)})", email: Keyword.get(@instance, :email), urls: %{ @@ -134,6 +153,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do %{ "shortcode" => shortcode, "static_url" => url, + "visible_in_picker" => true, "url" => url } end) @@ -144,7 +164,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do json(conn, mastodon_emoji) end - defp add_link_headers(conn, method, activities, param \\ false) do + defp add_link_headers(conn, method, activities, param \\ nil, params \\ %{}) do last = List.last(activities) first = List.first(activities) @@ -155,13 +175,31 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do {next_url, prev_url} = if param do { - mastodon_api_url(Pleroma.Web.Endpoint, method, param, max_id: min), - mastodon_api_url(Pleroma.Web.Endpoint, method, param, since_id: max) + mastodon_api_url( + Pleroma.Web.Endpoint, + method, + param, + Map.merge(params, %{max_id: min}) + ), + mastodon_api_url( + Pleroma.Web.Endpoint, + method, + param, + Map.merge(params, %{since_id: max}) + ) } else { - mastodon_api_url(Pleroma.Web.Endpoint, method, max_id: min), - mastodon_api_url(Pleroma.Web.Endpoint, method, since_id: max) + mastodon_api_url( + Pleroma.Web.Endpoint, + method, + Map.merge(params, %{max_id: min}) + ), + mastodon_api_url( + Pleroma.Web.Endpoint, + method, + Map.merge(params, %{since_id: max}) + ) } end @@ -189,10 +227,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def public_timeline(%{assigns: %{user: user}} = conn, params) do + local_only = params["local"] in [true, "True", "true", "1"] + params = params |> Map.put("type", ["Create", "Announce"]) - |> Map.put("local_only", params["local"] in [true, "True", "true", "1"]) + |> Map.put("local_only", local_only) |> Map.put("blocking_user", user) activities = @@ -200,7 +240,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do |> Enum.reverse() conn - |> add_link_headers(:public_timeline, activities) + |> add_link_headers(:public_timeline, activities, false, %{"local" => local_only}) |> render(StatusView, "index.json", %{activities: activities, for: user, as: :activity}) end @@ -216,10 +256,25 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do conn |> add_link_headers(:user_statuses, activities, params["id"]) - |> render(StatusView, "index.json", %{activities: activities, for: user, as: :activity}) + |> render(StatusView, "index.json", %{ + activities: activities, + for: reading_user, + as: :activity + }) end end + def dm_timeline(%{assigns: %{user: user}} = conn, _params) do + query = + ActivityPub.fetch_activities_query([user.ap_id], %{"type" => "Create", visibility: "direct"}) + + activities = Repo.all(query) + + conn + |> add_link_headers(:dm_timeline, activities) + |> render(StatusView, "index.json", %{activities: activities, for: user, as: :activity}) + end + def get_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do with %Activity{} = activity <- Repo.get(Activity, id), true <- ActivityPub.visible_for_user?(activity, user) do @@ -262,6 +317,15 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end + def post_status(conn, %{"status" => "", "media_ids" => media_ids} = params) + when length(media_ids) > 0 do + params = + params + |> Map.put("status", ".") + + post_status(conn, params) + end + def post_status(%{assigns: %{user: user}} = conn, %{"status" => _} = params) do params = params @@ -292,27 +356,27 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def reblog_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do - with {:ok, announce, _activity} = CommonAPI.repeat(ap_id_or_id, user) do + with {:ok, announce, _activity} <- CommonAPI.repeat(ap_id_or_id, user) do render(conn, StatusView, "status.json", %{activity: announce, for: user, as: :activity}) end end def unreblog_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do - with {:ok, _, _, %{data: %{"id" => id}}} = CommonAPI.unrepeat(ap_id_or_id, user), + with {:ok, _unannounce, %{data: %{"id" => id}}} <- CommonAPI.unrepeat(ap_id_or_id, user), %Activity{} = activity <- Activity.get_create_activity_by_object_ap_id(id) do render(conn, StatusView, "status.json", %{activity: activity, for: user, as: :activity}) end end def fav_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do - with {:ok, _fav, %{data: %{"id" => id}}} = CommonAPI.favorite(ap_id_or_id, user), + with {:ok, _fav, %{data: %{"id" => id}}} <- CommonAPI.favorite(ap_id_or_id, user), %Activity{} = activity <- Activity.get_create_activity_by_object_ap_id(id) do render(conn, StatusView, "status.json", %{activity: activity, for: user, as: :activity}) end end def unfav_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do - with {:ok, _, _, %{data: %{"id" => id}}} = CommonAPI.unfavorite(ap_id_or_id, user), + with {:ok, _, _, %{data: %{"id" => id}}} <- CommonAPI.unfavorite(ap_id_or_id, user), %Activity{} = activity <- Activity.get_create_activity_by_object_ap_id(id) do render(conn, StatusView, "status.json", %{activity: activity, for: user, as: :activity}) end @@ -366,16 +430,43 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do render(conn, AccountView, "relationships.json", %{user: user, targets: targets}) end - def upload(%{assigns: %{user: _}} = conn, %{"file" => file}) do - with {:ok, object} <- ActivityPub.upload(file) do + def update_media(%{assigns: %{user: _}} = conn, data) do + with %Object{} = object <- Repo.get(Object, data["id"]), + true <- is_binary(data["description"]), + description <- data["description"] do + new_data = %{object.data | "name" => description} + + change = Object.change(object, %{data: new_data}) + {:ok, media_obj} = Repo.update(change) + data = - object.data + new_data |> Map.put("id", object.id) render(conn, StatusView, "attachment.json", %{attachment: data}) end end + def upload(%{assigns: %{user: _}} = conn, %{"file" => file} = data) do + with {:ok, object} <- ActivityPub.upload(file) do + objdata = + if Map.has_key?(data, "description") do + Map.put(object.data, "name", data["description"]) + else + object.data + end + + change = Object.change(object, %{data: objdata}) + {:ok, object} = Repo.update(change) + + objdata = + objdata + |> Map.put("id", object.id) + + render(conn, StatusView, "attachment.json", %{attachment: objdata}) + end + end + def favourited_by(conn, %{"id" => id}) do with %Activity{data: %{"object" => %{"likes" => likes}}} <- Repo.get(Activity, id) do q = from(u in User, where: u.ap_id in ^likes) @@ -397,10 +488,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def hashtag_timeline(%{assigns: %{user: user}} = conn, params) do + local_only = params["local"] in [true, "True", "true", "1"] + params = params |> Map.put("type", "Create") - |> Map.put("local_only", !!params["local"]) + |> Map.put("local_only", local_only) |> Map.put("blocking_user", user) activities = @@ -408,7 +501,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do |> Enum.reverse() conn - |> add_link_headers(:hashtag_timeline, activities, params["tag"]) + |> add_link_headers(:hashtag_timeline, activities, params["tag"], %{"local" => local_only}) |> render(StatusView, "index.json", %{activities: activities, for: user, as: :activity}) end @@ -427,9 +520,56 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end + def follow_requests(%{assigns: %{user: followed}} = conn, _params) do + with {:ok, follow_requests} <- User.get_follow_requests(followed) do + render(conn, AccountView, "accounts.json", %{users: follow_requests, as: :user}) + end + end + + def authorize_follow_request(%{assigns: %{user: followed}} = conn, %{"id" => id}) do + with %User{} = follower <- Repo.get(User, id), + {:ok, follower} <- User.maybe_follow(follower, followed), + %Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed), + {:ok, follow_activity} <- Utils.update_follow_state(follow_activity, "accept"), + {:ok, _activity} <- + ActivityPub.accept(%{ + to: [follower.ap_id], + actor: followed.ap_id, + object: follow_activity.data["id"], + type: "Accept" + }) do + render(conn, AccountView, "relationship.json", %{user: followed, target: follower}) + else + {:error, message} -> + conn + |> put_resp_content_type("application/json") + |> send_resp(403, Jason.encode!