diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/mix/tasks/sample_config.eex | 21 | ||||
| -rw-r--r-- | lib/pleroma/upload.ex | 126 | ||||
| -rw-r--r-- | lib/pleroma/uploaders/local.ex | 47 | ||||
| -rw-r--r-- | lib/pleroma/uploaders/s3.ex | 24 | ||||
| -rw-r--r-- | lib/pleroma/uploaders/swift/keystone.ex | 48 | ||||
| -rw-r--r-- | lib/pleroma/uploaders/swift/swift.ex | 28 | ||||
| -rw-r--r-- | lib/pleroma/uploaders/swift/uploader.ex | 10 | ||||
| -rw-r--r-- | lib/pleroma/uploaders/uploader.ex | 20 | ||||
| -rw-r--r-- | lib/pleroma/web/activity_pub/activity_pub.ex | 40 | ||||
| -rw-r--r-- | lib/pleroma/web/endpoint.ex | 2 | ||||
| -rw-r--r-- | lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 9 | ||||
| -rw-r--r-- | lib/pleroma/web/mastodon_api/views/account_view.ex | 10 | ||||
| -rw-r--r-- | lib/pleroma/web/streamer.ex | 21 |
13 files changed, 290 insertions, 116 deletions
diff --git a/lib/mix/tasks/sample_config.eex b/lib/mix/tasks/sample_config.eex index 2acf35ed9..3881ead26 100644 --- a/lib/mix/tasks/sample_config.eex +++ b/lib/mix/tasks/sample_config.eex @@ -29,8 +29,7 @@ config :pleroma, Pleroma.Repo, # The public S3 endpoint is different depending on region and provider, # consult your S3 provider's documentation for details on what to use. # -# config :pleroma, Pleroma.Upload, -# use_s3: true, +# config :pleroma, Pleroma.Uploaders.S3, # bucket: "some-bucket", # public_endpoint: "https://s3.amazonaws.com" # @@ -44,3 +43,21 @@ config :pleroma, Pleroma.Repo, # For using third-party S3 clones like wasabi, also do: # config :ex_aws, :s3, # host: "s3.wasabisys.com" + + +# Configure Openstack Swift support if desired. +# +# Many openstack deployments are different, so config is left very open with +# no assumptions made on which provider you're using. This should allow very +# wide support without needing separate handlers for OVH, Rackspace, etc. +# +# config :pleroma, Pleroma.Uploaders.Swift, +# container: "some-container", +# username: "api-username-yyyy", +# password: "api-key-xxxx", +# tenant_id: "<openstack-project/tenant-id>", +# auth_url: "https://keystone-endpoint.provider.com", +# storage_url: "https://swift-endpoint.prodider.com/v1/AUTH_<tenant>/<container>", +# object_url: "https://cdn-endpoint.provider.com/<container>" +# + diff --git a/lib/pleroma/upload.ex b/lib/pleroma/upload.ex index a744e6fd4..f188a5f32 100644 --- a/lib/pleroma/upload.ex +++ b/lib/pleroma/upload.ex @@ -1,34 +1,19 @@ defmodule Pleroma.Upload do alias Ecto.UUID - alias Pleroma.Web - def store(%Plug.Upload{} = file, should_dedupe) do - settings = Application.get_env(:pleroma, Pleroma.Upload) - use_s3 = Keyword.fetch!(settings, :use_s3) + @storage_backend Application.get_env(:pleroma, Pleroma.Upload) + |> Keyword.fetch!(:uploader) + def store(%Plug.Upload{} = file, should_dedupe) do content_type = get_content_type(file.path) + uuid = get_uuid(file, should_dedupe) name = get_name(file, uuid, content_type, should_dedupe) - upload_folder = get_upload_path(uuid, should_dedupe) - url_path = get_url(name, uuid, should_dedupe) strip_exif_data(content_type, file.path) - File.mkdir_p!(upload_folder) - result_file = Path.join(upload_folder, name) - - if File.exists?(result_file) do - File.rm!(file.path) - else - File.cp!(file.path, result_file) - end - - url_path = - if use_s3 do - put_s3_file(name, uuid, result_file, content_type) - else - url_path - end + {:ok, url_path} = + @storage_backend.put_file(name, uuid, file.path, content_type, should_dedupe) %{ "type" => "Document", @@ -43,22 +28,16 @@ defmodule Pleroma.Upload do } end - # XXX: does this code actually work? i am skeptical. --kaniini def store(%{"img" => "data:image/" <> image_data}, should_dedupe) do - settings = Application.get_env(:pleroma, Pleroma.Upload) - use_s3 = Keyword.fetch!