writefreely
/
writefreely
mirror of https://github.com/writefreely/writefreely.git
2
0
Fork 0
Code Issues Releases 25 Wiki Activity
A clean, Markdown-based publishing platform made for writers. Write together, and build a community. https://writefreely.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1176 Commits
45 Branches
234 MiB
 
 
 
 
 
Tree: 4228761eb3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4228761eb3'
${ noResults }
writefreely/activitypub.go

875 lines
22 KiB
Raw Blame History 

  1. /*

  2.  * Copyright © 2018-2021 A Bunch Tell LLC.

  3.  *

  4.  * This file is part of WriteFreely.

  5.  *

  6.  * WriteFreely is free software: you can redistribute it and/or modify

  7.  * it under the terms of the GNU Affero General Public License, included

  8.  * in the LICENSE file in this source code package.

  9.  */

  10. 

  11. package writefreely

  12. 

  13. import (

  14. 	"bytes"

  15. 	"crypto/sha256"

  16. 	"database/sql"

  17. 	"encoding/base64"

  18. 	"encoding/json"

  19. 	"fmt"

  20. 	"io/ioutil"

  21. 	"net/http"

  22. 	"net/http/httputil"

  23. 	"net/url"

  24. 	"path/filepath"

  25. 	"strconv"

  26. 	"time"

  27. 

  28. 	"github.com/gorilla/mux"

  29. 	"github.com/writeas/activity/streams"

  30. 	"github.com/writeas/httpsig"

  31. 	"github.com/writeas/impart"

  32. 	"github.com/writeas/nerds/store"

  33. 	"github.com/writeas/web-core/activitypub"

  34. 	"github.com/writeas/web-core/activitystreams"

  35. 	"github.com/writeas/web-core/log"

  36. )

  37. 

  38. const (

  39. 	// TODO: delete. don't use this!

  40. 	apCustomHandleDefault = "blog"

  41. 

  42. 	apCacheTime = time.Minute

  43. )

  44. 

  45. var instanceColl *Collection

  46. 

  47. func initActivityPub(app *App) {

  48. 	ur, _ := url.Parse(app.cfg.App.Host)

  49. 	instanceColl = &Collection{

  50. 		ID:       0,

  51. 		Alias:    ur.Host,

  52. 		Title:    ur.Host,

  53. 		db:       app.db,

  54. 		hostName: app.cfg.App.Host,

  55. 	}

  56. }

  57. 

  58. type RemoteUser struct {

  59. 	ID          int64

  60. 	ActorID     string

  61. 	Inbox       string

  62. 	SharedInbox string

  63. 	Handle      string

  64. }

  65. 

  66. func (ru *RemoteUser) AsPerson() *activitystreams.Person {

  67. 	return &activitystreams.Person{

  68. 		BaseObject: activitystreams.BaseObject{

  69. 			Type: "Person",

  70. 			Context: []interface{}{

  71. 				activitystreams.Namespace,

  72. 			},

  73. 			ID: ru.ActorID,

  74. 		},

  75. 		Inbox: ru.Inbox,

  76. 		Endpoints: activitystreams.Endpoints{

  77. 			SharedInbox: ru.SharedInbox,

  78. 		},

  79. 	}

  80. }

  81. 

  82. func activityPubClient() *http.Client {

  83. 	return &http.Client{

  84. 		Timeout: 15 * time.Second,

  85. 	}

  86. }

  87. 

  88. func handleFetchCollectionActivities(app *App, w http.ResponseWriter, r *http.Request) error {

  89. 	w.Header().Set("Server", serverSoftware)

  90. 

  91. 	vars := mux.Vars(r)

  92. 	alias := vars["alias"]

  93. 	if alias == "" {

  94. 		alias = filepath.Base(r.RequestURI)

  95. 	}

  96. 

  97. 	// TODO: enforce visibility

  98. 	// Get base Collection data

  99. 	var c *Collection

  100. 	var err error

  101. 	if alias == r.Host {

  102. 		c = instanceColl

  103. 	} else if app.cfg.App.SingleUser {

  104. 		c, err = app.db.GetCollectionByID(1)

  105. 	} else {

  106. 		c, err = app.db.GetCollection(alias)

  107. 	}

  108. 	if err != nil {

  109. 		return err

  110. 	}

  111. 	c.hostName = app.cfg.App.Host

  112. 