(%{"error" => message})) + end + end + + def reject_follow_request(%{assigns: %{user: followed}} = conn, %{"id" => id}) do + with %User{} = follower <- Repo.get(User, id), + %Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed), + {:ok, follow_activity} <- Utils.update_follow_state(follow_activity, "reject"), + {:ok, _activity} <- + ActivityPub.reject(%{ + to: [follower.ap_id], + actor: followed.ap_id, + object: follow_activity.data["id"], + type: "Reject" + }) do + render(conn, AccountView, "relationship.json", %{user: followed, target: follower}) + else + {:error, message} -> + conn + |> put_resp_content_type("application/json") + |> send_resp(403, Jason.encode!(%{"error" => message})) + end + end + def follow(%{assigns: %{user: follower}} = conn, %{"id" => id}) do with %User{} = followed <- Repo.get(User, id), - {:ok, follower} <- User.follow(follower, followed), + {:ok, follower} <- User.maybe_direct_follow(follower, followed), {:ok, _activity} <- ActivityPub.follow(follower, followed) do render(conn, AccountView, "relationship.json", %{user: follower, target: followed}) else @@ -442,7 +582,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def follow(%{assigns: %{user: follower}} = conn, %{"uri" => uri}) do with %User{} = followed <- Repo.get_by(User, nickname: uri), - {:ok, follower} <- User.follow(follower, followed), + {:ok, follower} <- User.maybe_direct_follow(follower, followed), {:ok, _activity} <- ActivityPub.follow(follower, followed) do render(conn, AccountView, "account.json", %{user: followed}) else @@ -496,6 +636,72 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end + def domain_blocks(%{assigns: %{user: %{info: info}}} = conn, _) do + json(conn, info["domain_blocks"] || []) + end + + def block_domain(%{assigns: %{user: blocker}} = conn, %{"domain" => domain}) do + User.block_domain(blocker, domain) + json(conn, %{}) + end + + def unblock_domain(%{assigns: %{user: blocker}} = conn, %{"domain" => domain}) do + User.unblock_domain(blocker, domain) + json(conn, %{}) + end + + def search2(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do + accounts = User.search(query, params["resolve"] == "true") + + fetched = + if Regex.match?(~r/https?:/, query) do + with {:ok, activities} <- OStatus.fetch_activity_from_url(query) do + activities + |> Enum.filter(fn + %{data: %{"type" => "Create"}} -> true + _ -> false + end) + else + _e -> [] + end + end || [] + + q = + from( + a in Activity, + where: fragment("?->>'type' = 'Create'", a.data), + where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients, + where: + fragment( + "to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)", + a.data, + ^query + ), + limit: 20, + order_by: [desc: :id] + ) + + statuses = Repo.all(q) ++ fetched + + tags_path = Web.base_url() <> "/tag/" + + tags = + String.split(query) + |> Enum.uniq() + |> Enum.filter(fn tag -> String.starts_with?(tag, "#") end) + |> Enum.map(fn tag -> String.slice(tag, 1..-1) end) + |> Enum.map(fn tag -> %{name: tag, url: tags_path <> tag} end) + + res = %{ + "accounts" => AccountView.render("accounts.json", users: accounts, for: user, as: :user), + "statuses" => + StatusView.render("index.json", activities: statuses, for: user, as: :activity), + "hashtags" => tags + } + + json(conn, res) + end + def search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do accounts = User.search(query, params["resolve"] == "true") @@ -687,11 +893,16 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do boost_modal: false, delete_modal: true, auto_play_gif: false, - reduce_motion: false + display_sensitive_media: false, + reduce_motion: false, + max_toot_chars: Keyword.get(@instance, :limit) + }, + rights: %{ + delete_others_notice: !!user.info["is_moderator"] }, compose: %{ me: "#{user.id}", - default_privacy: "public", + default_privacy: user.info["default_scope"] || "public", default_sensitive: false }, media_attachments: %{ @@ -882,4 +1093,44 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do nil end end + + def errors(conn, _) do + conn + |> put_status(500) + |> json("Something went wrong") + end + + @suggestions Application.get_env(:pleroma, :suggestions) + + def suggestions(%{assigns: %{user: user}} = conn, _) do + if Keyword.get(@suggestions, :enabled, false) do + api = Keyword.get(@suggestions, :third_party_engine, "") + timeout = Keyword.get(@suggestions, :timeout, 5000) + + host = + Application.get_env(:pleroma, Pleroma.Web.Endpoint) + |> Keyword.get(:url) + |> Keyword.get(:host) + + user = user.nickname + url = String.replace(api, "{{host}}", host) |> String.replace("{{user}}", user) + + with {:ok, %{status_code: 200, body: body}} <- + @httpoison.get(url, [], timeout: timeout, recv_timeout: timeout), + {:ok, data} <- Jason.decode(body) do + data2 = + Enum.slice(data, 0, 40) + |> Enum.map(fn x -> + Map.put(x, "id", User.get_or_fetch(x["acct"]).id) + end) + + conn + |> json(data2) + else + e -> Logger.error("Could not retrieve suggestions at fetch #{url}, #{inspect(e)}") + end + else + json(conn, []) + end + end end diff --git a/lib/pleroma/web/mastodon_api/mastodon_socket.ex b/lib/pleroma/web/mastodon_api/mastodon_socket.ex index f3e062941..174293906 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_socket.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_socket.ex @@ -15,10 +15,21 @@ defmodule Pleroma.Web.MastodonAPI.MastodonSocket do with token when not is_nil(token) <- params["access_token"], %Token{user_id: user_id} <- Repo.get_by(Token, token: token), %User{} = user <- Repo.get(User, user_id), - stream when stream in ["public", "public:local", "user"] <- params["stream"] do + stream + when stream in [ + "public", + "public:local", + "public:media", + "public:local:media", + "user", + "direct", + "list" + ] <- params["stream"] do + topic = if stream == "list", do: "list:#{params["list"]}", else: stream + socket = socket - |> assign(:topic, params["stream"]) + |> assign(:topic, topic) |> assign(:user, user) Pleroma.Web.Streamer.add_socket(params["stream"], socket) diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index f378bb36e..cc5261616 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -14,12 +14,24 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do header = User.banner_url(user) |> MediaProxy.url() user_info = User.user_info(user) + emojis = + (user.info["source_data"]["tag"] || []) + |> Enum.filter(fn %{"type" => t} -> t == "Emoji" end) + |> Enum.map(fn %{"icon" => %{"url" => url}, "name" => name} -> + %{ + "shortcode" => String.trim(name, ":"), + "url" => MediaProxy.url(url), + "static_url" => MediaProxy.url(url), + "visible_in_picker" => false + } + end) + %{ id: to_string(user.id), username: hd(String.split(user.nickname, "@")), acct: user.nickname, display_name: user.name || user.nickname, - locked: false, + locked: user_info.locked, created_at: Utils.to_masto_date(user.inserted_at), followers_count: user_info.follower_count, following_count: user_info.following_count, @@ -30,6 +42,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do avatar_static: image, header: header, header_static: