2022-11-27 15:03:10 +00:00
|
|
|
"""Remote follow handler.
|
|
|
|
|
|
|
|
https://github.com/snarfed/bridgy-fed/issues/60
|
|
|
|
https://socialhub.activitypub.rocks/t/what-is-the-current-spec-for-remote-follow/2020
|
|
|
|
https://www.rfc-editor.org/rfc/rfc7033
|
|
|
|
"""
|
|
|
|
import logging
|
|
|
|
|
2023-03-20 21:28:14 +00:00
|
|
|
from flask import g, redirect, request, session
|
2023-01-07 17:34:55 +00:00
|
|
|
from granary import as2
|
|
|
|
from oauth_dropins import indieauth
|
|
|
|
from oauth_dropins.webutil import util
|
2023-06-20 18:22:54 +00:00
|
|
|
from oauth_dropins.webutil.flask_util import error, flash
|
2023-01-08 02:00:19 +00:00
|
|
|
from oauth_dropins.webutil.testutil import NOW
|
2022-11-27 15:03:10 +00:00
|
|
|
|
2023-05-31 17:10:14 +00:00
|
|
|
from activitypub import ActivityPub
|
2023-04-19 00:17:48 +00:00
|
|
|
from flask_app import app
|
2022-11-27 15:03:10 +00:00
|
|
|
import common
|
2023-05-30 23:53:08 +00:00
|
|
|
from models import Follower, Object, PROTOCOLS
|
2023-05-27 00:40:29 +00:00
|
|
|
from web import Web
|
2023-06-06 18:29:36 +00:00
|
|
|
import webfinger
|
2022-11-27 15:03:10 +00:00
|
|
|
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
2023-01-07 17:34:55 +00:00
|
|
|
|
|
|
|
@app.post('/remote-follow')
|
|
|
|
def remote_follow():
|
|
|
|
"""Discovers and redirects to a remote follow page for a given user."""
|
|
|
|
logger.info(f'Got: {request.values}')
|
|
|
|
|
2023-05-30 23:53:08 +00:00
|
|
|
cls = PROTOCOLS.get(request.values['protocol'])
|
|
|
|
if not cls:
|
|
|
|
error(f'Unknown protocol {request.values["protocol"]}')
|
|
|
|
|
2023-01-07 17:34:55 +00:00
|
|
|
domain = request.values['domain']
|
2023-05-30 23:53:08 +00:00
|
|
|
g.user = cls.get_by_id(domain)
|
2023-03-20 21:28:14 +00:00
|
|
|
if not g.user:
|
2023-05-26 23:07:36 +00:00
|
|
|
error(f'No web user found for domain {domain}')
|
2023-01-07 17:34:55 +00:00
|
|
|
|
2023-01-09 07:08:31 +00:00
|
|
|
addr = request.values['address']
|
2023-06-06 18:29:36 +00:00
|
|
|
resp = webfinger.fetch(addr)
|
|
|
|
if resp is None:
|
2023-05-30 21:08:13 +00:00
|
|
|
return redirect(g.user.user_page_path())
|
2023-01-07 17:34:55 +00:00
|
|
|
|
2023-06-06 18:29:36 +00:00
|
|
|
for link in resp.get('links', []):
|
|
|
|
if link.get('rel') == webfinger.SUBSCRIBE_LINK_REL:
|
2022-11-27 15:03:10 +00:00
|
|
|
template = link.get('template')
|
|
|
|
if template and '{uri}' in template:
|
2023-05-31 17:10:14 +00:00
|
|
|
return redirect(template.replace('{uri}', g.user.ap_address()))
|
2022-11-27 15:03:10 +00:00
|
|
|
|
|
|
|
flash(f"Couldn't find remote follow link for {addr}")
|
2023-05-30 21:08:13 +00:00
|
|
|
return redirect(g.user.user_page_path())
|
2023-01-07 17:34:55 +00:00
|
|
|
|
|
|
|
|
|
|
|
class FollowStart(indieauth.Start):
|
|
|
|
"""Starts the IndieAuth flow to add a follower to an existing user."""
