Slop/activitypub-federation-rust
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: Slop:main
Branches Tags
Slop:main
Slop:public-ip-check
Slop:release/0.5
Slop:0.5-ip-checks
Slop:ip-checks
Slop:better-ip-check
Slop:to-canonical
Slop:allow-local
Slop:upgrade-reqwest
Slop:update-deps2
Slop:revert-webfinger-parse-order
Slop:deserialize-last-null
Slop:increase-reqwest-max-body-size
Slop:resolve-deleted
Slop:deserialize-last
Slop:object-id-deleted
Slop:incoming-activity-hook
Slop:feature-axum-original-uri
Slop:upgrade-deps6
Slop:object-either-fixes
Slop:object-either
Slop:more-url-validation
Slop:upgrade_deps_1
Slop:verify_is_remote_object
Slop:upgrade-deps5
Slop:sign-request
Slop:fetch-local-object
Slop:dereference-default
Slop:warn-slow-send
Slop:refetch-id-no-match
Slop:nested-comments-stack-overflow
Slop:url-wrapper
Slop:pbzweihander-upgrade-axum
Slop:fix_clippy
Slop:upgrade-deps4
Slop:add_codeowners
Slop:remove-pleroma-webfinger-test
Slop:content-type-lower
Slop:renovate/configure
Slop:content-type-case-insensitive
Slop:upgrade-deps
Slop:signed-digest
Slop:is-local-no-domain
Slop:security-fixes
Slop:object-id-is-local
Slop:no-duplicate-ci
Slop:follow-local-redirect
Slop:retry-more-activity-errors
Slop:actix-inbox-parts
Slop:activity-published-field
Slop:fix-fetch-limit
Slop:debug-signed-fetch
Slop:optional-activity-queue
Slop:fetch-security-checks
Slop:deserialize_one_return
Slop:better-json-errors
Slop:context-not-array
Slop:refactoring
Slop:fetch-errors
Slop:diesel-feature
Slop:upgrade-deps3
Slop:parse-impl
Slop:partialeq
Slop:webfinger-alphabets
Slop:fetch-redirect
Slop:0.4
Slop:webfinger-template
Slop:url-verifier-error
Slop:Nutomic-patch-1
Slop:fix-tests
Slop:send-rate-limit
Slop:fix-signature-expiration
Slop:retry-connection-failure
Slop:http-signature-expire-day
Slop:update-deps
Slop:actix-rt-dev-dep
Slop:upgrade-deps2
Slop:add_woodpecker
Slop:0.4-lemmy-compat
Slop:readd-verify-methods
Slop:various-improvements
Slop:merge-handler-params
Slop:0.3
Slop:fix-deserialize-skip-error
Slop:no-verify
Slop:rename-http-fetch-limit
Slop:fix-date-header
Slop:abort-retry
Slop:less-retries
Slop:digest-verified
Slop:use-enum-delegate
Slop:async-verify
Slop:prepare-0.2.0
Slop:0.7.0-beta.11
Slop:0.7.0-beta.10
Slop:0.5.11
Slop:0.7.0-beta.9
Slop:0.7.0-beta.8
Slop:0.7.0-beta.7
Slop:0.7.0-beta.6
Slop:0.7.0-beta.5
Slop:0.7.0-beta.4
Slop:0.7.0-beta.3
Slop:0.7.0-beta.2
Slop:0.7.0-beta.1
Slop:0.6.5
Slop:0.6.4
Slop:0.6.3
Slop:0.5.10
Slop:0.6.2
Slop:0.6.1
Slop:0.6.0
Slop:0.6.0-alpha3
Slop:0.5.9
Slop:0.6.0-alpha2
Slop:0.6.0-alpha1
Slop:0.5.8
Slop:0.5.7
Slop:0.5.6
Slop:0.5.5
Slop:0.5.4
Slop:0.5.3
Slop:0.5.2
Slop:0.5.1
Slop:0.5.1-beta.1
Slop:0.5.0
Slop:0.5.0-beta.7
Slop:0.5.0-beta.6
Slop:0.5.0-beta.5
Slop:0.5.0-beta.4
Slop:0.5.0-beta.3
Slop:0.5.0-beta.2
Slop:0.4.7
Slop:0.5.0-beta.1
Slop:0.4.6
Slop:0.4.5
Slop:0.4.4
Slop:0.4.3
Slop:0.4.2
Slop:0.4.1
Slop:0.4.0
Slop:0.4.0-rc3
Slop:0.4.0-rc2
Slop:0.4.0-rc1
Slop:0.3.5
Slop:0.3.4
Slop:0.3.3
Slop:0.3.2
Slop:0.3.1
Slop:0.3.0
Slop:0.2.3
Slop:0.2.2
Slop:0.2.1
Slop:0.2.0
Slop:0.1.0
..
compare: Slop:signed-digest
Branches Tags
Slop:main
Slop:public-ip-check
Slop:release/0.5
Slop:0.5-ip-checks
Slop:ip-checks
Slop:better-ip-check
Slop:to-canonical
Slop:allow-local
Slop:upgrade-reqwest
Slop:update-deps2
Slop:revert-webfinger-parse-order
Slop:deserialize-last-null
Slop:increase-reqwest-max-body-size
Slop:resolve-deleted
Slop:deserialize-last
Slop:object-id-deleted
Slop:incoming-activity-hook
Slop:feature-axum-original-uri
Slop:upgrade-deps6
Slop:object-either-fixes
Slop:object-either
Slop:more-url-validation
Slop:upgrade_deps_1
Slop:verify_is_remote_object
Slop:upgrade-deps5
Slop:sign-request
Slop:fetch-local-object
Slop:dereference-default
Slop:warn-slow-send
Slop:refetch-id-no-match
Slop:nested-comments-stack-overflow
Slop:url-wrapper
Slop:pbzweihander-upgrade-axum
Slop:fix_clippy
Slop:upgrade-deps4
Slop:add_codeowners
Slop:remove-pleroma-webfinger-test
Slop:content-type-lower
Slop:renovate/configure
Slop:content-type-case-insensitive
Slop:upgrade-deps
Slop:signed-digest
Slop:is-local-no-domain
Slop:security-fixes
Slop:object-id-is-local
Slop:no-duplicate-ci
Slop:follow-local-redirect
Slop:retry-more-activity-errors
Slop:actix-inbox-parts
Slop:activity-published-field
Slop:fix-fetch-limit
Slop:debug-signed-fetch
Slop:optional-activity-queue
Slop:fetch-security-checks
Slop:deserialize_one_return
Slop:better-json-errors
Slop:context-not-array
Slop:refactoring
Slop:fetch-errors
Slop:diesel-feature
Slop:upgrade-deps3
Slop:parse-impl
Slop:partialeq
Slop:webfinger-alphabets
Slop:fetch-redirect
Slop:0.4
Slop:webfinger-template
Slop:url-verifier-error
Slop:Nutomic-patch-1
Slop:fix-tests
Slop:send-rate-limit
Slop:fix-signature-expiration
Slop:retry-connection-failure
Slop:http-signature-expire-day
Slop:update-deps
Slop:actix-rt-dev-dep
Slop:upgrade-deps2
Slop:add_woodpecker
Slop:0.4-lemmy-compat
Slop:readd-verify-methods
Slop:various-improvements
Slop:merge-handler-params
Slop:0.3
Slop:fix-deserialize-skip-error
Slop:no-verify
Slop:rename-http-fetch-limit
Slop:fix-date-header
Slop:abort-retry
Slop:less-retries
Slop:digest-verified
Slop:use-enum-delegate
Slop:async-verify
Slop:prepare-0.2.0
Slop:0.7.0-beta.11
Slop:0.7.0-beta.10
Slop:0.5.11
Slop:0.7.0-beta.9
Slop:0.7.0-beta.8
Slop:0.7.0-beta.7
Slop:0.7.0-beta.6
Slop:0.7.0-beta.5
Slop:0.7.0-beta.4
Slop:0.7.0-beta.3
Slop:0.7.0-beta.2
Slop:0.7.0-beta.1
Slop:0.6.5
Slop:0.6.4
Slop:0.6.3
Slop:0.5.10
Slop:0.6.2
Slop:0.6.1
Slop:0.6.0
Slop:0.6.0-alpha3
Slop:0.5.9
Slop:0.6.0-alpha2
Slop:0.6.0-alpha1
Slop:0.5.8
Slop:0.5.7
Slop:0.5.6
Slop:0.5.5
Slop:0.5.4
Slop:0.5.3
Slop:0.5.2
Slop:0.5.1
Slop:0.5.1-beta.1
Slop:0.5.0
Slop:0.5.0-beta.7
Slop:0.5.0-beta.6
Slop:0.5.0-beta.5
Slop:0.5.0-beta.4
Slop:0.5.0-beta.3
Slop:0.5.0-beta.2
Slop:0.4.7
Slop:0.5.0-beta.1
Slop:0.4.6
Slop:0.4.5
Slop:0.4.4
Slop:0.4.3
Slop:0.4.2
Slop:0.4.1
Slop:0.4.0
Slop:0.4.0-rc3
Slop:0.4.0-rc2
Slop:0.4.0-rc1
Slop:0.3.5
Slop:0.3.4
Slop:0.3.3
Slop:0.3.2
Slop:0.3.1
Slop:0.3.0
Slop:0.2.3
Slop:0.2.2
Slop:0.2.1
Slop:0.2.0
Slop:0.1.0

1 commit
main ... signed-dig

Author SHA1 Message Date
Felix Ableitner
32b3176905 Require signed digest when verifying signatures 2024-04-30 10:54:09 +02:00
50 changed files with 725 additions and 4743 deletions
Show stats Expand all files Collapse all files

1
.github/CODEOWNERS vendored
View file

@ -1 +0,0 @@
* @Nutomic @dessalines

11
.gitignore vendored
View file

@ -1,12 +1,5 @@
/target
/.idea
/Cargo.lock
perf.data*
flamegraph.svg
# direnv
/.direnv
/.envrc
# nix flake
/flake.nix
/flake.lock
flamegraph.svg

8
.rustfmt.toml
View file

@ -1,4 +1,4 @@
edition = "2021"
imports_layout = "HorizontalVertical"
imports_granularity = "Crate"
reorder_imports = true
edition="2021"
imports_layout="HorizontalVertical"
imports_granularity="Crate"
reorder_imports=true

4
.woodpecker.yml
View file

@ -1,6 +1,6 @@
variables:
- &rust_image "rust:1.91-bullseye"
- &rust_image "rust:1.77-bullseye"
steps:
cargo_fmt:
image: rustdocker/rust:nightly

3309
Cargo.lock generated
View file

File diff suppressed because it is too large Load diff

112
Cargo.toml
View file

@ -1,6 +1,6 @@
[package]
name = "activitypub_federation"
version = "0.7.0-beta.11"
version = "0.5.4"
edition = "2021"
description = "High-level Activitypub framework"
keywords = ["activitypub", "activitystreams", "federation", "fediverse"]
@ -10,16 +10,20 @@ documentation = "https://docs.rs/activitypub_federation/"
[features]
default = ["actix-web", "axum"]
actix-web = ["dep:actix-web", "dep:http02"]
axum = ["dep:axum", "dep:tower"]
axum-original-uri = ["dep:axum", "axum/original-uri"]
actix-web = ["dep:actix-web"]
axum = ["dep:axum", "dep:tower", "dep:hyper", "dep:http-body-util"]
diesel = ["dep:diesel"]
[lints.rust]
warnings = "deny"
deprecated = "deny"
[lints.clippy]
perf = { level = "deny", priority = -1 }
complexity = { level = "deny", priority = -1 }
dbg_macro = "deny"
perf = "deny"
complexity = "deny"
dbg_macro = "deny"
inefficient_to_string = "deny"
items-after-statements = "deny"
items-after-statements = "deny"
implicit_clone = "deny"
wildcard_imports = "deny"
cast_lossless = "deny"
@ -28,71 +32,70 @@ redundant_closure_for_method_calls = "deny"
unwrap_used = "deny"
[dependencies]
chrono = { version = "0.4.42", features = ["clock"], default-features = false }
serde = { version = "1.0.228", features = ["derive"] }
async-trait = "0.1.89"
url = { version = "2.5.8", features = ["serde"] }
serde_json = { version = "1.0.149", features = ["preserve_order"] }
reqwest = { version = "0.13.1", default-features = false, features = [
"json",
"stream",
] }
reqwest-middleware = "0.5.0"
tracing = "0.1.44"
base64 = "0.22.1"
rand = "0.8.5"
rsa = "0.9.10"
http = "1.4.0"
sha2 = { version = "0.10.9", features = ["oid"] }
thiserror = "2.0.17"
derive_builder = "0.20.2"
itertools = "0.14.0"
dyn-clone = "1.0.20"
chrono = { version = "0.4.34", features = ["clock"], default-features = false }
serde = { version = "1.0.197", features = ["derive"] }
async-trait = "0.1.77"
url = { version = "2.5.0", features = ["serde"] }
serde_json = { version = "1.0.114", features = ["preserve_order"] }
reqwest = { version = "0.11.24", features = ["json", "stream"] }
reqwest-middleware = "0.2.4"
tracing = "0.1.40"
base64 = "0.21.7"
openssl = "0.10.64"
once_cell = "1.19.0"
http = "0.2.11"
sha2 = "0.10.8"
thiserror = "1.0.57"
derive_builder = "0.12.0"
itertools = "0.12.1"
dyn-clone = "1.0.17"
enum_delegate = "0.2.0"
httpdate = "1.0.3"
http-signature-normalization-reqwest = { version = "0.14.0", default-features = false, features = [
http-signature-normalization-reqwest = { version = "0.10.0", default-features = false, features = [
"sha-2",
"middleware",
"default-spawner",
] }
http-signature-normalization = "0.7.0"
bytes = "1.11.0"
futures-core = { version = "0.3.31", default-features = false }
pin-project-lite = "0.2.16"
bytes = "1.5.0"
futures-core = { version = "0.3.30", default-features = false }
pin-project-lite = "0.2.13"
activitystreams-kinds = "0.3.0"
regex = { version = "1.12.2", default-features = false, features = [
"std",
"unicode",
] }
tokio = { version = "1.49.0", features = [
regex = { version = "1.10.3", default-features = false, features = ["std", "unicode-case"] }
tokio = { version = "1.36.0", features = [
"sync",
"rt",
"rt-multi-thread",
"time",
] }
futures = "0.3.31"
moka = { version = "0.12.12", features = ["future"] }
either = "1.15.0"
diesel = { version = "2.1.4", features = ["postgres"], default-features = false, optional = true }
futures = "0.3.30"
moka = { version = "0.12.5", features = ["future"] }
# Actix-web
actix-web = { version = "4.12.1", default-features = false, optional = true }
http02 = { package = "http", version = "0.2.12", optional = true }
actix-web = { version = "4.5.1", default-features = false, optional = true }
# Axum
axum = { version = "0.8.8", features = [
axum = { version = "0.6.20", features = [
"json",
"headers",
], default-features = false, optional = true }
tower = { version = "0.5.2", optional = true }
tower = { version = "0.4.13", optional = true }
hyper = { version = "0.14", optional = true }
http-body-util = {version = "0.1.0", optional = true }
[dev-dependencies]
anyhow = "1.0.100"
axum = { version = "0.8.8", features = ["macros"] }
axum-extra = { version = "0.12.5", features = ["typed-header"] }
env_logger = "0.11.8"
tokio = { version = "1.49.0", features = ["full"] }
reqwest = { version = "0.13.1",features = [
"rustls"
] }
anyhow = "1.0.80"
rand = "0.8.5"
env_logger = "0.10.2"
tower-http = { version = "0.5.2", features = ["map-request-body", "util"] }
axum = { version = "0.6.20", features = [
"http1",
"tokio",
"query",
], default-features = false }
axum-macros = "0.3.8"
tokio = { version = "1.36.0", features = ["full"] }
[profile.dev]
strip = "symbols"
@ -105,8 +108,3 @@ path = "examples/local_federation/main.rs"
[[example]]
name = "live_federation"
path = "examples/live_federation/main.rs"
# Speedup RSA key generation
# https://github.com/RustCrypto/RSA/blob/master/README.md#example
[profile.dev.package.num-bigint-dig]
opt-level = 3

2
README.md
View file

@ -10,7 +10,7 @@ A high-level framework for [ActivityPub](https://www.w3.org/TR/activitypub/) fed
The ActivityPub protocol is a decentralized social networking protocol. It allows web servers to exchange data using JSON over HTTP. Data can be fetched on demand, and also delivered directly to inboxes for live updates.
Activitypub has the potential to form the basis of the next generation of social media. This is because it has a number of major advantages compared to existing platforms and alternative technologies:
While Activitypub is not in widespread use yet, is has the potential to form the basis of the next generation of social media. This is because it has a number of major advantages compared to existing platforms and alternative technologies:
- **Interoperability**: Imagine being able to comment under a Youtube video directly from twitter.com, and having the comment shown under the video on youtube.com. Or following a Subreddit from Facebook. Such functionality is already available on the equivalent Fediverse platforms, thanks to common usage of Activitypub.
- **Ease of use**: From a user perspective, decentralized social media works almost identically to existing websites: a website with email and password based login. Unlike pure peer-to-peer networks, it is not necessary to handle private keys or install any local software.