header, + emojis: emojis, + fields: [], source: %{ note: "", privacy: "public", diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 5c6fd05f3..5dbd59dd9 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -54,8 +54,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do %{ id: to_string(activity.id), uri: object, - # TODO: This might be wrong, check with mastodon. - url: nil, + url: object, account: AccountView.render("account.json", %{user: user}), in_reply_to_id: nil, in_reply_to_account_id: nil, @@ -125,10 +124,10 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do uri: object["id"], url: object["external_url"] || object["id"], account: AccountView.render("account.json", %{user: user}), - in_reply_to_id: reply_to && reply_to.id, - in_reply_to_account_id: reply_to_user && reply_to_user.id, + in_reply_to_id: reply_to && to_string(reply_to.id), + in_reply_to_account_id: reply_to_user && to_string(reply_to_user.id), reblog: nil, - content: HtmlSanitizeEx.basic_html(object["content"]), + content: render_content(object), created_at: created_at, reblogs_count: announcement_count, favourites_count: like_count, @@ -170,7 +169,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do remote_url: href, preview_url: MediaProxy.url(href), text_url: href, - type: type + type: type, + description: attachment["name"] } end @@ -193,10 +193,35 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do cc = object["cc"] || [] cond do - public in to -> "public" - public in cc -> "unlisted" - Enum.any?(to, &String.contains?(&1, "/followers")) -> "private" - true -> "direct" + public in to -> + "public" + + public in cc -> + "unlisted" + + # this should use the sql for the object's activity + Enum.any?(to, &String.contains?(&1, "/followers")) -> + "private" + + true -> + "direct" end end + + def render_content(%{"type" => "Article"} = object) do + summary = object["name"] + + content = + if !!summary and summary != "" do + "<p><a href=\"#{object["url"]}\">#{summary}</a></p>#{object["content"]}" + else + object["content"] + end + + HtmlSanitizeEx.basic_html(content) + end + + def render_content(object) do + HtmlSanitizeEx.basic_html(object["content"]) + end end diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex index aec77168a..2fab60274 100644 --- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex +++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex @@ -4,8 +4,6 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do alias Pleroma.Stats alias Pleroma.Web - @instance Application.get_env(:pleroma, :instance) - def schemas(conn, _params) do response = %{ links: [ @@ -21,20 +19,23 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do # Schema definition: https://github.com/jhass/nodeinfo/blob/master/schemas/2.0/schema.json def nodeinfo(conn, %{"version" => "2.0"}) do + instance = Application.get_env(:pleroma, :instance) + media_proxy = Application.get_env(:pleroma, :media_proxy) + suggestions = Application.get_env(:pleroma, :suggestions) stats = Stats.get_stats() response = %{ version: "2.0", software: %{ name: "pleroma", - version: Keyword.get(@instance, :version) + version: Keyword.get(instance, :version) }, protocols: ["ostatus", "activitypub"], services: %{ inbound: [], outbound: [] }, - openRegistrations: Keyword.get(@instance, :registrations_open), + openRegistrations: Keyword.get(instance, :registrations_open), usage: %{ users: %{ total: stats.user_count || 0 @@ -42,7 +43,16 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do localPosts: stats.status_count || 0 }, metadata: %{ - nodeName: Keyword.get(@instance, :name) + nodeName: Keyword.get(instance, :name), + nodeDescription: Keyword.get(instance, :description), + mediaProxy: Keyword.get(media_proxy, :enabled), + private: !Keyword.get(instance, :public, true), + suggestions: %{ + enabled: Keyword.get(suggestions, :enabled, false), + thirdPartyEngine: Keyword.get(suggestions, :third_party_engine, ""), + timeout: Keyword.get(suggestions, :timeout, 5000), + web: Keyword.get(suggestions, :web, "") + } } } diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index 11dc1806f..a5fb32a4e 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -56,12 +56,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do # TODO # - proper scope handling def token_exchange(conn, %{"grant_type" => "authorization_code"} = params) do - with %App{} = app <- - Repo.get_by( - App, - client_id: params["client_id"], - client_secret: params["client_secret"] - ), + with %App{} = app <- get_app_from_request(conn, params), fixed_token = fix_padding(params["code"]), %Authorization{} = auth <- Repo.get_by(Authorization, token: fixed_token, app_id: app.id), @@ -76,7 +71,9 @@ defmodule Pleroma.Web.OAuth.OAuthController do json(conn, response) else - _error -> json(conn, %{error: "Invalid credentials"}) + _error -> + put_status(conn, 400) + |> json(%{error: "Invalid credentials"}) end end @@ -84,15 +81,10 @@ defmodule Pleroma.Web.OAuth.OAuthController do # - investigate a way to verify the user wants to grant read/write/follow once scope handling is done def token_exchange( conn, - %{"grant_type" => "password", "name" => name, "password" => password} = params + %{"grant_type" => "password", "username" => name, "password" => password} = params ) do - with %App{} = app <- - Repo.get_by( - App, - client_id: params["client_id"], - client_secret: params["client_secret"] - ), - %User{} = user <- User.get_cached_by_nickname(name), + with %App{} = app <- get_app_from_request(conn, params), + %User{} = user <- User.get_by_nickname_or_email(name), true <- Pbkdf2.checkpw(password, user.password_hash), {:ok, auth} <- Authorization.create_authorization(app, user), {:ok, token} <- Token.exchange_token(app, auth) do @@ -106,13 +98,51 @@ defmodule Pleroma.Web.OAuth.OAuthController do json(conn, response) else - _error -> json(conn, %{error: "Invalid credentials"}) + _error -> + put_status(conn, 400) + |> json(%{error: "Invalid credentials"}) end end + def token_exchange( + conn, + %{"grant_type" => "password", "name" => name, "password" => password} = params + ) do + params = + params + |> Map.delete("name") + |> Map.put("username", name) + + token_exchange(conn, params) + end + defp fix_padding(token) do token |> Base.url_decode64!(padding: false) |> Base.url_encode64() end + + defp get_app_from_request(conn, params) do + # Per RFC 6749, HTTP Basic is preferred to body params + {client_id, client_secret} = + with ["Basic " <> encoded] <- get_req_header(conn, "authorization"), + {:ok, decoded} <- Base.decode64(encoded), + [id, secret] <- + String.split(decoded, ":") + |> Enum.map(fn s -> URI.decode_www_form(s) end) do + {id, secret} + else + _ -> {params["client_id"], params["client_secret"]} + end + + if client_id && client_secret do + Repo.get_by( + App, + client_id: client_id, + client_secret: client_secret + ) + else + nil + end + end end diff --git a/lib/pleroma/web/ostatus/activity_representer.ex b/lib/pleroma/web/ostatus/activity_representer.ex index 4179d86c9..5d831459b 100644 --- a/lib/pleroma/web/ostatus/activity_representer.ex +++ b/lib/pleroma/web/ostatus/activity_representer.ex @@ -246,7 +246,7 @@ defmodule Pleroma.Web.OStatus.ActivityRepresenter do author = if with_author, do: [{:author, UserRepresenter.to_simple_form(user)}], else: [] mentions = (activity.recipients || []) |> get_mentions - follow_activity = Activity.get_by_ap_id(follow_activity["id"]) + follow_activity = Activity.normalize(follow_activity) [ {:"activity:object-type", ['http://activitystrea.ms/schema/1.0/activity']}, diff --git a/lib/pleroma/web/ostatus/handlers/delete_handler.ex