  113. 	if !c.IsInstanceColl() {

  114. 		silenced, err := app.db.IsUserSilenced(c.OwnerID)

  115. 		if err != nil {

  116. 			log.Error("fetch collection activities: %v", err)

  117. 			return ErrInternalGeneral

  118. 		}

  119. 		if silenced {

  120. 			return ErrCollectionNotFound

  121. 		}

  122. 	}

  123. 

  124. 	p := c.PersonObject()

  125. 

  126. 	setCacheControl(w, apCacheTime)

  127. 	return impart.RenderActivityJSON(w, p, http.StatusOK)

  128. }

  129. 

  130. func handleFetchCollectionOutbox(app *App, w http.ResponseWriter, r *http.Request) error {

  131. 	w.Header().Set("Server", serverSoftware)

  132. 

  133. 	vars := mux.Vars(r)

  134. 	alias := vars["alias"]

  135. 

  136. 	// TODO: enforce visibility

  137. 	// Get base Collection data

  138. 	var c *Collection

  139. 	var err error

  140. 	if app.cfg.App.SingleUser {

  141. 		c, err = app.db.GetCollectionByID(1)

  142. 	} else {

  143. 		c, err = app.db.GetCollection(alias)

  144. 	}

  145. 	if err != nil {

  146. 		return err

  147. 	}

  148. 	silenced, err := app.db.IsUserSilenced(c.OwnerID)

  149. 	if err != nil {

  150. 		log.Error("fetch collection outbox: %v", err)

  151. 		return ErrInternalGeneral

  152. 	}

  153. 	if silenced {

  154. 		return ErrCollectionNotFound

  155. 	}

  156. 	c.hostName = app.cfg.App.Host

  157. 

  158. 	if app.cfg.App.SingleUser {

  159. 		if alias != c.Alias {

  160. 			return ErrCollectionNotFound

  161. 		}

  162. 	}

  163. 

  164. 	res := &CollectionObj{Collection: *c}

  165. 	app.db.GetPostsCount(res, false)

  166. 	accountRoot := c.FederatedAccount()

  167. 

  168. 	page := r.FormValue("page")

  169. 	p, err := strconv.Atoi(page)

  170. 	if err != nil || p < 1 {

  171. 		// Return outbox

  172. 		oc := activitystreams.NewOrderedCollection(accountRoot, "outbox", res.TotalPosts)

  173. 		return impart.RenderActivityJSON(w, oc, http.StatusOK)

  174. 	}

  175. 

  176. 	// Return outbox page

  177. 	ocp := activitystreams.NewOrderedCollectionPage(accountRoot, "outbox", res.TotalPosts, p)

  178. 	ocp.OrderedItems = []interface{}{}

  179. 

  180. 	posts, err := app.db.GetPosts(app.cfg, c, p, false, true, false)

  181. 	for _, pp := range *posts {

  182. 		pp.Collection = res

  183. 		o := pp.ActivityObject(app)

  184. 		a := activitystreams.NewCreateActivity(o)

  185. 		a.Context = nil

  186. 		ocp.OrderedItems = append(ocp.OrderedItems, *a)

  187. 	}

  188. 

  189. 	setCacheControl(w, apCacheTime)

  190. 	return impart.RenderActivityJSON(w, ocp, http.StatusOK)

  191. }

  192. 

  193. func handleFetchCollectionFollowers(app *App, w http.ResponseWriter, r *http.Request) error {

  194. 	w.Header().Set("Server", serverSoftware)

  195. 

  196. 	vars := mux.Vars(r)

  197. 	alias := vars["alias"]

  198. 

  199. 	// TODO: enforce visibility

  200. 	// Get base Collection data

  201. 	var c *Collection

  202. 	var err error

  203. 	if app.cfg.App.SingleUser {

  204. 		c, err = app.db.GetCollectionByID(1)

  205. 	} else {

  206. 		c, err = app.db.GetCollection(alias)

  207. 	}

  208. 	if err != nil {

  209. 		return err

  210. 	}

  211. 	silenced, err := app.db.IsUserSilenced(c.OwnerID)

  212. 	if err != nil {

  213. 		log.Error("fetch collection followers: %v", err)

  214. 		return ErrInternalGeneral

  215. 	}

  216. 	if silenced {

  217. 		return ErrCollectionNotFound

  218. 	}

  219. 	c.hostName = app.cfg.App.Host

  220. 

  221. 	accountRoot := c.FederatedAccount()

  222. 

  223. 	folls, err := app.db.GetAPFollowers(c)

  224. 	if err != nil {

  225. 		return err

  226. 	}

  227. 

