Fixed:

[fba.git] / api.py

# Fedi API Block - An aggregator for fetching blocking data from fediverse nodes
# Copyright (C) 2023 Free Software Foundation
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.

import re

from datetime import datetime
from email.utils import format_datetime
from fastapi import Request, HTTPException, Query
from fastapi.responses import JSONResponse
from fastapi.responses import PlainTextResponse
from fastapi.templating import Jinja2Templates

import fastapi
import uvicorn
import requests
import validators

from fba import database
from fba import utils

from fba.helpers import config
from fba.helpers import tidyup

from fba.http import network

router = fastapi.FastAPI(docs_url=config.get("base_url") + "/docs", redoc_url=config.get("base_url") + "/redoc")
templates = Jinja2Templates(directory="templates")

@router.get(config.get("base_url") + "/api/info.json", response_class=JSONResponse)
def api_info():
    database.cursor.execute("SELECT (SELECT COUNT(domain) FROM instances), (SELECT COUNT(domain) FROM instances WHERE software IN ('pleroma', 'mastodon', 'lemmy', 'friendica', 'misskey', 'peertube')), (SELECT COUNT(blocker) FROM blocks), (SELECT COUNT(domain) FROM instances WHERE last_error_details IS NOT NULL)")
    row = database.cursor.fetchone()

    return {
        "known_instances"    : row[0],
        "indexed_instances"  : row[1],
        "blocks_recorded"    : row[2],
        "erroneous_instances": row[3],
        "slogan"             : config.get("slogan"),
    }

@router.get(config.get("base_url") + "/api/scoreboard.json", response_class=JSONResponse)
def api_scoreboard(mode: str, amount: int):
    if amount > 500:
        raise HTTPException(status_code=400, detail="Too many results")

    if mode == "blocked":
        database.cursor.execute("SELECT blocked, COUNT(blocked) AS score FROM blocks WHERE block_level = 'reject' GROUP BY blocked ORDER BY score DESC LIMIT ?", [amount])
    elif mode == "blocker":
        database.cursor.execute("SELECT blocker, COUNT(blocker) AS score FROM blocks WHERE block_level = 'reject' GROUP BY blocker ORDER BY score DESC LIMIT ?", [amount])
    elif mode == "reference":
        database.cursor.execute("SELECT origin, COUNT(domain) AS score FROM instances WHERE software IS NOT NULL GROUP BY origin ORDER BY score DESC LIMIT ?", [amount])
    elif mode == "software":
        database.cursor.execute("SELECT software, COUNT(domain) AS score FROM instances WHERE software IS NOT NULL GROUP BY software ORDER BY score DESC, software ASC LIMIT ?", [amount])
    elif mode == "command":
        database.cursor.execute("SELECT command, COUNT(domain) AS score FROM instances WHERE command IS NOT NULL GROUP BY command ORDER BY score DESC, command ASC LIMIT ?", [amount])
    elif mode == "error_code":
        database.cursor.execute("SELECT last_status_code, COUNT(domain) AS score FROM instances WHERE last_status_code IS NOT NULL AND last_status_code != '200' GROUP BY last_status_code ORDER BY score DESC LIMIT ?", [amount])
    elif mode == "avg_peers":
        database.cursor.execute("SELECT software, AVG(total_peers) AS average FROM instances WHERE software IS NOT NULL GROUP BY software HAVING average>0 ORDER BY average DESC LIMIT ?", [amount])
    elif mode == "obfuscator":
        database.cursor.execute("SELECT software, COUNT(domain) AS cnt FROM instances WHERE has_obfuscation = 1 GROUP BY software ORDER BY cnt DESC LIMIT ?", [amount])
    elif mode == "obfuscation":
        database.cursor.execute("SELECT has_obfuscation, COUNT(domain) AS cnt FROM instances WHERE software IN ('pleroma', 'mastodon', 'friendica') GROUP BY has_obfuscation ORDER BY cnt DESC LIMIT ?", [amount])
    elif mode == "block_level":
        database.cursor.execute("SELECT block_level, COUNT(rowid) AS cnt FROM blocks GROUP BY block_level ORDER BY cnt DESC LIMIT ?", [amount])
    else:
        raise HTTPException(status_code=400, detail="No filter specified")

    scores = list()

    for domain, score in database.cursor.fetchall():
        scores.append({
            "domain": domain,
            "score" : round(score)
        })

    return scores

@router.get(config.get("base_url") + "/api/index.json", response_class=JSONResponse)
def api_blocked(domain: str = None, reason: str = None, reverse: str = None):
    if domain is None and reason is None and reverse is None:
        raise HTTPException(status_code=400, detail="No filter specified")

    if reason is not None:
        reason = re.sub("(%|_)", "", tidyup.reason(reason))
        if len(reason) < 3:
            raise HTTPException(status_code=400, detail="Keyword is shorter than three characters")