b/lib/pleroma/web/ostatus/handlers/delete_handler.ex index 4f3016b65..6330d7f64 100644 --- a/lib/pleroma/web/ostatus/handlers/delete_handler.ex +++ b/lib/pleroma/web/ostatus/handlers/delete_handler.ex @@ -6,7 +6,7 @@ defmodule Pleroma.Web.OStatus.DeleteHandler do def handle_delete(entry, _doc \\ nil) do with id <- XML.string_from_xpath("//id", entry), - object when not is_nil(object) <- Object.get_by_ap_id(id), + %Object{} = object <- Object.normalize(id), {:ok, delete} <- ActivityPub.delete(object, false) do delete end diff --git a/lib/pleroma/web/ostatus/ostatus.ex b/lib/pleroma/web/ostatus/ostatus.ex index f0ff0624f..916c894eb 100644 --- a/lib/pleroma/web/ostatus/ostatus.ex +++ b/lib/pleroma/web/ostatus/ostatus.ex @@ -89,7 +89,7 @@ defmodule Pleroma.Web.OStatus do def make_share(entry, doc, retweeted_activity) do with {:ok, actor} <- find_make_or_update_user(doc), - %Object{} = object <- Object.get_by_ap_id(retweeted_activity.data["object"]["id"]), + %Object{} = object <- Object.normalize(retweeted_activity.data["object"]), id when not is_nil(id) <- string_from_xpath("/entry/id", entry), {:ok, activity, _object} = ActivityPub.announce(actor, object, id, false) do {:ok, activity} @@ -107,7 +107,7 @@ defmodule Pleroma.Web.OStatus do def make_favorite(entry, doc, favorited_activity) do with {:ok, actor} <- find_make_or_update_user(doc), - %Object{} = object <- Object.get_by_ap_id(favorited_activity.data["object"]["id"]), + %Object{} = object <- Object.normalize(favorited_activity.data["object"]), id when not is_nil(id) <- string_from_xpath("/entry/id", entry), {:ok, activity, _object} = ActivityPub.like(actor, object, id, false) do {:ok, activity} diff --git a/lib/pleroma/web/ostatus/ostatus_controller.ex b/lib/pleroma/web/ostatus/ostatus_controller.ex index f39ebaf2b..09d1b1110 100644 --- a/lib/pleroma/web/ostatus/ostatus_controller.ex +++ b/lib/pleroma/web/ostatus/ostatus_controller.ex @@ -6,39 +6,51 @@ defmodule Pleroma.Web.OStatus.OStatusController do alias Pleroma.Repo alias Pleroma.Web.{OStatus, Federator} alias Pleroma.Web.XML + alias Pleroma.Web.ActivityPub.ObjectView alias Pleroma.Web.ActivityPub.ActivityPubController alias Pleroma.Web.ActivityPub.ActivityPub - def feed_redirect(conn, %{"nickname" => nickname} = params) do - user = User.get_cached_by_nickname(nickname) + action_fallback(:errors) + def feed_redirect(conn, %{"nickname" => nickname}) do case get_format(conn) do - "html" -> Fallback.RedirectController.redirector(conn, nil) - "activity+json" -> ActivityPubController.user(conn, params) - _ -> redirect(conn, external: OStatus.feed_path(user)) + "html" -> + Fallback.RedirectController.redirector(conn, nil) + + "activity+json" -> + ActivityPubController.call(conn, :user) + + _ -> + with %User{} = user <- User.get_cached_by_nickname(nickname) do + redirect(conn, external: OStatus.feed_path(user)) + else + nil -> {:error, :not_found} + end end end def feed(conn, %{"nickname" => nickname} = params) do - user = User.get_cached_by_nickname(nickname) - - query_params = - Map.take(params, ["max_id"]) - |> Map.merge(%{"whole_db" => true, "actor_id" => user.ap_id}) - - activities = - ActivityPub.fetch_public_activities(query_params) - |> Enum.reverse() - - response = - user - |> FeedRepresenter.to_simple_form(activities, [user]) - |> :xmerl.export_simple(:xmerl_xml) - |> to_string - - conn - |> put_resp_content_type("application/atom+xml") - |> send_resp(200, response) + with %User{} = user <- User.get_cached_by_nickname(nickname) do + query_params = + Map.take(params, ["max_id"]) + |> Map.merge(%{"whole_db" => true, "actor_id" => user.ap_id}) + + activities = + ActivityPub.fetch_public_activities(query_params) + |> Enum.reverse() + + response = + user + |> FeedRepresenter.to_simple_form(activities, [user]) + |> :xmerl.export_simple(:xmerl_xml) + |> to_string + + conn + |> put_resp_content_type("application/atom+xml") + |> send_resp(200, response) + else + nil -> {:error, :not_found} + end end defp decode_or_retry(body) do @@ -68,51 +80,85 @@ defmodule Pleroma.Web.OStatus.OStatusController do |> send_resp(200, "") end - # TODO: Data leak - def object(conn, %{"uuid" => uuid} = params) do + def object(conn, %{"uuid" => uuid}) do if get_format(conn) == "activity+json" do - ActivityPubController.object(conn, params) + ActivityPubController.call(conn, :object) else with id <- o_status_url(conn, :object, uuid), - %Activity{} = activity <- Activity.get_create_activity_by_object_ap_id(id), + {_, %Activity{} = activity} <- + {:activity, Activity.get_create_activity_by_object_ap_id(id)}, + {_, true} <- {:public?, ActivityPub.is_public?(activity)}, %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do case get_format(conn) do "html" -> redirect(conn, to: "/notice/#{activity.id}") - _ -> represent_activity(conn, activity, user) + _ -> represent_activity(conn, nil, activity, user) end + else + {:public?, false} -> + {:error, :not_found} + + {:activity, nil} -> + {:error, :not_found} + + e -> + e end end end - # TODO: Data leak def activity(conn, %{"uuid" => uuid}) do with id <- o_status_url(conn, :activity, uuid), - %Activity{} = activity <- Activity.get_by_ap_id(id), + {_, %Activity{} = activity} <- {:activity, Activity.normalize(id)}, + {_, true} <- {:public?, ActivityPub.is_public?(activity)}, %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do - case get_format(conn) do + case format = get_format(conn) do "html" -> redirect(conn, to: "/notice/#{activity.id}") - _ -> represent_activity(conn, activity, user) + _ -> represent_activity(conn, format, activity, user) end + else + {:public?, false} -> + {:error, :not_found} + + {:activity, nil} -> + {:error, :not_found} + + e -> + e end end - # TODO: Data leak def notice(conn, %{"id" => id}) do - with %Activity{} = activity <- Repo.get(Activity, id), + with {_, %Activity{} = activity} <- {:activity, Repo.get(Activity, id)}, + {_, true} <- {:public?, ActivityPub.is_public?(activity)}, %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do - case get_format(conn) do + case format = get_format(conn) do "html" -> conn |> put_resp_content_type("text/html") |> send_file(200, "priv/static/index.html") _ -> - represent_activity(conn, activity, user) + represent_activity(conn, format, activity, user) end + else + {:public?, false} -> + {:error, :not_found} + + {:activity, nil} -> + {:error, :not_found} + + e -> + e end end - defp represent_activity(conn, activity, user) do + defp represent_activity(conn, "activity+json", activity, user) do + conn + |> put_resp_header("content-type", "application/activity+json") + |> json(ObjectView.render("object.json", %{object: activity})) + end + + defp represent_activity(conn, _, activity, user) do response = activity |> ActivityRepresenter.to_simple_form(user, true) @@ -124,4 +170,16 @@ defmodule Pleroma.Web.OStatus.OStatusController do |> put_resp_content_type("application/atom+xml") |> send_resp(200, response) end + + def errors(conn, {:error, :not_found}) do + conn + |> put_status(404) + |> text("Not found") + end + + def errors(conn, _) do + conn + |> put_status(500) + |> text("Something went wrong") + end end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 726275158..2dadf974c 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -41,7 +41,7 @@ defmodule Pleroma.Web.Router do end pipeline :well_known do - plug(:accepts, ["xml", "xrd+xml", "json", "jrd+json"]) + plug(:accepts, ["json", "jrd+json", "xml", "xrd+xml"]) end pipeline :config do @@ -97,16 +97,20 @@ defmodule Pleroma.Web.Router do