  228. 	page := r.FormValue("page")

  229. 	p, err := strconv.Atoi(page)

  230. 	if err != nil || p < 1 {

  231. 		// Return outbox

  232. 		oc := activitystreams.NewOrderedCollection(accountRoot, "followers", len(*folls))

  233. 		return impart.RenderActivityJSON(w, oc, http.StatusOK)

  234. 	}

  235. 

  236. 	// Return outbox page

  237. 	ocp := activitystreams.NewOrderedCollectionPage(accountRoot, "followers", len(*folls), p)

  238. 	ocp.OrderedItems = []interface{}{}

  239. 	/*

  240. 		for _, f := range *folls {

  241. 			ocp.OrderedItems = append(ocp.OrderedItems, f.ActorID)

  242. 		}

  243. 	*/

  244. 	setCacheControl(w, apCacheTime)

  245. 	return impart.RenderActivityJSON(w, ocp, http.StatusOK)

  246. }

  247. 

  248. func handleFetchCollectionFollowing(app *App, w http.ResponseWriter, r *http.Request) error {

  249. 	w.Header().Set("Server", serverSoftware)

  250. 

  251. 	vars := mux.Vars(r)

  252. 	alias := vars["alias"]

  253. 

  254. 	// TODO: enforce visibility

  255. 	// Get base Collection data

  256. 	var c *Collection

  257. 	var err error

  258. 	if app.cfg.App.SingleUser {

  259. 		c, err = app.db.GetCollectionByID(1)

  260. 	} else {

  261. 		c, err = app.db.GetCollection(alias)

  262. 	}

  263. 	if err != nil {

  264. 		return err

  265. 	}

  266. 	silenced, err := app.db.IsUserSilenced(c.OwnerID)

  267. 	if err != nil {

  268. 		log.Error("fetch collection following: %v", err)

  269. 		return ErrInternalGeneral

  270. 	}

  271. 	if silenced {

  272. 		return ErrCollectionNotFound

  273. 	}

  274. 	c.hostName = app.cfg.App.Host

  275. 

  276. 	accountRoot := c.FederatedAccount()

  277. 

  278. 	page := r.FormValue("page")

  279. 	p, err := strconv.Atoi(page)

  280. 	if err != nil || p < 1 {

  281. 		// Return outbox

  282. 		oc := activitystreams.NewOrderedCollection(accountRoot, "following", 0)

  283. 		return impart.RenderActivityJSON(w, oc, http.StatusOK)

  284. 	}

  285. 

  286. 	// Return outbox page

  287. 	ocp := activitystreams.NewOrderedCollectionPage(accountRoot, "following", 0, p)

  288. 	ocp.OrderedItems = []interface{}{}

  289. 	setCacheControl(w, apCacheTime)

  290. 	return impart.RenderActivityJSON(w, ocp, http.StatusOK)

  291. }

  292. 

  293. func handleFetchCollectionInbox(app *App, w http.ResponseWriter, r *http.Request) error {

  294. 	w.Header().Set("Server", serverSoftware)

  295. 

  296. 	vars := mux.Vars(r)

  297. 	alias := vars["alias"]

  298. 	var c *Collection

  299. 	var err error

  300. 	if app.cfg.App.SingleUser {

  301. 		c, err = app.db.GetCollectionByID(1)

  302. 	} else {

  303. 		c, err = app.db.GetCollection(alias)

  304. 	}

  305. 	if err != nil {

  306. 		// TODO: return Reject?

  307. 		return err

  308. 	}

  309. 	silenced, err := app.db.IsUserSilenced(c.OwnerID)

  310. 	if err != nil {

  311. 		log.Error("fetch collection inbox: %v", err)

  312. 		return ErrInternalGeneral

  313. 	}

  314. 	if silenced {

  315. 		return ErrCollectionNotFound

  316. 	}

  317. 	c.hostName = app.cfg.App.Host

  318. 

  319. 	if debugging {

  320. 		dump, err := httputil.DumpRequest(r, true)

  321. 		if err != nil {

  322. 			log.Error("Can't dump: %v", err)

  323. 		} else {

  324. 			log.Info("Rec'd! %q", dump)

  325. 		}

  326. 	}

  327. 

  328. 	var m map[string]interface{}

  329. 	if err := json.NewDecoder(r.Body).Decode(&m); err != nil {

  330. 		return err

  331. 	}

  332. 

  333. 	a := streams.NewAccept()

  334. 	p := c.PersonObject()

  335. 	var to *url.URL

  336. 	var isFollow, isUnfollow bool

  337. 	fullActor := &activitystreams.Person{}

  338. 	var remoteUser *RemoteUser

  339. 