    if domain is not None:
        domain = tidyup.domain(domain)
        if not validators.domain(domain.split("/")[0]):
            raise HTTPException(status_code=500, detail="Invalid domain")

        wildchar = "*." + ".".join(domain.split(".")[-domain.count("."):])
        punycode = domain.encode('idna').decode('utf-8')

        database.cursor.execute("SELECT blocker, blocked, block_level, reason, first_seen, last_seen FROM blocks WHERE blocked = ? OR blocked = ? OR blocked = ? OR blocked = ? OR blocked = ? OR blocked = ? ORDER BY first_seen ASC",
                  (domain, "*." + domain, wildchar, utils.get_hash(domain), punycode, "*." + punycode))
    elif reverse is not None:
        reverse = tidyup.domain(reverse)
        if not validators.domain(reverse):
            raise HTTPException(status_code=500, detail="Invalid domain")

        database.cursor.execute("SELECT blocker, blocked, block_level, reason, first_seen, last_seen FROM blocks WHERE blocker = ? ORDER BY first_seen ASC", [reverse])
    else:
        database.cursor.execute("SELECT blocker, blocked, block_level, reason, first_seen, last_seen FROM blocks WHERE reason like ? AND reason != '' ORDER BY first_seen ASC", ["%" + reason + "%"])

    blocklist = database.cursor.fetchall()

    result = {}
    for blocker, blocked, block_level, reason, first_seen, last_seen in blocklist:
        if reason is not None and reason != "":
            reason = reason.replace(",", " ").replace("  ", " ")

        entry = {
            "blocker"   : blocker,
            "blocked"   : blocked,
            "reason"    : reason,
            "first_seen": first_seen,
            "last_seen" : last_seen
        }

        if block_level in result:
            result[block_level].append(entry)
        else:
            result[block_level] = [entry]

    return result

@router.get(config.get("base_url") + "/api/mutual.json", response_class=JSONResponse)
def api_mutual(domains: list[str] = Query()):
    """Return 200 if federation is open between the two, 4xx otherwise"""
    database.cursor.execute(
        "SELECT block_level FROM blocks " \
        "WHERE ((blocker = :a OR blocker = :b) AND (blocked = :b OR blocked = :a OR blocked = :aw OR blocked = :bw)) " \
        "AND block_level = 'reject' " \
        "LIMIT 1",
        {
            "a" : domains[0],
            "b" : domains[1],
            "aw": "*." + domains[0],
            "bw": "*." + domains[1],
        },
    )
    response = database.cursor.fetchone()

    if response is not None:
        # Blocks found
        return JSONResponse(status_code=418, content={})

    # No known blocks
    return JSONResponse(status_code=200, content={})

@router.get(config.get("base_url") + "/scoreboard")
def scoreboard(request: Request, mode: str, amount: int):
    response = None

    if mode == "blocker" and amount > 0:
        response = requests.get(f"http://{config.get('host')}:{config.get('port')}{config.get('base_url')}/api/scoreboard.json?mode=blocker&amount={amount}")
    elif mode == "blocked" and amount > 0:
        response = requests.get(f"http://{config.get('host')}:{config.get('port')}{config.get('base_url')}/api/scoreboard.json?mode=blocked&amount={amount}")
    elif mode == "reference" and amount > 0:
        response = requests.get(f"http://{config.get('host')}:{config.get('port')}{config.get('base_url')}/api/scoreboard.json?mode=reference&amount={amount}")
    elif mode == "software" and amount > 0:
        response = requests.get(f"http://{config.get('host')}:{config.get('port')}{config.get('base_url')}/api/scoreboard.json?mode=software&amount={amount}")
    elif mode == "command" and amount > 0:
        response = requests.get(f"http://{config.get('host')}:{config.get('port')}{config.get('base_url')}/api/scoreboard.json?mode=command&amount={amount}")
    elif mode == "error_code" and amount > 0:
        response = requests.get(f"http://{config.get('host')}:{config.get('port')}{config.get('base_url')}/api/scoreboard.json?mode=error_code&amount={amount}")
    elif mode == "avg_peers" and amount > 0:
        response = requests.get(f"http://{config.get('host')}:{config.get('port')}{config.get('base_url')}/api/scoreboard.json?mode=avg_peers&amount={amount}")
    elif mode == "obfuscator" and amount > 0:
        response = requests.get(f"http://{config.get('host')}:{config.get('port')}{config.get('base_url')}/api/scoreboard.json?mode=obfuscator&amount={amount}")
    elif mode == "obfuscation" and amount > 0:
        response = requests.get(f"http://{config.get('host')}:{config.get('port')}{config.get('base_url')}/api/scoreboard.json?mode=obfuscation&amount={amount}")
    elif mode == "block_level" and amount > 0:
        response = requests.get(f"http://{config.get('host')}:{config.get('port')}{config.get('base_url')}/api/scoreboard.json?mode=block_level&amount={amount}")
    else:
        raise HTTPException(status_code=400, detail="No filter specified")

    if response is None:
        raise HTTPException(status_code=500, detail="Could not determine scores")
    elif not response.ok:
        raise HTTPException(status_code=response.status_code, detail=response.text)

    return templates.TemplateResponse("views/scoreboard.html", {
        "base_url"  : config.get("base_url"),
        "slogan"    : config.get("slogan"),
        "request"   : request,
        "scoreboard": True,
        "mode"      : mode,
        "amount"    : amount,
        "scores"    : network.json_from_response(response)
    })

