gotosocial/internal/message/fediprocess.go

/*
   GoToSocial
   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org

   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU Affero General Public License as published by
   the Free Software Foundation, either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU Affero General Public License for more details.

   You should have received a copy of the GNU Affero General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

package message

import (
	"context"
	"fmt"
	"net/http"
	"net/url"

	"github.com/go-fed/activity/streams"
	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
	"github.com/superseriousbusiness/gotosocial/internal/db"
	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
	"github.com/superseriousbusiness/gotosocial/internal/util"
)

// authenticateAndDereferenceFediRequest authenticates the HTTP signature of an incoming federation request, using the given
// username to perform the validation. It will *also* dereference the originator of the request and return it as a gtsmodel account
// for further processing. NOTE that this function will have the side effect of putting the dereferenced account into the database,
// and passing it into the processor through a channel for further asynchronous processing.
func (p *processor) authenticateAndDereferenceFediRequest(username string, r *http.Request) (*gtsmodel.Account, error) {

	// first authenticate
	requestingAccountURI, err := p.federator.AuthenticateFederatedRequest(username, r)
	if err != nil {
		return nil, fmt.Errorf("couldn't authenticate request for username %s: %s", username, err)
	}

	// OK now we can do the dereferencing part
	// we might already have an entry for this account so check that first
	requestingAccount := &gtsmodel.Account{}

	err = p.db.GetWhere([]db.Where{{Key: "uri", Value: requestingAccountURI.String()}}, requestingAccount)
	if err == nil {
		// we do have it yay, return it
		return requestingAccount, nil
	}

	if _, ok := err.(db.ErrNoEntries); !ok {
		// something has actually gone wrong so bail
		return nil, fmt.Errorf("database error getting account with uri %s: %s", requestingAccountURI.String(), err)
	}

	// we just don't have an entry for this account yet
	// what we do now should depend on our chosen federation method
	// for now though, we'll just dereference it
	// TODO: slow-fed
	requestingPerson, err := p.federator.DereferenceRemoteAccount(username, requestingAccountURI)
	if err != nil {
		return nil, fmt.Errorf("couldn't dereference %s: %s", requestingAccountURI.String(), err)
	}

	// convert it to our internal account representation
	requestingAccount, err = p.tc.ASRepresentationToAccount(requestingPerson)
	if err != nil {
		return nil, fmt.Errorf("couldn't convert dereferenced uri %s to gtsmodel account: %s", requestingAccountURI.String(), err)
	}

	// shove it in the database for later
	if err := p.db.Put(requestingAccount); err != nil {
		return nil, fmt.Errorf("database error inserting account with uri %s: %s", requestingAccountURI.String(), err)
	}

	// put it in our channel to queue it for async processing
	p.FromFederator() <- gtsmodel.FromFederator{
		APObjectType:   gtsmodel.ActivityStreamsProfile,
		APActivityType: gtsmodel.ActivityStreamsCreate,
		GTSModel:       requestingAccount,
	}

	return requestingAccount, nil
}

func (p *processor) GetFediUser(requestedUsername string, request *http.Request) (interface{}, ErrorWithCode) {
	// get the account the request is referring to
	requestedAccount := &gtsmodel.Account{}
	if err := p.db.GetLocalAccountByUsername(requestedUsername, requestedAccount); err != nil {
		return nil, NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))
	}

	// authenticate the request
	requestingAccount, err := p.authenticateAndDereferenceFediRequest(requestedUsername, request)
	if err != nil {
		return nil, NewErrorNotAuthorized(err)
	}

	blocked, err := p.db.Blocked(requestedAccount.ID, requestingAccount.ID)
	if err != nil {
		return nil, NewErrorInternalError(err)
	}

	if blocked {
		return nil, NewErrorNotAuthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
	}

	requestedPerson, err := p.tc.AccountToAS(requestedAccount)
	if err != nil {
		return nil, NewErrorInternalError(err)
	}

	data, err := streams.Serialize(requestedPerson)
	if err != nil {
		return nil, NewErrorInternalError(err)
	}

	return data, nil
}

func (p *processor) GetFediFollowers(requestedUsername string, request *http.Request) (interface{}, ErrorWithCode) {
	// get the account the request is referring to
	requestedAccount := &gtsmodel.Account{}
	if err := p.db.GetLocalAccountByUsername(requestedUsername, requestedAccount); err != nil {
		return nil, NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))
	}