  340. 	res := &streams.Resolver{

  341. 		FollowCallback: func(f *streams.Follow) error {

  342. 			isFollow = true

  343. 

  344. 			// 1) Use the Follow concrete type here

  345. 			// 2) Errors are propagated to res.Deserialize call below

  346. 			m["@context"] = []string{activitystreams.Namespace}

  347. 			b, _ := json.Marshal(m)

  348. 			if debugging {

  349. 				log.Info("Follow: %s", b)

  350. 			}

  351. 

  352. 			_, followID := f.GetId()

  353. 			if followID == nil {

  354. 				log.Error("Didn't resolve follow ID")

  355. 			} else {

  356. 				aID := c.FederatedAccount() + "#accept-" + store.GenerateFriendlyRandomString(20)

  357. 				acceptID, err := url.Parse(aID)

  358. 				if err != nil {

  359. 					log.Error("Couldn't parse generated Accept URL '%s': %v", aID, err)

  360. 				}

  361. 				a.SetId(acceptID)

  362. 			}

  363. 			a.AppendObject(f.Raw())

  364. 			_, to = f.GetActor(0)

  365. 			obj := f.Raw().GetObjectIRI(0)

  366. 			a.AppendActor(obj)

  367. 

  368. 			// First get actor information

  369. 			if to == nil {

  370. 				return fmt.Errorf("No valid `to` string")

  371. 			}

  372. 			fullActor, remoteUser, err = getActor(app, to.String())

  373. 			if err != nil {

  374. 				return err

  375. 			}

  376. 			return impart.RenderActivityJSON(w, m, http.StatusOK)

  377. 		},

  378. 		UndoCallback: func(u *streams.Undo) error {

  379. 			isUnfollow = true

  380. 

  381. 			m["@context"] = []string{activitystreams.Namespace}

  382. 			b, _ := json.Marshal(m)

  383. 			if debugging {

  384. 				log.Info("Undo: %s", b)

  385. 			}

  386. 

  387. 			a.AppendObject(u.Raw())

  388. 			_, to = u.GetActor(0)

  389. 			// TODO: get actor from object.object, not object

  390. 			obj := u.Raw().GetObjectIRI(0)

  391. 			a.AppendActor(obj)

  392. 			if to != nil {

  393. 				// Populate fullActor from DB?

  394. 				remoteUser, err = getRemoteUser(app, to.String())

  395. 				if err != nil {

  396. 					if iErr, ok := err.(*impart.HTTPError); ok {

  397. 						if iErr.Status == http.StatusNotFound {

  398. 							log.Error("No remoteuser info for Undo event!")

  399. 						}

  400. 					}

  401. 					return err

  402. 				} else {

  403. 					fullActor = remoteUser.AsPerson()

  404. 				}

  405. 			} else {

  406. 				log.Error("No to on Undo!")

  407. 			}

  408. 			return impart.RenderActivityJSON(w, m, http.StatusOK)

  409. 		},

  410. 	}

  411. 	if err := res.Deserialize(m); err != nil {

  412. 		// 3) Any errors from #2 can be handled, or the payload is an unknown type.

  413. 		log.Error("Unable to resolve Follow: %v", err)

  414. 		if debugging {

  415. 			log.Error("Map: %s", m)

  416. 		}

  417. 		return err

  418. 	}

  419. 

  420. 	go func() {

  421. 		if to == nil {

  422. 			if debugging {

  423. 				log.Error("No `to` value!")

  424. 			}

  425. 			return

  426. 		}

  427. 

  428. 		time.Sleep(2 * time.Second)

  429. 		am, err := a.Serialize()

  430. 		if err != nil {

  431. 			log.Error("Unable to serialize Accept: %v", err)

  432. 			return

  433. 		}

  434. 		am["@context"] = []string{activitystreams.Namespace}

  435. 

  436. 		err = makeActivityPost(app.cfg.App.Host, p, fullActor.Inbox, am)

  437. 		if err != nil {

  438. 			log.Error("Unable to make activity POST: %v", err)

  439. 			return

  440. 		}

  441. 

  442. 		if isFollow {

  443. 			t, err := app.db.Begin()

  444. 			if err != nil {

  445. 				log.Error("Unable to start transaction: %v", err)

  446. 				return

  447. 			}

  448. 

  449. 			var followerID int64

  450. 

