Revert Object trait id() ref

* Accept Public aliases in URL deserializer

Update deserialize_one_or_many to deserialize recipient URL fields while
accepting `Public` and `as:Public` as aliases for the canonical
ActivityStreams public URL.

Add focused tests for single and array inputs, and verify that unrelated
string fields such as `content` are left unchanged.

https://github.com/LemmyNet/lemmy/issues/6465

* Deduplicate deserialized recipients

Drop repeated recipient URLs after deserialization so equivalent public
aliases such as `Public`, `as:Public`, and the canonical public URL do
not produce duplicate entries.

Update the helper documentation and tests to match the deduplicated
result.

Cargo.lock

@@ -4,7 +4,7 @@ version = 4
 
 [[package]]
 name = "activitypub_federation"
-version = "0.7.0-beta.8"
+version = "0.7.0-beta.11"
 dependencies = [
  "activitystreams-kinds",
  "actix-web",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "activitypub_federation"
-version = "0.7.0-beta.8"
+version = "0.7.0-beta.11"
 edition = "2021"
 description = "High-level Activitypub framework"
 keywords = ["activitypub", "activitystreams", "federation", "fediverse"]

docs/10_fetching_objects_with_unknown_type.md

@@ -32,10 +32,10 @@ impl Object for SearchableDbObjects {
     type Kind = SearchableObjects;
     type Error = anyhow::Error;
 
-    fn id(&self) -> &Url {
+    fn id(&self) -> Url {
         match self {
-            SearchableDbObjects::User(p) => &p.federation_id,
-            SearchableDbObjects::Post(n) => &n.federation_id,
+            SearchableDbObjects::User(p) => p.federation_id.clone(),
+            SearchableDbObjects::Post(n) => n.federation_id.clone(),
         }
     }
 

examples/live_federation/objects/person.rs

@@ -69,8 +69,8 @@ impl Object for DbUser {
     type Kind = Person;
     type Error = Error;
 
-    fn id(&self) -> &Url {
-        self.ap_id.inner()
+    fn id(&self) -> Url {
+        self.ap_id.inner().clone()
     }
 
     fn last_refreshed_at(&self) -> Option<DateTime<Utc>> {

examples/live_federation/objects/post.rs

@@ -50,8 +50,8 @@ impl Object for DbPost {
     type Kind = Note;
     type Error = Error;
 
-    fn id(&self) -> &Url {
-        self.ap_id.inner()
+    fn id(&self) -> Url {
+        self.ap_id.inner().clone()
     }
 
     async fn read_from_id(

examples/local_federation/objects/person.rs

@@ -134,8 +134,8 @@ impl Object for DbUser {
     type Kind = Person;
     type Error = Error;
 
-    fn id(&self) -> &Url {
-        self.ap_id.inner()
+    fn id(&self) -> Url {
+        self.ap_id.inner().clone()
     }
 
     fn last_refreshed_at(&self) -> Option<DateTime<Utc>> {

examples/local_federation/objects/post.rs

@@ -47,8 +47,8 @@ impl Object for DbPost {
     type Kind = Note;
     type Error = Error;
 
-    fn id(&self) -> &Url {
-        self.ap_id.inner()
+    fn id(&self) -> Url {
+        self.ap_id.inner().clone()
     }
 
     async fn read_from_id(

src/activity_sending.rs

@@ -190,7 +190,7 @@ where
     // PKey is internally like an Arc<>, so cloning is ok
     data.config
         .actor_pkey_cache
-        .try_get_with_by_ref(actor_id, async {
+        .try_get_with_by_ref(&actor_id, async {
             let private_key_pem = actor.private_key_pem().ok_or_else(|| {
                 Error::Other(format!(
                     "Actor {actor_id} does not contain a private key for signing"

src/config.rs

@@ -20,7 +20,7 @@ use crate::{
     http_signatures::sign_request,
     protocol::verification::verify_domains_match,
     traits::{Activity, Actor},
-    utils::is_invalid_ip,
+    utils::validate_ip,
 };
 use async_trait::async_trait;
 use bytes::Bytes;
@@ -183,7 +183,7 @@ impl<T: Clone> FederationConfig<T> {
             }
 
             let allow_local = std::env::var("DANGER_FEDERATION_ALLOW_LOCAL_IP").is_ok();
-            if !allow_local && is_invalid_ip(domain).await? {
+            if !allow_local && validate_ip(&url).await.is_err() {
                 return Err(Error::DomainResolveError(domain.to_string()));
             }
         }
@@ -378,6 +378,15 @@ impl<T: Clone> Data<T> {
         )
         .await
     }
+
+    /// Resolve domain of the url and throw error if it points to local/private IP.
+    pub async fn is_valid_ip(&self, url: &Url) -> Result<(), Error> {
+        if self.config.debug {
+            return Ok(());
+        }
+
+        validate_ip(url).await
+    }
 }
 
 impl<T: Clone> Deref for Data<T> {

src/protocol/helpers.rs

@@ -1,13 +1,22 @@
 //! Serde deserialization functions which help to receive differently shaped data
 