	// authenticate the request
	requestingAccount, err := p.authenticateAndDereferenceFediRequest(requestedUsername, request)
	if err != nil {
		return nil, NewErrorNotAuthorized(err)
	}

	blocked, err := p.db.Blocked(requestedAccount.ID, requestingAccount.ID)
	if err != nil {
		return nil, NewErrorInternalError(err)
	}

	if blocked {
		return nil, NewErrorNotAuthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
	}

	requestedAccountURI, err := url.Parse(requestedAccount.URI)
	if err != nil {
		return nil, NewErrorInternalError(fmt.Errorf("error parsing url %s: %s", requestedAccount.URI, err))
	}

	requestedFollowers, err := p.federator.FederatingDB().Followers(context.Background(), requestedAccountURI)
	if err != nil {
		return nil, NewErrorInternalError(fmt.Errorf("error fetching followers for uri %s: %s", requestedAccountURI.String(), err))
	}

	data, err := streams.Serialize(requestedFollowers)
	if err != nil {
		return nil, NewErrorInternalError(err)
	}

	return data, nil
}

func (p *processor) GetFediStatus(requestedUsername string, requestedStatusID string, request *http.Request) (interface{}, ErrorWithCode) {
		// get the account the request is referring to
		requestedAccount := &gtsmodel.Account{}
		if err := p.db.GetLocalAccountByUsername(requestedUsername, requestedAccount); err != nil {
			return nil, NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))
		}

		// authenticate the request
		requestingAccount, err := p.authenticateAndDereferenceFediRequest(requestedUsername, request)
		if err != nil {
			return nil, NewErrorNotAuthorized(err)
		}

		blocked, err := p.db.Blocked(requestedAccount.ID, requestingAccount.ID)
		if err != nil {
			return nil, NewErrorInternalError(err)
		}

		if blocked {
			return nil, NewErrorNotAuthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
		}

		s := &gtsmodel.Status{}
		if err := p.db.GetWhere([]db.Where{
			{Key: "id", Value: requestedStatusID},
			{Key: "account_id", Value: requestedAccount.ID},
		}, s); err != nil {
			return nil, NewErrorNotFound(fmt.Errorf("database error getting status with id %s and account id %s: %s", requestedStatusID, requestedAccount.ID, err))
		}

		asStatus, err := p.tc.StatusToAS(s)
		if err != nil {
			return nil, NewErrorInternalError(err)
		}

		data, err := streams.Serialize(asStatus)
		if err != nil {
			return nil, NewErrorInternalError(err)
		}

		return data, nil
}

func (p *processor) GetWebfingerAccount(requestedUsername string, request *http.Request) (*apimodel.WebfingerAccountResponse, ErrorWithCode) {
	// get the account the request is referring to
	requestedAccount := &gtsmodel.Account{}
	if err := p.db.GetLocalAccountByUsername(requestedUsername, requestedAccount); err != nil {
		return nil, NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))
	}

	// return the webfinger representation
	return &apimodel.WebfingerAccountResponse{
		Subject: fmt.Sprintf("acct:%s@%s", requestedAccount.Username, p.config.Host),
		Aliases: []string{
			requestedAccount.URI,
			requestedAccount.URL,
		},
		Links: []apimodel.WebfingerLink{
			{
				Rel:  "http://webfinger.net/rel/profile-page",
				Type: "text/html",
				Href: requestedAccount.URL,
			},
			{
				Rel:  "self",
				Type: "application/activity+json",
				Href: requestedAccount.URI,
			},
		},
	}, nil
}

func (p *processor) InboxPost(ctx context.Context, w http.ResponseWriter, r *http.Request) (bool, error) {
	contextWithChannel := context.WithValue(ctx, util.APFromFederatorChanKey, p.fromFederator)
	posted, err := p.federator.FederatingActor().PostInbox(contextWithChannel, w, r)
	return posted, err
}
Refine statuses (#26) Remote media is now dereferenced and attached properly to incoming federated statuses. Mentions are now dereferenced and attached properly to incoming federated statuses. Small fixes to status visibility. Allow URL params for filtering statuses: // ExcludeRepliesKey is for specifying whether to exclude replies in a list of returned statuses by an account. // PinnedKey is for specifying whether to include pinned statuses in a list of returned statuses by an account. // MaxIDKey is for specifying the maximum ID of the status to retrieve. // MediaOnlyKey is for specifying that only statuses with media should be returned in a list of returned statuses by an account. Add endpoint for fetching an account's statuses. 2021-05-17 18:06:58 +01:00			`/*`
			`GoToSocial`
			`Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org`