  451. 			if remoteUser != nil {

  452. 				followerID = remoteUser.ID

  453. 			} else {

  454. 				// Add follower locally, since it wasn't found before

  455. 				res, err := t.Exec("INSERT INTO remoteusers (actor_id, inbox, shared_inbox) VALUES (?, ?, ?)", fullActor.ID, fullActor.Inbox, fullActor.Endpoints.SharedInbox)

  456. 				if err != nil {

  457. 					// if duplicate key, res will be nil and panic on

  458. 					// res.LastInsertId below

  459. 					t.Rollback()

  460. 					log.Error("Couldn't add new remoteuser in DB: %v\n", err)

  461. 					return

  462. 				}

  463. 

  464. 				followerID, err = res.LastInsertId()

  465. 				if err != nil {

  466. 					t.Rollback()

  467. 					log.Error("no lastinsertid for followers, rolling back: %v", err)

  468. 					return

  469. 				}

  470. 

  471. 				// Add in key

  472. 				_, err = t.Exec("INSERT INTO remoteuserkeys (id, remote_user_id, public_key) VALUES (?, ?, ?)", fullActor.PublicKey.ID, followerID, fullActor.PublicKey.PublicKeyPEM)

  473. 				if err != nil {

  474. 					if !app.db.isDuplicateKeyErr(err) {

  475. 						t.Rollback()

  476. 						log.Error("Couldn't add follower keys in DB: %v\n", err)

  477. 						return

  478. 					}

  479. 				}

  480. 			}

  481. 

  482. 			// Add follow

  483. 			_, err = t.Exec("INSERT INTO remotefollows (collection_id, remote_user_id, created) VALUES (?, ?, "+app.db.now()+")", c.ID, followerID)

  484. 			if err != nil {

  485. 				if !app.db.isDuplicateKeyErr(err) {

  486. 					t.Rollback()

  487. 					log.Error("Couldn't add follower in DB: %v\n", err)

  488. 					return

  489. 				}

  490. 			}

  491. 

  492. 			err = t.Commit()

  493. 			if err != nil {

  494. 				t.Rollback()

  495. 				log.Error("Rolling back after Commit(): %v\n", err)

  496. 				return

  497. 			}

  498. 		} else if isUnfollow {

  499. 			// Remove follower locally

  500. 			_, err = app.db.Exec("DELETE FROM remotefollows WHERE collection_id = ? AND remote_user_id = (SELECT id FROM remoteusers WHERE actor_id = ?)", c.ID, to.String())

  501. 			if err != nil {

  502. 				log.Error("Couldn't remove follower from DB: %v\n", err)

  503. 			}

  504. 		}

  505. 	}()

  506. 

  507. 	return nil

  508. }

  509. 

  510. func makeActivityPost(hostName string, p *activitystreams.Person, url string, m interface{}) error {

  511. 	log.Info("POST %s", url)

  512. 	b, err := json.Marshal(m)

  513. 	if err != nil {

  514. 		return err

  515. 	}

  516. 

  517. 	r, _ := http.NewRequest("POST", url, bytes.NewBuffer(b))

  518. 	r.Header.Add("Content-Type", "application/activity+json")

  519. 	r.Header.Set("User-Agent", ServerUserAgent(hostName))

  520. 	h := sha256.New()

  521. 	h.Write(b)

  522. 	r.Header.Add("Digest", "SHA-256="+base64.StdEncoding.EncodeToString(h.Sum(nil)))

  523. 

  524. 	// Sign using the 'Signature' header

  525. 	privKey, err := activitypub.DecodePrivateKey(p.GetPrivKey())

  526. 	if err != nil {

  527. 		return err

  528. 	}

  529. 	signer := httpsig.NewSigner(p.PublicKey.ID, privKey, httpsig.RSASHA256, []string{"(request-target)", "date", "host", "digest"})

  530. 	err = signer.SignSigHeader(r)

  531. 	if err != nil {

  532. 		log.Error("Can't sign: %v", err)

  533. 	}

  534. 

  535. 	if debugging {

  536. 		dump, err := httputil.DumpRequestOut(r, true)

  537. 		if err != nil {

  538. 			log.Error("Can't dump: %v", err)

  539. 		} else {

  540. 			log.Info("%s", dump)

  541. 		}

  542. 	}

  543. 

  544. 	resp, err := activityPubClient().Do(r)

  545. 	if err != nil {

  546. 		return err

  547. 	}

  548. 	if resp != nil && resp.Body != nil {

  549. 		defer resp.Body.Close()

  550. 	}

  551. 

  552. 	body, err := ioutil.ReadAll(resp.Body)

  553. 	if err != nil {

  554. 		return err

  555. 	}

  556. 	if debugging {

  557. 		log.Info("Status  : %s", resp.Status)

  558. 		log.Info("Response: %s", body)

  559. 	}

  560. 

