use Friendica\Model\Conversation;
use Friendica\Model\Contact;
use Friendica\Model\Item;
+use Friendica\Model\Profile;
use Friendica\Model\Term;
use Friendica\Model\User;
use Friendica\Util\DateTimeFormat;
use Friendica\Content\Text\BBCode;
use Friendica\Content\Text\HTML;
use Friendica\Util\JsonLD;
+use Friendica\Util\LDSignature;
+use Friendica\Core\Config;
/**
* @brief ActivityPub Protocol class
*
* Digest: https://tools.ietf.org/html/rfc5843
* https://tools.ietf.org/html/draft-cavage-http-signatures-10#ref-15
- * https://github.com/digitalbazaar/php-json-ld
*
- * Part of the code for HTTP signing is taken from the Osada project.
- * https://framagit.org/macgirvin/osada
+ * Mastodon implementation of supported activities:
+ * https://github.com/tootsuite/mastodon/blob/master/app/lib/activitypub/activity.rb#L26
*
* To-do:
*
* Receiver:
- * - Activities: Dislike, Update, Delete
+ * - Activities: Update (Notes, Person), Delete (Person, Activities, Notes)
* - Object Types: Person, Tombstome
*
* Transmitter:
- * - Activities: Like, Dislike, Update, Delete
- * - Object Tyoes: Article, Announce, Person, Tombstone
+ * - Activities: Announce, Update (Person)
+ * - Object Tyoes: Person
*
* General:
- * - Message distribution
- * - Endpoints: Outbox, Object, Follower, Following
- * - General cleanup
+ * - Queueing unsucessful deliveries
+ * - Event support
+ * - Polling the outboxes for missing content?
*/
class ActivityPub
{
const PUBLIC = 'https://www.w3.org/ns/activitystreams#Public';
+ const CONTEXT = ['https://www.w3.org/ns/activitystreams', 'https://w3id.org/security/v1',
+ ['ostatus' => 'http://ostatus.org#', 'uuid' => 'http://schema.org/identifier',
+ 'sensitive' => 'as:sensitive', 'Hashtag' => 'as:Hashtag',
+ 'atomUri' => 'ostatus:atomUri', 'conversation' => 'ostatus:conversation',
+ 'inReplyToAtomUri' => 'ostatus:inReplyToAtomUri']];
public static function isRequest()
{
stristr(defaults($_SERVER, 'HTTP_ACCEPT', ''), 'application/ld+json');
}
- public static function transmit($data, $target, $uid)
+ public static function getFollowers($owner, $page = null)
{
- $owner = User::getOwnerDataById($uid);
+ $condition = ['rel' => [Contact::FOLLOWER, Contact::FRIEND], 'network' => Protocol::NATIVE_SUPPORT, 'uid' => $owner['uid'],
+ 'self' => false, 'hidden' => false, 'archive' => false, 'pending' => false];
+ $count = DBA::count('contact', $condition);
- if (!$owner) {
- return;
+ $data = ['@context' => self::CONTEXT];
+ $data['id'] = System::baseUrl() . '/followers/' . $owner['nickname'];
+ $data['type'] = 'OrderedCollection';
+ $data['totalItems'] = $count;
+
+ // When we hide our friends we will only show the pure number but don't allow more.
+ $profile = Profile::getProfileForUser($owner['uid']);
+ if (!empty($profile['hide-friends'])) {
+ return $data;
}
- $content = json_encode($data);
+ if (empty($page)) {
+ $data['first'] = System::baseUrl() . '/followers/' . $owner['nickname'] . '?page=1';
+ } else {
+ $list = [];
- // Header data that is about to be signed.