post("/accounts/:id/mute", MastodonAPIController, :relationship_noop) post("/accounts/:id/unmute", MastodonAPIController, :relationship_noop) + get("/follow_requests", MastodonAPIController, :follow_requests) + post("/follow_requests/:id/authorize", MastodonAPIController, :authorize_follow_request) + post("/follow_requests/:id/reject", MastodonAPIController, :reject_follow_request) + post("/follows", MastodonAPIController, :follow) get("/blocks", MastodonAPIController, :blocks) - get("/domain_blocks", MastodonAPIController, :empty_array) - get("/follow_requests", MastodonAPIController, :empty_array) get("/mutes", MastodonAPIController, :empty_array) get("/timelines/home", MastodonAPIController, :home_timeline) + get("/timelines/direct", MastodonAPIController, :dm_timeline) + get("/favourites", MastodonAPIController, :favourites) post("/statuses", MastodonAPIController, :post_status) @@ -123,6 +127,7 @@ defmodule Pleroma.Web.Router do get("/notifications/:id", MastodonAPIController, :get_notification) post("/media", MastodonAPIController, :upload) + put("/media/:id", MastodonAPIController, :update_media) get("/lists", MastodonAPIController, :get_lists) get("/lists/:id", MastodonAPIController, :get_list) @@ -132,6 +137,12 @@ defmodule Pleroma.Web.Router do get("/lists/:id/accounts", MastodonAPIController, :list_accounts) post("/lists/:id/accounts", MastodonAPIController, :add_to_list) delete("/lists/:id/accounts", MastodonAPIController, :remove_from_list) + + get("/domain_blocks", MastodonAPIController, :domain_blocks) + post("/domain_blocks", MastodonAPIController, :block_domain) + delete("/domain_blocks", MastodonAPIController, :unblock_domain) + + get("/suggestions", MastodonAPIController, :suggestions) end scope "/api/web", Pleroma.Web.MastodonAPI do @@ -162,9 +173,16 @@ defmodule Pleroma.Web.Router do get("/accounts/:id/following", MastodonAPIController, :following) get("/accounts/:id", MastodonAPIController, :user) + get("/trends", MastodonAPIController, :empty_array) + get("/search", MastodonAPIController, :search) end + scope "/api/v2", Pleroma.Web.MastodonAPI do + pipe_through(:api) + get("/search", MastodonAPIController, :search2) + end + scope "/api", Pleroma.Web do pipe_through(:config) @@ -186,9 +204,7 @@ defmodule Pleroma.Web.Router do get("/statuses/show/:id", TwitterAPI.Controller, :fetch_status) get("/statusnet/conversation/:id", TwitterAPI.Controller, :fetch_conversation) - if @registrations_open do - post("/account/register", TwitterAPI.Controller, :register) - end + post("/account/register", TwitterAPI.Controller, :register) get("/search", TwitterAPI.Controller, :search) get("/statusnet/tags/timeline/:tag", TwitterAPI.Controller, :public_and_external_timeline) @@ -236,8 +252,13 @@ defmodule Pleroma.Web.Router do post("/statuses/update", TwitterAPI.Controller, :status_update) post("/statuses/retweet/:id", TwitterAPI.Controller, :retweet) + post("/statuses/unretweet/:id", TwitterAPI.Controller, :unretweet) post("/statuses/destroy/:id", TwitterAPI.Controller, :delete_post) + get("/pleroma/friend_requests", TwitterAPI.Controller, :friend_requests) + post("/pleroma/friendships/approve", TwitterAPI.Controller, :approve_friend_request) + post("/pleroma/friendships/deny", TwitterAPI.Controller, :deny_friend_request) + post("/friendships/create", TwitterAPI.Controller, :follow) post("/friendships/destroy", TwitterAPI.Controller, :unfollow) post("/blocks/create", TwitterAPI.Controller, :block) @@ -256,6 +277,7 @@ defmodule Pleroma.Web.Router do get("/friendships/no_retweets/ids", TwitterAPI.Controller, :empty_array) get("/mutes/users/ids", TwitterAPI.Controller, :empty_array) + get("/qvitter/mutes", TwitterAPI.Controller, :raw_empty_array) get("/externalprofile/show", TwitterAPI.Controller, :external_profile) end @@ -334,6 +356,7 @@ defmodule Pleroma.Web.Router do end scope "/", Fallback do + get("/registration/:token", RedirectController, :registration_page) get("/*path", RedirectController, :redirector) end end @@ -348,4 +371,8 @@ defmodule Fallback.RedirectController do |> send_file(200, "priv/static/index.html") end end + + def registration_page(conn, params) do + redirector(conn, params) + end end diff --git a/lib/pleroma/web/streamer.ex b/lib/pleroma/web/streamer.ex index 33041ec12..c61bad830 100644 --- a/lib/pleroma/web/streamer.ex +++ b/lib/pleroma/web/streamer.ex @@ -1,7 +1,7 @@ defmodule Pleroma.Web.Streamer do use GenServer require Logger - alias Pleroma.{User, Notification} + alias Pleroma.{User, Notification, Activity, Object} def init(args) do {:ok, args} @@ -46,6 +46,32 @@ defmodule Pleroma.Web.Streamer do {:noreply, topics} end + def handle_cast(%{action: :stream, topic: "direct", item: item}, topics) do + recipient_topics = + User.get_recipients_from_activity(item) + |> Enum.map(fn %{id: id} -> "direct:#{id}" end) + + Enum.each(recipient_topics || [], fn user_topic -> + Logger.debug("Trying to push direct message to #{user_topic}\n\n") + push_to_socket(topics, user_topic, item) + end) + + {:noreply, topics} + end + + def handle_cast(%{action: :stream, topic: "list", item: item}, topics) do + recipient_topics = + Pleroma.List.get_lists_from_activity(item) + |> Enum.map(fn %{id: id} -> "list:#{id}" end) + + Enum.each(recipient_topics || [], fn list_topic -> + Logger.debug("Trying to push message to #{list_topic}\n\n") + push_to_socket(topics, list_topic, item) + end) + + {:noreply, topics} + end + def handle_cast(%{action: :stream, topic: "user", item: %Notification{} = item}, topics) do topic = "user:#{item.user_id}" @@ -112,6 +138,34 @@ defmodule Pleroma.Web.Streamer do {:noreply, state} end + defp represent_update(%Activity{} = activity, %User{} = user) do + %{ + event: "update", + payload: + Pleroma.Web.MastodonAPI.StatusView.render( + "status.json", + activity: activity, + for: user + ) + |> Jason.encode!() + } + |> Jason.encode!() + end + + def push_to_socket(topics, topic, %Activity{data: %{"type" => "Announce"}} = item) do + Enum.each(topics[topic] || [], fn socket -> + # Get the current user so we have up-to-date blocks etc. + user = User.get_cached_by_ap_id(socket.assigns[:user].ap_id) + blocks = user.info["blocks"] || [] + + parent = Object.normalize(item.data["object"]) + + unless is_nil(parent) or item.actor in blocks or parent.data["actor"] in blocks do + send(socket.transport_pid, {:text, represent_update(item, user)}) + end + end) + end + def push_to_socket(topics, topic, item) do Enum.each(topics[topic] || [], fn socket -> # Get the current user so we have up-to-date blocks etc. @@ -119,26 +173,13 @@ defmodule Pleroma.Web.Streamer do blocks = user.info["blocks"] || [] unless item.actor in blocks do - json = - %{ - event: "update", - payload: - Pleroma.Web.MastodonAPI.StatusView.render( - "status.json", - activity: item, - for: user - ) - |> Jason.encode!() - } - |> Jason.encode!