@router.get(config.get("base_url") + "/")
def index(request: Request):
    # Get info
    response = requests.get(f"http://{config.get('host')}:{config.get('port')}{config.get('base_url')}/api/info.json")

    if not response.ok:
        raise HTTPException(status_code=response.status_code, detail=response.text)

    return templates.TemplateResponse("views/index.html", {
        "request": request,
        "info"   : response.json()
    })

@router.get(config.get("base_url") + "/top")
def top(request: Request, domain: str = None, reason: str = None, reverse: str = None):
    if domain == "" or reason == "" or reverse == "":
        raise HTTPException(status_code=500, detail="Insufficient parameter provided")

    response = requests.get(f"http://{config.get('host')}:{config.get('port')}{config.get('base_url')}/api/info.json")

    if not response.ok:
        raise HTTPException(status_code=response.status_code, detail=response.text)

    info = response.json()
    response = None

    if domain is not None:
        domain = tidyup.domain(domain)
        if not validators.domain(domain.split("/")[0]):
            raise HTTPException(status_code=500, detail="Invalid domain")

        response = requests.get(f"http://{config.get('host')}:{config.get('port')}{config.get('base_url')}/api/index.json?domain={domain}")
    elif reason is not None:
        response = requests.get(f"http://{config.get('host')}:{config.get('port')}{config.get('base_url')}/api/index.json?reason={reason}")
    elif reverse is not None:
        reverse = tidyup.domain(reverse)
        if not validators.domain(reverse):
            raise HTTPException(status_code=500, detail="Invalid domain")

        response = requests.get(f"http://{config.get('host')}:{config.get('port')}{config.get('base_url')}/api/index.json?reverse={reverse}")

    if response is not None:
        if not response.ok:
            raise HTTPException(status_code=response.status_code, detail=response.text)

        blocklist = response.json()

        for block_level in blocklist:
            for block in blocklist[block_level]:
                block["first_seen"] = datetime.utcfromtimestamp(block["first_seen"]).strftime(config.get("timestamp_format"))
                block["last_seen"]  = datetime.utcfromtimestamp(block["last_seen"]).strftime(config.get("timestamp_format"))

    return templates.TemplateResponse("views/top.html", {
        "request": request,
        "domain" : domain,
        "blocks" : blocklist,
        "reason" : reason,
        "reverse": reverse,
        "info"   : info
    })

@router.get(config.get("base_url") + "/rss")
def rss(request: Request, domain: str = None):
    if domain is not None:
        domain = tidyup.domain(domain)

        wildchar = "*." + ".".join(domain.split(".")[-domain.count("."):])
        punycode = domain.encode("idna").decode("utf-8")

        database.cursor.execute("SELECT blocker, blocked, block_level, reason, first_seen, last_seen FROM blocks WHERE blocked = ? OR blocked = ? OR blocked = ? OR blocked = ? OR blocked = ? OR blocked = ? ORDER BY first_seen DESC LIMIT ?", [
            domain,
            "*." + domain, wildchar,
            utils.get_hash(domain),
            punycode,
            "*." + punycode,
            config.get("rss_limit")
        ])
    else:
        database.cursor.execute("SELECT blocker, blocked, block_level, reason, first_seen, last_seen FROM blocks ORDER BY first_seen DESC LIMIT ?", [config.get("rss_limit")])

    result = database.cursor.fetchall()
    blocklist = []

    for row in result:
        blocklist.append({
            "blocker"    : row[0],
            "blocked"    : row[1],
            "block_level": row[2],
            "reason"     : "Provided reason: '" + row[3] + "'" if row[3] is not None and row[3] != "" else "No reason provided.",
            "first_seen" : format_datetime(datetime.fromtimestamp(row[4])),
            "last_seen"  : format_datetime(datetime.fromtimestamp(row[5])),
        })

    return templates.TemplateResponse("rss.xml", {
        "request"  : request,
        "timestamp": format_datetime(datetime.now()),
        "domain"   : domain,
        "hostname" : config.get("hostname"),
        "blocks"   : blocklist
    }, headers={
        "Content-Type": "routerlication/rss+xml"
    })

@router.get(config.get("base_url") + "/robots.txt", response_class=PlainTextResponse)
def robots(request: Request):
    return templates.TemplateResponse("robots.txt", {
        "request" : request,
        "base_url": config.get("base_url")
    })

if __name__ == "__main__":
    uvicorn.run("api:router", host=config.get("host"), port=config.get("port"), log_level=config.get("log_level"))