- $host = parse_url($target, PHP_URL_HOST);
- $path = parse_url($target, PHP_URL_PATH);
- $digest = 'SHA-256=' . base64_encode(hash('sha256', $content, true));
- $content_length = strlen($content);
+ $contacts = DBA::select('contact', ['url'], $condition, ['limit' => [($page - 1) * 100, 100]]);
+ while ($contact = DBA::fetch($contacts)) {
+ $list[] = $contact['url'];
+ }
- $headers = ['Content-Length: ' . $content_length, 'Digest: ' . $digest, 'Host: ' . $host];
+ if (!empty($list)) {
+ $data['next'] = System::baseUrl() . '/followers/' . $owner['nickname'] . '?page=' . ($page + 1);
+ }
- $signed_data = "(request-target): post " . $path . "\ncontent-length: " . $content_length . "\ndigest: " . $digest . "\nhost: " . $host;
+ $data['partOf'] = System::baseUrl() . '/followers/' . $owner['nickname'];
- $signature = base64_encode(Crypto::rsaSign($signed_data, $owner['uprvkey'], 'sha256'));
+ $data['orderedItems'] = $list;
+ }
- $headers[] = 'Signature: keyId="' . $owner['url'] . '#main-key' . '",algorithm="rsa-sha256",headers="(request-target) content-length digest host",signature="' . $signature . '"';
+ return $data;
+ }
- $headers[] = 'Content-Type: application/activity+json';
+ public static function getFollowing($owner, $page = null)
+ {
+ $condition = ['rel' => [Contact::SHARING, Contact::FRIEND], 'network' => Protocol::NATIVE_SUPPORT, 'uid' => $owner['uid'],
+ 'self' => false, 'hidden' => false, 'archive' => false, 'pending' => false];
+ $count = DBA::count('contact', $condition);
+
+ $data = ['@context' => self::CONTEXT];
+ $data['id'] = System::baseUrl() . '/following/' . $owner['nickname'];
+ $data['type'] = 'OrderedCollection';
+ $data['totalItems'] = $count;
- Network::post($target, $content, $headers);
- $return_code = BaseObject::getApp()->get_curl_code();
+ // When we hide our friends we will only show the pure number but don't allow more.
+ $profile = Profile::getProfileForUser($owner['uid']);
+ if (!empty($profile['hide-friends'])) {
+ return $data;
+ }
+
+ if (empty($page)) {
+ $data['first'] = System::baseUrl() . '/following/' . $owner['nickname'] . '?page=1';
+ } else {
+ $list = [];
- logger('Transmit to ' . $target . ' returned ' . $return_code);
+ $contacts = DBA::select('contact', ['url'], $condition, ['limit' => [($page - 1) * 100, 100]]);
+ while ($contact = DBA::fetch($contacts)) {
+ $list[] = $contact['url'];
+ }
+
+ if (!empty($list)) {
+ $data['next'] = System::baseUrl() . '/following/' . $owner['nickname'] . '?page=' . ($page + 1);
+ }
+
+ $data['partOf'] = System::baseUrl() . '/following/' . $owner['nickname'];
+
+ $data['orderedItems'] = $list;
+ }
+
+ return $data;
+ }
+
+ public static function getOutbox($owner, $page = null)
+ {
+ $public_contact = Contact::getIdForURL($owner['url'], 0, true);
+
+ $condition = ['uid' => $owner['uid'], 'contact-id' => $owner['id'], 'author-id' => $public_contact,
+ 'wall' => true, 'private' => false, 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT],
+ 'deleted' => false, 'visible' => true];
+ $count = DBA::count('item', $condition);
+
+ $data = ['@context' => self::CONTEXT];
+ $data['id'] = System::baseUrl() . '/outbox/' . $owner['nickname'];
+ $data['type'] = 'OrderedCollection';
+ $data['totalItems'] = $count;
+
+ if (empty($page)) {
+ $data['first'] = System::baseUrl() . '/outbox/' . $owner['nickname'] . '?page=1';
+ } else {
+ $list = [];
+
+ $condition['parent-network'] = Protocol::NATIVE_SUPPORT;
+
+ $items = Item::select(['id'], $condition, ['limit' => [($page - 1) * 20, 20], 'order' => ['created' => true]]);
+ while ($item = Item::fetch($items)) {
+ $object = self::createObjectFromItemID($item['id']);
+ unset($object['@context']);
+ $list[] = $object;
+ }
+
+ if (!empty($list)) {
+ $data['next'] = System::baseUrl() . '/outbox/' . $owner['nickname'] . '?page=' . ($page + 1);
+ }
+
+ $data['partOf'] = System::baseUrl() . '/outbox/' . $owner['nickname'];
+
+ $data['orderedItems'] = $list;
+ }
+
+ return $data;
}
/**
return $data;
}
