bridgy-fed/salmon.py

"""Handles requests for Salmon endpoints: actors, inbox, etc.

https://github.com/salmon-protocol/salmon-protocol/blob/master/draft-panzer-salmon-00.html
https://github.com/salmon-protocol/salmon-protocol/blob/master/draft-panzer-magicsig-01.html
"""
import logging
from xml.etree.ElementTree import ParseError

import appengine_config

from django_salmon import magicsigs, utils
from granary import atom
from oauth_dropins.webutil import util
import webapp2

import common

# from django_salmon.feeds
ATOM_NS = 'http://www.w3.org/2005/Atom'
ATOM_THREADING_NS = 'http://purl.org/syndication/thread/1.0'

SUPPORTED_VERBS = (
    'checkin',
    'create',
    'favorite',
    'like',
    'share',
    'tag',
    'update',
)


class SlapHandler(webapp2.RequestHandler):
    """Accepts POSTs to /[ACCT]/salmon and converts to outbound webmentions."""

    # TODO: unify with activitypub
    def post(self, username, domain):
        logging.info('Got: %s', self.request.body)

        try:
            parsed = utils.parse_magic_envelope(self.request.body)
        except ParseError as e:
            common.error(self, 'Could not parse POST body as XML', exc_info=True)
        data = utils.decode(parsed['data'])
        logging.info('Decoded: %s', data)

        # check that we support this activity type
        try:
            activity = atom.atom_to_activity(data)
        except ParseError as e:
            common.error(self, 'Could not parse envelope data as XML', exc_info=True)

        verb = activity.get('verb')
        if verb and verb not in SUPPORTED_VERBS:
            common.error(self, 'Sorry, %s activities are not supported yet.' % verb,
                         status=501)

        # verify author and signature
        author = util.get_url(activity.get('actor'))
        if ':' not in author:
            author = 'acct:%s' % author
        elif not author.startswith('acct:'):
            common.error(self, 'Author URI %s has unsupported scheme; expected acct:' % author)

        logging.info('Fetching Salmon key for %s' % author)
        if not magicsigs.verify(author, data, parsed['sig']):
            common.error(self, 'Could not verify magic signature.')
        logging.info('Verified magic signature.')

        # Verify that the timestamp is recent. Required by spec.
        # I get that this helps prevent spam, but in practice it's a bit silly,
        # and other major implementations don't (e.g. Mastodon), so forget it.
        #
        # updated = utils.parse_updated_from_atom(data)
        # if not utils.verify_timestamp(updated):
        #     common.error(self, 'Timestamp is more than 1h old.')

        # send webmentions to each target
        activity = atom.atom_to_activity(data)
        common.send_webmentions(self, activity, protocol='ostatus', source_atom=data)


app = webapp2.WSGIApplication([
    (r'/%s/salmon' % common.ACCT_RE, SlapHandler),
    (r'/()%s/salmon' % common.DOMAIN_RE, SlapHandler),
], debug=appengine_config.DEBUG)
start on salmon; in progress checkpoint 2017-08-20 14:28:40 +00:00			`"""Handles requests for Salmon endpoints: actors, inbox, etc.`
salmon: add spec links 2017-08-20 18:35:14 +00:00
			`https://github.com/salmon-protocol/salmon-protocol/blob/master/draft-panzer-salmon-00.html`
			`https://github.com/salmon-protocol/salmon-protocol/blob/master/draft-panzer-magicsig-01.html`
start on salmon; in progress checkpoint 2017-08-20 14:28:40 +00:00			`"""`
			`import logging`
salmon: return 400 on bad XML also handle URL path with just domain, e.g. /snarfed.org/salmon 2017-10-17 05:02:37 +00:00			`from xml.etree.ElementTree import ParseError`
start on salmon; in progress checkpoint 2017-08-20 14:28:40 +00:00
			`import appengine_config`

finish first pass at converting incoming salmon slaps to webmentions 2017-08-20 18:33:00 +00:00			`from django_salmon import magicsigs, utils`
salmon: support incoming likes and shares (reposts) 2017-10-15 23:44:29 +00:00			`from granary import atom`
			`from oauth_dropins.webutil import util`
start on salmon; in progress checkpoint 2017-08-20 14:28:40 +00:00			`import webapp2`

			`import common`

finish first pass at converting incoming salmon slaps to webmentions 2017-08-20 18:33:00 +00:00			`# from django_salmon.feeds`
			`ATOM_NS = 'http://www.w3.org/2005/Atom'`
			`ATOM_THREADING_NS = 'http://purl.org/syndication/thread/1.0'`

activitypub and salmon: return 501 on unsupported activity type 2017-10-17 05:21:13 +00:00			`SUPPORTED_VERBS = (`
			`'checkin',`
			`'create',`
activitypub: prefer id over url for inReplyTo and Like/Announce object as per tootsuite/mastodon#5500 2017-10-24 04:23:33 +00:00			`'favorite',`
activitypub and salmon: return 501 on unsupported activity type 2017-10-17 05:21:13 +00:00			`'like',`
			`'share',`
			`'tag',`
			`'update',`
			`)`