-use serde::{Deserialize, Deserializer};
+use activitystreams_kinds::public;
+use itertools::Itertools;
+use serde::{de::Error, Deserialize, Deserializer};
+use serde_json::Value;
+use url::Url;
 
-/// Deserialize JSON single value or array into Vec.
+/// Deserialize JSON single value or array into `Vec<Url>`.
 ///
 /// Useful if your application can handle multiple values for a field, but another federated
 /// platform only sends a single one.
 ///
+/// Also accepts common `Public` aliases for recipient fields. Some implementations send `Public`
+/// or `as:Public` instead of the canonical `https://www.w3.org/ns/activitystreams#Public` URL
+/// in fields such as `to` and `cc`.
+///
 /// ```
+/// # use activitypub_federation::kinds::public;
 /// # use activitypub_federation::protocol::helpers::deserialize_one_or_many;
 /// # use url::Url;
 /// #[derive(serde::Deserialize)]
@@ -25,24 +34,39 @@ use serde::{Deserialize, Deserializer};
 ///      "https://lemmy.ml/u/bob"
 /// ]}"#)?;
 /// assert_eq!(multiple.to.len(), 2);
-/// Ok::<(), anyhow::Error>(())
-pub fn deserialize_one_or_many<'de, T, D>(deserializer: D) -> Result<Vec<T>, D::Error>
+///
+/// let note: Note = serde_json::from_str(r#"{"to": ["Public", "as:Public"]}"#)?;
+/// assert_eq!(note.to, vec![public()]);
+/// # Ok::<(), anyhow::Error>(())
+/// ```
+pub fn deserialize_one_or_many<'de, D>(deserializer: D) -> Result<Vec<Url>, D::Error>
 where
-    T: Deserialize<'de>,
     D: Deserializer<'de>,
 {
     #[derive(Deserialize)]
     #[serde(untagged)]
-    enum OneOrMany<T> {
-        One(T),
-        Many(Vec<T>),
+    enum OneOrMany {
+        Many(Vec<Value>),
+        One(Value),
     }
 
-    let result: OneOrMany<T> = Deserialize::deserialize(deserializer)?;
-    Ok(match result {
-        OneOrMany::Many(list) => list,
+    let result: OneOrMany = Deserialize::deserialize(deserializer)?;
+    let values = match result {
         OneOrMany::One(value) => vec![value],
-    })
+        OneOrMany::Many(values) => values,
+    };
+
+    values
+        .into_iter()
+        .map(|value| match value {
+            Value::String(value) if matches!(value.as_str(), "Public" | "as:Public") => {
+                Ok(public())
+            }
+            Value::String(value) => Url::parse(&value).map_err(D::Error::custom),
+            value => Url::deserialize(value).map_err(D::Error::custom),
+        })
+        .collect::<Result<Vec<_>, _>>()
+        .map(|values| values.into_iter().unique().collect())
 }
 
 /// Deserialize JSON single value or single element array into single value.
@@ -140,6 +164,11 @@ where
 
 #[cfg(test)]
 mod tests {
+    use super::deserialize_one_or_many;
+    use activitystreams_kinds::public;
+    use anyhow::Result;
+    use serde::Deserialize;
+
     #[test]
     fn deserialize_one_multiple_values() {
         use crate::protocol::helpers::deserialize_one;
@@ -155,4 +184,70 @@ mod tests {
         );
         assert!(note.is_err());
     }
+
+    #[test]
+    fn deserialize_one_or_many_single_public_aliases() -> Result<()> {
+        use url::Url;
+
+        #[derive(Deserialize)]
+        struct Note {
+            #[serde(deserialize_with = "deserialize_one_or_many")]
+            to: Vec<Url>,
+        }
+
+        for alias in ["Public", "as:Public"] {
+            let note = serde_json::from_str::<Note>(&format!(r#"{{"to": "{alias}"}}"#))?;
+            assert_eq!(note.to, vec![public()]);
+        }
+
+        Ok(())
+    }
+
+    #[test]
+    fn deserialize_one_or_many_array() -> Result<()> {
+        use url::Url;
+
+        #[derive(Deserialize)]
+        struct Note {
+            #[serde(deserialize_with = "deserialize_one_or_many")]
+            to: Vec<Url>,
+        }
+
+        let note = serde_json::from_str::<Note>(
+            r#"{
+                "to": [
+                    "https://example.com/c/main",
+                    "Public",
+                    "as:Public",
+                    "https://www.w3.org/ns/activitystreams#Public"
+                ]
+            }"#,
+        )?;
+
+        assert_eq!(
+            note.to,
+            vec![Url::parse("https://example.com/c/main")?, public(),]
+        );
+
+        Ok(())
+    }
+
+    #[test]
+    fn deserialize_one_or_many_leaves_other_strings_unchanged() -> Result<()> {
+        use url::Url;
+
+        #[derive(Deserialize)]
+        struct Note {
+            #[serde(deserialize_with = "deserialize_one_or_many")]
+            to: Vec<Url>,
+            content: String,
+        }
+
+        let note = serde_json::from_str::<Note>(r#"{"to": "Public", "content": "Public"}"#)?;
+
+        assert_eq!(note.to, vec![public()]);
+        assert_eq!(note.content, "Public");
+
+        Ok(())
+    }
 }

src/traits/either.rs

@@ -30,7 +30,7 @@ where
     type Error = E;
 