(settings, :use_s3) - parsed = Regex.named_captures(~r/(?<filetype>jpeg|png|gif);base64,(?<data>.*)/, image_data) data = Base.decode64!(parsed["data"], ignore: :whitespace) - uuid = UUID.generate() - uuidpath = Path.join(upload_path(), uuid) - uuid = UUID.generate() - File.mkdir_p!(upload_path()) + tmp_path = tempfile_for_image(data) - File.write!(uuidpath, data) + uuid = UUID.generate() - content_type = get_content_type(uuidpath) + content_type = get_content_type(tmp_path) + strip_exif_data(content_type, tmp_path) name = create_name( @@ -67,30 +46,7 @@ defmodule Pleroma.Upload do content_type ) - upload_folder = get_upload_path(uuid, should_dedupe) - url_path = get_url(name, uuid, should_dedupe) - - File.mkdir_p!(upload_folder) - result_file = Path.join(upload_folder, name) - - if should_dedupe do - if !File.exists?(result_file) do - File.rename(uuidpath, result_file) - else - File.rm!(uuidpath) - end - else - File.rename(uuidpath, result_file) - end - - strip_exif_data(content_type, result_file) - - url_path = - if use_s3 do - put_s3_file(name, uuid, result_file, content_type) - else - url_path - end + {:ok, url_path} = @storage_backend.put_file(name, uuid, tmp_path, content_type, should_dedupe) %{ "type" => "Image", @@ -105,21 +61,28 @@ defmodule Pleroma.Upload do } end + @doc """ + Creates a tempfile using the Plug.Upload Genserver which cleans them up + automatically. + """ + def tempfile_for_image(data) do + {:ok, tmp_path} = Plug.Upload.random_file("profile_pics") + {:ok, tmp_file} = File.open(tmp_path, [:write, :raw, :binary]) + IO.binwrite(tmp_file, data) + + tmp_path + end + def strip_exif_data(content_type, file) do settings = Application.get_env(:pleroma, Pleroma.Upload) do_strip = Keyword.fetch!(settings, :strip_exif) - [filetype, ext] = String.split(content_type, "/") + [filetype, _ext] = String.split(content_type, "/") if filetype == "image" and do_strip == true do Mogrify.open(file) |> Mogrify.custom("strip") |> Mogrify.save(in_place: true) end end - def upload_path do - settings = Application.get_env(:pleroma, Pleroma.Upload) - Keyword.fetch!(settings, :uploads) - end - defp create_name(uuid, ext, type) do case type do "application/octet-stream" -> @@ -163,26 +126,6 @@ defmodule Pleroma.Upload do end end - defp get_upload_path(uuid, should_dedupe) do - if should_dedupe do - upload_path() - else - Path.join(upload_path(), uuid) - end - end - - defp get_url(name, uuid, should_dedupe) do - if should_dedupe do - url_for(:cow_uri.urlencode(name)) - else - url_for(Path.join(uuid, :cow_uri.urlencode(name))) - end - end - - defp url_for(file) do - "#{Web.base_url()}/media/#{file}" - end - def get_content_type(file) do match = File.open(file, [:read], fn f -> @@ -224,25 +167,4 @@ defmodule Pleroma.Upload do _e -> "application/octet-stream" end end - - defp put_s3_file(name, uuid, path, content_type) do - settings = Application.get_env(:pleroma, Pleroma.Upload) - bucket = Keyword.fetch!(settings, :bucket) - public_endpoint = Keyword.fetch!(settings, :public_endpoint) - - {:ok, file_data} = File.read(path) - - File.rm!(path) - - s3_name = "#{uuid}/#{name}" - - {:ok, result} = - ExAws.S3.put_object(bucket, s3_name, file_data, [ - {:acl, :public_read}, - {:content_type, content_type} - ]) - |> ExAws.request() - - "#{public_endpoint}/#{bucket}/#{s3_name}" - end end diff --git a/lib/pleroma/uploaders/local.ex b/lib/pleroma/uploaders/local.ex new file mode 100644 index 000000000..d4624661f --- /dev/null +++ b/lib/pleroma/uploaders/local.ex @@ -0,0 +1,47 @@ +defmodule Pleroma.Uploaders.Local do + @behaviour Pleroma.Uploaders.Uploader + + alias Pleroma.Web + + def put_file(name, uuid, tmpfile, _content_type, should_dedupe) do + upload_folder = get_upload_path(uuid, should_dedupe) + url_path = get_url(name, uuid, should_dedupe) + + File.mkdir_p!