bridgy-fed/activitypub.py

"""Handles requests for ActivityPub endpoints: actors, inbox, etc.
"""
import datetime
import json
import logging
import string

import appengine_config

from granary import as2, microformats2
import mf2py
import mf2util
from oauth_dropins.webutil import util
import webapp2

import common
from models import MagicKey, Response
from httpsig.requests_auth import HTTPSignatureAuth

SUPPORTED_TYPES = (
    'Announce',
    'Article',
    'Audio',
    'Create',
    'Follow',
    'Image',
    'Like',
    'Note',
    'Video',
)


class ActorHandler(webapp2.RequestHandler):
    """Serves /[DOMAIN], fetches its mf2, converts to AS Actor, and serves it."""

    def get(self, domain):
        url = 'http://%s/' % domain
        resp = common.requests_get(url)
        mf2 = mf2py.parse(resp.text, url=resp.url, img_with_alt=True)
        # logging.info('Parsed mf2 for %s: %s', resp.url, json.dumps(mf2, indent=2))

        hcard = mf2util.representative_hcard(mf2, resp.url)
        logging.info('Representative h-card: %s', json.dumps(hcard, indent=2))
        if not hcard:
            common.error(self, """\
Couldn't find a <a href="http://microformats.org/wiki/representative-hcard-parsing">\
representative h-card</a> on %s""" % resp.url)

        key = MagicKey.get_or_create(domain)
        obj = common.postprocess_as2(as2.from_as1(microformats2.json_to_object(hcard)),
                                     key=key)
        obj.update({
            'inbox': '%s/%s/inbox' % (appengine_config.HOST_URL, domain),
        })
        logging.info('Returning: %s', json.dumps(obj, indent=2))

        self.response.headers.update({
            'Content-Type': common.CONTENT_TYPE_AS2,
            'Access-Control-Allow-Origin': '*',
        })
        self.response.write(json.dumps(obj, indent=2))


class InboxHandler(webapp2.RequestHandler):
    """Accepts POSTs to /[DOMAIN]/inbox and converts to outbound webmentions."""

    def post(self, domain):
        logging.info('Got: %s', self.request.body)

        # parse and validate AS2 activity
        try:
            activity = json.loads(self.request.body)
            assert activity
        except (TypeError, ValueError, AssertionError):
            common.error(self, "Couldn't parse body as JSON", exc_info=True)

        obj = activity.get('object') or {}
        if isinstance(obj, basestring):
            obj = {'id': obj}

        type = activity.get('type')
        if type == 'Create':
            type = obj.get('type')
        if type not in SUPPORTED_TYPES:
            common.error(self, 'Sorry, %s activities are not supported yet.' % type,
                         status=501)

        # TODO: verify signature if there is one

        if type == 'Follow':
            self.accept_follow(activity)
            return

        # fetch actor if necessary so we have name, profile photo, etc
        if type in ('Like', 'Announce'):
            for elem in obj, activity:
                actor = elem.get('actor')
                if actor and isinstance(actor, basestring):
                    elem['actor'] = common.get_as2(actor).json()

        # send webmentions to each target
        as1 = as2.to_as1(activity)
        source_as2 = json.dumps(common.redirect_unwrap(activity))
        common.send_webmentions(self, as1, proxy=True, protocol='activitypub',
                                source_as2=source_as2)

    def accept_follow(activity):
        logging.info('Sending Accept to inbox')

        accept = {
            '@context': 'https://www.w3.org/ns/activitystreams',
            'id': activity['id'],
            'type': 'Accept',
            'actor': activity['object'],
            'object': {
              'type': 'Follow',
               'actor': activity['actor'],
               'object': activity['object'],
            }
        }

        # source domain - this is still wrong in so many ways ... :)
        source_domain = string.replace(activity['object'], 'https://fed.brid.gy/r/', '')
        source_domain = string.replace(source_domain, 'http://', '')
        source_domain = string.replace(source_domain, 'https://', '')
        logging.info('source domain ' + source_domain)

        # inbox url.
        target = activity['actor']
        actor = common.get_as2(target).json()
        inbox_url = actor.get('inbox')
        logging.info('Inbox url ' + inbox_url)

        acct = 'acct:%s@%s' % (source_domain, source_domain)
        key = MagicKey.get_or_create(source_domain)
        signature = HTTPSignatureAuth(secret=key.private_pem(), key_id=acct,
                                 algorithm='rsa-sha256')

        # deliver source object to target actor's inbox.
        headers = {
            'Content-Type': common.CONTENT_TYPE_AS2,
            # required for HTTP Signature
            # https://tools.ietf.org/html/draft-cavage-http-signatures-07#section-2.1.3
            'Date': datetime.datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT'),
            'signature': signature,
        }
        resp = common.requests_post(inbox_url, json=activity_accept, headers=headers)
        self.response.write(resp.text)


app = webapp2.WSGIApplication([
    (r'/%s/?' % common.DOMAIN_RE, ActorHandler),
    (r'/%s/inbox' % common.DOMAIN_RE, InboxHandler),
], debug=appengine_config.DEBUG)
activitypub actor endpoint: fetch mf2, convert to AS 2017-08-13 07:12:16 +00:00			`"""Handles requests for ActivityPub endpoints: actors, inbox, etc.`
			`"""`
accept AP follow requests: original patch from @swentel ...from https://github.com/snarfed/bridgy-fed/issues/21#issuecomment-430403595 2018-10-19 13:50:00 +00:00			`import datetime`
activitypub actor endpoint: fetch mf2, convert to AS 2017-08-13 07:12:16 +00:00			`import json`
			`import logging`
accept AP follow requests: original patch from @swentel ...from https://github.com/snarfed/bridgy-fed/issues/21#issuecomment-430403595 2018-10-19 13:50:00 +00:00			`import string`
activitypub actor endpoint: fetch mf2, convert to AS 2017-08-13 07:12:16 +00:00
			`import appengine_config`