9
docs/06_http_endpoints_axum.md
View file

@ -15,9 +15,9 @@ The next step is to allow other servers to fetch our actors and objects. For thi
# use activitypub_federation::config::FederationMiddleware;
# use axum::routing::get;
# use crate::activitypub_federation::traits::Object;
# use axum_extra::headers::ContentType;
# use axum::headers::ContentType;
# use activitypub_federation::FEDERATION_CONTENT_TYPE;
# use axum_extra::TypedHeader;
# use axum::TypedHeader;
# use axum::response::IntoResponse;
# use http::HeaderMap;
# async fn generate_user_html(_: String, _: Data<DbConnection>) -> axum::response::Response { todo!() }
@ -34,9 +34,10 @@ async fn main() -> Result<(), Error> {
.layer(FederationMiddleware::new(data));
let addr = SocketAddr::from(([127, 0, 0, 1], 3000));
let listener = tokio::net::TcpListener::bind(addr).await?;
tracing::debug!("listening on {}", addr);
axum::serve(listener, app.into_make_service()).await?;
axum::Server::bind(&addr)
.serve(app.into_make_service())
.await?;
Ok(())
}

2
docs/07_fetching_data.md
View file

@ -39,4 +39,4 @@ let user: DbUser = webfinger_resolve_actor("ruud@lemmy.world", &data).await?;
# }).unwrap();
```
Note that webfinger queries don't contain a leading `@`. It is possible that there are multiple Activitypub IDs returned for a single webfinger query in case of multiple actors with the same name (for example Lemmy permits group and person with the same name). In this case `webfinger_resolve_actor` automatically loops and returns the first item which can be dereferenced successfully to the given type.
Note that webfinger queries don't contain a leading `@`. It is possible tha there are multiple Activitypub IDs returned for a single webfinger query in case of multiple actors with the same name (for example Lemmy permits group and person with the same name). In this case `webfinger_resolve_actor` automatically loops and returns the first item which can be dereferenced successfully to the given type.

10
docs/08_receiving_activities.md
View file

@ -1,6 +1,6 @@
## Sending and receiving activities
Activitypub propagates actions across servers using `Activities`. For this each actor has an inbox and a public/private key pair. We already defined a `Person` actor with keypair. Whats left is to define an activity. This is similar to the way we defined `Person` and `Note` structs before. In this case we need to implement the [Activity](trait@crate::traits::Activity) trait.
Activitypub propagates actions across servers using `Activities`. For this each actor has an inbox and a public/private key pair. We already defined a `Person` actor with keypair. Whats left is to define an activity. This is similar to the way we defined `Person` and `Note` structs before. In this case we need to implement the [ActivityHandler](trait@crate::traits::ActivityHandler) trait.
```
# use serde::{Deserialize, Serialize};
@ -10,7 +10,7 @@ Activitypub propagates actions across servers using `Activities`. For this each
# use activitypub_federation::fetch::object_id::ObjectId;
# use activitypub_federation::traits::tests::{DbConnection, DbUser};
# use activitystreams_kinds::activity::FollowType;
# use activitypub_federation::traits::Activity;
# use activitypub_federation::traits::ActivityHandler;
# use activitypub_federation::config::Data;
# async fn send_accept() -> Result<(), Error> { Ok(()) }
@ -25,7 +25,7 @@ pub struct Follow {
}
#[async_trait]
impl Activity for Follow {
impl ActivityHandler for Follow {
type DataType = DbConnection;
type Error = Error;
@ -59,14 +59,14 @@ Next its time to setup the actual HTTP handler for the inbox. For this we first
# use activitypub_federation::axum::inbox::{ActivityData, receive_activity};
# use activitypub_federation::config::Data;
# use activitypub_federation::protocol::context::WithContext;
# use activitypub_federation::traits::Activity;
# use activitypub_federation::traits::ActivityHandler;
# use activitypub_federation::traits::tests::{DbConnection, DbUser, Follow};
# use serde::{Deserialize, Serialize};
# use url::Url;
#[derive(Deserialize, Serialize, Debug)]
#[serde(untagged)]
#[enum_delegate::implement(Activity)]
#[enum_delegate::implement(ActivityHandler)]
pub enum PersonAcceptedActivities {
Follow(Follow),
}

7
docs/10_fetching_objects_with_unknown_type.md
View file

@ -32,13 +32,6 @@ impl Object for SearchableDbObjects {
type Kind = SearchableObjects;
type Error = anyhow::Error;
fn id(&self) -> Url {
match self {
SearchableDbObjects::User(p) => p.federation_id.clone(),
SearchableDbObjects::Post(n) => n.federation_id.clone(),
}
}
async fn read_from_id(
object_id: Url,
data: &Data<Self::DataType>,

4
examples/live_federation/activities/create_post.rs
View file

@ -11,7 +11,7 @@ use activitypub_federation::{
fetch::object_id::ObjectId,
kinds::activity::CreateType,
protocol::{context::WithContext, helpers::deserialize_one_or_many},
traits::{Activity, Object},
traits::{ActivityHandler, Object},
};
use serde::{Deserialize, Serialize};
use url::Url;
@ -50,7 +50,7 @@ impl CreatePost {
}
#[async_trait::async_trait]
impl Activity for CreatePost {
impl ActivityHandler for CreatePost {
type DataType = DatabaseHandle;
type Error = crate::error::Error;

2
examples/live_federation/http.rs
View file

@ -14,11 +14,11 @@ use activitypub_federation::{
traits::Object,
};
use axum::{
debug_handler,
extract::{Path, Query},
response::{IntoResponse, Response},
Json,
};
use axum_macros::debug_handler;
use http::StatusCode;
use serde::Deserialize;

9
examples/live_federation/main.rs
View file

@ -55,8 +55,8 @@ async fn main() -> Result<(), Error> {
info!("Listen with HTTP server on {BIND_ADDRESS}");
let config = config.clone();
let app = Router::new()
.route("/{user}", get(http_get_user))
.route("/{user}/inbox", post(http_post_user_inbox))
.route("/:user", get(http_get_user))
.route("/:user/inbox", post(http_post_user_inbox))
.route("/.well-known/webfinger", get(webfinger))
.layer(FederationMiddleware::new(config));
@ -64,8 +64,9 @@ async fn main() -> Result<(), Error> {
.to_socket_addrs()?
.next()
.expect("Failed to lookup domain name");
let listener = tokio::net::TcpListener::bind(addr).await?;
axum::serve(listener, app.into_make_service()).await?;
axum::Server::bind(&addr)
.serve(app.into_make_service())
.await?;
Ok(())
}

12
examples/live_federation/objects/person.rs
View file

@ -5,7 +5,7 @@ use activitypub_federation::{
http_signatures::generate_actor_keypair,
kinds::actor::PersonType,
protocol::{public_key::PublicKey, verification::verify_domains_match},
traits::{Activity, Actor, Object},
traits::{ActivityHandler, Actor, Object},
};
use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};
@ -29,7 +29,7 @@ pub struct DbUser {
/// List of all activities which this actor can receive.
#[derive(Deserialize, Serialize, Debug)]
#[serde(untagged)]
#[enum_delegate::implement(Activity)]
#[enum_delegate::implement(ActivityHandler)]
pub enum PersonAcceptedActivities {
CreateNote(CreatePost),
}
@ -69,10 +69,6 @@ impl Object for DbUser {
type Kind = Person;
type Error = Error;
fn id(&self) -> Url {
self.ap_id.inner().clone()
}
fn last_refreshed_at(&self) -> Option<DateTime<Utc>> {
Some(self.last_refreshed_at)
}
@ -126,6 +122,10 @@ impl Object for DbUser {
}
impl Actor for DbUser {
fn id(&self) -> Url {
self.ap_id.inner().clone()
}
fn public_key_pem(&self) -> &str {
&self.public_key
}

4
examples/live_federation/objects/post.rs
View file

@ -50,10 +50,6 @@ impl Object for DbPost {
type Kind = Note;
type Error = Error;
fn id(&self) -> Url {
self.ap_id.inner().clone()
}
async fn read_from_id(
_object_id: Url,
_data: &Data<Self::DataType>,

4
examples/local_federation/activities/accept.rs
View file

@ -3,7 +3,7 @@ use activitypub_federation::{
config::Data,
fetch::object_id::ObjectId,
kinds::activity::AcceptType,
traits::Activity,
traits::ActivityHandler,
};
use serde::{Deserialize, Serialize};
use url::Url;
@ -30,7 +30,7 @@ impl Accept {
}
#[async_trait::async_trait]
impl Activity for Accept {
impl ActivityHandler for Accept {
type DataType = DatabaseHandle;
type Error = crate::error::Error;

4
examples/local_federation/activities/create_post.rs
View file

@ -8,7 +8,7 @@ use activitypub_federation::{
fetch::object_id::ObjectId,
kinds::activity::CreateType,
protocol::helpers::deserialize_one_or_many,
traits::{Activity, Object},
traits::{ActivityHandler, Object},
};
use serde::{Deserialize, Serialize};
use url::Url;
@ -38,7 +38,7 @@ impl CreatePost {
}
#[async_trait::async_trait]
impl Activity for CreatePost {
impl ActivityHandler for CreatePost {
type DataType = DatabaseHandle;
type Error = crate::error::Error;

4
examples/local_federation/activities/follow.rs
View file

@ -8,7 +8,7 @@ use activitypub_federation::{
config::Data,
fetch::object_id::ObjectId,
kinds::activity::FollowType,
traits::{Activity, Actor},
traits::{ActivityHandler, Actor},
};
use serde::{Deserialize, Serialize};
use url::Url;
@ -35,7 +35,7 @@ impl Follow {
}
#[async_trait::async_trait]
impl Activity for Follow {
impl ActivityHandler for Follow {
type DataType = DatabaseHandle;
type Error = crate::error::Error;

2
examples/local_federation/actix_web/http.rs
View file

@ -8,7 +8,7 @@ use activitypub_federation::{
config::{Data, FederationConfig, FederationMiddleware},
fetch::webfinger::{build_webfinger_response, extract_webfinger_name},
protocol::context::WithContext,
traits::Object,
traits::{Actor, Object},
FEDERATION_CONTENT_TYPE,
};
use actix_web::{web, web::Bytes, App, HttpRequest, HttpResponse, HttpServer};

16
examples/local_federation/axum/http.rs
View file

@ -14,13 +14,13 @@ use activitypub_federation::{
traits::Object,
};
use axum::{
debug_handler,
extract::{Path, Query},
response::IntoResponse,
routing::{get, post},
Json,
Router,
};
use axum_macros::debug_handler;
use serde::Deserialize;
use std::net::ToSocketAddrs;
use tracing::info;
@ -29,10 +29,9 @@ pub fn listen(config: &FederationConfig<DatabaseHandle>) -> Result<(), Error> {
let hostname = config.domain();
info!("Listening with axum on {hostname}");
let config = config.clone();
let app = Router::new()
.route("/{user}/inbox", post(http_post_user_inbox))
.route("/{user}", get(http_get_user))
.route("/:user/inbox", post(http_post_user_inbox))
.route("/:user", get(http_get_user))
.route("/.well-known/webfinger", get(webfinger))
.layer(FederationMiddleware::new(config));
@ -40,14 +39,9 @@ pub fn listen(config: &FederationConfig<DatabaseHandle>) -> Result<(), Error> {
.to_socket_addrs()?
.next()
.expect("Failed to lookup domain name");
let fut = async move {
let listener = tokio::net::TcpListener::bind(addr).await.unwrap();
axum::serve(listener, app.into_make_service())
.await
.unwrap();
};
let server = axum::Server::bind(&addr).serve(app.into_make_service());
tokio::spawn(fut);
tokio::spawn(server);
Ok(())
}

7
examples/local_federation/main.rs
View file

@ -7,7 +7,6 @@ use crate::{
};
use error::Error;
use std::{env::args, str::FromStr};
use tokio::try_join;
use tracing::log::{info, LevelFilter};
mod activities;
@ -35,10 +34,8 @@ async fn main() -> Result<(), Error> {
.map(|arg| Webserver::from_str(&arg).unwrap())
.unwrap_or(Webserver::Axum);
let (alpha, beta) = try_join!(
new_instance("localhost:8001", "alpha".to_string()),
new_instance("localhost:8002", "beta".to_string())
)?;
let alpha = new_instance("localhost:8001", "alpha".to_string()).await?;
let beta = new_instance("localhost:8002", "beta".to_string()).await?;
listen(&alpha, &webserver)?;
listen(&beta, &webserver)?;
info!("Local instances started");

20
examples/local_federation/objects/person.rs
View file

@ -13,7 +13,7 @@ use activitypub_federation::{
http_signatures::generate_actor_keypair,
kinds::actor::PersonType,
protocol::{context::WithContext, public_key::PublicKey, verification::verify_domains_match},
traits::{Activity, Actor, Object},
traits::{ActivityHandler, Actor, Object},
};
use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};
@ -37,7 +37,7 @@ pub struct DbUser {
/// List of all activities which this actor can receive.
#[derive(Deserialize, Serialize, Debug)]
#[serde(untagged)]
#[enum_delegate::implement(Activity)]
#[enum_delegate::implement(ActivityHandler)]
pub enum PersonAcceptedActivities {
Follow(Follow),
Accept(Accept),
@ -103,16 +103,16 @@ impl DbUser {
Ok(())
}
pub(crate) async fn send<A>(
pub(crate) async fn send<Activity>(
&self,
activity: A,
activity: Activity,
recipients: Vec<Url>,
use_queue: bool,
data: &Data<DatabaseHandle>,
) -> Result<(), Error>
where
A: Activity + Serialize + Debug + Send + Sync,
<A as Activity>::Error: From<anyhow::Error> + From<serde_json::Error>,
Activity: ActivityHandler + Serialize + Debug + Send + Sync,
<Activity as ActivityHandler>::Error: From<anyhow::Error> + From<serde_json::Error>,
{
let activity = WithContext::new_default(activity);
// Send through queue in some cases and bypass it in others to test both code paths
@ -134,10 +134,6 @@ impl Object for DbUser {
type Kind = Person;
type Error = Error;
fn id(&self) -> Url {
self.ap_id.inner().clone()
}
fn last_refreshed_at(&self) -> Option<DateTime<Utc>> {
Some(self.last_refreshed_at)
}
@ -191,6 +187,10 @@ impl Object for DbUser {
}
impl Actor for DbUser {
fn id(&self) -> Url {
self.ap_id.inner().clone()
}
fn public_key_pem(&self) -> &str {
&self.public_key
}

4
examples/local_federation/objects/post.rs
View file

@ -47,10 +47,6 @@ impl Object for DbPost {
type Kind = Note;
type Error = Error;
fn id(&self) -> Url {
self.ap_id.inner().clone()
}
async fn read_from_id(
object_id: Url,
data: &Data<Self::DataType>,