(upload_folder) + + result_file = Path.join(upload_folder, name) + + if File.exists?(result_file) do + File.rm!(tmpfile) + else + File.cp!(tmpfile, result_file) + end + + {:ok, url_path} + end + + def upload_path do + settings = Application.get_env(:pleroma, Pleroma.Uploaders.Local) + Keyword.fetch!(settings, :uploads) + end + + defp get_upload_path(uuid, should_dedupe) do + if should_dedupe do + upload_path() + else + Path.join(upload_path(), uuid) + end + end + + defp get_url(name, uuid, should_dedupe) do + if should_dedupe do + url_for(:cow_uri.urlencode(name)) + else + url_for(Path.join(uuid, :cow_uri.urlencode(name))) + end + end + + defp url_for(file) do + "#{Web.base_url()}/media/#{file}" + end +end diff --git a/lib/pleroma/uploaders/s3.ex b/lib/pleroma/uploaders/s3.ex new file mode 100644 index 000000000..ce0ed3e34 --- /dev/null +++ b/lib/pleroma/uploaders/s3.ex @@ -0,0 +1,24 @@ +defmodule Pleroma.Uploaders.S3 do + @behaviour Pleroma.Uploaders.Uploader + + def put_file(name, uuid, path, content_type, _should_dedupe) do + settings = Application.get_env(:pleroma, Pleroma.Uploaders.S3) + bucket = Keyword.fetch!(settings, :bucket) + public_endpoint = Keyword.fetch!(settings, :public_endpoint) + + {:ok, file_data} = File.read(path) + + File.rm!(path) + + s3_name = "#{uuid}/#{name}" + + {:ok, _} = + ExAws.S3.put_object(bucket, s3_name, file_data, [ + {:acl, :public_read}, + {:content_type, content_type} + ]) + |> ExAws.request() + + {:ok, "#{public_endpoint}/#{bucket}/#{s3_name}"} + end +end diff --git a/lib/pleroma/uploaders/swift/keystone.ex b/lib/pleroma/uploaders/swift/keystone.ex new file mode 100644 index 000000000..a79214319 --- /dev/null +++ b/lib/pleroma/uploaders/swift/keystone.ex @@ -0,0 +1,48 @@ +defmodule Pleroma.Uploaders.Swift.Keystone do + use HTTPoison.Base + + @settings Application.get_env(:pleroma, Pleroma.Uploaders.Swift) + + def process_url(url) do + Enum.join( + [Keyword.fetch!(@settings, :auth_url), url], + "/" + ) + end + + def process_response_body(body) do + body + |> Poison.decode!() + end + + def get_token() do + username = Keyword.fetch!(@settings, :username) + password = Keyword.fetch!(@settings, :password) + tenant_id = Keyword.fetch!(@settings, :tenant_id) + + case post( + "/tokens", + make_auth_body(username, password, tenant_id), + ["Content-Type": "application/json"], + hackney: [:insecure] + ) do + {:ok, %HTTPoison.Response{status_code: 200, body: body}} -> + body["access"]["token"]["id"] + + {:ok, %HTTPoison.Response{status_code: _}} -> + "" + end + end + + def make_auth_body(username, password, tenant) do + Poison.encode!(%{ + :auth => %{ + :passwordCredentials => %{ + :username => username, + :password => password + }, + :tenantId => tenant + } + }) + end +end diff --git a/lib/pleroma/uploaders/swift/swift.ex b/lib/pleroma/uploaders/swift/swift.ex new file mode 100644 index 000000000..819dfebda --- /dev/null +++ b/lib/pleroma/uploaders/swift/swift.ex @@ -0,0 +1,28 @@ +defmodule Pleroma.Uploaders.Swift.Client do + use HTTPoison.Base + + @settings Application.get_env(:pleroma, Pleroma.Uploaders.Swift) + + def process_url(url) do + Enum.join( + [Keyword.fetch!(@settings, :storage_url), url], + "/" + ) + end + + def upload_file(filename, body, content_type) do + object_url = Keyword.fetch!