+ private static function fetchPermissionBlockFromConversation($item)
+ {
+ if (empty($item['thr-parent'])) {
+ return [];
+ }
+
+ $condition = ['item-uri' => $item['thr-parent'], 'protocol' => Conversation::PARCEL_ACTIVITYPUB];
+ $conversation = DBA::selectFirst('conversation', ['source'], $condition);
+ if (!DBA::isResult($conversation)) {
+ return [];
+ }
+
+ $activity = json_decode($conversation['source'], true);
+
+ $actor = JsonLD::fetchElement($activity, 'actor', 'id');
+ $profile = ActivityPub::fetchprofile($actor);
+
+ $item_profile = ActivityPub::fetchprofile($item['author-link']);
+ $exclude[] = $item['author-link'];
+
+ if ($item['gravity'] == GRAVITY_PARENT) {
+ $exclude[] = $item['owner-link'];
+ }
+
+ $permissions = [];
+
+ $elements = ['to', 'cc', 'bto', 'bcc'];
+ foreach ($elements as $element) {
+ if (empty($activity[$element])) {
+ continue;
+ }
+ if (is_string($activity[$element])) {
+ $activity[$element] = [$activity[$element]];
+ }
+ foreach ($activity[$element] as $receiver) {
+ if ($receiver == $profile['followers'] && !empty($item_profile['followers'])) {
+ $receiver = $item_profile['followers'];
+ }
+ if (!in_array($receiver, $exclude)) {
+ $permissions[$element][] = $receiver;
+ }
+ }
+ }
+ return $permissions;
+ }
+
public static function createPermissionBlockForItem($item)
{
$data = ['to' => [], 'cc' => []];
+ $data = array_merge($data, self::fetchPermissionBlockFromConversation($item));
+
+ $actor_profile = ActivityPub::fetchprofile($item['author-link']);
+
$terms = Term::tagArrayFromItemId($item['id']);
+ $contacts[$item['author-link']] = $item['author-link'];
+
if (!$item['private']) {
$data['to'][] = self::PUBLIC;
- $data['cc'][] = System::baseUrl() . '/followers/' . $item['author-nick'];
+ if (!empty($actor_profile['followers'])) {
+ $data['cc'][] = $actor_profile['followers'];
+ }
foreach ($terms as $term) {
if ($term['type'] != TERM_MENTION) {
continue;
}
- $profile = self::fetchprofile($term['url']);
- if (!empty($profile)) {
+ $profile = self::fetchprofile($term['url'], false);
+ if (!empty($profile) && empty($contacts[$profile['url']])) {
$data['cc'][] = $profile['url'];
+ $contacts[$profile['url']] = $profile['url'];
}
}
} else {
- //$data['cc'][] = System::baseUrl() . '/followers/' . $item['author-nick'];
$receiver_list = Item::enumeratePermissions($item);
$mentioned = [];
if (!empty($cid) && in_array($cid, $receiver_list)) {
$contact = DBA::selectFirst('contact', ['url'], ['id' => $cid, 'network' => Protocol::ACTIVITYPUB]);
$data['to'][] = $contact['url'];
+ $contacts[$contact['url']] = $contact['url'];
}
}
foreach ($receiver_list as $receiver) {
$contact = DBA::selectFirst('contact', ['url'], ['id' => $receiver, 'network' => Protocol::ACTIVITYPUB]);
- $data['cc'][] = $contact['url'];
+ if (empty($contacts[$contact['url']])) {
+ $data['cc'][] = $contact['url'];
+ $contacts[$contact['url']] = $contact['url'];
+ }
+ }
+ }
+
+// It is to decide whether we should include all profiles in a thread to the list of receivers
+/*
+ $parents = Item::select(['author-link', 'owner-link', 'gravity'], ['parent' => $item['parent']]);
+ while ($parent = Item::fetch($parents)) {
+ $profile = self::fetchprofile($parent['author-link'], false);
+ if (!empty($profile) && empty($contacts[$profile['url']])) {
+ $data['cc'][] = $profile['url'];
+ $contacts[$profile['url']] = $profile['url'];
}
- if (empty($data['to'])) {
- $data['to'] = $data['cc'];
- $data['cc'] = [];
+ if ($item['gravity'] != GRAVITY_PARENT) {
+ continue;
}
+
+ $profile = self::fetchprofile($parent['owner-link'], false);
+ if (!empty($profile) && empty($contacts[$profile['url']])) {
+ $data['cc'][] = $profile['url'];
+ $contacts[$profile['url']] = $profile['url'];
+ }
+ }
+ DBA::close($parents);
+*/
+ if (empty($data['to'])) {
+ $data['to'] = $data['cc'];
+ $data['cc'] = [];
}
return $data;
}
- public static function fetchTargetInboxes($item)
+ public static function fetchTargetInboxes($item, $uid)
{
- $inboxes = [];
+ $permissions = self::createPermissionBlockForItem($item);