() - - send(socket.transport_pid, {:text, json}) + send(socket.transport_pid, {:text, represent_update(item, user)}) end end) end - defp internal_topic("user", socket) do - "user:#{socket.assigns[:user].id}" + defp internal_topic(topic, socket) when topic in ~w[user direct] do + "#{topic}:#{socket.assigns[:user].id}" end defp internal_topic(topic, _), do: topic diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index cc5146566..24ebdf007 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -99,6 +99,10 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do conn |> render("followed.html", %{error: false}) else + # Was already following user + {:error, "Could not follow user:" <> _rest} -> + render(conn, "followed.html", %{error: false}) + _e -> conn |> render("follow_login.html", %{ @@ -117,6 +121,11 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do conn |> render("followed.html", %{error: false}) else + # Was already following user + {:error, "Could not follow user:" <> _rest} -> + conn + |> render("followed.html", %{error: false}) + e -> Logger.debug("Remote follow failed with error #{inspect(e)}") @@ -126,6 +135,8 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do end @instance Application.get_env(:pleroma, :instance) + @instance_fe Application.get_env(:pleroma, :fe) + @instance_chat Application.get_env(:pleroma, :chat) def config(conn, _params) do case get_format(conn) do "xml" -> @@ -148,9 +159,24 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do json(conn, %{ site: %{ name: Keyword.get(@instance, :name), + description: Keyword.get(@instance, :description), server: Web.base_url(), textlimit: to_string(Keyword.get(@instance, :limit)), - closed: if(Keyword.get(@instance, :registrations_open), do: "0", else: "1") + closed: if(Keyword.get(@instance, :registrations_open), do: "0", else: "1"), + private: if(Keyword.get(@instance, :public, true), do: "0", else: "1"), + pleromafe: %{ + theme: Keyword.get(@instance_fe, :theme), + background: Keyword.get(@instance_fe, :background), + logo: Keyword.get(@instance_fe, :logo), + redirectRootNoLogin: Keyword.get(@instance_fe, :redirect_root_no_login), + redirectRootLogin: Keyword.get(@instance_fe, :redirect_root_login), + chatDisabled: !Keyword.get(@instance_chat, :enabled), + showInstanceSpecificPanel: Keyword.get(@instance_fe, :show_instance_panel), + showWhoToFollowPanel: Keyword.get(@instance_fe, :show_who_to_follow_panel), + scopeOptionsEnabled: Keyword.get(@instance_fe, :scope_options_enabled), + whoToFollowProvider: Keyword.get(@instance_fe, :who_to_follow_provider), + whoToFollowLink: Keyword.get(@instance_fe, :who_to_follow_link) + } } }) end @@ -189,7 +215,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do {:ok, follower} <- User.follow(follower, followed) do ActivityPub.follow(follower, followed) else - _e -> Logger.debug("follow_import: following #{account} failed") + err -> Logger.debug("follow_import: following #{account} failed with #{inspect(err)}") end end) end) diff --git a/lib/pleroma/web/twitter_api/representers/activity_representer.ex b/lib/pleroma/web/twitter_api/representers/activity_representer.ex index 57837205e..26bfb79af 100644 --- a/lib/pleroma/web/twitter_api/representers/activity_representer.ex +++ b/lib/pleroma/web/twitter_api/representers/activity_representer.ex @@ -4,7 +4,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter do use Pleroma.Web.TwitterAPI.Representers.BaseRepresenter alias Pleroma.Web.TwitterAPI.Representers.ObjectRepresenter alias Pleroma.{Activity, User} - alias Pleroma.Web.TwitterAPI.{TwitterAPI, UserView} + alias Pleroma.Web.TwitterAPI.{TwitterAPI, UserView, ActivityView} alias Pleroma.Web.CommonAPI.Utils alias Pleroma.Formatter @@ -164,14 +164,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter do tags = if possibly_sensitive, do: Enum.uniq(["nsfw" | tags]), else: tags - summary = activity.data["object"]["summary"] - - content = - if !!summary and summary != "" do - "<span>#{activity.data["object"]["summary"]}</span><br />#{content}</span>" - else - content - end + {summary, content} = ActivityView.render_content(object) html = HtmlSanitizeEx.basic_html(content) @@ -198,7 +191,8 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter do "tags" => tags, "activity_type" => "post", "possibly_sensitive" => possibly_sensitive, - "visibility" => Pleroma.Web.MastodonAPI.StatusView.get_visibility(object) + "visibility" => Pleroma.Web.MastodonAPI.StatusView.get_visibility(object), + "summary" => object["summary"] } end diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 3ccdaed6f..dbad08e66 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -1,31 +1,28 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do - alias Pleroma.{User, Activity, Repo, Object} + alias Pleroma.{UserInviteToken, User, Activity, Repo, Object} alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.TwitterAPI.UserView alias Pleroma.Web.{OStatus, CommonAPI} import Ecto.Query + @instance Application.get_env(:pleroma, :instance) @httpoison Application.get_env(:pleroma, :httpoison) + @registrations_open Keyword.get(@instance, :registrations_open) def create_status(%User{} = user, %{"status" => _} = data) do CommonAPI.post(user, data) end def delete(%User{} = user, id) do - # TwitterAPI does not have an "unretweet" endpoint; instead this is done - # via the "destroy" endpoint. Therefore, we need to handle - # when the status to "delete" is actually an Announce (repeat) object. - with %Activity{data: %{"type" => type}} <- Repo.get(Activity, id) do - case type do - "Announce" -> unrepeat(user, id) - _ -> CommonAPI.delete(id, user) - end + with %Activity{data: %{"type" => type}} <- Repo.get(Activity, id), + {:ok, activity} <- CommonAPI.delete(id, user) do + {:ok, activity} end end def follow(%User{} = follower, params) do with {:ok, %User{} = followed} <- get_user(params), - {:ok, follower} <- User.follow(follower, followed), + {:ok, follower} <- User.maybe_direct_follow(follower, followed), {:ok, activity} <- ActivityPub.follow(follower, followed) do {:ok, follower, followed, activity} else @@ -64,27 +61,28 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do end def repeat(%User{} = user, ap_id_or_id) do - with {:ok, _announce, %{data: %{"id" => id}}} = CommonAPI.repeat(ap_id_or_id, user), + with {:ok, _announce, %{data: %{"id" => id}}} <- CommonAPI.repeat(ap_id_or_id, user), %Activity{} = activity <- Activity.get_create_activity_by_object_ap_id(id) do {:ok, activity} end end - defp unrepeat(%User{} = user, ap_id_or_id) do - with {:ok, _unannounce, activity, _object} <- CommonAPI.unrepeat(ap_id_or_id, user) do + def unrepeat(%User{} = user, ap_id_or_id) do + with {:ok, _unannounce, %{data: %{"id" => id}}} <- CommonAPI.unrepeat(ap_id_or_id, user), + %Activity{} = activity <- Activity.get_create_activity_by_object_ap_id(id) do {:ok, activity} end end def fav(%User{} = user, ap_id_or_id) do - with {:ok, _fav, %{data: %{"id" => id}}} = CommonAPI.favorite(ap_id_or_id, user), + with {:ok, _fav, %{data: %{"id" => id}}} <- CommonAPI.favorite(ap_id_or_id, user), %Activity{} = activity <- Activity.get_create_activity_by_object_ap_id(id) do {:ok, activity} end end def unfav(%User{} = user, ap_id_or_id) do - with {:ok, _unfav, _fav, %{data: %{"id" => id}}} = CommonAPI.unfavorite(ap_id_or_id, user), + with {:ok, _unfav, _fav, %{data: %{"id" => id}}} <- CommonAPI.unfavorite(ap_id_or_id, user), %Activity{} = activity <- Activity.get_create_activity_by_object_ap_id(id) do {:ok, activity} end @@ -124,6 +122,8 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do end def register_user(params) do + tokenString = params["token"] + params = %{ nickname: params["nickname"], name: params["fullname"], @@ -133,17 +133,33 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do password_confirmation: params["confirm"] } - changeset = User.register_changeset(%User{}, params) + # no need to query DB if registration is open + token = + unless @registrations_open || is_nil(tokenString) do + Repo.get_by(UserInviteToken, %{token: tokenString}) + end - with {:ok, user} <- Repo.insert(changeset) do - {:ok, user} - else - {:error, changeset} -> - errors = - Ecto.Changeset.traverse_errors(changeset, fn {msg, _opts} -> msg end) - |> Jason.encode!() + cond do + @registrations_open || (!is_nil(token) && !token.used) -> + changeset = User.register_changeset(%User{}, params) + + with {:ok, user} <- Repo.insert(changeset) do + !