18
src/activity_queue.rs
View file

@ -6,7 +6,7 @@ use crate::{
activity_sending::{build_tasks, SendActivityTask},
config::Data,
error::Error,
traits::{Activity, Actor},
traits::{ActivityHandler, Actor},
};
use futures_core::Future;
@ -33,18 +33,18 @@ use url::Url;
///
/// - `activity`: The activity to be sent, gets converted to json
/// - `private_key`: Private key belonging to the actor who sends the activity, for signing HTTP
/// signature. Generated with [crate::http_signatures::generate_actor_keypair].
/// signature. Generated with [crate::http_signatures::generate_actor_keypair].
/// - `inboxes`: List of remote actor inboxes that should receive the activity. Ignores local actor
/// inboxes. Should be built by calling [crate::traits::Actor::shared_inbox_or_inbox]
/// for each target actor.
pub async fn queue_activity<A, Datatype, ActorType>(
activity: &A,
/// inboxes. Should be built by calling [crate::traits::Actor::shared_inbox_or_inbox]
/// for each target actor.
pub async fn queue_activity<Activity, Datatype, ActorType>(
activity: &Activity,
actor: &ActorType,
inboxes: Vec<Url>,
data: &Data<Datatype>,
) -> Result<(), Error>
where
A: Activity + Serialize + Debug,
Activity: ActivityHandler + Serialize + Debug,
Datatype: Clone,
ActorType: Actor,
{
@ -451,8 +451,8 @@ mod tests {
.route("/", post(dodgy_handler))
.with_state(state);
let listener = tokio::net::TcpListener::bind("0.0.0.0:8002").await.unwrap();
axum::serve(listener, app.into_make_service())
axum::Server::bind(&"0.0.0.0:8002".parse().unwrap())
.serve(app.into_make_service())
.await
.unwrap();
}

46
src/activity_sending.rs
View file

@ -7,7 +7,7 @@ use crate::{
error::Error,
http_signatures::sign_request,
reqwest_shim::ResponseExt,
traits::{Activity, Actor},
traits::{ActivityHandler, Actor},
FEDERATION_CONTENT_TYPE,
};
use bytes::Bytes;
@ -15,18 +15,18 @@ use futures::StreamExt;
use http::StatusCode;
use httpdate::fmt_http_date;
use itertools::Itertools;
use openssl::pkey::{PKey, Private};
use reqwest::{
header::{HeaderMap, HeaderName, HeaderValue},
Response,
};
use reqwest_middleware::ClientWithMiddleware;
use rsa::{pkcs8::DecodePrivateKey, RsaPrivateKey};
use serde::Serialize;
use std::{
fmt::{Debug, Display},
time::{Duration, Instant, SystemTime},
time::{Duration, SystemTime},
};
use tracing::{debug, warn};
use tracing::debug;
use url::Url;
#[derive(Clone, Debug)]
@ -37,7 +37,7 @@ pub struct SendActivityTask {
pub(crate) activity_id: Url,
pub(crate) activity: Bytes,
pub(crate) inbox: Url,
pub(crate) private_key: RsaPrivateKey,
pub(crate) private_key: PKey<Private>,
pub(crate) http_signature_compat: bool,
}
@ -52,16 +52,16 @@ impl SendActivityTask {
///
/// - `activity`: The activity to be sent, gets converted to json
/// - `inboxes`: List of remote actor inboxes that should receive the activity. Ignores local actor
/// inboxes. Should be built by calling [crate::traits::Actor::shared_inbox_or_inbox]
/// for each target actor.
pub async fn prepare<A, Datatype, ActorType>(
activity: &A,
/// inboxes. Should be built by calling [crate::traits::Actor::shared_inbox_or_inbox]
/// for each target actor.
pub async fn prepare<Activity, Datatype, ActorType>(
activity: &Activity,
actor: &ActorType,
inboxes: Vec<Url>,
data: &Data<Datatype>,
) -> Result<Vec<SendActivityTask>, Error>
where
A: Activity + Serialize + Debug,
Activity: ActivityHandler + Serialize + Debug,
Datatype: Clone,
ActorType: Actor,
{
@ -92,17 +92,7 @@ impl SendActivityTask {
self.http_signature_compat,
)
.await?;
// Send the activity, and log a warning if its too slow.
let now = Instant::now();
let response = client.execute(request).await?;
let elapsed = now.elapsed().as_secs();
if elapsed > 10 {
warn!(
"Sending activity {} to {} took {}s",
self.activity_id, self.inbox, elapsed
);
}
self.handle_response(response).await
}
@ -136,14 +126,14 @@ impl SendActivityTask {
}
}
pub(crate) async fn build_tasks<A, Datatype, ActorType>(
activity: &A,
pub(crate) async fn build_tasks<'a, Activity, Datatype, ActorType>(
activity: &'a Activity,
actor: &ActorType,
inboxes: Vec<Url>,
data: &Data<Datatype>,
) -> Result<Vec<SendActivityTask>, Error>
where
A: Activity + Serialize + Debug,
Activity: ActivityHandler + Serialize + Debug,
Datatype: Clone,
ActorType: Actor,
{
@ -182,7 +172,7 @@ where
pub(crate) async fn get_pkey_cached<ActorType>(
data: &Data<impl Clone>,
actor: &ActorType,
) -> Result<RsaPrivateKey, Error>
) -> Result<PKey<Private>, Error>
where
ActorType: Actor,
{
@ -199,13 +189,13 @@ where
// This is a mostly expensive blocking call, we don't want to tie up other tasks while this is happening
let pkey = tokio::task::spawn_blocking(move || {
RsaPrivateKey::from_pkcs8_pem(&private_key_pem).map_err(|err| {
PKey::private_key_from_pem(private_key_pem.as_bytes()).map_err(|err| {
Error::Other(format!("Could not create private key from PEM data:{err}"))
})
})
.await
.map_err(|err| Error::Other(format!("Error joining: {err}")))??;
std::result::Result::<RsaPrivateKey, Error>::Ok(pkey)
std::result::Result::<PKey<Private>, Error>::Ok(pkey)
})
.await
.map_err(|e| Error::Other(format!("cloned error: {e}")))
@ -261,8 +251,8 @@ mod tests {
.route("/", post(dodgy_handler))
.with_state(state);
let listener = tokio::net::TcpListener::bind("0.0.0.0:8001").await.unwrap();
axum::serve(listener, app.into_make_service())
axum::Server::bind(&"0.0.0.0:8001".parse().unwrap())
.serve(app.into_make_service())
.await
.unwrap();
}

30
src/actix_web/http_compat.rs
View file

@ -1,30 +0,0 @@
//! Remove these conversion helpers after actix-web upgrades to http 1.0
use std::str::FromStr;
pub fn header_value(v: &http02::HeaderValue) -> http::HeaderValue {
http::HeaderValue::from_bytes(v.as_bytes()).expect("can convert http types")
}
pub fn header_map<'a, H>(m: H) -> http::HeaderMap
where
H: IntoIterator<Item = (&'a http02::HeaderName, &'a http02::HeaderValue)>,
{
let mut new_map = http::HeaderMap::new();
for (n, v) in m {
new_map.insert(
http::HeaderName::from_lowercase(n.as_str().as_bytes())
.expect("can convert http types"),
header_value(v),
);
}
new_map
}
pub fn method(m: &http02::Method) -> http::Method {
http::Method::from_bytes(m.as_str().as_bytes()).expect("can convert http types")
}
pub fn uri(m: &http02::Uri) -> http::Uri {
http::Uri::from_str(&m.to_string()).expect("can convert http types")
}

155
src/actix_web/inbox.rs
View file

@ -1,12 +1,11 @@
//! Handles incoming activities, verifying HTTP signatures and other checks
use super::http_compat;
use crate::{
config::Data,
error::Error,
http_signatures::{verify_body_hash, verify_signature},
parse_received_activity,
traits::{Activity, Actor, Object},
traits::{ActivityHandler, Actor, Object},
};
use actix_web::{web::Bytes, HttpRequest, HttpResponse};
use serde::de::DeserializeOwned;
@ -14,104 +13,31 @@ use tracing::debug;
/// Handles incoming activities, verifying HTTP signatures and other checks
///
/// After successful validation, activities are passed to respective [trait@Activity].
pub async fn receive_activity<A, ActorT, Datatype>(
/// After successful validation, activities are passed to respective [trait@ActivityHandler].
pub async fn receive_activity<Activity, ActorT, Datatype>(
request: HttpRequest,
body: Bytes,
data: &Data<Datatype>,
) -> Result<HttpResponse, <A as Activity>::Error>
) -> Result<HttpResponse, <Activity as ActivityHandler>::Error>
where
A: Activity<DataType = Datatype> + DeserializeOwned + Send + 'static,
ActorT: Object<DataType = Datatype> + Actor + Send + Sync + 'static,
Activity: ActivityHandler<DataType = Datatype> + DeserializeOwned + Send + 'static,
ActorT: Object<DataType = Datatype> + Actor + Send + 'static,
for<'de2> <ActorT as Object>::Kind: serde::Deserialize<'de2>,
<A as Activity>::Error: From<Error> + From<<ActorT as Object>::Error>,
<Activity as ActivityHandler>::Error: From<Error> + From<<ActorT as Object>::Error>,
<ActorT as Object>::Error: From<Error>,
Datatype: Clone,
{
let (activity, _) = do_stuff::<A, ActorT, Datatype>(request, body, data).await?;
verify_body_hash(request.headers().get("Digest"), &body)?;
do_more_stuff(activity, data).await
}
let (activity, actor) = parse_received_activity::<Activity, ActorT, _>(&body, data).await?;
/// Workaround required so we can use references for the hook, instead of cloning data.
pub trait ReceiveActivityHook<A, ActorT, Datatype>
where
A: Activity<DataType = Datatype> + DeserializeOwned + Send + Clone + 'static,
ActorT: Object<DataType = Datatype> + Actor + Send + Clone + 'static,
for<'de2> <ActorT as Object>::Kind: serde::Deserialize<'de2>,
<A as Activity>::Error: From<Error> + From<<ActorT as Object>::Error>,
<ActorT as Object>::Error: From<Error>,
Datatype: Clone,
{
/// Called when a new activity is recived
fn hook(
self,
activity: &A,
actor: &ActorT,
data: &Data<Datatype>,
) -> impl std::future::Future<Output = Result<(), <A as Activity>::Error>>;
}
verify_signature(
request.headers(),
request.method(),
request.uri(),
actor.public_key_pem(),
)?;
/// Same as [receive_activity], only that it calls the provided hook function before
/// calling activity verify and receive functions.
pub async fn receive_activity_with_hook<A, ActorT, Datatype>(
request: HttpRequest,
body: Bytes,
hook: impl ReceiveActivityHook<A, ActorT, Datatype>,
data: &Data<Datatype>,
) -> Result<HttpResponse, <A as Activity>::Error>
where
A: Activity<DataType = Datatype> + DeserializeOwned + Send + Clone + 'static,
ActorT: Object<DataType = Datatype> + Actor + Send + Sync + Clone + 'static,
for<'de2> <ActorT as Object>::Kind: serde::Deserialize<'de2>,
<A as Activity>::Error: From<Error> + From<<ActorT as Object>::Error>,
<ActorT as Object>::Error: From<Error>,
Datatype: Clone,
{
let (activity, actor) = do_stuff::<A, ActorT, Datatype>(request, body, data).await?;
hook.hook(&activity, &actor, data).await?;
do_more_stuff(activity, data).await
}
async fn do_stuff<A, ActorT, Datatype>(
request: HttpRequest,
body: Bytes,
data: &Data<Datatype>,
) -> Result<(A, ActorT), <A as Activity>::Error>
where
A: Activity<DataType = Datatype> + DeserializeOwned + Send + 'static,
ActorT: Object<DataType = Datatype> + Actor + Send + Sync + 'static,
for<'de2> <ActorT as Object>::Kind: serde::Deserialize<'de2>,
<A as Activity>::Error: From<Error> + From<<ActorT as Object>::Error>,
<ActorT as Object>::Error: From<Error>,
Datatype: Clone,
{
let digest_header = request
.headers()
.get("Digest")
.map(http_compat::header_value);
verify_body_hash(digest_header.as_ref(), &body)?;
let (activity, actor) = parse_received_activity::<A, ActorT, _>(&body, data).await?;
let headers = http_compat::header_map(request.headers());
let method = http_compat::method(request.method());
let uri = http_compat::uri(request.uri());
verify_signature(&headers, &method, &uri, actor.public_key_pem())?;
Ok((activity, actor))
}
async fn do_more_stuff<A, Datatype>(
activity: A,
data: &Data<Datatype>,
) -> Result<HttpResponse, <A as Activity>::Error>
where
A: Activity<DataType = Datatype> + DeserializeOwned + Send + 'static,
Datatype: Clone,
{
debug!("Receiving activity {}", activity.id().to_string());
activity.verify(data).await?;
activity.receive(data).await?;
@ -135,49 +61,16 @@ mod test {
use serde_json::json;
use url::Url;
/// Remove this conversion helper after actix-web upgrades to http 1.0
fn header_pair(
p: (&http::HeaderName, &http::HeaderValue),
) -> (http02::HeaderName, http02::HeaderValue) {
(
http02::HeaderName::from_lowercase(p.0.as_str().as_bytes()).unwrap(),
http02::HeaderValue::from_bytes(p.1.as_bytes()).unwrap(),
)
}
#[tokio::test]
async fn test_receive_activity_hook() {
async fn test_receive_activity() {
let (body, incoming_request, config) = setup_receive_test().await;
let res = receive_activity_with_hook::<Follow, DbUser, DbConnection>(
receive_activity::<Follow, DbUser, DbConnection>(
incoming_request.to_http_request(),
body,
Dummy,
&config.to_request_data(),
)
.await;
assert_eq!(res.err(), Some(Error::Other("test-error".to_string())));
}
struct Dummy;
impl<A, ActorT, Datatype> ReceiveActivityHook<A, ActorT, Datatype> for Dummy
where
A: Activity<DataType = Datatype> + DeserializeOwned + Send + Clone + 'static,
ActorT: Object<DataType = Datatype> + Actor + Send + Clone + 'static,
for<'de2> <ActorT as Object>::Kind: serde::Deserialize<'de2>,
<A as Activity>::Error: From<Error> + From<<ActorT as Object>::Error>,
<ActorT as Object>::Error: From<Error>,
Datatype: Clone,
{
async fn hook(
self,
_activity: &A,
_actor: &ActorT,
_data: &Data<Datatype>,
) -> Result<(), <A as Activity>::Error> {
// ensure that hook gets called by returning this value
Err(Error::Other("test-error".to_string()).into())
}
.await
.unwrap();
}
#[tokio::test]
@ -216,14 +109,14 @@ mod test {
let (_, _, config) = setup_receive_test().await;
let actor = Url::parse("http://ds9.lemmy.ml/u/lemmy_alpha").unwrap();
let activity_id = "http://localhost:123/1";
let id = "http://localhost:123/1";
let activity = json!({
"actor": actor.as_str(),
"to": ["https://www.w3.org/ns/activitystreams#Public"],
"object": "http://ds9.lemmy.ml/post/1",
"cc": ["http://enterprise.lemmy.ml/c/main"],
"type": "Delete",
"id": activity_id
"id": id
}
);
let body: Bytes = serde_json::to_vec(&activity).unwrap().into();
@ -238,8 +131,8 @@ mod test {
.await;
match res {
Err(Error::ParseReceivedActivity { err: _, id }) => {
assert_eq!(activity_id, id.expect("has url").as_str());
Err(Error::ParseReceivedActivity(_, url)) => {
assert_eq!(id, url.expect("has url").as_str());
}
_ => unreachable!(),
}
@ -262,7 +155,7 @@ mod test {
.unwrap();
let mut incoming_request = TestRequest::post().uri(outgoing_request.url().path());
for h in outgoing_request.headers() {
incoming_request = incoming_request.append_header(header_pair(h));
incoming_request = incoming_request.append_header(h);
}
incoming_request
}