+ if (empty($permissions)) {
+ return [];
+ }
- $terms = Term::tagArrayFromItemId($item['id']);
- if (!$item['private']) {
- $contacts = DBA::select('contact', ['notify', 'batch'], ['uid' => $item['uid'],
- 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'network' => Protocol::ACTIVITYPUB]);
- while ($contact = DBA::fetch($contacts)) {
- $contact = defaults($contact, 'batch', $contact['notify']);
- $inboxes[$contact] = $contact;
- }
- DBA::close($contacts);
+ $inboxes = [];
- foreach ($terms as $term) {
- if ($term['type'] != TERM_MENTION) {
- continue;
- }
- $profile = self::fetchprofile($term['url']);
- if (!empty($profile)) {
- $target = defaults($profile, 'sharedinbox', $profile['inbox']);
- $inboxes[$target] = $target;
- }
- }
+ if ($item['gravity'] == GRAVITY_ACTIVITY) {
+ $item_profile = ActivityPub::fetchprofile($item['author-link']);
} else {
- $receiver_list = Item::enumeratePermissions($item);
+ $item_profile = ActivityPub::fetchprofile($item['owner-link']);
+ }
- $mentioned = [];
+ $elements = ['to', 'cc', 'bto', 'bcc'];
+ foreach ($elements as $element) {
+ if (empty($permissions[$element])) {
+ continue;
+ }
- foreach ($terms as $term) {
- if ($term['type'] != TERM_MENTION) {
- continue;
- }
- $cid = Contact::getIdForURL($term['url'], $item['uid']);
- if (!empty($cid) && in_array($cid, $receiver_list)) {
- $contact = DBA::selectFirst('contact', ['url'], ['id' => $cid, 'network' => Protocol::ACTIVITYPUB]);
- $profile = self::fetchprofile($contact['url']);
- if (!empty($profile['network'])) {
+ foreach ($permissions[$element] as $receiver) {
+ if ($receiver == $item_profile['followers']) {
+ $contacts = DBA::select('contact', ['notify', 'batch'], ['uid' => $uid,
+ 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'network' => Protocol::ACTIVITYPUB]);
+ while ($contact = DBA::fetch($contacts)) {
+ $contact = defaults($contact, 'batch', $contact['notify']);
+ $inboxes[$contact] = $contact;
+ }
+ DBA::close($contacts);
+ } else {
+ $profile = self::fetchprofile($receiver);
+ if (!empty($profile)) {
$target = defaults($profile, 'sharedinbox', $profile['inbox']);
$inboxes[$target] = $target;
}
}
}
-
- foreach ($receiver_list as $receiver) {
- $contact = DBA::selectFirst('contact', ['url'], ['id' => $receiver, 'network' => Protocol::ACTIVITYPUB]);
- $profile = self::fetchprofile($contact['url']);
- if (!empty($profile['network'])) {
- $target = defaults($profile, 'sharedinbox', $profile['inbox']);
- $inboxes[$target] = $target;
- }
- }
}
- $profile = self::fetchprofile($item['author-link']);
- if (!empty($profile['sharedinbox'])) {
- unset($inboxes[$profile['sharedinbox']]);
- }
+ return $inboxes;
+ }
- if (!empty($profile['inbox'])) {
- unset($inboxes[$profile['inbox']]);
+ public static function getTypeOfItem($item)
+ {
+ if ($item['verb'] == ACTIVITY_POST) {
+ if ($item['created'] == $item['edited']) {
+ $type = 'Create';
+ } else {
+ $type = 'Update';
+ }
+ } elseif ($item['verb'] == ACTIVITY_LIKE) {
+ $type = 'Like';
+ } elseif ($item['verb'] == ACTIVITY_DISLIKE) {
+ $type = 'Dislike';
+ } elseif ($item['verb'] == ACTIVITY_ATTEND) {
+ $type = 'Accept';
+ } elseif ($item['verb'] == ACTIVITY_ATTENDNO) {
+ $type = 'Reject';
+ } elseif ($item['verb'] == ACTIVITY_ATTENDMAYBE) {
+ $type = 'TentativeAccept';
+ } else {
+ $type = '';
}
- return $inboxes;
+ return $type;
}
- public static function createActivityFromItem($item_id)
+ public static function createActivityFromItem($item_id, $object_mode = false)
{
$item = Item::selectFirst([], ['id' => $item_id]);
}
}
- $data = ['@context' => ['https://www.w3.org/ns/activitystreams', 'https://w3id.org/security/v1',
- ['ostatus' => 'http://ostatus.org#', 'sensitive' => 'as:sensitive',
- 'Hashtag' => 'as:Hashtag', 'atomUri' => 'ostatus:atomUri',
- 'conversation' => 'ostatus:conversation',
- 'inReplyToAtomUri' => 'ostatus:inReplyToAtomUri']]];
+ $type = self::getTypeOfItem($item);
+
+ if (!$object_mode) {
+ $data = ['@context' => self::CONTEXT];
- $data['type'] = 'Create';
- $data['id'] = $item['uri'] . '#activity';