  561. 	return nil

  562. }

  563. 

  564. func resolveIRI(hostName, url string) ([]byte, error) {

  565. 	log.Info("GET %s", url)

  566. 

  567. 	r, _ := http.NewRequest("GET", url, nil)

  568. 	r.Header.Add("Accept", "application/activity+json")

  569. 	r.Header.Set("User-Agent", ServerUserAgent(hostName))

  570. 

  571. 	p := instanceColl.PersonObject()

  572. 	h := sha256.New()

  573. 	h.Write([]byte{})

  574. 	r.Header.Add("Digest", "SHA-256="+base64.StdEncoding.EncodeToString(h.Sum(nil)))

  575. 

  576. 	// Sign using the 'Signature' header

  577. 	privKey, err := activitypub.DecodePrivateKey(p.GetPrivKey())

  578. 	if err != nil {

  579. 		return nil, err

  580. 	}

  581. 	signer := httpsig.NewSigner(p.PublicKey.ID, privKey, httpsig.RSASHA256, []string{"(request-target)", "date", "host", "digest"})

  582. 	err = signer.SignSigHeader(r)

  583. 	if err != nil {

  584. 		log.Error("Can't sign: %v", err)

  585. 	}

  586. 

  587. 	if debugging {

  588. 		dump, err := httputil.DumpRequestOut(r, true)

  589. 		if err != nil {

  590. 			log.Error("Can't dump: %v", err)

  591. 		} else {

  592. 			log.Info("%s", dump)

  593. 		}

  594. 	}

  595. 

  596. 	resp, err := activityPubClient().Do(r)

  597. 	if err != nil {

  598. 		return nil, err

  599. 	}

  600. 	if resp != nil && resp.Body != nil {

  601. 		defer resp.Body.Close()

  602. 	}

  603. 

  604. 	body, err := ioutil.ReadAll(resp.Body)

  605. 	if err != nil {

  606. 		return nil, err

  607. 	}

  608. 	if debugging {

  609. 		log.Info("Status  : %s", resp.Status)

  610. 		log.Info("Response: %s", body)

  611. 	}

  612. 

  613. 	return body, nil

  614. }

  615. 

  616. func deleteFederatedPost(app *App, p *PublicPost, collID int64) error {

  617. 	if debugging {

  618. 		log.Info("Deleting federated post!")

  619. 	}

  620. 	p.Collection.hostName = app.cfg.App.Host

  621. 	actor := p.Collection.PersonObject(collID)

  622. 	na := p.ActivityObject(app)

  623. 

  624. 	// Add followers

  625. 	p.Collection.ID = collID

  626. 	followers, err := app.db.GetAPFollowers(&p.Collection.Collection)

  627. 	if err != nil {

  628. 		log.Error("Couldn't delete post (get followers)! %v", err)

  629. 		return err

  630. 	}

  631. 

  632. 	inboxes := map[string][]string{}

  633. 	for _, f := range *followers {

  634. 		inbox := f.SharedInbox

  635. 		if inbox == "" {

  636. 			inbox = f.Inbox

  637. 		}

  638. 		if _, ok := inboxes[inbox]; ok {

  639. 			inboxes[inbox] = append(inboxes[inbox], f.ActorID)

  640. 		} else {

  641. 			inboxes[inbox] = []string{f.ActorID}

  642. 		}

  643. 	}

  644. 

  645. 	for si, instFolls := range inboxes {

  646. 		na.CC = []string{}

  647. 		for _, f := range instFolls {

  648. 			na.CC = append(na.CC, f)

  649. 		}

  650. 

  651. 		da := activitystreams.NewDeleteActivity(na)

  652. 		// Make the ID unique to ensure it works in Pleroma

  653. 		// See: https://git.pleroma.social/pleroma/pleroma/issues/1481

  654. 		da.ID += "#Delete"

  655. 

  656. 		err = makeActivityPost(app.cfg.App.Host, actor, si, da)

  657. 		if err != nil {

  658. 			log.Error("Couldn't delete post! %v", err)

  659. 		}

  660. 	}

  661. 	return nil

  662. }

  663. 

  664. func federatePost(app *App, p *PublicPost, collID int64, isUpdate bool) error {

  665. 	// If app is private, do not federate

  666. 	if app.cfg.App.Private {

  667. 		return nil

  668. 	}

  669. 