@registrations_open && UserInviteToken.mark_as_used(token.token) + {:ok, user} + else + {:error, changeset} -> + errors = + Ecto.Changeset.traverse_errors(changeset, fn {msg, _opts} -> msg end) + |> Jason.encode!() + + {:error, %{error: errors}} + end + + !@registrations_open && is_nil(token) -> + {:error, "Invalid token"} - {:error, %{error: errors}} + !@registrations_open && token.used -> + {:error, "Expired token"} end end diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index dd1dc241d..65e67396b 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -4,10 +4,13 @@ defmodule Pleroma.Web.TwitterAPI.Controller do alias Pleroma.Web.CommonAPI alias Pleroma.{Repo, Activity, User, Notification} alias Pleroma.Web.ActivityPub.ActivityPub + alias Pleroma.Web.ActivityPub.Utils alias Ecto.Changeset require Logger + action_fallback(:errors) + def verify_credentials(%{assigns: %{user: user}} = conn, _params) do token = Phoenix.Token.sign(conn, "user socket", user.id) render(conn, UserView, "show.json", %{user: user, token: token}) @@ -107,6 +110,11 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end def mentions_timeline(%{assigns: %{user: user}} = conn, params) do + params = + params + |> Map.put("type", ["Create", "Announce", "Follow", "Like"]) + |> Map.put("blocking_user", user) + activities = ActivityPub.fetch_activities([user.ap_id], params) conn @@ -213,19 +221,29 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end def favorite(%{assigns: %{user: user}} = conn, %{"id" => id}) do - with {:ok, activity} <- TwitterAPI.fav(user, id) do + with {_, {:ok, id}} <- {:param_cast, Ecto.Type.cast(:integer, id)}, + {:ok, activity} <- TwitterAPI.fav(user, id) do render(conn, ActivityView, "activity.json", %{activity: activity, for: user}) end end def unfavorite(%{assigns: %{user: user}} = conn, %{"id" => id}) do - with {:ok, activity} <- TwitterAPI.unfav(user, id) do + with {_, {:ok, id}} <- {:param_cast, Ecto.Type.cast(:integer, id)}, + {:ok, activity} <- TwitterAPI.unfav(user, id) do render(conn, ActivityView, "activity.json", %{activity: activity, for: user}) end end def retweet(%{assigns: %{user: user}} = conn, %{"id" => id}) do - with {:ok, activity} <- TwitterAPI.repeat(user, id) do + with {_, {:ok, id}} <- {:param_cast, Ecto.Type.cast(:integer, id)}, + {:ok, activity} <- TwitterAPI.repeat(user, id) do + render(conn, ActivityView, "activity.json", %{activity: activity, for: user}) + end + end + + def unretweet(%{assigns: %{user: user}} = conn, %{"id" => id}) do + with {_, {:ok, id}} <- {:param_cast, Ecto.Type.cast(:integer, id)}, + {:ok, activity} <- TwitterAPI.unrepeat(user, id) do render(conn, ActivityView, "activity.json", %{activity: activity, for: user}) end end @@ -304,23 +322,71 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end def followers(conn, params) do - with {:ok, user} <- TwitterAPI.get_user(conn.assigns.user, params), + with {:ok, user} <- TwitterAPI.get_user(conn.assigns[:user], params), {:ok, followers} <- User.get_followers(user) do - render(conn, UserView, "index.json", %{users: followers, for: user}) + render(conn, UserView, "index.json", %{users: followers, for: conn.assigns[:user]}) else _e -> bad_request_reply(conn, "Can't get followers") end end def friends(conn, params) do - with {:ok, user} <- TwitterAPI.get_user(conn.assigns.user, params), + with {:ok, user} <- TwitterAPI.get_user(conn.assigns[:user], params), {:ok, friends} <- User.get_friends(user) do - render(conn, UserView, "index.json", %{users: friends, for: user}) + render(conn, UserView, "index.json", %{users: friends, for: conn.assigns[:user]}) else _e -> bad_request_reply(conn, "Can't get friends") end end + def friend_requests(conn, params) do + with {:ok, user} <- TwitterAPI.get_user(conn.assigns[:user], params), + {:ok, friend_requests} <- User.get_follow_requests(user) do + render(conn, UserView, "index.json", %{users: friend_requests, for: conn.assigns[:user]}) + else + _e -> bad_request_reply(conn, "Can't get friend requests") + end + end + + def approve_friend_request(conn, %{"user_id" => uid} = params) do + with followed <- conn.assigns[:user], + uid when is_number(uid) <- String.to_integer(uid), + %User{} = follower <- Repo.get(User, uid), + {:ok, follower} <- User.maybe_follow(follower, followed), + %Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed), + {:ok, follow_activity} <- Utils.update_follow_state(follow_activity, "accept"), + {:ok, _activity} <- + ActivityPub.accept(%{ + to: [follower.ap_id], + actor: followed.ap_id, + object: follow_activity.data["id"], + type: "Accept" + }) do + render(conn, UserView, "show.json", %{user: follower, for: followed}) + else + e -> bad_request_reply(conn, "Can't approve user: #{inspect(e)}") + end + end + + def deny_friend_request(conn, %{"user_id" => uid} = params) do + with followed <- conn.assigns[:user], + uid when is_number(uid) <- String.to_integer(uid), + %User{} = follower <- Repo.get(User, uid), + %Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed), + {:ok, follow_activity} <- Utils.update_follow_state(follow_activity, "reject"), + {:ok, _activity} <- + ActivityPub.reject(%{ + to: [follower.ap_id], + actor: followed.ap_id, + object: follow_activity.data["id"], + type: "Reject" + }) do + render(conn, UserView, "show.json", %{user: follower, for: followed}) + else + e -> bad_request_reply(conn, "Can't deny user: #{inspect(e)}") + end + end + def friends_ids(%{assigns: %{user: user}} = conn, _params) do with {:ok, friends} <- User.get_friends(user) do ids = @@ -338,6 +404,10 @@ defmodule Pleroma.Web.TwitterAPI.Controller do json(conn, Jason.encode!([])) end + def raw_empty_array(conn, _params) do + json(conn, []) + end + def update_profile(%{assigns: %{user: user}} = conn, params) do params = if bio = params["description"] do @@ -347,6 +417,33 @@ defmodule Pleroma.Web.TwitterAPI.Controller do params end + user = + if locked = params["locked"] do + with locked <- locked == "true", + new_info <- Map.put(user.info, "locked", locked), + change <- User.info_changeset(user, %{info: new_info}), + {:ok, user} <- User.update_and_set_cache(change) do + user + else + _e -> user + end + else + user + end + + user = + if default_scope = params["default_scope"] do + with new_info <- Map.put(user.info, "default_scope", default_scope), + change <- User.info_changeset(user, %{info: new_info}), + {:ok, user} <- User.update_and_set_cache(change) do + user + else + _e -> user + end + else + user + end + with changeset <- User.update_changeset(user, params), {:ok, user} <- User.update_and_set_cache(changeset) do CommonAPI.update(user) @@ -384,4 +481,16 @@ defmodule Pleroma.Web.TwitterAPI.Controller do defp error_json(conn, error_message) do %{"error" => error_message, "request" => conn.request_path} |> Jason.encode!