			`This program is free software: you can redistribute it and/or modify`
			`it under the terms of the GNU Affero General Public License as published by`
			`the Free Software Foundation, either version 3 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU Affero General Public License for more details.`

			`You should have received a copy of the GNU Affero General Public License`
			`along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 13:25:55 +01:00			`package message`

			`import (`
Inbox post (#22) Inbox POST from federated servers now working for statuses and follow requests. Follow request client API added. Start work on federating outgoing messages. Other fixes and changes/tidying up. 2021-05-15 10:58:11 +01:00			`"context"`
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 13:25:55 +01:00			`"fmt"`
			`"net/http"`
Follows and relationships (#27) * Follows -- create and undo, both remote and local * Statuses -- federate new posts, including media, attachments, CWs and image descriptions. 2021-05-21 14:48:26 +01:00			`"net/url"`
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 13:25:55 +01:00
			`"github.com/go-fed/activity/streams"`
Webfinger + Small fixes (#20) 2021-05-09 19:34:27 +01:00			`apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"`
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 13:25:55 +01:00			`"github.com/superseriousbusiness/gotosocial/internal/db"`
			`"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"`
Inbox post (#22) Inbox POST from federated servers now working for statuses and follow requests. Follow request client API added. Start work on federating outgoing messages. Other fixes and changes/tidying up. 2021-05-15 10:58:11 +01:00			`"github.com/superseriousbusiness/gotosocial/internal/util"`
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 13:25:55 +01:00			`)`

			`// authenticateAndDereferenceFediRequest authenticates the HTTP signature of an incoming federation request, using the given`
			`// username to perform the validation. It will also dereference the originator of the request and return it as a gtsmodel account`
			`// for further processing. NOTE that this function will have the side effect of putting the dereferenced account into the database,`
			`// and passing it into the processor through a channel for further asynchronous processing.`
			`func (p processor) authenticateAndDereferenceFediRequest(username string, r http.Request) (*gtsmodel.Account, error) {`

			`// first authenticate`
			`requestingAccountURI, err := p.federator.AuthenticateFederatedRequest(username, r)`
			`if err != nil {`
			`return nil, fmt.Errorf("couldn't authenticate request for username %s: %s", username, err)`
			`}`

			`// OK now we can do the dereferencing part`
			`// we might already have an entry for this account so check that first`
			`requestingAccount := &gtsmodel.Account{}`

Follows and relationships (#27) * Follows -- create and undo, both remote and local * Statuses -- federate new posts, including media, attachments, CWs and image descriptions. 2021-05-21 14:48:26 +01:00			`err = p.db.GetWhere([]db.Where{{Key: "uri", Value: requestingAccountURI.String()}}, requestingAccount)`
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 13:25:55 +01:00			`if err == nil {`
			`// we do have it yay, return it`
			`return requestingAccount, nil`
			`}`

			`if _, ok := err.(db.ErrNoEntries); !ok {`
			`// something has actually gone wrong so bail`
			`return nil, fmt.Errorf("database error getting account with uri %s: %s", requestingAccountURI.String(), err)`
			`}`

			`// we just don't have an entry for this account yet`
			`// what we do now should depend on our chosen federation method`
			`// for now though, we'll just dereference it`
			`// TODO: slow-fed`
			`requestingPerson, err := p.federator.DereferenceRemoteAccount(username, requestingAccountURI)`
			`if err != nil {`
			`return nil, fmt.Errorf("couldn't dereference %s: %s", requestingAccountURI.String(), err)`
			`}`

			`// convert it to our internal account representation`
			`requestingAccount, err = p.tc.ASRepresentationToAccount(requestingPerson)`
			`if err != nil {`
			`return nil, fmt.Errorf("couldn't convert dereferenced uri %s to gtsmodel account: %s", requestingAccountURI.String(), err)`
			`}`