start on salmon; in progress checkpoint 2017-08-20 14:28:40 +00:00
			`class SlapHandler(webapp2.RequestHandler):`
mastodon interop: salmon + activitypub + webfinger cleanup, tests 2017-09-03 19:54:10 +00:00			`"""Accepts POSTs to /[ACCT]/salmon and converts to outbound webmentions."""`
start on salmon; in progress checkpoint 2017-08-20 14:28:40 +00:00
			`# TODO: unify with activitypub`
mastodon interop: salmon + activitypub + webfinger cleanup, tests 2017-09-03 19:54:10 +00:00			`def post(self, username, domain):`
start on salmon; in progress checkpoint 2017-08-20 14:28:40 +00:00			`logging.info('Got: %s', self.request.body)`

salmon: return 400 on bad XML also handle URL path with just domain, e.g. /snarfed.org/salmon 2017-10-17 05:02:37 +00:00			`try:`
			`parsed = utils.parse_magic_envelope(self.request.body)`
			`except ParseError as e:`
tell common.error() explicitly when to include exc_info 2017-10-17 14:46:42 +00:00			`common.error(self, 'Could not parse POST body as XML', exc_info=True)`
finish first pass at converting incoming salmon slaps to webmentions 2017-08-20 18:33:00 +00:00			`data = utils.decode(parsed['data'])`
			`logging.info('Decoded: %s', data)`

activitypub and salmon: return 501 on unsupported activity type 2017-10-17 05:21:13 +00:00			`# check that we support this activity type`
			`try:`
			`activity = atom.atom_to_activity(data)`
			`except ParseError as e:`
tell common.error() explicitly when to include exc_info 2017-10-17 14:46:42 +00:00			`common.error(self, 'Could not parse envelope data as XML', exc_info=True)`
activitypub and salmon: return 501 on unsupported activity type 2017-10-17 05:21:13 +00:00
			`verb = activity.get('verb')`
			`if verb and verb not in SUPPORTED_VERBS:`
minor fixes to a couple log msges 2017-10-23 15:03:45 +00:00			`common.error(self, 'Sorry, %s activities are not supported yet.' % verb,`
activitypub and salmon: return 501 on unsupported activity type 2017-10-17 05:21:13 +00:00			`status=501)`

			`# verify author and signature`
			`author = util.get_url(activity.get('actor'))`
finish first pass at converting incoming salmon slaps to webmentions 2017-08-20 18:33:00 +00:00			`if ':' not in author:`
			`author = 'acct:%s' % author`
			`elif not author.startswith('acct:'):`
translate incoming webmentions to outgoing salmon slaps 2017-08-23 15:14:51 +00:00			`common.error(self, 'Author URI %s has unsupported scheme; expected acct:' % author)`
finish first pass at converting incoming salmon slaps to webmentions 2017-08-20 18:33:00 +00:00
			`logging.info('Fetching Salmon key for %s' % author)`
mastodon interop: salmon + activitypub + webfinger cleanup, tests 2017-09-03 19:54:10 +00:00			`if not magicsigs.verify(author, data, parsed['sig']):`
translate incoming webmentions to outgoing salmon slaps 2017-08-23 15:14:51 +00:00			`common.error(self, 'Could not verify magic signature.')`
finish first pass at converting incoming salmon slaps to webmentions 2017-08-20 18:33:00 +00:00			`logging.info('Verified magic signature.')`

mastodon interop: salmon + activitypub + webfinger cleanup, tests 2017-09-03 19:54:10 +00:00			`# Verify that the timestamp is recent. Required by spec.`
			`# I get that this helps prevent spam, but in practice it's a bit silly,`
			`# and other major implementations don't (e.g. Mastodon), so forget it.`
			`#`
mastodon interop: got webmention => salmon slap to mastodon working! TODO: lots of cleanup and tests 2017-09-02 03:49:00 +00:00			`# updated = utils.parse_updated_from_atom(data)`
			`# if not utils.verify_timestamp(updated):`
			`# common.error(self, 'Timestamp is more than 1h old.')`
finish first pass at converting incoming salmon slaps to webmentions 2017-08-20 18:33:00 +00:00
unify webmention sending from salmon and activitypub into common 2017-10-16 14:13:43 +00:00			`# send webmentions to each target`
			`activity = atom.atom_to_activity(data)`
			`common.send_webmentions(self, activity, protocol='ostatus', source_atom=data)`
start on salmon; in progress checkpoint 2017-08-20 14:28:40 +00:00

			`app = webapp2.WSGIApplication([`
mastodon interop: salmon + activitypub + webfinger cleanup, tests 2017-09-03 19:54:10 +00:00			`(r'/%s/salmon' % common.ACCT_RE, SlapHandler),`
salmon: return 400 on bad XML also handle URL path with just domain, e.g. /snarfed.org/salmon 2017-10-17 05:02:37 +00:00			`(r'/()%s/salmon' % common.DOMAIN_RE, SlapHandler),`
start on salmon; in progress checkpoint 2017-08-20 14:28:40 +00:00			`], debug=appengine_config.DEBUG)`