15
src/actix_web/mod.rs
View file

@ -1,10 +1,8 @@
//! Utilities for using this library with actix-web framework
mod http_compat;
pub mod inbox;
#[doc(hidden)]
pub mod middleware;
pub mod response;
use crate::{
config::Data,
@ -23,18 +21,11 @@ pub async fn signing_actor<A>(
data: &Data<<A as Object>::DataType>,
) -> Result<A, <A as Object>::Error>
where
A: Object + Actor + Send + Sync,
A: Object + Actor,
<A as Object>::Error: From<Error>,
for<'de2> <A as Object>::Kind: Deserialize<'de2>,
{
let digest_header = request
.headers()
.get("Digest")
.map(http_compat::header_value);
verify_body_hash(digest_header.as_ref(), &body.unwrap_or_default())?;
verify_body_hash(request.headers().get("Digest"), &body.unwrap_or_default())?;
let headers = http_compat::header_map(request.headers());
let method = http_compat::method(request.method());
let uri = http_compat::uri(request.uri());
http_signatures::signing_actor(&headers, &method, &uri, data).await
http_signatures::signing_actor(request.headers(), request.method(), request.uri(), data).await
}

50
src/actix_web/response.rs
View file

@ -1,50 +0,0 @@
//! Generate HTTP responses for Activitypub ojects
use crate::{
protocol::{context::WithContext, tombstone::Tombstone},
FEDERATION_CONTENT_TYPE,
};
use actix_web::HttpResponse;
use http02::header::VARY;
use serde::Serialize;
use serde_json::Value;
use url::Url;
/// Generates HTTP response to serve the object for fetching from other instances.
///
/// If possible use [Object.http_response]
/// which also handles redirects for remote objects and deletions.
///
/// `federation_context` is the value of `@context`.
pub fn create_http_response<T: Serialize>(
data: T,
federation_context: &Value,
) -> Result<HttpResponse, serde_json::Error> {
let json = serde_json::to_string_pretty(&WithContext::new(data, federation_context.clone()))?;
Ok(HttpResponse::Ok()
.content_type(FEDERATION_CONTENT_TYPE)
.insert_header((VARY, "Accept"))
.body(json))
}
pub(crate) fn create_tombstone_response(
id: Url,
federation_context: &Value,
) -> Result<HttpResponse, serde_json::Error> {
let tombstone = Tombstone::new(id);
let json =
serde_json::to_string_pretty(&WithContext::new(tombstone, federation_context.clone()))?;
Ok(HttpResponse::Gone()
.content_type(FEDERATION_CONTENT_TYPE)
.status(actix_web::http::StatusCode::GONE)
.insert_header((VARY, "Accept"))
.body(json))
}
pub(crate) fn redirect_remote_object(url: &Url) -> HttpResponse {
let mut res = HttpResponse::PermanentRedirect();
res.insert_header((actix_web::http::header::LOCATION, url.as_str()));
res.finish()
}

46
src/axum/inbox.rs
View file

@ -7,10 +7,11 @@ use crate::{
error::Error,
http_signatures::verify_signature,
parse_received_activity,
traits::{Activity, Actor, Object},
traits::{ActivityHandler, Actor, Object},
};
use axum::{
body::Body,
async_trait,
body::{Bytes, HttpBody},
extract::FromRequest,
http::{Request, StatusCode},
response::{IntoResponse, Response},
@ -20,20 +21,20 @@ use serde::de::DeserializeOwned;
use tracing::debug;
/// Handles incoming activities, verifying HTTP signatures and other checks
pub async fn receive_activity<A, ActorT, Datatype>(
pub async fn receive_activity<Activity, ActorT, Datatype>(
activity_data: ActivityData,
data: &Data<Datatype>,
) -> Result<(), <A as Activity>::Error>
) -> Result<(), <Activity as ActivityHandler>::Error>
where
A: Activity<DataType = Datatype> + DeserializeOwned + Send + 'static,
ActorT: Object<DataType = Datatype> + Actor + Send + Sync + 'static,
Activity: ActivityHandler<DataType = Datatype> + DeserializeOwned + Send + 'static,
ActorT: Object<DataType = Datatype> + Actor + Send + 'static,
for<'de2> <ActorT as Object>::Kind: serde::Deserialize<'de2>,
<A as Activity>::Error: From<Error> + From<<ActorT as Object>::Error>,
<Activity as ActivityHandler>::Error: From<Error> + From<<ActorT as Object>::Error>,
<ActorT as Object>::Error: From<Error>,
Datatype: Clone,
{
let (activity, actor) =
parse_received_activity::<A, ActorT, _>(&activity_data.body, data).await?;
parse_received_activity::<Activity, ActorT, _>(&activity_data.body, data).await?;
verify_signature(
&activity_data.headers,
@ -57,38 +58,29 @@ pub struct ActivityData {
body: Vec<u8>,
}
impl<S> FromRequest<S> for ActivityData
#[async_trait]
impl<S, B> FromRequest<S, B> for ActivityData
where
Bytes: FromRequest<S, B>,
B: HttpBody + Send + 'static,
S: Send + Sync,
<B as HttpBody>::Error: std::fmt::Display,
<B as HttpBody>::Data: Send,
{
type Rejection = Response;
async fn from_request(req: Request<Body>, _state: &S) -> Result<Self, Self::Rejection> {
#[allow(unused_mut)]
let (mut parts, body) = req.into_parts();
// take the full URI to handle nested routers
// OriginalUri::from_request_parts has an Infallible error type
#[cfg(feature = "axum-original-uri")]
let uri = {
use axum::extract::{FromRequestParts, OriginalUri};
OriginalUri::from_request_parts(&mut parts, _state)
.await
.expect("infallible")
.0
};
#[cfg(not(feature = "axum-original-uri"))]
let uri = parts.uri;
async fn from_request(req: Request<B>, _state: &S) -> Result<Self, Self::Rejection> {
let (parts, body) = req.into_parts();
// this wont work if the body is an long running stream
let bytes = axum::body::to_bytes(body, usize::MAX)
let bytes = hyper::body::to_bytes(body)
.await
.map_err(|err| (StatusCode::INTERNAL_SERVER_ERROR, err.to_string()).into_response())?;
Ok(Self {
headers: parts.headers,
method: parts.method,
uri,
uri: parts.uri,
body: bytes.to_vec(),
})
}

3
src/axum/middleware.rs
View file

@ -1,5 +1,5 @@
use crate::config::{Data, FederationConfig, FederationMiddleware};
use axum::{body::Body, extract::FromRequestParts, http::Request, response::Response};
use axum::{async_trait, body::Body, extract::FromRequestParts, http::Request, response::Response};
use http::{request::Parts, StatusCode};
use std::task::{Context, Poll};
use tower::{Layer, Service};
@ -43,6 +43,7 @@ where
}
}
#[async_trait]
impl<S, T: Clone + 'static> FromRequestParts<S> for Data<T>
where
S: Send + Sync,

147
src/config.rs
View file

@ -17,27 +17,21 @@
use crate::{
activity_queue::{create_activity_queue, ActivityQueue},
error::Error,
http_signatures::sign_request,
protocol::verification::verify_domains_match,
traits::{Activity, Actor},
utils::validate_ip,
traits::{ActivityHandler, Actor},
};
use async_trait::async_trait;
use bytes::Bytes;
use derive_builder::Builder;
use dyn_clone::{clone_trait_object, DynClone};
use moka::future::Cache;
use regex::Regex;
use reqwest::{redirect::Policy, Client, Request};
use reqwest_middleware::{ClientWithMiddleware, RequestBuilder};
use rsa::{pkcs8::DecodePrivateKey, RsaPrivateKey};
use openssl::pkey::{PKey, Private};
use reqwest_middleware::ClientWithMiddleware;
use serde::de::DeserializeOwned;
use std::{
ops::Deref,
sync::{
atomic::{AtomicU32, Ordering},
Arc,
OnceLock,
},
time::Duration,
};
@ -57,14 +51,9 @@ pub struct FederationConfig<T: Clone> {
/// [crate::fetch::object_id::ObjectId] for more details.
#[builder(default = "20")]
pub(crate) http_fetch_limit: u32,
#[builder(default = "default_client()")]
/// HTTP client used for all outgoing requests. When passing a custom client here you should
/// also disable redirects and set timeouts.
///
/// Middleware can be used to add functionality like log tracing or retry of failed requests.
/// Redirects are disabled by default, because automatic redirect URLs can't be validated.
/// Instead a single redirect is handled manually. The default client sets a timeout of 10s
/// to avoid excessive resource usage when connecting to dead servers.
#[builder(default = "reqwest::Client::default().into()")]
/// HTTP client used for all outgoing requests. Middleware can be used to add functionality
/// like log tracing or retry of failed requests.
pub(crate) client: ClientWithMiddleware,
/// Run library in debug mode. This allows usage of http and localhost urls. It also sends
/// outgoing activities synchronously, not in background thread. This helps to make tests
@ -91,12 +80,12 @@ pub struct FederationConfig<T: Clone> {
/// This can be used to implement secure mode federation.
/// <https://docs.joinmastodon.org/spec/activitypub/#secure-mode>
#[builder(default = "None", setter(custom))]
pub(crate) signed_fetch_actor: Option<Arc<(Url, RsaPrivateKey)>>,
pub(crate) signed_fetch_actor: Option<Arc<(Url, PKey<Private>)>>,
#[builder(
default = "Cache::builder().max_capacity(10000).build()",
setter(custom)
)]
pub(crate) actor_pkey_cache: Cache<Url, RsaPrivateKey>,
pub(crate) actor_pkey_cache: Cache<Url, PKey<Private>>,
/// Queue for sending outgoing activities. Only optional to make builder work, its always
/// present once constructed.
#[builder(setter(skip))]
@ -113,20 +102,18 @@ pub struct FederationConfig<T: Clone> {
pub(crate) queue_retry_count: usize,
}
pub(crate) fn domain_regex() -> &'static Regex {
static DOMAIN_REGEX: OnceLock<Regex> = OnceLock::new();
DOMAIN_REGEX.get_or_init(|| Regex::new(r"^[a-zA-Z0-9.-]*$").expect("compile regex"))
}
impl<T: Clone> FederationConfig<T> {
/// Returns a new config builder with default values.
pub fn builder() -> FederationConfigBuilder<T> {
FederationConfigBuilder::default()
}
pub(crate) async fn verify_url_and_domain<A, Datatype>(&self, activity: &A) -> Result<(), Error>
pub(crate) async fn verify_url_and_domain<Activity, Datatype>(
&self,
activity: &Activity,
) -> Result<(), Error>
where
A: Activity<DataType = Datatype> + DeserializeOwned + Send + 'static,
Activity: ActivityHandler<DataType = Datatype> + DeserializeOwned + Send + 'static,
{
verify_domains_match(activity.id(), activity.actor())?;
self.verify_url_valid(activity.id()).await?;
@ -169,35 +156,17 @@ impl<T: Clone> FederationConfig<T> {
return Ok(());
}
let Some(domain) = url.domain() else {
if url.domain().is_none() {
return Err(Error::UrlVerificationError("Url must have a domain"));
};
if !domain_regex().is_match(domain) {
return Err(Error::UrlVerificationError("Invalid characters in domain"));
}
// Extra checks only for production mode
if !self.debug {
if url.port().is_some() {
return Err(Error::UrlVerificationError("Explicit port is not allowed"));
}
let allow_local = std::env::var("DANGER_FEDERATION_ALLOW_LOCAL_IP").is_ok();
if !allow_local && validate_ip(&url).await.is_err() {
return Err(Error::DomainResolveError(domain.to_string()));
}
if url.domain() == Some("localhost") && !self.debug {
return Err(Error::UrlVerificationError(
"Localhost is only allowed in debug mode",
));
}
// It is valid but uncommon for domains to end with `.` char. Drop this so it cant be used
// to bypass domain blocklist. Avoid cloning url in common case.
if domain.ends_with('.') {
let mut url = url.clone();
let domain = &domain[0..domain.len() - 1];
url.set_host(Some(domain))?;
self.url_verifier.verify(&url).await?;
} else {
self.url_verifier.verify(url).await?;
}
self.url_verifier.verify(url).await?;
Ok(())
}
@ -205,17 +174,11 @@ impl<T: Clone> FederationConfig<T> {
/// Returns true if the url refers to this instance. Handles hostnames like `localhost:8540` for
/// local debugging.
pub(crate) fn is_local_url(&self, url: &Url) -> bool {
match url.host_str() {
Some(domain) => {
let domain = if let Some(port) = url.port() {
format!("{}:{}", domain, port)
} else {
domain.to_string()
};
domain == self.domain
}
None => false,
let mut domain = url.host_str().expect("id has domain").to_string();
if let Some(port) = url.port() {
domain = format!("{}:{}", domain, port);
}
domain == self.domain
}
/// Returns the local domain
@ -231,9 +194,9 @@ impl<T: Clone> FederationConfigBuilder<T> {
.private_key_pem()
.expect("actor does not have a private key to sign with");
let private_key =
RsaPrivateKey::from_pkcs8_pem(&private_key_pem).expect("Could not decode PEM data");
self.signed_fetch_actor = Some(Some(Arc::new((actor.id().clone(), private_key))));
let private_key = PKey::private_key_from_pem(private_key_pem.as_bytes())
.expect("Could not decode PEM data");
self.signed_fetch_actor = Some(Some(Arc::new((actor.id(), private_key))));
self
}
@ -331,10 +294,9 @@ clone_trait_object!(UrlVerifier);
/// prevent denial of service attacks, where an attacker triggers fetching of recursive objects.
///
/// <https://www.w3.org/TR/activitypub/#security-recursive-objects>
#[derive(Clone)]
pub struct Data<T: Clone> {
pub(crate) config: FederationConfig<T>,
pub(crate) request_counter: RequestCounter,
pub(crate) request_counter: AtomicU32,
}
impl<T: Clone> Data<T> {
@ -357,35 +319,7 @@ impl<T: Clone> Data<T> {
}
/// Total number of outgoing HTTP requests made with this data.
pub fn request_count(&self) -> u32 {
self.request_counter.0.load(Ordering::Relaxed)
}
/// Add HTTP signature to arbitrary request
pub async fn sign_request(&self, req: RequestBuilder, body: Bytes) -> Result<Request, Error> {
let (actor_id, private_key_pem) =
self.config
.signed_fetch_actor
.as_deref()
.ok_or(Error::Other(
"config value signed_fetch_actor is none".to_string(),
))?;
sign_request(
req,
actor_id,
body,
private_key_pem.clone(),
self.config.http_signature_compat,
)
.await
}
/// Resolve domain of the url and throw error if it points to local/private IP.
pub async fn is_valid_ip(&self, url: &Url) -> Result<(), Error> {
if self.config.debug {
return Ok(());
}
validate_ip(url).await
self.request_counter.load(Ordering::Relaxed)
}
}
@ -397,16 +331,6 @@ impl<T: Clone> Deref for Data<T> {
}
}
/// Wrapper to implement `Clone`
#[derive(Default)]
pub(crate) struct RequestCounter(pub(crate) AtomicU32);
impl Clone for RequestCounter {
fn clone(&self) -> Self {
RequestCounter(self.0.load(Ordering::Relaxed).into())
}
}
/// Middleware for HTTP handlers which provides access to [Data]
#[derive(Clone)]
pub struct FederationMiddleware<T: Clone>(pub(crate) FederationConfig<T>);
@ -418,17 +342,6 @@ impl<T: Clone> FederationMiddleware<T> {
}
}
fn default_client() -> ClientWithMiddleware {
let timeout = Duration::from_secs(10);
Client::builder()
.redirect(Policy::none())
.timeout(timeout)
.connect_timeout(timeout)
.build()
.unwrap_or_else(|_| Client::default())
.into()
}
#[cfg(test)]
#[allow(clippy::unwrap_used)]
mod test {
@ -442,17 +355,13 @@ mod test {
.await
.unwrap()
}
#[tokio::test]
async fn test_url_is_local() -> Result<(), Error> {
let config = config().await;
assert!(config.is_local_url(&Url::parse("http://example.com")?));
assert!(!config.is_local_url(&Url::parse("http://other.com")?));
// ensure that missing domain doesnt cause crash
assert!(!config.is_local_url(&Url::parse("http://127.0.0.1")?));
Ok(())
}
#[tokio::test]
async fn test_get_domain() {
let config = config().await;