(@settings, :object_url) + token = Pleroma.Uploaders.Swift.Keystone.get_token() + + case put("#{filename}", body, "X-Auth-Token": token, "Content-Type": content_type) do + {:ok, %HTTPoison.Response{status_code: 201}} -> + {:ok, "#{object_url}/#{filename}"} + + {:ok, %HTTPoison.Response{status_code: 401}} -> + {:error, "Unauthorized, Bad Token"} + + {:error, _} -> + {:error, "Swift Upload Error"} + end + end +end diff --git a/lib/pleroma/uploaders/swift/uploader.ex b/lib/pleroma/uploaders/swift/uploader.ex new file mode 100644 index 000000000..794f76cb0 --- /dev/null +++ b/lib/pleroma/uploaders/swift/uploader.ex @@ -0,0 +1,10 @@ +defmodule Pleroma.Uploaders.Swift do + @behaviour Pleroma.Uploaders.Uploader + + def put_file(name, uuid, tmp_path, content_type, _should_dedupe) do + {:ok, file_data} = File.read(tmp_path) + remote_name = "#{uuid}/#{name}" + + Pleroma.Uploaders.Swift.Client.upload_file(remote_name, file_data, content_type) + end +end diff --git a/lib/pleroma/uploaders/uploader.ex b/lib/pleroma/uploaders/uploader.ex new file mode 100644 index 000000000..b58fc6d71 --- /dev/null +++ b/lib/pleroma/uploaders/uploader.ex @@ -0,0 +1,20 @@ +defmodule Pleroma.Uploaders.Uploader do + @moduledoc """ + Defines the contract to put an uploaded file to any backend. + """ + + @doc """ + Put a file to the backend. + + Returns `{:ok, String.t } | {:error, String.t} containing the path of the + uploaded file, or error information if the file failed to be saved to the + respective backend. + """ + @callback put_file( + name :: String.t(), + uuid :: String.t(), + file :: File.t(), + content_type :: String.t(), + should_dedupe :: Boolean.t() + ) :: {:ok, String.t()} | {:error, String.t()} +end diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 68b398786..e6c2dc9cf 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -14,8 +14,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do # For Announce activities, we filter the recipients based on following status for any actors # that match actual users. See issue #164 for more information about why this is necessary. - def get_recipients(%{"type" => "Announce"} = data) do - recipients = (data["to"] || []) ++ (data["cc"] || []) + defp get_recipients(%{"type" => "Announce"} = data) do + to = data["to"] || [] + cc = data["cc"] || [] + recipients = to ++ cc actor = User.get_cached_by_ap_id(data["actor"]) recipients @@ -28,10 +30,15 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do User.following?(user, actor) end end) + + {recipients, to, cc} end - def get_recipients(data) do - (data["to"] || []) ++ (data["cc"] || []) + defp get_recipients(data) do + to = data["to"] || [] + cc = data["cc"] || [] + recipients = to ++ cc + {recipients, to, cc} end defp check_actor_is_active(actor) do @@ -53,12 +60,14 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do :ok <- check_actor_is_active(map["actor"]), {:ok, map} <- MRF.filter(map), :ok <- insert_full_object(map) do + {recipients, _, _} = get_recipients(map) + {:ok, activity} = Repo.insert(%Activity{ data: map, local: local, actor: map["actor"], - recipients: get_recipients(map) + recipients: recipients }) Notification.create_notifications(activity) @@ -399,6 +408,20 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do defp restrict_tag(query, _), do: query + defp restrict_to_cc(query, recipients_to, recipients_cc) do + from( + activity in query, + where: + fragment( + "(?->'to' \\?| ?) or (?->'cc' \\?