+ if ($item['deleted'] && ($item['gravity'] == GRAVITY_ACTIVITY)) {
+ $type = 'Undo';
+ } elseif ($item['deleted']) {
+ $type = 'Delete';
+ }
+ } else {
+ $data = [];
+ }
+
+ $data['id'] = $item['uri'] . '#' . $type;
+ $data['type'] = $type;
$data['actor'] = $item['author-link'];
$data['published'] = DateTimeFormat::utc($item["created"]."+00:00", DateTimeFormat::ATOM);
$data['updated'] = DateTimeFormat::utc($item["edited"]."+00:00", DateTimeFormat::ATOM);
}
+ $data['context'] = self::createConversationURLFromItem($item);
+
$data = array_merge($data, ActivityPub::createPermissionBlockForItem($item));
- $data['object'] = self::createNote($item);
- return $data;
+ if (in_array($data['type'], ['Create', 'Update', 'Announce', 'Delete'])) {
+ $data['object'] = self::CreateNote($item);
+ } elseif ($data['type'] == 'Undo') {
+ $data['object'] = self::createActivityFromItem($item_id, true);
+ } else {
+ $data['object'] = $item['thr-parent'];
+ }
+
+ $owner = User::getOwnerDataById($item['uid']);
+
+ if (!$object_mode) {
+ return LDSignature::sign($data, $owner);
+ } else {
+ return $data;
+ }
}
public static function createObjectFromItemID($item_id)
return false;
}
- $data = ['@context' => ['https://www.w3.org/ns/activitystreams', 'https://w3id.org/security/v1',
- ['ostatus' => 'http://ostatus.org#', 'sensitive' => 'as:sensitive',
- 'Hashtag' => 'as:Hashtag', 'atomUri' => 'ostatus:atomUri',
- 'conversation' => 'ostatus:conversation',
- 'inReplyToAtomUri' => 'ostatus:inReplyToAtomUri']]];
-
- $data = array_merge($data, self::createNote($item));
-
+ $data = ['@context' => self::CONTEXT];
+ $data = array_merge($data, self::CreateNote($item));
return $data;
}
$tags[] = ['type' => 'Mention', 'href' => $term['url'], 'name' => $mention];
}
}
-
return $tags;
}
- public static function createNote($item)
+ private static function createConversationURLFromItem($item)
{
+ $conversation = DBA::selectFirst('conversation', ['conversation-uri'], ['item-uri' => $item['parent-uri']]);
+ if (DBA::isResult($conversation) && !empty($conversation['conversation-uri'])) {
+ $conversation_uri = $conversation['conversation-uri'];
+ } else {
+ $conversation_uri = $item['parent-uri'];
+ }
+ return $conversation_uri;
+ }
+
+ private static function CreateNote($item)
+ {
+ if (!empty($item['title'])) {
+ $type = 'Article';
+ } else {
+ $type = 'Note';
+ }
+
+ if ($item['deleted']) {
+ $type = 'Tombstone';
+ }
+
$data = [];
- $data['type'] = 'Note';
$data['id'] = $item['uri'];
+ $data['type'] = $type;
- if ($item['uri'] != $item['thr-parent']) {
- $data['inReplyTo'] = $item['thr-parent'];
+ if ($item['deleted']) {
+ return $data;
}
- $conversation = DBA::selectFirst('conversation', ['conversation-uri'], ['item-uri' => $item['parent-uri']]);
- if (DBA::isResult($conversation) && !empty($conversation['conversation-uri'])) {
- $conversation_uri = $conversation['conversation-uri'];
+ $data['summary'] = null; // Ignore by now
+
+ if ($item['uri'] != $item['thr-parent']) {
+ $data['inReplyTo'] = $item['thr-parent'];
} else {
- $conversation_uri = $item['parent-uri'];
+ $data['inReplyTo'] = null;
}
- $data['context'] = $data['conversation'] = $conversation_uri;
- $data['actor'] = $item['author-link'];
- $data = array_merge($data, ActivityPub::createPermissionBlockForItem($item));
+ $data['uuid'] = $item['guid'];
$data['published'] = DateTimeFormat::utc($item["created"]."+00:00", DateTimeFormat::ATOM);
if ($item["created"] != $item["edited"]) {
$data['updated'] = DateTimeFormat::utc($item["edited"]."+00:00", DateTimeFormat::ATOM);
}
+ $data['url'] = $item['plink'];
$data['attributedTo'] = $item['author-link'];
- $data['name'] = BBCode::convert($item['title'], false, 7);
+ $data['actor'] = $item['author-link'];
+ $data['sensitive'] = false; // - Query NSFW
+ $data['conversation'] = $data['context'] = self::createConversationURLFromItem($item);
+
+ if (!empty($item['title'])) {
+ $data['name'] = BBCode::convert($item['title'], false, 7);
+ }
+