36
src/error.rs
View file

@ -2,10 +2,7 @@
use crate::fetch::webfinger::WebFingerError;
use http_signature_normalization_reqwest::SignError;
use rsa::{
errors::Error as RsaError,
pkcs8::{spki::Error as SpkiError, Error as Pkcs8Error},
};
use openssl::error::ErrorStack;
use std::string::FromUtf8Error;
use tokio::task::JoinError;
use url::Url;
@ -28,9 +25,6 @@ pub enum Error {
/// url verification error
#[error("URL failed verification: {0}")]
UrlVerificationError(&'static str),
/// Resolving domain points to local IP.
#[error("Resolving domain {0} points to local IP address. This may indicate an attacker attempting to access internal services. If intentional, you can ignore this error by setting DANGER_FEDERATION_ALLOW_LOCAL_IP=1")]
DomainResolveError(String),
/// Incoming activity has invalid digest for body
#[error("Incoming activity has invalid digest for body")]
ActivityBodyDigestInvalid,
@ -47,16 +41,11 @@ pub enum Error {
#[error("Failed to parse object {1} with content {2}: {0}")]
ParseFetchedObject(serde_json::Error, Url, String),
/// Failed to parse an activity received from another instance
#[error("Failed to parse incoming activity {}: {0}", match .id {
#[error("Failed to parse incoming activity {}: {0}", match .1 {
Some(t) => format!("with id {t}"),
None => String::new(),
})]
ParseReceivedActivity {
/// The parse error
err: serde_json::Error,
/// ID of the Activitypub object which caused this error
id: Option<Url>,
},
ParseReceivedActivity(serde_json::Error, Option<Url>),
/// Reqwest Middleware Error
#[error(transparent)]
ReqwestMiddleware(#[from] reqwest_middleware::Error),
@ -86,28 +75,13 @@ pub enum Error {
/// Attempted to fetch object but the response's id field doesn't match
#[error("Attempted to fetch object from {0} but the response's id field doesn't match")]
FetchWrongId(Url),
/// I/O error from OS
#[error(transparent)]
IoError(#[from] std::io::Error),
/// Other generic errors
#[error("{0}")]
Other(String),
}
impl From<RsaError> for Error {
fn from(value: RsaError) -> Self {
Error::Other(value.to_string())
}
}
impl From<Pkcs8Error> for Error {
fn from(value: Pkcs8Error) -> Self {
Error::Other(value.to_string())
}
}
impl From<SpkiError> for Error {
fn from(value: SpkiError) -> Self {
impl From<ErrorStack> for Error {
fn from(value: ErrorStack) -> Self {
Error::Other(value.to_string())
}
}

89
src/fetch/collection_id.rs
View file

@ -102,3 +102,92 @@ where
self.0.eq(&other.0) && self.1 == other.1
}
}
#[cfg(feature = "diesel")]
const _IMPL_DIESEL_NEW_TYPE_FOR_COLLECTION_ID: () = {
use diesel::{
backend::Backend,
deserialize::{FromSql, FromStaticSqlRow},
expression::AsExpression,
internal::derives::as_expression::Bound,
pg::Pg,
query_builder::QueryId,
serialize,
serialize::{Output, ToSql},
sql_types::{HasSqlType, SingleValue, Text},
Expression,
Queryable,
};
// TODO: this impl only works for Postgres db because of to_string() call which requires reborrow
impl<Kind, ST> ToSql<ST, Pg> for CollectionId<Kind>
where
Kind: Collection,
for<'de2> <Kind as Collection>::Kind: Deserialize<'de2>,
String: ToSql<ST, Pg>,
{
fn to_sql<'b>(&'b self, out: &mut Output<'b, '_, Pg>) -> serialize::Result {
let v = self.0.to_string();
<String as ToSql<Text, Pg>>::to_sql(&v, &mut out.reborrow())
}
}
impl<'expr, Kind, ST> AsExpression<ST> for &'expr CollectionId<Kind>
where
Kind: Collection,
for<'de2> <Kind as Collection>::Kind: Deserialize<'de2>,
Bound<ST, String>: Expression<SqlType = ST>,
ST: SingleValue,
{
type Expression = Bound<ST, &'expr str>;
fn as_expression(self) -> Self::Expression {
Bound::new(self.0.as_str())
}
}
impl<Kind, ST> AsExpression<ST> for CollectionId<Kind>
where
Kind: Collection,
for<'de2> <Kind as Collection>::Kind: Deserialize<'de2>,
Bound<ST, String>: Expression<SqlType = ST>,
ST: SingleValue,
{
type Expression = Bound<ST, String>;
fn as_expression(self) -> Self::Expression {
Bound::new(self.0.to_string())
}
}
impl<Kind, ST, DB> FromSql<ST, DB> for CollectionId<Kind>
where
Kind: Collection + Send + 'static,
for<'de2> <Kind as Collection>::Kind: Deserialize<'de2>,
String: FromSql<ST, DB>,
DB: Backend,
DB: HasSqlType<ST>,
{
fn from_sql(
raw: DB::RawValue<'_>,
) -> Result<Self, Box<dyn ::std::error::Error + Send + Sync>> {
let string: String = FromSql::<ST, DB>::from_sql(raw)?;
Ok(CollectionId::parse(&string)?)
}
}
impl<Kind, ST, DB> Queryable<ST, DB> for CollectionId<Kind>
where
Kind: Collection + Send + 'static,
for<'de2> <Kind as Collection>::Kind: Deserialize<'de2>,
String: FromStaticSqlRow<ST, DB>,
DB: Backend,
DB: HasSqlType<ST>,
{
type Row = String;
fn build(row: Self::Row) -> diesel::deserialize::Result<Self> {
Ok(CollectionId::parse(&row)?)
}
}
impl<Kind> QueryId for CollectionId<Kind>
where
Kind: Collection + 'static,
for<'de2> <Kind as Collection>::Kind: Deserialize<'de2>,
{
type QueryId = Self;
}
};

84
src/fetch/mod.rs
View file

@ -11,7 +11,7 @@ use crate::{
FEDERATION_CONTENT_TYPE,
};
use bytes::Bytes;
use http::{header::LOCATION, HeaderValue, StatusCode};
use http::{HeaderValue, StatusCode};
use serde::de::DeserializeOwned;
use std::sync::atomic::Ordering;
use tracing::info;
@ -53,35 +53,24 @@ pub async fn fetch_object_http<T: Clone, Kind: DeserializeOwned>(
url: &Url,
data: &Data<T>,
) -> Result<FetchObjectResponse<Kind>, Error> {
static FETCH_CONTENT_TYPE: HeaderValue = HeaderValue::from_static(FEDERATION_CONTENT_TYPE);
const VALID_RESPONSE_CONTENT_TYPES: [&str; 3] = [
FEDERATION_CONTENT_TYPE, // lemmy
r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#, // activitypub standard
r#"application/activity+json; charset=utf-8"#, // mastodon
];
let res = fetch_object_http_with_accept(url, data, &FETCH_CONTENT_TYPE, false).await?;
static CONTENT_TYPE: HeaderValue = HeaderValue::from_static(FEDERATION_CONTENT_TYPE);
static ALT_CONTENT_TYPE: HeaderValue = HeaderValue::from_static(
r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#,
);
static ALT_CONTENT_TYPE_MASTODON: HeaderValue =
HeaderValue::from_static(r#"application/activity+json; charset=utf-8"#);
let res = fetch_object_http_with_accept(url, data, &CONTENT_TYPE).await?;
// Ensure correct content-type to prevent vulnerabilities, with case insensitive comparison.
let content_type = res
.content_type
.as_ref()
.and_then(|c| Some(c.to_str().ok()?.to_lowercase()))
.ok_or(Error::FetchInvalidContentType(res.url.clone()))?;
if !VALID_RESPONSE_CONTENT_TYPES.contains(&content_type.as_str()) {
// Ensure correct content-type to prevent vulnerabilities.
if res.content_type.as_ref() != Some(&CONTENT_TYPE)
&& res.content_type.as_ref() != Some(&ALT_CONTENT_TYPE)
&& res.content_type.as_ref() != Some(&ALT_CONTENT_TYPE_MASTODON)
{
return Err(Error::FetchInvalidContentType(res.url));
}
// Ensure id field matches final url after redirect
if res.object_id.as_ref() != Some(&res.url) {
if let Some(res_object_id) = res.object_id {
data.config.verify_url_valid(&res_object_id).await?;
// If id is different but still on the same domain, attempt to request object
// again from url in id field.
if res_object_id.domain() == res.url.domain() {
return Box::pin(fetch_object_http(&res_object_id, data)).await;
}
}
// Failed to fetch the object from its specified id
return Err(Error::FetchWrongId(res.url));
}
@ -100,13 +89,12 @@ async fn fetch_object_http_with_accept<T: Clone, Kind: DeserializeOwned>(
url: &Url,
data: &Data<T>,
content_type: &HeaderValue,
recursive: bool,
) -> Result<FetchObjectResponse<Kind>, Error> {
let config = &data.config;
config.verify_url_valid(url).await?;
info!("Fetching remote object {}", url.to_string());
let mut counter = data.request_counter.0.fetch_add(1, Ordering::SeqCst);
let mut counter = data.request_counter.fetch_add(1, Ordering::SeqCst);
// fetch_add returns old value so we need to increment manually here
counter += 1;
if counter > config.http_fetch_limit {
@ -133,19 +121,6 @@ async fn fetch_object_http_with_accept<T: Clone, Kind: DeserializeOwned>(
req.send().await?
};
// Allow a single redirect using recursion. Further redirects are ignored.
let location = res.headers().get(LOCATION).and_then(|l| l.to_str().ok());
if let (Some(location), false) = (location, recursive) {
let location = location.parse()?;
return Box::pin(fetch_object_http_with_accept(
&location,
data,
content_type,
true,
))
.await;
}
if res.status() == StatusCode::GONE {
return Err(Error::ObjectDeleted(url.clone()));
}
@ -169,34 +144,3 @@ async fn fetch_object_http_with_accept<T: Clone, Kind: DeserializeOwned>(
)),
}
}
#[cfg(test)]
#[allow(clippy::unwrap_used)]
mod tests {
use super::*;
use crate::{
config::FederationConfig,
traits::tests::{DbConnection, Person},
};
#[tokio::test]
async fn test_request_limit() -> Result<(), Error> {
let config = FederationConfig::builder()
.domain("example.com")
.app_data(DbConnection)
.http_fetch_limit(0)
.build()
.await
.unwrap();
let data = config.to_request_data();
let fetch_url = "https://example.net/".to_string();
let res: Result<FetchObjectResponse<Person>, Error> =
fetch_object_http(&Url::parse(&fetch_url).map_err(Error::UrlParse)?, &data).await;
assert_eq!(res.err(), Some(Error::RequestLimit));
Ok(())
}
}

120
src/fetch/object_id.rs
View file

@ -10,7 +10,7 @@ use url::Url;
impl<T> FromStr for ObjectId<T>
where
T: Object + Send + Sync + Debug + 'static,
T: Object + Send + Debug + 'static,
for<'de2> <T as Object>::Kind: Deserialize<'de2>,
{
type Err = url::ParseError;
@ -61,7 +61,7 @@ where
impl<Kind> ObjectId<Kind>
where
Kind: Object + Send + Sync + Debug + 'static,
Kind: Object + Send + Debug + 'static,
for<'de2> <Kind as Object>::Kind: Deserialize<'de2>,
{
/// Construct a new objectid instance
@ -92,7 +92,7 @@ where
// object found in database
if let Some(object) = db_object {
if let Some(last_refreshed_at) = object.last_refreshed_at() {
let is_local = self.is_local(data);
let is_local = data.config.is_local_url(&self.0);
if !is_local && should_refetch_object(last_refreshed_at) {
// object is outdated and should be refetched
return self.dereference_from_http(data, Some(object)).await;
@ -120,7 +120,6 @@ where
.await
.map(|o| o.ok_or(Error::NotFound.into()))?
} else {
// Don't pass in any db object, otherwise it would be returned in case http fetch fails
self.dereference_from_http(data, None).await
}
}
@ -147,10 +146,6 @@ where
Object::read_from_id(*id, data).await
}
/// Fetch object from origin instance over HTTP, then verify and parse it.
///
/// Uses Box::pin to wrap futures to reduce stack size and avoid stack overflow when
/// when fetching objects recursively.
async fn dereference_from_http(
&self,
data: &Data<<Kind as Object>::DataType>,
@ -159,33 +154,20 @@ where
where
<Kind as Object>::Error: From<Error>,
{
let res = Box::pin(fetch_object_http(&self.0, data)).await;
let res = fetch_object_http(&self.0, data).await;
if let Err(Error::ObjectDeleted(url)) = res {
if let Some(db_object) = db_object {
db_object.delete(data).await?;
return Ok(db_object);
}
return Err(Error::ObjectDeleted(url).into());
}
// If fetch failed, return the existing object from local database
if let (Err(_), Some(db_object)) = (&res, db_object) {
return Ok(db_object);
}
let res = res?;
let redirect_url = &res.url;
// Prevent overwriting local object
if data.config.is_local_url(redirect_url) {
return self
.dereference_from_db(data)
.await?
.ok_or(Error::NotFound.into());
}
Box::pin(Kind::verify(&res.object, redirect_url, data)).await?;
Box::pin(Kind::from_json(res.object, data)).await
Kind::verify(&res.object, redirect_url, data).await?;
Kind::from_json(res.object, data).await
}
/// Returns true if the object's domain matches the one defined in [[FederationConfig.domain]].
@ -272,7 +254,95 @@ where
}
}
/// Internal only
#[cfg(feature = "diesel")]
const _IMPL_DIESEL_NEW_TYPE_FOR_OBJECT_ID: () = {
use diesel::{
backend::Backend,
deserialize::{FromSql, FromStaticSqlRow},
expression::AsExpression,
internal::derives::as_expression::Bound,
pg::Pg,
query_builder::QueryId,
serialize,
serialize::{Output, ToSql},
sql_types::{HasSqlType, SingleValue, Text},
Expression,
Queryable,
};
// TODO: this impl only works for Postgres db because of to_string() call which requires reborrow
impl<Kind, ST> ToSql<ST, Pg> for ObjectId<Kind>
where
Kind: Object,
for<'de2> <Kind as Object>::Kind: Deserialize<'de2>,
String: ToSql<ST, Pg>,
{
fn to_sql<'b>(&'b self, out: &mut Output<'b, '_, Pg>) -> serialize::Result {
let v = self.0.to_string();
<String as ToSql<Text, Pg>>::to_sql(&v, &mut out.reborrow())
}
}
impl<'expr, Kind, ST> AsExpression<ST> for &'expr ObjectId<Kind>
where
Kind: Object,
for<'de2> <Kind as Object>::Kind: Deserialize<'de2>,
Bound<ST, String>: Expression<SqlType = ST>,
ST: SingleValue,
{
type Expression = Bound<ST, &'expr str>;
fn as_expression(self) -> Self::Expression {
Bound::new(self.0.as_str())
}
}
impl<Kind, ST> AsExpression<ST> for ObjectId<Kind>
where
Kind: Object,
for<'de2> <Kind as Object>::Kind: Deserialize<'de2>,
Bound<ST, String>: Expression<SqlType = ST>,
ST: SingleValue,
{
type Expression = Bound<ST, String>;
fn as_expression(self) -> Self::Expression {
Bound::new(self.0.to_string())
}
}
impl<Kind, ST, DB> FromSql<ST, DB> for ObjectId<Kind>
where
Kind: Object + Send + 'static,
for<'de2> <Kind as Object>::Kind: Deserialize<'de2>,
String: FromSql<ST, DB>,
DB: Backend,
DB: HasSqlType<ST>,
{
fn from_sql(
raw: DB::RawValue<'_>,
) -> Result<Self, Box<dyn ::std::error::Error + Send + Sync>> {
let string: String = FromSql::<ST, DB>::from_sql(raw)?;
Ok(ObjectId::parse(&string)?)
}
}
impl<Kind, ST, DB> Queryable<ST, DB> for ObjectId<Kind>
where
Kind: Object + Send + 'static,
for<'de2> <Kind as Object>::Kind: Deserialize<'de2>,
String: FromStaticSqlRow<ST, DB>,
DB: Backend,
DB: HasSqlType<ST>,
{
type Row = String;
fn build(row: Self::Row) -> diesel::deserialize::Result<Self> {
Ok(ObjectId::parse(&row)?)
}
}
impl<Kind> QueryId for ObjectId<Kind>
where
Kind: Object + 'static,
for<'de2> <Kind as Object>::Kind: Deserialize<'de2>,
{
type QueryId = Self;
}
};
#[cfg(test)]
#[allow(clippy::unwrap_used)]
pub mod tests {