() end + + def errors(conn, {:param_cast, _}) do + conn + |> put_status(400) + |> json("Invalid parameters") + end + + def errors(conn, _) do + conn + |> put_status(500) + |> json("Something went wrong") + end end diff --git a/lib/pleroma/web/twitter_api/views/activity_view.ex b/lib/pleroma/web/twitter_api/views/activity_view.ex index 62ce3b7b5..55b5287f5 100644 --- a/lib/pleroma/web/twitter_api/views/activity_view.ex +++ b/lib/pleroma/web/twitter_api/views/activity_view.ex @@ -228,15 +228,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do tags = if possibly_sensitive, do: Enum.uniq(["nsfw" | tags]), else: tags - summary = activity.data["object"]["summary"] - content = object["content"] - - content = - if !!summary and summary != "" do - "<span>#{activity.data["object"]["summary"]}</span><br />#{content}</span>" - else - content - end + {summary, content} = render_content(object) html = HtmlSanitizeEx.basic_html(content) @@ -263,7 +255,41 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do "tags" => tags, "activity_type" => "post", "possibly_sensitive" => possibly_sensitive, - "visibility" => Pleroma.Web.MastodonAPI.StatusView.get_visibility(object) + "visibility" => Pleroma.Web.MastodonAPI.StatusView.get_visibility(object), + "summary" => summary } end + + def render_content(%{"type" => "Note"} = object) do + summary = object["summary"] + + content = + if !!summary and summary != "" do + "<p>#{summary}</p>#{object["content"]}" + else + object["content"] + end + + {summary, content} + end + + def render_content(%{"type" => "Article"} = object) do + summary = object["name"] || object["summary"] + + content = + if !!summary and summary != "" do + "<p><a href=\"#{object["url"]}\">#{summary}</a></p>#{object["content"]}" + else + object["content"] + end + + {summary, content} + end + + def render_content(object) do + summary = object["summary"] || "Unhandled activity type: #{object["type"]}" + content = "<p>#{summary}</p>#{object["content"]}" + + {summary, content} + end end diff --git a/lib/pleroma/web/twitter_api/views/user_view.ex b/lib/pleroma/web/twitter_api/views/user_view.ex index 31527caae..7d0f0e703 100644 --- a/lib/pleroma/web/twitter_api/views/user_view.ex +++ b/lib/pleroma/web/twitter_api/views/user_view.ex @@ -1,6 +1,7 @@ defmodule Pleroma.Web.TwitterAPI.UserView do use Pleroma.Web, :view alias Pleroma.User + alias Pleroma.Formatter alias Pleroma.Web.CommonAPI.Utils alias Pleroma.Web.MediaProxy @@ -28,9 +29,19 @@ defmodule Pleroma.Web.TwitterAPI.UserView do user_info = User.get_cached_user_info(user) + emoji = + (user.info["source_data"]["tag"] || []) + |> Enum.filter(fn %{"type" => t} -> t == "Emoji" end) + |> Enum.map(fn %{"icon" => %{"url" => url}, "name" => name} -> + {String.trim(name, ":"), url} + end) + + bio = HtmlSanitizeEx.strip_tags(user.bio) + data = %{ "created_at" => user.inserted_at |> Utils.format_naive_asctime(), - "description" => HtmlSanitizeEx.strip_tags(user.bio), + "description" => bio, + "description_html" => bio |> Formatter.emojify(emoji), "favourites_count" => 0, "followers_count" => user_info[:follower_count], "following" => following, @@ -39,6 +50,7 @@ defmodule Pleroma.Web.TwitterAPI.UserView do "friends_count" => user_info[:following_count], "id" => user.id, "name" => user.name, + "name_html" => HtmlSanitizeEx.strip_tags(user.name) |> Formatter.emojify(emoji), "profile_image_url" => image, "profile_image_url_https" => image, "profile_image_url_profile_size" => image, @@ -51,7 +63,9 @@ defmodule Pleroma.Web.TwitterAPI.UserView do "statusnet_profile_url" => user.ap_id, "cover_photo" => User.banner_url(user) |> MediaProxy.url(), "background_image" => image_url(user.info["background"]) |> MediaProxy.url(), - "is_local" => user.local + "is_local" => user.local, + "locked" => !!user.info["locked"], + "default_scope" => user.info["default_scope"] || "public" } if assigns[:token] do diff --git a/lib/pleroma/web/web_finger/web_finger.ex b/lib/pleroma/web/web_finger/web_finger.ex index 9c6f1cb68..9f554d286 100644 --- a/lib/pleroma/web/web_finger/web_finger.ex +++ b/lib/pleroma/web/web_finger/web_finger.ex @@ -25,35 +25,17 @@ defmodule Pleroma.Web.WebFinger do |> XmlBuilder.to_doc() end - def webfinger(resource, "JSON") do + def webfinger(resource, fmt) when fmt in ["XML", "JSON"] do host = Pleroma.Web.Endpoint.host() regex = ~r/(acct:)?(?<username>\w+)@#{host}/ - with %{"username" => username} <- Regex.named_captures(regex, resource) do - user = User.get_by_nickname(username) - {:ok, represent_user(user, "JSON")} + with %{"username" => username} <- Regex.named_captures(regex, resource), + %User{} = user <- User.get_by_nickname(username) do + {:ok, represent_user(user, fmt)} else _e -> - with user when not is_nil(user) <- User.get_cached_by_ap_id(resource) do - {:ok, represent_user(user, "JSON")} - else - _e -> - {:error, "Couldn't find user"} - end - end - end - - def webfinger(resource, "XML") do - host = Pleroma.Web.Endpoint.host() - regex = ~r/(acct:)?(?<username>\w+)@#{host}/ - - with %{"username" => username} <- Regex.named_captures(regex, resource) do - user = User.get_by_nickname(username) - {:ok, represent_user(user, "XML")} - else - _e -> - with user when not is_nil(user) <- User.get_cached_by_ap_id(resource) do - {:ok, represent_user(user, "XML")} + with %User{} = user <- User.get_cached_by_ap_id(resource) do + {:ok, represent_user(user, fmt)} else _e -> {:error, "Couldn't find user"} @@ -144,41 +126,50 @@ defmodule Pleroma.Web.WebFinger do end end - defp webfinger_from_xml(doc) do - magic_key = XML.string_from_xpath(~s{//Link[@rel="magic-public-key"]/@href}, doc) + defp get_magic_key(magic_key) do "data:application/magic-public-key," <> magic_key = magic_key + {:ok, magic_key} + rescue + MatchError -> {:error, "Missing magic key data."} + end - topic = - XML.string_from_xpath( - ~s{//Link[@rel="http://schemas.google.com/g/2010#updates-from"]/@href}, - doc - ) - - subject = XML.string_from_xpath("//Subject", doc) - salmon = XML.string_from_xpath(~s{//Link[@rel="salmon"]/@href}, doc) - - subscribe_address = - XML.string_from_xpath( - ~s{//Link[@rel="http://ostatus.org/schema/1.0/subscribe"]/@template}, - doc - ) - - ap_id = - XML.string_from_xpath( - ~s{//Link[@rel="self" and @type="application/activity+json"]/@href}, - doc - ) - - data = %{ - "magic_key" => magic_key, - "topic" => topic, - "subject" => subject, - "salmon" => salmon, - "subscribe_address" => subscribe_address, - "ap_id" => ap_id - } + defp webfinger_from_xml(doc) do + with magic_key <- XML.string_from_xpath(~s{//Link[@rel="magic-public-key"]/@href}, doc), + {:ok, magic_key} <- get_magic_key(magic_key), + topic <- + XML.string_from_xpath( + ~s{//Link[@rel="http://schemas.google.com/g/2010#updates-from"]/@href}, + doc + ), + subject <- XML.string_from_xpath("//Subject", doc), + salmon <- XML.string_from_xpath(~s{//Link[@rel="salmon"]/@href}, doc), + subscribe_address <- + XML.string_from_xpath( + ~s{//Link[@rel="http://ostatus.org/schema/1.0/subscribe"]/@template}, + doc + ), + ap_id <- + XML.string_from_xpath( + ~s{//Link[@rel="self" and @type="application/activity+json"]/@href}, + doc + ) do + data = %{ + "magic_key" => magic_key, + "topic" => topic, + "subject" => subject, + "salmon" => salmon, + "subscribe_address" => subscribe_address, + "ap_id" => ap_id + } - {:ok, data} + {:ok, data} + else + {:error, e} -> + {:error, e} + + e -> + {:error, e} + end end defp webfinger_from_json(doc) do @@ -253,7 +244,7 @@ defmodule Pleroma.Web.WebFinger do String.replace(template, "{uri}", URI.encode(account)) _ -> - "http://#{domain}/.well-known/webfinger?resource=acct:#{account}" + "https://#{domain}/.well-known/webfinger?resource=acct:#{account}" end with response <- @@ -268,8 +259,11 @@ defmodule Pleroma.Web.WebFinger do if doc != :error do webfinger_from_xml(doc) else - {:ok, doc} = Jason.decode(body) - webfinger_from_json(doc) + with {:ok, doc} <- Jason.decode(body) do + webfinger_from_json(doc) + else + {:error, e} -> e + end end else e -> diff --git a/lib/pleroma/web/xml/xml.ex b/lib/pleroma/web/xml/xml.ex index 36430a3fa..da3f68ecb 100644 --- a/lib/pleroma/web/xml/xml.ex +++ b/lib/pleroma/web/xml/xml.ex @@ -32,6 +32,10 @@ defmodule Pleroma.Web.XML do :exit, _error -> Logger.debug("Couldn't parse XML: #{inspect(text)}") :error + rescue + e -> + Logger.debug("Couldn't parse XML: #{inspect(text)}") + :error end end end |