$data['content'] = BBCode::convert($item['body'], false, 7);
$data['source'] = ['content' => $item['body'], 'mediaType' => "text/bbcode"];
- $data['summary'] = ''; // Ignore by now
- $data['sensitive'] = false; // - Query NSFW
- //$data['emoji'] = []; // Ignore by now
- $data['tag'] = self::createTagList($item);
$data['attachment'] = []; // @ToDo
+ $data['tag'] = self::createTagList($item);
+ $data = array_merge($data, ActivityPub::createPermissionBlockForItem($item));
+
+ //$data['emoji'] = []; // Ignore by now
return $data;
}
'to' => $profile['url']];
logger('Sending activity ' . $activity . ' to ' . $target . ' for user ' . $uid, LOGGER_DEBUG);
- return self::transmit($data, $profile['inbox'], $uid);
+
+ $signed = LDSignature::sign($data, $owner);
+ return HTTPSignature::transmit($signed, $profile['inbox'], $uid);
}
public static function transmitContactAccept($target, $id, $uid)
'to' => $profile['url']];
logger('Sending accept to ' . $target . ' for user ' . $uid . ' with id ' . $id, LOGGER_DEBUG);
- return self::transmit($data, $profile['inbox'], $uid);
+
+ $signed = LDSignature::sign($data, $owner);
+ return HTTPSignature::transmit($signed, $profile['inbox'], $uid);
}
public static function transmitContactReject($target, $id, $uid)
'to' => $profile['url']];
logger('Sending reject to ' . $target . ' for user ' . $uid . ' with id ' . $id, LOGGER_DEBUG);
- return self::transmit($data, $profile['inbox'], $uid);
+
+ $signed = LDSignature::sign($data, $owner);
+ return HTTPSignature::transmit($signed, $profile['inbox'], $uid);
}
public static function transmitContactUndo($target, $uid)
'to' => $profile['url']];
logger('Sending undo to ' . $target . ' for user ' . $uid . ' with id ' . $id, LOGGER_DEBUG);
- return self::transmit($data, $profile['inbox'], $uid);
+
+ $signed = LDSignature::sign($data, $owner);
+ return HTTPSignature::transmit($signed, $profile['inbox'], $uid);
}
/**
if (!$ret['success'] || empty($ret['body'])) {
return;
}
-
return json_decode($ret['body'], true);
}
return false;
}
- public static function verifySignature($content, $http_headers)
- {
- $object = json_decode($content, true);
-
- if (empty($object)) {
- return false;
- }
-
- $actor = JsonLD::fetchElement($object, 'actor', 'id');
-
- $headers = [];
- $headers['(request-target)'] = strtolower($http_headers['REQUEST_METHOD']) . ' ' . $http_headers['REQUEST_URI'];
-
- // First take every header
- foreach ($http_headers as $k => $v) {
- $field = str_replace('_', '-', strtolower($k));
- $headers[$field] = $v;
- }
-
- // Now add every http header
- foreach ($http_headers as $k => $v) {
- if (strpos($k, 'HTTP_') === 0) {
- $field = str_replace('_', '-', strtolower(substr($k, 5)));
- $headers[$field] = $v;
- }
- }
-
- $sig_block = ActivityPub::parseSigHeader($http_headers['HTTP_SIGNATURE']);
-
- if (empty($sig_block) || empty($sig_block['headers']) || empty($sig_block['keyId'])) {
- return false;
- }
-
- $signed_data = '';
- foreach ($sig_block['headers'] as $h) {
- if (array_key_exists($h, $headers)) {
- $signed_data .= $h . ': ' . $headers[$h] . "\n";
- }
- }
- $signed_data = rtrim($signed_data, "\n");
-
- if (empty($signed_data)) {
- return false;
- }
-
- $algorithm = null;
-
- if ($sig_block['algorithm'] === 'rsa-sha256') {
- $algorithm = 'sha256';
- }
-
- if ($sig_block['algorithm'] === 'rsa-sha512') {
- $algorithm = 'sha512';
- }
-
- if (empty($algorithm)) {
- return false;
- }
-
- $key = self::fetchKey($sig_block['keyId'], $actor);
-
- if (empty($key)) {
- return false;
- }
-
- if (!Crypto::rsaVerify($signed_data, $sig_block['signature'], $key, $algorithm)) {
- return false;
- }
-
- // Check the digest when it is part of the signed data
- if (in_array('digest', $sig_block['headers'])) {
- $digest = explode('=', $headers['digest'], 2);
- if ($digest[0] === 'SHA-256') {
- $hashalg = 'sha256';
- }
- if ($digest[0] === 'SHA-512') {
- $hashalg = 'sha512';
- }
-
- /// @todo add all hashes from the rfc
-
- if (!empty($hashalg) && base64_encode(hash($hashalg, $content, true)) != $digest[1]) {
- return false;