36
src/fetch/webfinger.rs
View file

@ -1,5 +1,5 @@
use crate::{
config::{domain_regex, Data},
config::Data,
error::Error,
fetch::{fetch_object_http_with_accept, object_id::ObjectId},
traits::{Actor, Object},
@ -7,9 +7,10 @@ use crate::{
};
use http::HeaderValue;
use itertools::Itertools;
use once_cell::sync::Lazy;
use regex::Regex;
use serde::{Deserialize, Serialize};
use std::{collections::HashMap, fmt::Display, sync::LazyLock};
use std::{collections::HashMap, fmt::Display};
use tracing::debug;
use url::Url;
@ -45,7 +46,7 @@ pub async fn webfinger_resolve_actor<T: Clone, Kind>(
data: &Data<T>,
) -> Result<Kind, <Kind as Object>::Error>
where
Kind: Object + Actor + Send + Sync + 'static + Object<DataType = T>,
Kind: Object + Actor + Send + 'static + Object<DataType = T>,
for<'de2> <Kind as Object>::Kind: serde::Deserialize<'de2>,
<Kind as Object>::Error: From<crate::error::Error> + Send + Sync + Display,
{
@ -53,31 +54,21 @@ where
.splitn(2, '@')
.collect_tuple()
.ok_or(WebFingerError::WrongFormat.into_crate_error())?;
// For production mode make sure that domain doesnt contain any port or path.
if !data.config.debug && !domain_regex().is_match(domain) {
return Err(Error::UrlVerificationError("Invalid characters in domain").into());
}
let protocol = if data.config.debug { "http" } else { "https" };
let fetch_url =
format!("{protocol}://{domain}/.well-known/webfinger?resource=acct:{identifier}");
debug!("Fetching webfinger url: {}", &fetch_url);
let res = fetch_object_http_with_accept::<_, Webfinger>(
let res: Webfinger = fetch_object_http_with_accept(
&Url::parse(&fetch_url).map_err(Error::UrlParse)?,
data,
&WEBFINGER_CONTENT_TYPE,
false,
)
.await?;
if res.url.as_str() != fetch_url {
data.config.verify_url_valid(&res.url).await?;
}
.await?
.object;
debug_assert_eq!(res.object.subject, format!("acct:{identifier}"));
debug_assert_eq!(res.subject, format!("acct:{identifier}"));
let links: Vec<Url> = res
.object
.links
.iter()
.filter(|link| {
@ -88,7 +79,6 @@ where
}
})
.filter_map(|l| l.href.clone())
.rev()
.collect();
for l in links {
@ -130,8 +120,8 @@ pub fn extract_webfinger_name<'i, T>(query: &'i str, data: &Data<T>) -> Result<&
where
T: Clone,
{
static WEBFINGER_REGEX: LazyLock<Regex> =
LazyLock::new(|| Regex::new(r"^acct:([\p{L}0-9_\.\-]+)@(.*)$").expect("compile regex"));
static WEBFINGER_REGEX: Lazy<Regex> =
Lazy::new(|| Regex::new(r"^acct:([\p{L}0-9_\.\-]+)@(.*)$").expect("compile regex"));
// Regex to extract usernames from webfinger query. Supports different alphabets using `\p{L}`.
// TODO: This should use a URL parser
let captures = WEBFINGER_REGEX
@ -223,7 +213,7 @@ pub fn build_webfinger_response_with_type(
}
/// A webfinger response with information about a `Person` or other type of actor.
#[derive(Serialize, Deserialize, Debug, Default, PartialEq)]
#[derive(Serialize, Deserialize, Debug, Default)]
pub struct Webfinger {
/// The actor which is described here, for example `acct:LemmyDev@mastodon.social`
pub subject: String,
@ -238,7 +228,7 @@ pub struct Webfinger {
}
/// A single link included as part of a [Webfinger] response.
#[derive(Serialize, Deserialize, Debug, Default, PartialEq)]
#[derive(Serialize, Deserialize, Debug, Default)]
pub struct WebfingerLink {
/// Relationship of the link, such as `self` or `http://webfinger.net/rel/profile-page`
pub rel: Option<String>,
@ -274,6 +264,8 @@ mod tests {
let data = config.to_request_data();
webfinger_resolve_actor::<DbConnection, DbUser>("LemmyDev@mastodon.social", &data).await?;
// poa.st is as of 2023-07-14 the largest Pleroma instance
webfinger_resolve_actor::<DbConnection, DbUser>("graf@poa.st", &data).await?;
Ok(())
}

105
src/http_signatures.rs
View file

@ -19,17 +19,18 @@ use http_signature_normalization_reqwest::{
prelude::{Config, SignExt},
DefaultSpawner,
};
use once_cell::sync::Lazy;
use openssl::{
hash::MessageDigest,
pkey::{PKey, Private},
rsa::Rsa,
sign::{Signer, Verifier},
};
use reqwest::Request;
use reqwest_middleware::RequestBuilder;
use rsa::{
pkcs8::{DecodePublicKey, EncodePrivateKey, EncodePublicKey, LineEnding},
Pkcs1v15Sign,
RsaPrivateKey,
RsaPublicKey,
};
use serde::Deserialize;
use sha2::{Digest, Sha256};
use std::{collections::BTreeMap, fmt::Debug, sync::LazyLock, time::Duration};
use std::{collections::BTreeMap, fmt::Debug, io::ErrorKind, time::Duration};
use tracing::debug;
use url::Url;
@ -45,27 +46,27 @@ pub struct Keypair {
impl Keypair {
/// Helper method to turn this into an openssl private key
#[cfg(test)]
pub(crate) fn private_key(&self) -> Result<RsaPrivateKey, anyhow::Error> {
use rsa::pkcs8::DecodePrivateKey;
Ok(RsaPrivateKey::from_pkcs8_pem(&self.private_key)?)
pub(crate) fn private_key(&self) -> Result<PKey<Private>, anyhow::Error> {
Ok(PKey::private_key_from_pem(self.private_key.as_bytes())?)
}
}
/// Generate a random asymmetric keypair for ActivityPub HTTP signatures.
///
/// Note that this method is very slow in debug mode. To make it faster, follow
/// instructions in the RSA crate's readme.
/// <https://github.com/RustCrypto/RSA/blob/master/README.md>
pub fn generate_actor_keypair() -> Result<Keypair, Error> {
let mut rng = rand::thread_rng();
let rsa = RsaPrivateKey::new(&mut rng, 2048)?;
let pkey = RsaPublicKey::from(&rsa);
let public_key = pkey.to_public_key_pem(LineEnding::default())?;
let private_key = rsa.to_pkcs8_pem(LineEnding::default())?.to_string();
pub fn generate_actor_keypair() -> Result<Keypair, std::io::Error> {
let rsa = Rsa::generate(2048)?;
let pkey = PKey::from_rsa(rsa)?;
let public_key = pkey.public_key_to_pem()?;
let private_key = pkey.private_key_to_pem_pkcs8()?;
let key_to_string = |key| match String::from_utf8(key) {
Ok(s) => Ok(s),
Err(e) => Err(std::io::Error::new(
ErrorKind::Other,
format!("Failed converting key to string: {}", e),
)),
};
Ok(Keypair {
private_key,
public_key,
private_key: key_to_string(private_key)?,
public_key: key_to_string(public_key)?,
})
}
@ -82,12 +83,12 @@ pub(crate) async fn sign_request(
request_builder: RequestBuilder,
actor_id: &Url,
activity: Bytes,
private_key: RsaPrivateKey,
private_key: PKey<Private>,
http_signature_compat: bool,
) -> Result<Request, Error> {
static CONFIG: LazyLock<Config<DefaultSpawner>> =
LazyLock::new(|| Config::new().set_expiration(EXPIRES_AFTER));
static CONFIG_COMPAT: LazyLock<Config> = LazyLock::new(|| {
static CONFIG: Lazy<Config<DefaultSpawner>> =
Lazy::new(|| Config::new().set_expiration(EXPIRES_AFTER));
static CONFIG_COMPAT: Lazy<Config> = Lazy::new(|| {
Config::new()
.mastodon_compat()
.set_expiration(EXPIRES_AFTER)
@ -105,10 +106,10 @@ pub(crate) async fn sign_request(
Sha256::new(),
activity,
move |signing_string| {
Ok(Base64.encode(private_key.sign(
Pkcs1v15Sign::new::<Sha256>(),
&Sha256::digest(signing_string.as_bytes()),
)?)) as Result<_, Error>
let mut signer = Signer::new(MessageDigest::sha256(), &private_key)?;
signer.update(signing_string.as_bytes())?;
Ok(Base64.encode(signer.sign_to_vec()?)) as Result<_, Error>
},
)
.await
@ -149,7 +150,7 @@ pub(crate) async fn signing_actor<'a, A, H>(
data: &Data<<A as Object>::DataType>,
) -> Result<A, <A as Object>::Error>
where
A: Object + Actor + Send + Sync,
A: Object + Actor,
<A as Object>::Error: From<Error>,
for<'de2> <A as Object>::Kind: Deserialize<'de2>,
H: IntoIterator<Item = (&'a HeaderName, &'a HeaderValue)>,
@ -188,7 +189,7 @@ fn verify_signature_inner(
uri: &Uri,
public_key: &str,
) -> Result<(), Error> {
static CONFIG: LazyLock<http_signature_normalization::Config> = LazyLock::new(|| {
static CONFIG: Lazy<http_signature_normalization::Config> = Lazy::new(|| {
http_signature_normalization::Config::new()
.set_expiration(EXPIRES_AFTER)
.require_digest()
@ -204,19 +205,15 @@ fn verify_signature_inner(
"Verifying with key {}, message {}",
&public_key, &signing_string
);
let public_key = RsaPublicKey::from_public_key_pem(public_key)?;
let public_key = PKey::public_key_from_pem(public_key.as_bytes())?;
let mut verifier = Verifier::new(MessageDigest::sha256(), &public_key)?;
verifier.update(signing_string.as_bytes())?;
let base64_decoded = Base64
.decode(signature)
.map_err(|err| Error::Other(err.to_string()))?;
Ok(public_key
.verify(
Pkcs1v15Sign::new::<Sha256>(),
&Sha256::digest(signing_string.as_bytes()),
&base64_decoded,
)
.is_ok())
Ok(verifier.verify(&base64_decoded)?)
})?;
if verified {
@ -280,7 +277,6 @@ pub(crate) fn verify_body_hash(
Ok(())
}
/// Internal only
#[cfg(test)]
#[allow(clippy::unwrap_used)]
pub mod test {
@ -288,13 +284,11 @@ pub mod test {
use crate::activity_sending::generate_request_headers;
use reqwest::Client;
use reqwest_middleware::ClientWithMiddleware;
use rsa::{pkcs1::DecodeRsaPrivateKey, pkcs8::DecodePrivateKey};
use std::str::FromStr;
static ACTOR_ID: LazyLock<Url> =
LazyLock::new(|| Url::parse("https://example.com/u/alice").unwrap());
static INBOX_URL: LazyLock<Url> =
LazyLock::new(|| Url::parse("https://example.com/u/alice/inbox").unwrap());
static ACTOR_ID: Lazy<Url> = Lazy::new(|| Url::parse("https://example.com/u/alice").unwrap());
static INBOX_URL: Lazy<Url> =
Lazy::new(|| Url::parse("https://example.com/u/alice/inbox").unwrap());
#[tokio::test]
async fn test_sign() {
@ -312,7 +306,7 @@ pub mod test {
request_builder,
&ACTOR_ID,
"my activity".into(),
RsaPrivateKey::from_pkcs8_pem(&test_keypair().private_key).unwrap(),
PKey::private_key_from_pem(test_keypair().private_key.as_bytes()).unwrap(),
// set this to prevent created/expires headers to be generated and inserted
// automatically from current time
true,
@ -348,7 +342,7 @@ pub mod test {
request_builder,
&ACTOR_ID,
"my activity".to_string().into(),
RsaPrivateKey::from_pkcs8_pem(&test_keypair().private_key).unwrap(),
PKey::private_key_from_pem(test_keypair().private_key.as_bytes()).unwrap(),
false,
)
.await
@ -383,15 +377,14 @@ pub mod test {
assert_eq!(invalid, Err(Error::ActivityBodyDigestInvalid));
}
/// Internal only, return hardcoded keypair for testing
pub fn test_keypair() -> Keypair {
let rsa = RsaPrivateKey::from_pkcs1_pem(PRIVATE_KEY).unwrap();
let pkey = RsaPublicKey::from(&rsa);
let public_key = pkey.to_public_key_pem(LineEnding::default()).unwrap();
let private_key = rsa.to_pkcs8_pem(LineEnding::default()).unwrap().to_string();
let rsa = Rsa::private_key_from_pem(PRIVATE_KEY.as_bytes()).unwrap();
let pkey = PKey::from_rsa(rsa).unwrap();
let private_key = pkey.private_key_to_pem_pkcs8().unwrap();
let public_key = pkey.public_key_to_pem().unwrap();
Keypair {
private_key,
public_key,
private_key: String::from_utf8(private_key).unwrap(),
public_key: String::from_utf8(public_key).unwrap(),
}
}

17
src/lib.rs
View file

@ -23,13 +23,12 @@ pub mod http_signatures;
pub mod protocol;
pub(crate) mod reqwest_shim;
pub mod traits;
mod utils;
use crate::{
config::Data,
error::Error,
fetch::object_id::ObjectId,
traits::{Activity, Actor, Object},
traits::{ActivityHandler, Actor, Object},
};
pub use activitystreams_kinds as kinds;
@ -41,22 +40,22 @@ pub const FEDERATION_CONTENT_TYPE: &str = "application/activity+json";
/// Deserialize incoming inbox activity to the given type, perform basic
/// validation and extract the actor.
async fn parse_received_activity<A, ActorT, Datatype>(
async fn parse_received_activity<Activity, ActorT, Datatype>(
body: &[u8],
data: &Data<Datatype>,
) -> Result<(A, ActorT), <A as Activity>::Error>
) -> Result<(Activity, ActorT), <Activity as ActivityHandler>::Error>
where
A: Activity<DataType = Datatype> + DeserializeOwned + Send + 'static,
ActorT: Object<DataType = Datatype> + Actor + Send + Sync + 'static,
Activity: ActivityHandler<DataType = Datatype> + DeserializeOwned + Send + 'static,
ActorT: Object<DataType = Datatype> + Actor + Send + 'static,
for<'de2> <ActorT as Object>::Kind: serde::Deserialize<'de2>,
<A as Activity>::Error: From<Error> + From<<ActorT as Object>::Error>,
<Activity as ActivityHandler>::Error: From<Error> + From<<ActorT as Object>::Error>,
<ActorT as Object>::Error: From<Error>,
Datatype: Clone,
{
let activity: A = serde_json::from_slice(body).map_err(|err| {
let activity: Activity = serde_json::from_slice(body).map_err(|e| {
// Attempt to include activity id in error message
let id = extract_id(body).ok();
Error::ParseReceivedActivity { err, id }
Error::ParseReceivedActivity(e, id)
})?;
data.config.verify_url_and_domain(&activity).await?;
let actor = ObjectId::<ActorT>::from(activity.actor().clone())