  670. 	// Do not federate posts from private or protected blogs

  671. 	if p.Collection.Visibility == CollPrivate || p.Collection.Visibility == CollProtected {

  672. 		return nil

  673. 	}

  674. 

  675. 	if debugging {

  676. 		if isUpdate {

  677. 			log.Info("Federating updated post!")

  678. 		} else {

  679. 			log.Info("Federating new post!")

  680. 		}

  681. 	}

  682. 

  683. 	actor := p.Collection.PersonObject(collID)

  684. 	na := p.ActivityObject(app)

  685. 

  686. 	// Add followers

  687. 	p.Collection.ID = collID

  688. 	followers, err := app.db.GetAPFollowers(&p.Collection.Collection)

  689. 	if err != nil {

  690. 		log.Error("Couldn't post! %v", err)

  691. 		return err

  692. 	}

  693. 	log.Info("Followers for %d: %+v", collID, followers)

  694. 

  695. 	inboxes := map[string][]string{}

  696. 	for _, f := range *followers {

  697. 		inbox := f.SharedInbox

  698. 		if inbox == "" {

  699. 			inbox = f.Inbox

  700. 		}

  701. 		if _, ok := inboxes[inbox]; ok {

  702. 			// check if we're already sending to this shared inbox

  703. 			inboxes[inbox] = append(inboxes[inbox], f.ActorID)

  704. 		} else {

  705. 			// add the new shared inbox to the list

  706. 			inboxes[inbox] = []string{f.ActorID}

  707. 		}

  708. 	}

  709. 

  710. 	var activity *activitystreams.Activity

  711. 	// for each one of the shared inboxes

  712. 	for si, instFolls := range inboxes {

  713. 		// add all followers from that instance

  714. 		// to the CC field

  715. 		na.CC = []string{}

  716. 		for _, f := range instFolls {

  717. 			na.CC = append(na.CC, f)

  718. 		}

  719. 		// create a new "Create" activity

  720. 		// with our article as object

  721. 		if isUpdate {

  722. 			activity = activitystreams.NewUpdateActivity(na)

  723. 		} else {

  724. 			activity = activitystreams.NewCreateActivity(na)

  725. 			activity.To = na.To

  726. 			activity.CC = na.CC

  727. 		}

  728. 		// and post it to that sharedInbox

  729. 		err = makeActivityPost(app.cfg.App.Host, actor, si, activity)

  730. 		if err != nil {

  731. 			log.Error("Couldn't post! %v", err)

  732. 		}

  733. 	}

  734. 

  735. 	// re-create the object so that the CC list gets reset and has

  736. 	// the mentioned users. This might seem wasteful but the code is

  737. 	// cleaner than adding the mentioned users to CC here instead of

  738. 	// in p.ActivityObject()

  739. 	na = p.ActivityObject(app)

  740. 	for _, tag := range na.Tag {

  741. 		if tag.Type == "Mention" {

  742. 			activity = activitystreams.NewCreateActivity(na)

  743. 			activity.To = na.To

  744. 			activity.CC = na.CC

  745. 			// This here might be redundant in some cases as we might have already

  746. 			// sent this to the sharedInbox of this instance above, but we need too

  747. 			// much logic to catch this at the expense of the odd extra request.

  748. 			// I don't believe we'd ever have too many mentions in a single post that this

  749. 			// could become a burden.

  750. 			remoteUser, err := getRemoteUser(app, tag.HRef)

  751. 			if err != nil {

  752. 				log.Error("Unable to find remote user %s. Skipping: %v", tag.HRef, err)

  753. 				continue

  754. 			}

  755. 			err = makeActivityPost(app.cfg.App.Host, actor, remoteUser.Inbox, activity)

  756. 			if err != nil {

  757. 				log.Error("Couldn't post! %v", err)

  758. 			}

  759. 		}

  760. 	}

  761. 

  762. 	return nil

  763. }

  764. 

  765. func getRemoteUser(app *App, actorID string) (*RemoteUser, error) {

  766. 	u := RemoteUser{ActorID: actorID}

  767. 	var handle sql.NullString

  768. 	err := app.db.QueryRow("SELECT id, inbox, shared_inbox, handle FROM remoteusers WHERE actor_id = ?", actorID).Scan(&u.ID, &u.Inbox, &u.SharedInbox, &handle)

  769. 	switch {

  770. 	case err == sql.ErrNoRows:

  771. 		return nil, impart.HTTPError{http.StatusNotFound, "No remote user with that ID."}

  772. 	case err != nil:

  773. 		log.Error("Couldn't get remote user %s: %v", actorID, err)

  774. 		return nil, err

  775. 	}

  776. 