|
|
|
|
def dispatch_request(self):
|
2023-06-08 06:51:41 +00:00
|
|
|
logger.info(f'Got: {request.values}')
|
|
|
|
|
2023-01-07 17:34:55 +00:00
|
|
|
address = request.form['address']
|
2023-02-18 00:12:25 +00:00
|
|
|
me = request.form['me']
|
|
|
|
|
|
|
|
session_me = session.get('indieauthed-me')
|
|
|
|
if session_me:
|
|
|
|
logger.info(f'found indieauthed-me: {session_me} in session cookie')
|
|
|
|
if session_me == me:
|
|
|
|
logger.info(' skipping IndieAuth')
|
|
|
|
return FollowCallback('-').finish(indieauth.IndieAuth(id=me), address)
|
2023-01-07 17:34:55 +00:00
|
|
|
|
|
|
|
try:
|
|
|
|
return redirect(self.redirect_url(state=address))
|
|
|
|
except Exception as e:
|
|
|
|
if util.is_connection_failure(e) or util.interpret_http_exception(e)[0]:
|
|
|
|
flash(f"Couldn't fetch your web site: {e}")
|
2023-02-18 00:12:25 +00:00
|
|
|
domain = util.domain_from_link(me)
|
2023-05-30 21:08:13 +00:00
|
|
|
return redirect(f'/web/{domain}/following?address={address}')
|
2023-01-07 17:34:55 +00:00
|
|
|
raise
|
|
|
|
|
|
|
|
|
|
|
|
class FollowCallback(indieauth.Callback):
|
2023-02-18 00:12:25 +00:00
|
|
|
"""IndieAuth callback to add a follower to an existing user."""
|
2023-01-07 17:34:55 +00:00
|
|
|
def finish(self, auth_entity, state=None):
|
|
|
|
if not auth_entity:
|
|
|
|
return
|
|
|
|
|
2023-02-18 00:12:25 +00:00
|
|
|
me = auth_entity.key.id()
|
2023-04-03 14:53:15 +00:00
|
|
|
logger.info(f'Storing indieauthed-me: {me} in session cookie')
|
2023-02-18 00:12:25 +00:00
|
|
|
session['indieauthed-me'] = me
|
|
|
|
|
|
|
|
domain = util.domain_from_link(me)
|
2023-05-30 23:53:08 +00:00
|
|
|
# Web is hard-coded here since this is IndieAuth
|
2023-05-27 00:40:29 +00:00
|
|
|
g.user = Web.get_by_id(domain)
|
2023-03-20 21:28:14 +00:00
|
|
|
if not g.user:
|
2023-05-26 23:07:36 +00:00
|
|
|
error(f'No web user for domain {domain}')
|
2023-01-07 17:34:55 +00:00
|
|
|
|
|
|
|
addr = state
|
2023-01-08 23:43:32 +00:00
|
|
|
if not state:
|
|
|
|
error('Missing state')
|
|
|
|
elif util.is_web(state):
|
|
|
|
as2_url = state
|
|
|
|
else:
|
2023-06-06 18:29:36 +00:00
|
|
|
resp = webfinger.fetch(addr)
|
|
|
|
if resp is None:
|
2023-05-30 21:08:13 +00:00
|
|
|
return redirect(g.user.user_page_path('following'))
|
2023-01-08 23:43:32 +00:00
|
|
|
|
|
|
|
as2_url = None
|
2023-06-06 18:29:36 +00:00
|
|
|
for link in resp.get('links', []):
|
2023-05-28 15:06:36 +00:00
|
|
|
type = link.get('type', '').split(';')[0]
|
|
|
|
if link.get('rel') == 'self' and type in as2.CONTENT_TYPES:
|
2023-01-08 23:43:32 +00:00
|
|
|
as2_url = link.get('href')
|
2023-01-07 17:34:55 +00:00
|
|
|
|
|
|
|
if not as2_url:
|
|
|
|
flash(f"Couldn't find ActivityPub profile link for {addr}")
|
2023-05-30 21:08:13 +00:00
|
|
|
return redirect(g.user.user_page_path('following'))
|
2023-01-07 17:34:55 +00:00
|
|
|
|
2023-06-13 02:01:50 +00:00
|
|
|
# TODO(#512): follower will always be Web here, but we should generalize
|
|
|
|
# followee support in UI and here across protocols
|
2023-06-06 21:50:20 +00:00
|
|
|
followee = ActivityPub.load(as2_url)
|
|
|
|
followee_id = followee.as1.get('id')