10
src/protocol/context.rs
View file

@ -19,7 +19,7 @@
//! Ok::<(), serde_json::error::Error>(())
//! ```
use crate::{config::Data, traits::Activity};
use crate::{config::Data, traits::ActivityHandler};
use serde::{Deserialize, Serialize};
use serde_json::Value;
use url::Url;
@ -55,12 +55,12 @@ impl<T> WithContext<T> {
}
#[async_trait::async_trait]
impl<T> Activity for WithContext<T>
impl<T> ActivityHandler for WithContext<T>
where
T: Activity + Send + Sync,
T: ActivityHandler + Send + Sync,
{
type DataType = <T as Activity>::DataType;
type Error = <T as Activity>::Error;
type DataType = <T as ActivityHandler>::DataType;
type Error = <T as ActivityHandler>::Error;
fn id(&self) -> &Url {
self.inner.id()

141
src/protocol/helpers.rs
View file

@ -1,22 +1,13 @@
//! Serde deserialization functions which help to receive differently shaped data
use activitystreams_kinds::public;
use itertools::Itertools;
use serde::{de::Error, Deserialize, Deserializer};
use serde_json::Value;
use url::Url;
use serde::{Deserialize, Deserializer};
/// Deserialize JSON single value or array into `Vec<Url>`.
/// Deserialize JSON single value or array into Vec.
///
/// Useful if your application can handle multiple values for a field, but another federated
/// platform only sends a single one.
///
/// Also accepts common `Public` aliases for recipient fields. Some implementations send `Public`
/// or `as:Public` instead of the canonical `https://www.w3.org/ns/activitystreams#Public` URL
/// in fields such as `to` and `cc`.
///
/// ```
/// # use activitypub_federation::kinds::public;
/// # use activitypub_federation::protocol::helpers::deserialize_one_or_many;
/// # use url::Url;
/// #[derive(serde::Deserialize)]
@ -34,39 +25,24 @@ use url::Url;
/// "https://lemmy.ml/u/bob"
/// ]}"#)?;
/// assert_eq!(multiple.to.len(), 2);
///
/// let note: Note = serde_json::from_str(r#"{"to": ["Public", "as:Public"]}"#)?;
/// assert_eq!(note.to, vec![public()]);
/// # Ok::<(), anyhow::Error>(())
/// ```
pub fn deserialize_one_or_many<'de, D>(deserializer: D) -> Result<Vec<Url>, D::Error>
/// Ok::<(), anyhow::Error>(())
pub fn deserialize_one_or_many<'de, T, D>(deserializer: D) -> Result<Vec<T>, D::Error>
where
T: Deserialize<'de>,
D: Deserializer<'de>,
{
#[derive(Deserialize)]
#[serde(untagged)]
enum OneOrMany {
Many(Vec<Value>),
One(Value),
enum OneOrMany<T> {
One(T),
Many(Vec<T>),
}
let result: OneOrMany = Deserialize::deserialize(deserializer)?;
let values = match result {
let result: OneOrMany<T> = Deserialize::deserialize(deserializer)?;
Ok(match result {
OneOrMany::Many(list) => list,
OneOrMany::One(value) => vec![value],
OneOrMany::Many(values) => values,
};
values
.into_iter()
.map(|value| match value {
Value::String(value) if matches!(value.as_str(), "Public" | "as:Public") => {
Ok(public())
}
Value::String(value) => Url::parse(&value).map_err(D::Error::custom),
value => Url::deserialize(value).map_err(D::Error::custom),
})
.collect::<Result<Vec<_>, _>>()
.map(|values| values.into_iter().unique().collect())
})
}
/// Deserialize JSON single value or single element array into single value.
@ -140,35 +116,8 @@ where
Ok(inner)
}
/// Deserialize either single value or last item from an array into an optional field.
pub fn deserialize_last<'de, T, D>(deserializer: D) -> Result<Option<T>, D::Error>
where
T: Deserialize<'de>,
D: Deserializer<'de>,
{
#[derive(Deserialize)]
#[serde(untagged)]
enum MaybeArray<T> {
Simple(T),
Array(Vec<T>),
None,
}
let result = Deserialize::deserialize(deserializer)?;
Ok(match result {
MaybeArray::Simple(value) => Some(value),
MaybeArray::Array(value) => value.into_iter().last(),
MaybeArray::None => None,
})
}
#[cfg(test)]
mod tests {
use super::deserialize_one_or_many;
use activitystreams_kinds::public;
use anyhow::Result;
use serde::Deserialize;
#[test]
fn deserialize_one_multiple_values() {
use crate::protocol::helpers::deserialize_one;
@ -184,70 +133,4 @@ mod tests {
);
assert!(note.is_err());
}
#[test]
fn deserialize_one_or_many_single_public_aliases() -> Result<()> {
use url::Url;
#[derive(Deserialize)]
struct Note {
#[serde(deserialize_with = "deserialize_one_or_many")]
to: Vec<Url>,
}
for alias in ["Public", "as:Public"] {
let note = serde_json::from_str::<Note>(&format!(r#"{{"to": "{alias}"}}"#))?;
assert_eq!(note.to, vec![public()]);
}
Ok(())
}
#[test]
fn deserialize_one_or_many_array() -> Result<()> {
use url::Url;
#[derive(Deserialize)]
struct Note {
#[serde(deserialize_with = "deserialize_one_or_many")]
to: Vec<Url>,
}
let note = serde_json::from_str::<Note>(
r#"{
"to": [
"https://example.com/c/main",
"Public",
"as:Public",
"https://www.w3.org/ns/activitystreams#Public"
]
}"#,
)?;
assert_eq!(
note.to,
vec![Url::parse("https://example.com/c/main")?, public(),]
);
Ok(())
}
#[test]
fn deserialize_one_or_many_leaves_other_strings_unchanged() -> Result<()> {
use url::Url;
#[derive(Deserialize)]
struct Note {
#[serde(deserialize_with = "deserialize_one_or_many")]
to: Vec<Url>,
content: String,
}
let note = serde_json::from_str::<Note>(r#"{"to": "Public", "content": "Public"}"#)?;
assert_eq!(note.to, vec![public()]);
assert_eq!(note.content, "Public");
Ok(())
}
}

1
src/protocol/mod.rs
View file

@ -3,6 +3,5 @@
pub mod context;
pub mod helpers;
pub mod public_key;
pub mod tombstone;
pub mod values;
pub mod verification;

27
src/protocol/tombstone.rs
View file

@ -1,27 +0,0 @@
//! Tombstone is used to serve deleted objects
use crate::kinds::object::TombstoneType;
use serde::{Deserialize, Serialize};
use url::Url;
/// Represents a local object that was deleted
///
/// <https://www.w3.org/TR/activitystreams-vocabulary/#dfn-tombstone>
#[derive(Clone, Debug, Deserialize, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct Tombstone {
/// Id of the deleted object
pub id: Url,
#[serde(rename = "type")]
pub(crate) kind: TombstoneType,
}
impl Tombstone {
/// Create a new tombstone for the given object id
pub fn new(id: Url) -> Tombstone {
Tombstone {
id,
kind: TombstoneType::Tombstone,
}
}
}

38
src/protocol/verification.rs
View file

@ -1,7 +1,6 @@
//! Verify that received data is valid
use crate::{config::Data, error::Error, fetch::object_id::ObjectId, traits::Object};
use serde::Deserialize;
use crate::error::Error;
use url::Url;
/// Check that both urls have the same domain. If not, return UrlVerificationError.
@ -37,38 +36,3 @@ pub fn verify_urls_match(a: &Url, b: &Url) -> Result<(), Error> {
}
Ok(())
}
/// Check that the given ID doesn't match the local domain.
///
/// It is important to verify this to avoid local objects from being overwritten. In general
/// locally created objects should be considered authorative, while incoming federated data
/// is untrusted. Lack of such a check could allow an attacker to rewrite local posts. It could
/// also result in an `object.local` field being overwritten with `false` for local objects, resulting in invalid data.
///
/// ```
/// # use activitypub_federation::fetch::object_id::ObjectId;
/// # use activitypub_federation::config::FederationConfig;
/// # use activitypub_federation::protocol::verification::verify_is_remote_object;
/// # use activitypub_federation::traits::tests::{DbConnection, DbUser};
/// # tokio::runtime::Runtime::new().unwrap().block_on(async {
/// # let config = FederationConfig::builder().domain("example.com").app_data(DbConnection).build().await?;
/// # let data = config.to_request_data();
/// let id = ObjectId::<DbUser>::parse("https://remote.com/u/name")?;
/// assert!(verify_is_remote_object(&id, &data).is_ok());
/// # Ok::<(), anyhow::Error>(())
/// # }).unwrap();
/// ```
pub fn verify_is_remote_object<Kind, R: Clone>(
id: &ObjectId<Kind>,
data: &Data<<Kind as Object>::DataType>,
) -> Result<(), Error>
where
Kind: Object<DataType = R> + Send + Sync + 'static,
for<'de2> <Kind as Object>::Kind: Deserialize<'de2>,
{
if id.is_local(data) {
Err(Error::UrlVerificationError("Object is not remote"))
} else {
Ok(())
}
}

6
src/reqwest_shim.rs
View file

@ -10,8 +10,8 @@ use std::{
task::{Context, Poll},
};
/// 1 MB
const MAX_BODY_SIZE: usize = 1024 * 1024;
/// 200KB
const MAX_BODY_SIZE: usize = 204800;
pin_project! {
pub struct BytesFuture {
@ -66,7 +66,7 @@ impl Future for TextFuture {
/// Reqwest doesn't limit the response body size by default nor does it offer an option to configure one.
/// Since we have to fetch data from untrusted sources, not restricting the maximum size is a DoS hazard for us.
///
/// This shim reimplements the `bytes`, `json`, and `text` functions and restricts the bodies length.
/// This shim reimplements the `bytes`, `json`, and `text` functions and restricts the bodies to 100KB.
///
/// TODO: Remove this shim as soon as reqwest gets support for size-limited bodies.
pub trait ResponseExt {

269
src/traits/mod.rs → src/traits.rs
View file

@ -7,10 +7,6 @@ use serde::Deserialize;
use std::{fmt::Debug, ops::Deref};
use url::Url;
/// `Either` implementations for traits
pub mod either;
pub mod tests;
/// Helper for converting between database structs and federated protocol structs.
///
/// ```
@ -53,8 +49,6 @@ pub mod tests;
/// type Kind = Note;
/// type Error = anyhow::Error;
///
/// fn id(&self) -> Url { self.ap_id.inner().clone() }
///
/// async fn read_from_id(object_id: Url, data: &Data<Self::DataType>) -> Result<Option<Self>, Self::Error> {
/// // Attempt to read object from local database. Return Ok(None) if not found.
/// let post: Option<DbPost> = data.read_post_from_json_id(object_id).await?;
@ -109,9 +103,6 @@ pub trait Object: Sized + Debug {
/// Error type returned by handler methods
type Error;
/// `id` field of the object
fn id(&self) -> Url;
/// Returns the last time this object was updated.
///
/// If this returns `Some` and the value is too long ago, the object is refetched from the
@ -136,15 +127,10 @@ pub trait Object: Sized + Debug {
/// Mark remote object as deleted in local database.
///
/// Called when a `Delete` activity is received, or if fetch returns a `Tombstone` object.
async fn delete(&self, _data: &Data<Self::DataType>) -> Result<(), Self::Error> {
async fn delete(self, _data: &Data<Self::DataType>) -> Result<(), Self::Error> {
Ok(())
}
/// Returns true if the object was deleted
fn is_deleted(&self) -> bool {
false
}
/// Convert database type to Activitypub type.
///
/// Called when a local object gets fetched by another instance over HTTP, or when an object
@ -170,40 +156,6 @@ pub trait Object: Sized + Debug {
/// should write the received object to database. Note that there is no distinction between
/// create and update, so an `upsert` operation should be used.
async fn from_json(json: Self::Kind, data: &Data<Self::DataType>) -> Result<Self, Self::Error>;
/// Generates HTTP response to serve the object for fetching from other instances.
///
/// - If the object has a remote domain, sends a redirect to the original instance.
/// - If [Object.is_deleted] returns true, returns a [crate::protocol::tombstone::Tombstone] instead.
/// - Otherwise serves the object JSON using [Object.into_json] and pretty-print
///
/// `federation_context` is the value of `@context`.
#[cfg(feature = "actix-web")]
async fn http_response(
self,
federation_context: &serde_json::Value,
data: &Data<Self::DataType>,
) -> Result<actix_web::HttpResponse, Self::Error>
where
Self::Error: From<serde_json::Error>,
Self::Kind: serde::Serialize + Send,
{
use crate::actix_web::response::{
create_http_response,
create_tombstone_response,
redirect_remote_object,
};
let id = self.id();
let res = if !data.config.is_local_url(&id) {
redirect_remote_object(&id)
} else if !self.is_deleted() {
let json = self.into_json(data).await?;
create_http_response(json, federation_context)?
} else {
create_tombstone_response(id.clone(), federation_context)?
};
Ok(res)
}
}
/// Handler for receiving incoming activities.
@ -213,7 +165,7 @@ pub trait Object: Sized + Debug {
/// # use url::Url;
/// # use activitypub_federation::fetch::object_id::ObjectId;
/// # use activitypub_federation::config::Data;
/// # use activitypub_federation::traits::Activity;
/// # use activitypub_federation::traits::ActivityHandler;
/// # use activitypub_federation::traits::tests::{DbConnection, DbUser};
/// #[derive(serde::Deserialize)]
/// struct Follow {
@ -225,7 +177,7 @@ pub trait Object: Sized + Debug {
/// }
///
/// #[async_trait::async_trait]
/// impl Activity for Follow {
/// impl ActivityHandler for Follow {
/// type DataType = DbConnection;
/// type Error = anyhow::Error;
///
@ -251,7 +203,7 @@ pub trait Object: Sized + Debug {
/// ```
#[async_trait]
#[enum_delegate::register]
pub trait Activity {
pub trait ActivityHandler {
/// App data type passed to handlers. Must be identical to
/// [crate::config::FederationConfigBuilder::app_data] type.
type DataType: Clone + Send + Sync;
@ -279,6 +231,9 @@ pub trait Activity {
/// Trait to allow retrieving common Actor data.
pub trait Actor: Object + Send + 'static {
/// `id` field of the actor
fn id(&self) -> Url;
/// The actor's public key for verifying signatures of incoming activities.
///
/// Use [generate_actor_keypair](crate::http_signatures::generate_actor_keypair) to create the
@ -296,7 +251,7 @@ pub trait Actor: Object + Send + 'static {
/// Generates a public key struct for use in the actor json representation
fn public_key(&self) -> PublicKey {
PublicKey::new(self.id().clone(), self.public_key_pem().to_string())
PublicKey::new(self.id(), self.public_key_pem().to_string())
}
/// The actor's shared inbox, if any
@ -312,9 +267,9 @@ pub trait Actor: Object + Send + 'static {
/// Allow for boxing of enum variants
#[async_trait]
impl<T> Activity for Box<T>
impl<T> ActivityHandler for Box<T>
where
T: Activity + Send + Sync,
T: ActivityHandler + Send + Sync,
{
type DataType = T::DataType;
type Error = T::Error;
@ -376,3 +331,207 @@ pub trait Collection: Sized {
data: &Data<Self::DataType>,
) -> Result<Self, Self::Error>;
}
/// Some impls of these traits for use in tests. Dont use this from external crates.
///
/// TODO: Should be using `cfg[doctest]` but blocked by <https://github.com/rust-lang/rust/issues/67295>
#[doc(hidden)]
#[allow(clippy::unwrap_used)]
pub mod tests {
use super::*;
use crate::{
error::Error,
fetch::object_id::ObjectId,
http_signatures::{generate_actor_keypair, Keypair},
protocol::verification::verify_domains_match,
};
use activitystreams_kinds::{activity::FollowType, actor::PersonType};
use once_cell::sync::Lazy;
use serde::{Deserialize, Serialize};
#[derive(Clone)]
pub struct DbConnection;
impl DbConnection {
pub async fn read_post_from_json_id<T>(&self, _: Url) -> Result<Option<T>, Error> {
Ok(None)
}
pub async fn read_local_user(&self, _: &str) -> Result<DbUser, Error> {
todo!()
}
pub async fn upsert<T>(&self, _: &T) -> Result<(), Error> {
Ok(())
}
pub async fn add_follower(&self, _: DbUser, _: DbUser) -> Result<(), Error> {
Ok(())
}
}
#[derive(Clone, Debug, Deserialize, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct Person {
#[serde(rename = "type")]
pub kind: PersonType,
pub preferred_username: String,
pub id: ObjectId<DbUser>,
pub inbox: Url,
pub public_key: PublicKey,
}
#[derive(Debug, Clone)]
pub struct DbUser {
pub name: String,
pub federation_id: Url,
pub inbox: Url,
pub public_key: String,
#[allow(dead_code)]
private_key: Option<String>,
pub followers: Vec<Url>,
pub local: bool,
}
pub static DB_USER_KEYPAIR: Lazy<Keypair> = Lazy::new(|| generate_actor_keypair().unwrap());
pub static DB_USER: Lazy<DbUser> = Lazy::new(|| DbUser {
name: String::new(),
federation_id: "https://localhost/123".parse().unwrap(),
inbox: "https://localhost/123/inbox".parse().unwrap(),
public_key: DB_USER_KEYPAIR.public_key.clone(),
private_key: Some(DB_USER_KEYPAIR.private_key.clone()),
followers: vec![],
local: false,
});
#[async_trait]
impl Object for DbUser {
type DataType = DbConnection;
type Kind = Person;
type Error = Error;
async fn read_from_id(
_object_id: Url,
_data: &Data<Self::DataType>,
) -> Result<Option<Self>, Self::Error> {
Ok(Some(DB_USER.clone()))
}
async fn into_json(self, _data: &Data<Self::DataType>) -> Result<Self::Kind, Self::Error> {
Ok(Person {
preferred_username: self.name.clone(),
kind: Default::default(),
id: self.federation_id.clone().into(),
inbox: self.inbox.clone(),
public_key: self.public_key(),
})
}
async fn verify(
json: &Self::Kind,
expected_domain: &Url,
_data: &Data<Self::DataType>,
) -> Result<(), Self::Error> {
verify_domains_match(json.id.inner(), expected_domain)?;
Ok(())
}
async fn from_json(
json: Self::Kind,
_data: &Data<Self::DataType>,
) -> Result<Self, Self::Error> {
Ok(DbUser {
name: json.preferred_username,
federation_id: json.id.into(),
inbox: json.inbox,
public_key: json.public_key.public_key_pem,
private_key: None,
followers: vec![],
local: false,
})
}
}
impl Actor for DbUser {
fn id(&self) -> Url {
self.federation_id.clone()
}
fn public_key_pem(&self) -> &str {
&self.public_key
}
fn private_key_pem(&self) -> Option<String> {
self.private_key.clone()
}
fn inbox(&self) -> Url {
self.inbox.clone()
}
}
#[derive(Deserialize, Serialize, Clone, Debug)]
#[serde(rename_all = "camelCase")]
pub struct Follow {
pub actor: ObjectId<DbUser>,
pub object: ObjectId<DbUser>,
#[serde(rename = "type")]
pub kind: FollowType,
pub id: Url,
}
#[async_trait]
impl ActivityHandler for Follow {
type DataType = DbConnection;
type Error = Error;
fn id(&self) -> &Url {
&self.id
}
fn actor(&self) -> &Url {
self.actor.inner()
}
async fn verify(&self, _: &Data<Self::DataType>) -> Result<(), Self::Error> {
Ok(())
}
async fn receive(self, _data: &Data<Self::DataType>) -> Result<(), Self::Error> {
Ok(())
}
}
#[derive(Clone, Debug, Deserialize, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct Note {}
#[derive(Debug, Clone)]
pub struct DbPost {}
#[async_trait]
impl Object for DbPost {
type DataType = DbConnection;
type Kind = Note;
type Error = Error;
async fn read_from_id(
_: Url,
_: &Data<Self::DataType>,
) -> Result<Option<Self>, Self::Error> {
todo!()
}
async fn into_json(self, _: &Data<Self::DataType>) -> Result<Self::Kind, Self::Error> {
todo!()
}
async fn verify(
_: &Self::Kind,
_: &Url,
_: &Data<Self::DataType>,
) -> Result<(), Self::Error> {
todo!()
}
async fn from_json(_: Self::Kind, _: &Data<Self::DataType>) -> Result<Self, Self::Error> {
todo!()
}
}
}