  777. 	u.Handle = handle.String

  778. 

  779. 	return &u, nil

  780. }

  781. 

  782. // getRemoteUserFromHandle retrieves the profile page of a remote user

  783. // from the @user@server.tld handle

  784. func getRemoteUserFromHandle(app *App, handle string) (*RemoteUser, error) {

  785. 	u := RemoteUser{Handle: handle}

  786. 	err := app.db.QueryRow("SELECT id, actor_id, inbox, shared_inbox FROM remoteusers WHERE handle = ?", handle).Scan(&u.ID, &u.ActorID, &u.Inbox, &u.SharedInbox)

  787. 	switch {

  788. 	case err == sql.ErrNoRows:

  789. 		return nil, ErrRemoteUserNotFound

  790. 	case err != nil:

  791. 		log.Error("Couldn't get remote user %s: %v", handle, err)

  792. 		return nil, err

  793. 	}

  794. 	return &u, nil

  795. }

  796. 

  797. func getActor(app *App, actorIRI string) (*activitystreams.Person, *RemoteUser, error) {

  798. 	log.Info("Fetching actor %s locally", actorIRI)

  799. 	actor := &activitystreams.Person{}

  800. 	remoteUser, err := getRemoteUser(app, actorIRI)

  801. 	if err != nil {

  802. 		if iErr, ok := err.(impart.HTTPError); ok {

  803. 			if iErr.Status == http.StatusNotFound {

  804. 				// Fetch remote actor

  805. 				log.Info("Not found; fetching actor %s remotely", actorIRI)

  806. 				actorResp, err := resolveIRI(app.cfg.App.Host, actorIRI)

  807. 				if err != nil {

  808. 					log.Error("Unable to get actor! %v", err)

  809. 					return nil, nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't fetch actor."}

  810. 				}

  811. 				if err := unmarshalActor(actorResp, actor); err != nil {

  812. 					log.Error("Unable to unmarshal actor! %v", err)

  813. 					return nil, nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't parse actor."}

  814. 				}

  815. 			} else {

  816. 				return nil, nil, err

  817. 			}

  818. 		} else {

  819. 			return nil, nil, err

  820. 		}

  821. 	} else {

  822. 		actor = remoteUser.AsPerson()

  823. 	}

  824. 	return actor, remoteUser, nil

  825. }

  826. 

  827. // unmarshal actor normalizes the actor response to conform to

  828. // the type Person from github.com/writeas/web-core/activitysteams

  829. //

  830. // some implementations return different context field types

  831. // this converts any non-slice contexts into a slice

  832. func unmarshalActor(actorResp []byte, actor *activitystreams.Person) error {

  833. 	// FIXME: Hubzilla has an object for the Actor's url: cannot unmarshal object into Go struct field Person.url of type string

  834. 

  835. 	// flexActor overrides the Context field to allow

  836. 	// all valid representations during unmarshal

  837. 	flexActor := struct {

  838. 		activitystreams.Person

  839. 		Context json.RawMessage `json:"@context,omitempty"`

  840. 	}{}

  841. 	if err := json.Unmarshal(actorResp, &flexActor); err != nil {

  842. 		return err

  843. 	}

  844. 

  845. 	actor.Endpoints = flexActor.Endpoints

  846. 	actor.Followers = flexActor.Followers

  847. 	actor.Following = flexActor.Following

  848. 	actor.ID = flexActor.ID

  849. 	actor.Icon = flexActor.Icon

  850. 	actor.Inbox = flexActor.Inbox

  851. 	actor.Name = flexActor.Name

  852. 	actor.Outbox = flexActor.Outbox

  853. 	actor.PreferredUsername = flexActor.PreferredUsername

  854. 	actor.PublicKey = flexActor.PublicKey

  855. 	actor.Summary = flexActor.Summary

  856. 	actor.Type = flexActor.Type

  857. 	actor.URL = flexActor.URL

  858. 

  859. 	func(val interface{}) {

  860. 		switch val.(type) {

  861. 		case []interface{}:

  862. 			// already a slice, do nothing

  863. 			actor.Context = val.([]interface{})

  864. 		default:

  865. 			actor.Context = []interface{}{val}

  866. 		}

  867. 	}(flexActor.Context)

  868. 

  869. 	return nil

  870. }

  871. 

  872. func setCacheControl(w http.ResponseWriter, ttl time.Duration) {

  873. 	w.Header().Set("Cache-Control", fmt.Sprintf("public, max-age=%.0f", ttl.Seconds()))

  874. }