|
|
|
|
inbox = followee.as2.get('inbox')
|
|
|
|
if not followee_id or not inbox:
|
2023-01-07 17:34:55 +00:00
|
|
|
flash(f"AS2 profile {as2_url} missing id or inbox")
|
2023-05-30 21:08:13 +00:00
|
|
|
return redirect(g.user.user_page_path('following'))
|
2023-01-07 17:34:55 +00:00
|
|
|
|
2023-01-08 02:00:19 +00:00
|
|
|
timestamp = NOW.replace(microsecond=0, tzinfo=None).isoformat()
|
2023-05-30 21:08:13 +00:00
|
|
|
follow_id = common.host_url(g.user.user_page_path(f'following#{timestamp}-{addr}'))
|
2023-01-08 02:00:19 +00:00
|
|
|
follow_as2 = {
|
2023-01-07 17:34:55 +00:00
|
|
|
'@context': 'https://www.w3.org/ns/activitystreams',
|
|
|
|
'type': 'Follow',
|
2023-01-09 06:39:37 +00:00
|
|
|
'id': follow_id,
|
2023-06-06 21:50:20 +00:00
|
|
|
'object': followee.as2,
|
2023-05-31 17:10:14 +00:00
|
|
|
'actor': g.user.ap_actor(),
|
2023-01-07 17:34:55 +00:00
|
|
|
'to': [as2.PUBLIC_AUDIENCE],
|
2023-03-20 18:23:49 +00:00
|
|
|
}
|
2023-06-16 04:22:20 +00:00
|
|
|
followee_user = ActivityPub.get_or_create(followee_id, obj=followee)
|
2023-06-09 19:56:45 +00:00
|
|
|
follow_obj = Object(id=follow_id, users=[g.user.key, followee_user.key],
|
|
|
|
labels=['user'], source_protocol='ui', status='complete',
|
|
|
|
as2=follow_as2)
|
2023-06-06 21:50:20 +00:00
|
|
|
ActivityPub.send(follow_obj, inbox)
|
2023-01-07 17:34:55 +00:00
|
|
|
|
2023-06-06 21:50:20 +00:00
|
|
|
Follower.get_or_create(from_=g.user, to=followee_user, status='active',
|
|
|
|
follow=follow_obj.key)
|
|
|
|
follow_obj.put()
|
2023-01-08 02:00:19 +00:00
|
|
|
|
2023-06-06 21:50:20 +00:00
|
|
|
link = common.pretty_link(util.get_url(followee.as1) or followee_id,
|
|
|
|
text=addr)
|
2023-01-08 02:00:19 +00:00
|
|
|
flash(f'Followed {link}.')
|
2023-05-30 21:08:13 +00:00
|
|
|
return redirect(g.user.user_page_path('following'))
|
2023-01-07 17:34:55 +00:00
|
|
|
|
|
|
|
|
2023-01-10 03:01:48 +00:00
|
|
|
class UnfollowStart(indieauth.Start):
|
2023-02-06 04:59:39 +00:00
|
|
|
"""Starts the IndieAuth flow to remove a follower from an existing user."""
|
2023-01-10 03:01:48 +00:00
|
|
|
def dispatch_request(self):
|
2023-06-08 06:51:41 +00:00
|
|
|
logger.info(f'Got: {request.values}')
|
2023-01-10 03:01:48 +00:00
|
|
|
key = request.form['key']
|
2023-02-18 00:12:25 +00:00
|
|
|
me = request.form['me']
|
|
|
|
|
|
|
|
session_me = session.get('indieauthed-me')
|
|
|
|
if session_me:
|
|
|
|
logger.info(f'has IndieAuth session for {session_me}')
|
|
|
|
if session_me == me:
|
|
|
|
return UnfollowCallback('-').finish(indieauth.IndieAuth(id=me), key)
|
2023-01-10 03:01:48 +00:00
|
|
|
|
|
|
|
try:
|
|
|
|
return redirect(self.redirect_url(state=key))
|
|
|
|
except Exception as e:
|
|
|
|
if util.is_connection_failure(e) or util.interpret_http_exception(e)[0]:
|
|
|
|
flash(f"Couldn't fetch your web site: {e}")
|
2023-05-30 21:08:13 +00:00
|
|
|
return redirect(g.user.user_page_path('following'))
|
2023-01-10 03:01:48 +00:00
|
|
|
raise
|
|
|
|
|
|
|
|
|
|
|
|
class UnfollowCallback(indieauth.Callback):
|
2023-02-01 05:00:07 +00:00
|
|
|
"""IndieAuth callback to remove a follower."""