| ?)", + activity.data, + ^recipients_to, + activity.data, + ^recipients_cc + ) + ) + end + defp restrict_recipients(query, [], _user), do: query defp restrict_recipients(query, recipients, nil) do @@ -540,6 +563,13 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do |> Enum.reverse() end + def fetch_activities_bounded(recipients_to, recipients_cc, opts \\ %{}) do + fetch_activities_query([], opts) + |> restrict_to_cc(recipients_to, recipients_cc) + |> Repo.all() + |> Enum.reverse() + end + def upload(file) do data = Upload.store(file, Application.get_env(:pleroma, :instance)[:dedupe_media]) Repo.insert(%Object{data: data}) diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index cbedca004..1e5ac2721 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -11,7 +11,7 @@ defmodule Pleroma.Web.Endpoint do # # You should set gzip to true if you are running phoenix.digest # when deploying your static files in production. - plug(Plug.Static, at: "/media", from: Pleroma.Upload.upload_path(), gzip: false) + plug(Plug.Static, at: "/media", from: Pleroma.Uploaders.Local.upload_path(), gzip: false) plug( Plug.Static, diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 091bc62de..bd6f04c55 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -851,9 +851,14 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do |> Map.put("type", "Create") |> Map.put("blocking_user", user) - # adding title is a hack to not make empty lists function like a public timeline + # we must filter the following list for the user to avoid leaking statuses the user + # does not actually have permission to see (for more info, peruse security issue #270). + following_to = + following + |> Enum.filter(fn x -> x in user.following end) + activities = - ActivityPub.fetch_activities([title | following], params) + ActivityPub.fetch_activities_bounded(following_to, following, params) |> Enum.reverse() conn diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index d9edcae7f..133cae3b5 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -28,7 +28,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do %{ id: to_string(user.id), - username: hd(String.split(user.nickname, "@")), + username: username_from_nickname(user.nickname), acct: user.nickname, display_name: user.name || user.nickname, locked: user_info.locked, @@ -56,7 +56,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do %{ id: to_string(user.id), acct: user.nickname, - username: hd(String.split(user.nickname, "@")), + username: username_from_nickname(user.nickname), url: user.ap_id } end @@ -76,4 +76,10 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do def render("relationships.json", %{user: user, targets: targets}) do render_many(targets, AccountView, "relationship.json", user: user, as: :target) end + + defp username_from_nickname(string) when is_binary(string) do + hd(String.split(string, "@")) + end + + defp username_from_nickname(_), do: nil end diff --git a/lib/pleroma/web/streamer.ex b/lib/pleroma/web/streamer.ex index c61bad830..6b6d40346 100644 --- a/lib/pleroma/web/streamer.ex +++ b/lib/pleroma/web/streamer.ex @@ -1,7 +1,8 @@ defmodule Pleroma.Web.Streamer do use GenServer require Logger - alias Pleroma.{User, Notification, Activity, Object} + alias Pleroma.{User, Notification, Activity, Object, Repo} + alias Pleroma.Web.ActivityPub.ActivityPub def init(args) do {:ok, args} @@ -60,8 +61,24 @@ defmodule Pleroma.Web.Streamer do end def handle_cast(%{action: :stream, topic: "list", item: item}, topics) do + author = User.get_cached_by_ap_id(item.data["actor"]) + + # filter the recipient list if the activity is not public, see #270. + recipient_lists = + case ActivityPub.is_public?(item) do + true -> + Pleroma.List.get_lists_from_activity(item) + + _ -> + Pleroma.List.get_lists_from_activity(item) + |> Enum.filter(fn list -> + owner = Repo.get(User, list.user_id) + author.follower_address in owner.following + end) + end + recipient_topics = - Pleroma.List.get_lists_from_activity(item) + recipient_lists |> Enum.map(fn %{id: id} -> "list:#{id}" end) Enum.each(recipient_topics || [], fn list_topic -> |