			`// shove it in the database for later`
			`if err := p.db.Put(requestingAccount); err != nil {`
			`return nil, fmt.Errorf("database error inserting account with uri %s: %s", requestingAccountURI.String(), err)`
			`}`

			`// put it in our channel to queue it for async processing`
Refine statuses (#26) Remote media is now dereferenced and attached properly to incoming federated statuses. Mentions are now dereferenced and attached properly to incoming federated statuses. Small fixes to status visibility. Allow URL params for filtering statuses: // ExcludeRepliesKey is for specifying whether to exclude replies in a list of returned statuses by an account. // PinnedKey is for specifying whether to include pinned statuses in a list of returned statuses by an account. // MaxIDKey is for specifying the maximum ID of the status to retrieve. // MediaOnlyKey is for specifying that only statuses with media should be returned in a list of returned statuses by an account. Add endpoint for fetching an account's statuses. 2021-05-17 18:06:58 +01:00			`p.FromFederator() <- gtsmodel.FromFederator{`
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 13:25:55 +01:00			`APObjectType: gtsmodel.ActivityStreamsProfile,`
			`APActivityType: gtsmodel.ActivityStreamsCreate,`
Refine statuses (#26) Remote media is now dereferenced and attached properly to incoming federated statuses. Mentions are now dereferenced and attached properly to incoming federated statuses. Small fixes to status visibility. Allow URL params for filtering statuses: // ExcludeRepliesKey is for specifying whether to exclude replies in a list of returned statuses by an account. // PinnedKey is for specifying whether to include pinned statuses in a list of returned statuses by an account. // MaxIDKey is for specifying the maximum ID of the status to retrieve. // MediaOnlyKey is for specifying that only statuses with media should be returned in a list of returned statuses by an account. Add endpoint for fetching an account's statuses. 2021-05-17 18:06:58 +01:00			`GTSModel: requestingAccount,`
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 13:25:55 +01:00			`}`

			`return requestingAccount, nil`
			`}`

			`func (p processor) GetFediUser(requestedUsername string, request http.Request) (interface{}, ErrorWithCode) {`
			`// get the account the request is referring to`
			`requestedAccount := &gtsmodel.Account{}`
			`if err := p.db.GetLocalAccountByUsername(requestedUsername, requestedAccount); err != nil {`
			`return nil, NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))`
			`}`

			`// authenticate the request`
			`requestingAccount, err := p.authenticateAndDereferenceFediRequest(requestedUsername, request)`
			`if err != nil {`
			`return nil, NewErrorNotAuthorized(err)`
			`}`

			`blocked, err := p.db.Blocked(requestedAccount.ID, requestingAccount.ID)`
			`if err != nil {`
			`return nil, NewErrorInternalError(err)`
			`}`

			`if blocked {`
			`return nil, NewErrorNotAuthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))`
			`}`

			`requestedPerson, err := p.tc.AccountToAS(requestedAccount)`
			`if err != nil {`
			`return nil, NewErrorInternalError(err)`
			`}`

			`data, err := streams.Serialize(requestedPerson)`
			`if err != nil {`
			`return nil, NewErrorInternalError(err)`
			`}`

			`return data, nil`
			`}`
Webfinger + Small fixes (#20) 2021-05-09 19:34:27 +01:00
Follows and relationships (#27) * Follows -- create and undo, both remote and local * Statuses -- federate new posts, including media, attachments, CWs and image descriptions. 2021-05-21 14:48:26 +01:00			`func (p processor) GetFediFollowers(requestedUsername string, request http.Request) (interface{}, ErrorWithCode) {`
			`// get the account the request is referring to`
			`requestedAccount := &gtsmodel.Account{}`
			`if err := p.db.GetLocalAccountByUsername(requestedUsername, requestedAccount); err != nil {`
			`return nil, NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))`
			`}`

			`// authenticate the request`
			`requestingAccount, err := p.authenticateAndDereferenceFediRequest(requestedUsername, request)`
			`if err != nil {`
			`return nil, NewErrorNotAuthorized(err)`
			`}`

			`blocked, err := p.db.Blocked(requestedAccount.ID, requestingAccount.ID)`
			`if err != nil {`
			`return nil, NewErrorInternalError(err)`
			`}`