     /// `id` field of the object
-    fn id(&self) -> &Url {
+    fn id(&self) -> Url {
         match self {
             Either::Left(l) => l.id(),
             Either::Right(r) => r.id(),

src/traits/mod.rs

@@ -53,7 +53,7 @@ pub mod tests;
 ///     type Kind = Note;
 ///     type Error = anyhow::Error;
 ///
-/// fn id(&self) -> &Url { self.ap_id.inner() }
+/// fn id(&self) -> Url { self.ap_id.inner().clone() }
 ///
 /// async fn read_from_id(object_id: Url, data: &Data<Self::DataType>) -> Result<Option<Self>, Self::Error> {
 ///         // Attempt to read object from local database. Return Ok(None) if not found.
@@ -110,7 +110,7 @@ pub trait Object: Sized + Debug {
     type Error;
 
     /// `id` field of the object
-    fn id(&self) -> &Url;
+    fn id(&self) -> Url;
 
     /// Returns the last time this object was updated.
     ///
@@ -194,8 +194,8 @@ pub trait Object: Sized + Debug {
             redirect_remote_object,
         };
         let id = self.id();
-        let res = if !data.config.is_local_url(id) {
-            redirect_remote_object(id)
+        let res = if !data.config.is_local_url(&id) {
+            redirect_remote_object(&id)
         } else if !self.is_deleted() {
             let json = self.into_json(data).await?;
             create_http_response(json, federation_context)?

src/traits/tests.rs

@@ -73,8 +73,8 @@ impl Object for DbUser {
     type Kind = Person;
     type Error = Error;
 
-    fn id(&self) -> &Url {
-        &self.federation_id
+    fn id(&self) -> Url {
+        self.federation_id.clone()
     }
 
     async fn read_from_id(
@@ -179,7 +179,7 @@ impl Object for DbPost {
     type Kind = Note;
     type Error = Error;
 
-    fn id(&self) -> &Url {
+    fn id(&self) -> Url {
         todo!()
     }
 

src/utils.rs

@@ -2,16 +2,33 @@ use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
 
 use crate::error::Error;
 use tokio::net::lookup_host;
+use url::{Host, Url};
 
-// Resolve domain and see if it points to private IP
 // TODO: Use is_global() once stabilized
 //       https://doc.rust-lang.org/std/net/enum.IpAddr.html#method.is_global
-pub(crate) async fn is_invalid_ip(domain: &str) -> Result<bool, Error> {
-    let mut ips = lookup_host((domain, 80)).await?;
-    Ok(ips.any(|addr| match addr.ip() {
+pub(crate) async fn validate_ip(url: &Url) -> Result<(), Error> {
+    let mut ip = vec![];
+    let host = url
+        .host()
+        .ok_or(Error::UrlVerificationError("Url must have a domain"))?;
+    match host {
+        Host::Domain(domain) => ip.extend(
+            lookup_host((domain.to_owned(), 80))
+                .await?
+                .map(|s| s.ip().to_canonical()),
+        ),
+        Host::Ipv4(ipv4) => ip.push(ipv4.into()),
+        Host::Ipv6(ipv6) => ip.push(ipv6.into()),
+    };
+
+    let invalid_ip = ip.into_iter().any(|addr| match addr {
         IpAddr::V4(addr) => v4_is_invalid(addr),
         IpAddr::V6(addr) => v6_is_invalid(addr),
-    }))
+    });
+    if invalid_ip {
+        return Err(Error::DomainResolveError(host.to_string()));
+    }
+    Ok(())
 }
 
 fn v4_is_invalid(v4: Ipv4Addr) -> bool {
@@ -20,6 +37,8 @@ fn v4_is_invalid(v4: Ipv4Addr) -> bool {
         || v4.is_link_local()
         || v4.is_multicast()
         || v4.is_documentation()
+        || v4.is_unspecified()
+        || v4.is_broadcast()
 }
 
 fn v6_is_invalid(v6: Ipv6Addr) -> bool {
@@ -46,8 +65,14 @@ mod test {
 
     #[tokio::test]
     async fn test_is_valid_ip() -> Result<(), Error> {
-        assert!(!is_invalid_ip("example.com").await?);
-        assert!(is_invalid_ip("localhost").await?);
+        assert!(validate_ip(&Url::parse("http://example.com")?)
+            .await
+            .is_ok());
+        assert!(validate_ip(&Url::parse("http://172.66.147.243")?)
+            .await
+            .is_ok());
+        assert!(validate_ip(&Url::parse("http://localhost")?).await.is_err());
+        assert!(validate_ip(&Url::parse("http://127.0.0.1")?).await.is_err());
         Ok(())
     }
 }