- }
- }
-
- // Check the content-length when it is part of the signed data
- if (in_array('content-length', $sig_block['headers'])) {
- if (strlen($content) != $headers['content-length']) {
- return false;
- }
- }
-
- return true;
-
- }
-
- private static function fetchKey($id, $actor)
- {
- $url = (strpos($id, '#') ? substr($id, 0, strpos($id, '#')) : $id);
-
- $profile = self::fetchprofile($url);
- if (!empty($profile)) {
- return $profile['pubkey'];
- } elseif ($url != $actor) {
- $profile = self::fetchprofile($actor);
- if (!empty($profile)) {
- return $profile['pubkey'];
- }
- }
-
- return false;
- }
-
/**
- * @brief
+ * Fetches a profile form a given url
*
- * @param string $header
- * @return array associate array with
- * - \e string \b keyID
- * - \e string \b algorithm
- * - \e array \b headers
- * - \e string \b signature
+ * @param string $url profile url
+ * @param boolean $update true = always update, false = never update, null = update when not found
+ * @return array profile array
*/
- private static function parseSigHeader($header)
- {
- $ret = [];
- $matches = [];
-
- if (preg_match('/keyId="(.*?)"/ism',$header,$matches)) {
- $ret['keyId'] = $matches[1];
- }
-
- if (preg_match('/algorithm="(.*?)"/ism',$header,$matches)) {
- $ret['algorithm'] = $matches[1];
- }
-
- if (preg_match('/headers="(.*?)"/ism',$header,$matches)) {
- $ret['headers'] = explode(' ', $matches[1]);
- }
-
- if (preg_match('/signature="(.*?)"/ism',$header,$matches)) {
- $ret['signature'] = base64_decode(preg_replace('/\s+/','',$matches[1]));
- }
-
- return $ret;
- }
-
- public static function fetchprofile($url, $update = false)
+ public static function fetchprofile($url, $update = null)
{
if (empty($url)) {
return false;
}
- if (!$update) {
+ if (empty($update)) {
$apcontact = DBA::selectFirst('apcontact', [], ['url' => $url]);
if (DBA::isResult($apcontact)) {
return $apcontact;
if (DBA::isResult($apcontact)) {
return $apcontact;
}
+
+ if (!is_null($update)) {
+ return false;
+ }
}
if (empty(parse_url($url, PHP_URL_SCHEME))) {
public static function processInbox($body, $header, $uid)
{
- logger('Incoming message for user ' . $uid, LOGGER_DEBUG);
-
- if (!self::verifySignature($body, $header)) {
- logger('Invalid signature, message will be discarded.', LOGGER_DEBUG);
+ $http_signer = HTTPSignature::getSigner($body, $header);
+ if (empty($http_signer)) {
+ logger('Invalid HTTP signature, message will be discarded.', LOGGER_DEBUG);
return;
+ } else {
+ logger('HTTP signature is signed by ' . $http_signer, LOGGER_DEBUG);
}
$activity = json_decode($body, true);
- if (!is_array($activity)) {
+ $actor = JsonLD::fetchElement($activity, 'actor', 'id');
+ logger('Message for user ' . $uid . ' is from actor ' . $actor, LOGGER_DEBUG);
+
+ if (empty($activity)) {
logger('Invalid body.', LOGGER_DEBUG);
return;
}
- self::processActivity($activity, $body, $uid);
+ if (LDSignature::isSigned($activity)) {
+ $ld_signer = LDSignature::getSigner($activity);
+ if (!empty($ld_signer && ($actor == $http_signer))) {
+ logger('The HTTP and the JSON-LD signature belong to ' . $ld_signer, LOGGER_DEBUG);
+ $trust_source = true;
+ } elseif (!empty($ld_signer)) {
+ logger('JSON-LD signature is signed by ' . $ld_signer, LOGGER_DEBUG);
+ $trust_source = true;
+ } elseif ($actor == $http_signer) {
+ logger('Bad JSON-LD signature, but HTTP signer fits the actor.', LOGGER_DEBUG);
+ $trust_source = true;
+ } else {
+ logger('Invalid JSON-LD signature and the HTTP signer is different.', LOGGER_DEBUG);
+ $trust_source = false;
+ }
+ } elseif ($actor == $http_signer) {
+ logger('Trusting post without JSON-LD signature, The actor fits the HTTP signer.', LOGGER_DEBUG);
+ $trust_source = true;
+ } else {
+ logger('No JSON-LD signature, different actor.', LOGGER_DEBUG);
+ $trust_source = false;
+ }
+
+ self::processActivity($activity, $body, $uid, $trust_source);
}
- public static function fetchOutbox($url)
+ public static function fetchOutbox($url, $uid)
{
$data = self::fetchContent($url);