			`if blocked {`
			`return nil, NewErrorNotAuthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))`
			`}`

			`requestedAccountURI, err := url.Parse(requestedAccount.URI)`
			`if err != nil {`
			`return nil, NewErrorInternalError(fmt.Errorf("error parsing url %s: %s", requestedAccount.URI, err))`
			`}`

			`requestedFollowers, err := p.federator.FederatingDB().Followers(context.Background(), requestedAccountURI)`
			`if err != nil {`
			`return nil, NewErrorInternalError(fmt.Errorf("error fetching followers for uri %s: %s", requestedAccountURI.String(), err))`
			`}`

			`data, err := streams.Serialize(requestedFollowers)`
			`if err != nil {`
			`return nil, NewErrorInternalError(err)`
			`}`

			`return data, nil`
			`}`

			`func (p processor) GetFediStatus(requestedUsername string, requestedStatusID string, request http.Request) (interface{}, ErrorWithCode) {`
			`// get the account the request is referring to`
			`requestedAccount := &gtsmodel.Account{}`
			`if err := p.db.GetLocalAccountByUsername(requestedUsername, requestedAccount); err != nil {`
			`return nil, NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))`
			`}`

			`// authenticate the request`
			`requestingAccount, err := p.authenticateAndDereferenceFediRequest(requestedUsername, request)`
			`if err != nil {`
			`return nil, NewErrorNotAuthorized(err)`
			`}`

			`blocked, err := p.db.Blocked(requestedAccount.ID, requestingAccount.ID)`
			`if err != nil {`
			`return nil, NewErrorInternalError(err)`
			`}`

			`if blocked {`
			`return nil, NewErrorNotAuthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))`
			`}`

			`s := &gtsmodel.Status{}`
			`if err := p.db.GetWhere([]db.Where{`
			`{Key: "id", Value: requestedStatusID},`
			`{Key: "account_id", Value: requestedAccount.ID},`
			`}, s); err != nil {`
			`return nil, NewErrorNotFound(fmt.Errorf("database error getting status with id %s and account id %s: %s", requestedStatusID, requestedAccount.ID, err))`
			`}`

			`asStatus, err := p.tc.StatusToAS(s)`
			`if err != nil {`
			`return nil, NewErrorInternalError(err)`
			`}`

			`data, err := streams.Serialize(asStatus)`
			`if err != nil {`
			`return nil, NewErrorInternalError(err)`
			`}`

			`return data, nil`
			`}`

Webfinger + Small fixes (#20) 2021-05-09 19:34:27 +01:00			`func (p processor) GetWebfingerAccount(requestedUsername string, request http.Request) (*apimodel.WebfingerAccountResponse, ErrorWithCode) {`
			`// get the account the request is referring to`
			`requestedAccount := &gtsmodel.Account{}`
			`if err := p.db.GetLocalAccountByUsername(requestedUsername, requestedAccount); err != nil {`
			`return nil, NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))`
			`}`

			`// return the webfinger representation`
			`return &apimodel.WebfingerAccountResponse{`
			`Subject: fmt.Sprintf("acct:%s@%s", requestedAccount.Username, p.config.Host),`
			`Aliases: []string{`
			`requestedAccount.URI,`
			`requestedAccount.URL,`
			`},`
			`Links: []apimodel.WebfingerLink{`
			`{`
			`Rel: "http://webfinger.net/rel/profile-page",`
			`Type: "text/html",`
			`Href: requestedAccount.URL,`
			`},`
			`{`
			`Rel: "self",`
			`Type: "application/activity+json",`
			`Href: requestedAccount.URI,`
			`},`
			`},`
			`}, nil`
			`}`
Inbox post (#22) Inbox POST from federated servers now working for statuses and follow requests. Follow request client API added. Start work on federating outgoing messages. Other fixes and changes/tidying up. 2021-05-15 10:58:11 +01:00
			`func (p processor) InboxPost(ctx context.Context, w http.ResponseWriter, r http.Request) (bool, error) {`
			`contextWithChannel := context.WithValue(ctx, util.APFromFederatorChanKey, p.fromFederator)`
			`posted, err := p.federator.FederatingActor().PostInbox(contextWithChannel, w, r)`
			`return posted, err`
			`}`