133
src/traits/either.rs
View file

@ -1,133 +0,0 @@
use super::{Actor, Object};
use crate::{config::Data, error::Error};
use async_trait::async_trait;
use chrono::{DateTime, Utc};
use either::Either;
use serde::{Deserialize, Serialize};
use std::fmt::Debug;
use url::Url;
#[doc(hidden)]
#[derive(Serialize, Deserialize)]
#[serde(untagged)]
pub enum UntaggedEither<L, R> {
Left(L),
Right(R),
}
#[async_trait]
impl<T, R, E, D> Object for Either<T, R>
where
T: Object + Object<Error = E, DataType = D> + Send + Sync,
R: Object + Object<Error = E, DataType = D> + Send + Sync,
<T as Object>::Kind: Send + Sync,
<R as Object>::Kind: Send + Sync,
D: Sync + Send + Clone,
E: From<Error> + Debug,
{
type DataType = D;
type Kind = UntaggedEither<T::Kind, R::Kind>;
type Error = E;
/// `id` field of the object
fn id(&self) -> Url {
match self {
Either::Left(l) => l.id(),
Either::Right(r) => r.id(),
}
}
fn last_refreshed_at(&self) -> Option<DateTime<Utc>> {
match self {
Either::Left(l) => l.last_refreshed_at(),
Either::Right(r) => r.last_refreshed_at(),
}
}
async fn read_from_id(
object_id: Url,
data: &Data<Self::DataType>,
) -> Result<Option<Self>, Self::Error> {
let l = T::read_from_id(object_id.clone(), data).await?;
if let Some(l) = l {
return Ok(Some(Either::Left(l)));
}
let r = R::read_from_id(object_id.clone(), data).await?;
if let Some(r) = r {
return Ok(Some(Either::Right(r)));
}
Ok(None)
}
async fn delete(&self, data: &Data<Self::DataType>) -> Result<(), Self::Error> {
match self {
Either::Left(l) => l.delete(data).await,
Either::Right(r) => r.delete(data).await,
}
}
fn is_deleted(&self) -> bool {
match self {
Either::Left(l) => l.is_deleted(),
Either::Right(r) => r.is_deleted(),
}
}
async fn into_json(self, data: &Data<Self::DataType>) -> Result<Self::Kind, Self::Error> {
Ok(match self {
Either::Left(l) => UntaggedEither::Left(l.into_json(data).await?),
Either::Right(r) => UntaggedEither::Right(r.into_json(data).await?),
})
}
async fn verify(
json: &Self::Kind,
expected_domain: &Url,
data: &Data<Self::DataType>,
) -> Result<(), Self::Error> {
match json {
UntaggedEither::Left(l) => T::verify(l, expected_domain, data).await?,
UntaggedEither::Right(r) => R::verify(r, expected_domain, data).await?,
};
Ok(())
}
async fn from_json(json: Self::Kind, data: &Data<Self::DataType>) -> Result<Self, Self::Error> {
Ok(match json {
UntaggedEither::Left(l) => Either::Left(T::from_json(l, data).await?),
UntaggedEither::Right(r) => Either::Right(R::from_json(r, data).await?),
})
}
}
#[async_trait]
impl<T, R, E, D> Actor for Either<T, R>
where
T: Actor + Object + Object<Error = E, DataType = D> + Send + Sync + 'static,
R: Actor + Object + Object<Error = E, DataType = D> + Send + Sync + 'static,
<T as Object>::Kind: Send + Sync,
<R as Object>::Kind: Send + Sync,
D: Sync + Send + Clone,
E: From<Error> + Debug,
{
fn public_key_pem(&self) -> &str {
match self {
Either::Left(l) => l.public_key_pem(),
Either::Right(r) => r.public_key_pem(),
}
}
fn private_key_pem(&self) -> Option<String> {
match self {
Either::Left(l) => l.private_key_pem(),
Either::Right(r) => r.private_key_pem(),
}
}
fn inbox(&self) -> Url {
match self {
Either::Left(l) => l.inbox(),
Either::Right(r) => r.inbox(),
}
}
}

201
src/traits/tests.rs
View file

@ -1,201 +0,0 @@
#![doc(hidden)]
#![allow(clippy::unwrap_used)]
//! Some impls of these traits for use in tests. Dont use this from external crates.
//!
//! TODO: Should be using `cfg[doctest]` but blocked by <https://github.com/rust-lang/rust/issues/67295>
use super::{async_trait, Activity, Actor, Data, Debug, Object, PublicKey, Url};
use crate::{
error::Error,
fetch::object_id::ObjectId,
http_signatures::{generate_actor_keypair, Keypair},
protocol::verification::verify_domains_match,
};
use activitystreams_kinds::{activity::FollowType, actor::PersonType};
use serde::{Deserialize, Serialize};
use std::sync::LazyLock;
#[derive(Clone)]
pub struct DbConnection;
impl DbConnection {
pub async fn read_post_from_json_id<T>(&self, _: Url) -> Result<Option<T>, Error> {
Ok(None)
}
pub async fn read_local_user(&self, _: &str) -> Result<DbUser, Error> {
todo!()
}
pub async fn upsert<T>(&self, _: &T) -> Result<(), Error> {
Ok(())
}
pub async fn add_follower(&self, _: DbUser, _: DbUser) -> Result<(), Error> {
Ok(())
}
}
#[derive(Clone, Debug, Deserialize, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct Person {
#[serde(rename = "type")]
pub kind: PersonType,
pub preferred_username: String,
pub id: ObjectId<DbUser>,
pub inbox: Url,
pub public_key: PublicKey,
}
#[derive(Debug, Clone)]
pub struct DbUser {
pub name: String,
pub federation_id: Url,
pub inbox: Url,
pub public_key: String,
#[allow(dead_code)]
private_key: Option<String>,
pub followers: Vec<Url>,
pub local: bool,
}
pub static DB_USER_KEYPAIR: LazyLock<Keypair> = LazyLock::new(|| generate_actor_keypair().unwrap());
pub static DB_USER: LazyLock<DbUser> = LazyLock::new(|| DbUser {
name: String::new(),
federation_id: "https://localhost/123".parse().unwrap(),
inbox: "https://localhost/123/inbox".parse().unwrap(),
public_key: DB_USER_KEYPAIR.public_key.clone(),
private_key: Some(DB_USER_KEYPAIR.private_key.clone()),
followers: vec![],
local: false,
});
#[async_trait]
impl Object for DbUser {
type DataType = DbConnection;
type Kind = Person;
type Error = Error;
fn id(&self) -> Url {
self.federation_id.clone()
}
async fn read_from_id(
_object_id: Url,
_data: &Data<Self::DataType>,
) -> Result<Option<Self>, Self::Error> {
Ok(Some(DB_USER.clone()))
}
async fn into_json(self, _data: &Data<Self::DataType>) -> Result<Self::Kind, Self::Error> {
Ok(Person {
preferred_username: self.name.clone(),
kind: Default::default(),
id: self.federation_id.clone().into(),
inbox: self.inbox.clone(),
public_key: self.public_key(),
})
}
async fn verify(
json: &Self::Kind,
expected_domain: &Url,
_data: &Data<Self::DataType>,
) -> Result<(), Self::Error> {
verify_domains_match(json.id.inner(), expected_domain)?;
Ok(())
}
async fn from_json(
json: Self::Kind,
_data: &Data<Self::DataType>,
) -> Result<Self, Self::Error> {
Ok(DbUser {
name: json.preferred_username,
federation_id: json.id.into(),
inbox: json.inbox,
public_key: json.public_key.public_key_pem,
private_key: None,
followers: vec![],
local: false,
})
}
}
impl Actor for DbUser {
fn public_key_pem(&self) -> &str {
&self.public_key
}
fn private_key_pem(&self) -> Option<String> {
self.private_key.clone()
}
fn inbox(&self) -> Url {
self.inbox.clone()
}
}
#[derive(Deserialize, Serialize, Clone, Debug)]
#[serde(rename_all = "camelCase")]
pub struct Follow {
pub actor: ObjectId<DbUser>,
pub object: ObjectId<DbUser>,
#[serde(rename = "type")]
pub kind: FollowType,
pub id: Url,
}
#[async_trait]
impl Activity for Follow {
type DataType = DbConnection;
type Error = Error;
fn id(&self) -> &Url {
&self.id
}
fn actor(&self) -> &Url {
self.actor.inner()
}
async fn verify(&self, _: &Data<Self::DataType>) -> Result<(), Self::Error> {
Ok(())
}
async fn receive(self, _data: &Data<Self::DataType>) -> Result<(), Self::Error> {
Ok(())
}
}
#[derive(Clone, Debug, Deserialize, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct Note {}
#[derive(Debug, Clone)]
pub struct DbPost {
pub federation_id: Url,
}
#[async_trait]
impl Object for DbPost {
type DataType = DbConnection;
type Kind = Note;
type Error = Error;
fn id(&self) -> Url {
todo!()
}
async fn read_from_id(_: Url, _: &Data<Self::DataType>) -> Result<Option<Self>, Self::Error> {
todo!()
}
async fn into_json(self, _: &Data<Self::DataType>) -> Result<Self::Kind, Self::Error> {
todo!()
}
async fn verify(_: &Self::Kind, _: &Url, _: &Data<Self::DataType>) -> Result<(), Self::Error> {
todo!()
}
async fn from_json(_: Self::Kind, _: &Data<Self::DataType>) -> Result<Self, Self::Error> {
todo!()
}
}

78
src/utils.rs
View file

@ -1,78 +0,0 @@
use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
use crate::error::Error;
use tokio::net::lookup_host;
use url::{Host, Url};
// TODO: Use is_global() once stabilized
// https://doc.rust-lang.org/std/net/enum.IpAddr.html#method.is_global
pub(crate) async fn validate_ip(url: &Url) -> Result<(), Error> {
let mut ip = vec![];
let host = url
.host()
.ok_or(Error::UrlVerificationError("Url must have a domain"))?;
match host {
Host::Domain(domain) => ip.extend(
lookup_host((domain.to_owned(), 80))
.await?
.map(|s| s.ip().to_canonical()),
),
Host::Ipv4(ipv4) => ip.push(ipv4.into()),
Host::Ipv6(ipv6) => ip.push(ipv6.into()),
};
let invalid_ip = ip.into_iter().any(|addr| match addr {
IpAddr::V4(addr) => v4_is_invalid(addr),
IpAddr::V6(addr) => v6_is_invalid(addr),
});
if invalid_ip {
return Err(Error::DomainResolveError(host.to_string()));
}
Ok(())
}
fn v4_is_invalid(v4: Ipv4Addr) -> bool {
v4.is_private()
|| v4.is_loopback()
|| v4.is_link_local()
|| v4.is_multicast()
|| v4.is_documentation()
|| v4.is_unspecified()
|| v4.is_broadcast()
}
fn v6_is_invalid(v6: Ipv6Addr) -> bool {
v6.is_loopback()
|| v6.is_multicast()
|| v6.is_unique_local()
|| v6.is_unicast_link_local()
|| v6.is_unspecified()
|| v6_is_documentation(v6)
|| v6.to_ipv4_mapped().is_some_and(v4_is_invalid)
}
fn v6_is_documentation(v6: std::net::Ipv6Addr) -> bool {
matches!(
v6.segments(),
[0x2001, 0xdb8, ..] | [0x3fff, 0..=0x0fff, ..]
)
}
#[cfg(test)]
#[allow(clippy::unwrap_used)]
mod test {
use super::*;
#[tokio::test]
async fn test_is_valid_ip() -> Result<(), Error> {
assert!(validate_ip(&Url::parse("http://example.com")?)
.await
.is_ok());
assert!(validate_ip(&Url::parse("http://172.66.147.243")?)
.await
.is_ok());
assert!(validate_ip(&Url::parse("http://localhost")?).await.is_err());
assert!(validate_ip(&Url::parse("http://127.0.0.1")?).await.is_err());
Ok(())
}
}