|
2023-01-10 03:01:48 +00:00
|
|
|
def finish(self, auth_entity, state=None):
|
|
|
|
if not auth_entity:
|
|
|
|
return
|
|
|
|
|
2023-02-18 00:12:25 +00:00
|
|
|
me = auth_entity.key.id()
|
|
|
|
# store login in a session cookie
|
|
|
|
session['indieauthed-me'] = me
|
|
|
|
|
|
|
|
domain = util.domain_from_link(me)
|
2023-05-30 23:53:08 +00:00
|
|
|
# Web is hard-coded here since this is IndieAuth
|
2023-05-27 00:40:29 +00:00
|
|
|
g.user = Web.get_by_id(domain)
|
2023-03-20 21:28:14 +00:00
|
|
|
if not g.user:
|
2023-05-26 23:07:36 +00:00
|
|
|
error(f'No web user for domain {domain}')
|
2023-01-10 03:01:48 +00:00
|
|
|
|
2023-06-08 06:51:41 +00:00
|
|
|
if util.is_int(state):
|
|
|
|
state = int(state)
|
2023-05-30 23:53:08 +00:00
|
|
|
follower = Follower.get_by_id(state)
|
2023-01-10 03:01:48 +00:00
|
|
|
if not follower:
|
|
|
|
error(f'Bad state {state}')
|
|
|
|
|
2023-06-08 06:51:41 +00:00
|
|
|
followee_id = follower.to.id()
|
|
|
|
followee = follower.to.get()
|
2023-02-05 05:23:04 +00:00
|
|
|
|
2023-06-16 04:22:20 +00:00
|
|
|
if not followee.obj or not followee.obj.as1:
|
|
|
|
# fetch to get full followee so we can find its target to deliver to
|
|
|
|
followee.obj = ActivityPub.load(followee_id)
|
2023-06-08 06:51:41 +00:00
|
|
|
followee.put()
|
2023-02-05 05:23:04 +00:00
|
|
|
|
2023-06-16 04:22:20 +00:00
|
|
|
# TODO(#529): generalize
|
|
|
|
inbox = followee.as2().get('inbox')
|
2023-02-05 05:23:04 +00:00
|
|
|
if not inbox:
|
2023-02-14 22:56:27 +00:00
|
|
|
flash(f"AS2 profile {followee_id} missing inbox")
|
2023-05-30 21:08:13 +00:00
|
|
|
return redirect(g.user.user_page_path('following'))
|
2023-01-10 03:01:48 +00:00
|
|
|
|
|
|
|
timestamp = NOW.replace(microsecond=0, tzinfo=None).isoformat()
|
2023-05-30 21:08:13 +00:00
|
|
|
unfollow_id = common.host_url(g.user.user_page_path(f'following#undo-{timestamp}-{followee_id}'))
|
2023-01-10 03:01:48 +00:00
|
|
|
unfollow_as2 = {
|
|
|
|
'@context': 'https://www.w3.org/ns/activitystreams',
|
|
|
|
'type': 'Undo',
|
|
|
|
'id': unfollow_id,
|
2023-05-31 17:10:14 +00:00
|
|
|
'actor': g.user.ap_actor(),
|
2023-06-08 06:51:41 +00:00
|
|
|
'object': follower.follow.get().as2 if follower.follow else None,
|
2023-03-20 18:23:49 +00:00
|
|
|
}
|
|
|
|
|
2023-06-09 19:56:45 +00:00
|
|
|
# don't include the followee User who's being unfollowed in the users
|
|
|
|
# property, since we don't want to notify or show them. (standard social
|
|
|
|
# network etiquette.)
|
|
|
|
obj = Object(id=unfollow_id, users=[g.user.key], labels=['user'],
|
2023-05-30 23:53:08 +00:00
|
|
|
source_protocol='ui', status='complete', as2=unfollow_as2)
|
2023-04-19 00:17:48 +00:00
|
|
|
ActivityPub.send(obj, inbox)
|
2023-01-10 03:01:48 +00:00
|
|
|
|
|
|
|
follower.status = 'inactive'
|
|
|
|
follower.put()
|
2023-03-20 18:23:49 +00:00
|
|
|
obj.put()
|
2023-01-10 03:01:48 +00:00
|
|
|
|
2023-06-16 04:22:20 +00:00
|
|
|
link = common.pretty_link(util.get_url(followee.obj.as1) or followee_id)
|
2023-01-10 03:01:48 +00:00
|
|
|
flash(f'Unfollowed {link}.')
|
2023-05-30 21:08:13 +00:00
|
|
|
return redirect(g.user.user_page_path('following'))
|
2023-01-10 03:01:48 +00:00
|
|
|
|
|
|
|
|
2023-01-07 17:34:55 +00:00
|
|
|
app.add_url_rule('/follow/start',
|
|
|
|
view_func=FollowStart.as_view('follow_start', '/follow/callback'),
|
|
|
|
methods=['POST'])
|
|
|
|
app.add_url_rule('/follow/callback',
|
2023-01-08 02:00:19 +00:00
|
|
|
view_func=FollowCallback.as_view('follow_callback', 'unused'),
|
|
|
|
methods=['GET'])
|
2023-01-10 03:01:48 +00:00
|
|
|
app.add_url_rule('/unfollow/start',
|
|
|
|
view_func=UnfollowStart.as_view('unfollow_start', '/unfollow/callback'),
|
|
|
|
methods=['POST'])
|
|
|
|
app.add_url_rule('/unfollow/callback',
|
|
|
|
view_func=UnfollowCallback.as_view('unfollow_callback', 'unused'),
|
|
|
|
methods=['GET'])
|