if (empty($data)) {
} elseif (!empty($data['first']['orderedItems'])) {
$items = $data['first']['orderedItems'];
} elseif (!empty($data['first'])) {
- self::fetchOutbox($data['first']);
+ self::fetchOutbox($data['first'], $uid);
return;
} else {
$items = [];
}
foreach ($items as $activity) {
- self::processActivity($activity);
+ self::processActivity($activity, '', $uid, true);
}
}
- private static function prepareObjectData($activity, $uid)
+ private static function prepareObjectData($activity, $uid, $trust_source)
{
$actor = JsonLD::fetchElement($activity, 'actor', 'id');
if (empty($actor)) {
logger('Receivers: ' . json_encode($receivers), LOGGER_DEBUG);
- $public = in_array(0, $receivers);
-
if (is_string($activity['object'])) {
$object_url = $activity['object'];
} elseif (!empty($activity['object']['id'])) {
// Fetch the content only on activities where this matters
if (in_array($activity['type'], ['Create', 'Update', 'Announce'])) {
- $object_data = self::fetchObject($object_url, $activity['object']);
+ $object_data = self::fetchObject($object_url, $activity['object'], $trust_source);
if (empty($object_data)) {
logger("Object data couldn't be processed", LOGGER_DEBUG);
return [];
return $object_data;
}
- private static function processActivity($activity, $body = '', $uid = null)
+ private static function processActivity($activity, $body = '', $uid = null, $trust_source = false)
{
if (empty($activity['type'])) {
logger('Empty type', LOGGER_DEBUG);
logger('Processing activity: ' . $activity['type'], LOGGER_DEBUG);
- $object_data = self::prepareObjectData($activity, $uid);
+ $object_data = self::prepareObjectData($activity, $uid, $trust_source);
if (empty($object_data)) {
logger('No object data found', LOGGER_DEBUG);
return;
break;
case 'Dislike':
+ self::dislikeItem($object_data, $body);
break;
case 'Update':
{
$receivers = [];
+ // When it is an answer, we inherite the receivers from the parent
+ $replyto = JsonLD::fetchElement($activity, 'inReplyTo', 'id');
+ if (!empty($replyto)) {
+ $parents = Item::select(['uid'], ['uri' => $replyto]);
+ while ($parent = Item::fetch($parents)) {
+ $receivers['uid:' . $parent['uid']] = $parent['uid'];
+ }
+ }
+
if (!empty($actor)) {
$profile = self::fetchprofile($actor);
$followers = defaults($profile, 'followers', '');
return $object_data;
}
- private static function fetchObject($object_url, $object = [], $public = true)
+ private static function fetchObject($object_url, $object = [], $trust_source = false)
{
- if ($public) {
+ if (!$trust_source || is_string($object)) {
$data = self::fetchContent($object_url);
if (empty($data)) {
logger('Empty content for ' . $object_url . ', check if content is available locally.', LOGGER_DEBUG);
$data = $object_url;
- $data = $object;
+ } else {
+ logger('Fetched content for ' . $object_url, LOGGER_DEBUG);
}
} else {
logger('Using original object for url ' . $object_url, LOGGER_DEBUG);
return false;
}
logger('Using already stored item for url ' . $object_url, LOGGER_DEBUG);
- $data = self::createNote($item);
+ $data = self::CreateNote($item);
}
if (empty($data['type'])) {
self::postItem($activity, $item, $body);
}
+ private static function dislikeItem($activity, $body)
+ {
+ $item = [];
+ $item['verb'] = ACTIVITY_DISLIKE;
+ $item['parent-uri'] = $activity['object'];
+ $item['gravity'] = GRAVITY_ACTIVITY;
+ $item['object-type'] = ACTIVITY_OBJ_NOTE;
+
+ self::postItem($activity, $item, $body);
+ }
+
private static function postItem($activity, $item, $body)
{
/// @todo What to do with $activity['context']?
private static function fetchMissingActivity($url, $child)
{
+ if (Config::get('system', 'ostatus_full_threads')) {
+ return;
+ }
+
$object = ActivityPub::fetchContent($url);
if (empty($object)) {
logger('Activity ' . $url . ' was not fetchable, aborting.');
$activity['object'] = $object;
$activity['published'] = $object['published'];
$activity['type'] = 'Create';
+
self::processActivity($activity);
logger('Activity ' . $url . ' had been fetched and processed.');
}