update webfinger, AS2, etc for receiving AP 2017-09-28 14:25:21 +00:00			`from granary import as2, microformats2`
activitypub actor endpoint: fetch mf2, convert to AS 2017-08-13 07:12:16 +00:00			`import mf2py`
			`import mf2util`
activitypub inbox: accept POSTs, convert to outbound webmention 2017-08-13 21:49:35 +00:00			`from oauth_dropins.webutil import util`
activitypub actor endpoint: fetch mf2, convert to AS 2017-08-13 07:12:16 +00:00			`import webapp2`

extract out requests.get() and user agent header into new common.py file 2017-08-15 06:07:24 +00:00			`import common`
accept AP follow requests: original patch from @swentel ...from https://github.com/snarfed/bridgy-fed/issues/21#issuecomment-430403595 2018-10-19 13:50:00 +00:00			`from models import MagicKey, Response`
			`from httpsig.requests_auth import HTTPSignatureAuth`
extract out requests.get() and user agent header into new common.py file 2017-08-15 06:07:24 +00:00
activitypub and salmon: return 501 on unsupported activity type 2017-10-17 05:21:13 +00:00			`SUPPORTED_TYPES = (`
			`'Announce',`
			`'Article',`
			`'Audio',`
AP => webmention: handle full AS2 activities mastodon used to send bare objects for lots of things, e.g. replies, but now sends ful AS2 Create activities with embedded objects much more often. handle those too. thanks for the nudge @swentel! 2018-10-15 15:09:36 +00:00			`'Create',`
accept AP follow requests: original patch from @swentel ...from https://github.com/snarfed/bridgy-fed/issues/21#issuecomment-430403595 2018-10-19 13:50:00 +00:00			`'Follow',`
activitypub and salmon: return 501 on unsupported activity type 2017-10-17 05:21:13 +00:00			`'Image',`
			`'Like',`
			`'Note',`
			`'Video',`
			`)`
extract out requests.get() and user agent header into new common.py file 2017-08-15 06:07:24 +00:00
return parsed JSON from common.get_as2(); use it in activitypub 2017-10-20 14:13:04 +00:00
activitypub actor endpoint: fetch mf2, convert to AS 2017-08-13 07:12:16 +00:00			`class ActorHandler(webapp2.RequestHandler):`
			`"""Serves /[DOMAIN], fetches its mf2, converts to AS Actor, and serves it."""`

			`def get(self, domain):`
minor activitypub bug fix (default http, not https) and test improvements 2017-08-19 19:29:10 +00:00			`url = 'http://%s/' % domain`
extract out requests.get() and user agent header into new common.py file 2017-08-15 06:07:24 +00:00			`resp = common.requests_get(url)`
upgrade BS4 to 4.6.3, pin lxml to app engine prod's version 2018-10-12 02:12:18 +00:00			`mf2 = mf2py.parse(resp.text, url=resp.url, img_with_alt=True)`
fix logging for failed outbound HTTP requests also disable logging full parsed mf2 in activitypub actor handler. 2017-10-24 14:23:51 +00:00			`# logging.info('Parsed mf2 for %s: %s', resp.url, json.dumps(mf2, indent=2))`
activitypub actor endpoint: fetch mf2, convert to AS 2017-08-13 07:12:16 +00:00
			`hcard = mf2util.representative_hcard(mf2, resp.url)`
			`logging.info('Representative h-card: %s', json.dumps(hcard, indent=2))`
400 when we can't find a representative h-card 2017-08-19 20:31:06 +00:00			`if not hcard:`
refactor abort() calls to use common.error() 2017-10-15 23:57:33 +00:00			`common.error(self, """\`
400 when we can't find a representative h-card 2017-08-19 20:31:06 +00:00			`Couldn't find a <a href="http://microformats.org/wiki/representative-hcard-parsing">\`
			`representative h-card</a> on %s""" % resp.url)`
activitypub actor endpoint: fetch mf2, convert to AS 2017-08-13 07:12:16 +00:00
store responses in new Response datastore model 2017-10-10 00:29:50 +00:00			`key = MagicKey.get_or_create(domain)`
AP: add publicKey to actor object needed for mastodon interop 2017-10-01 14:01:35 +00:00			`obj = common.postprocess_as2(as2.from_as1(microformats2.json_to_object(hcard)),`
			`key=key)`
activitypub actor endpoint: fetch mf2, convert to AS 2017-08-13 07:12:16 +00:00			`obj.update({`
switch from request.host_url to appengine_config.HOST_URL ...because for requests that were redirected, request.host_url would sometimes lose port. no clue how or why. e.g. testing mastodon interop locally with me@www.brid.gy, mastodon would fetch https://www.brid.gy/.well-known/webfinger?resource=acct:me@www.brid.gy which would 302 redirect to http://localhost:8080/.well-known/webfinger?resource=acct:me@www.brid.gy and in that request, request.host_url would be http://localhost. but if i curled that second webfinger URL directly, request.host_url would be http://localhost:8080. weird. 2017-09-30 14:56:40 +00:00			`'inbox': '%s/%s/inbox' % (appengine_config.HOST_URL, domain),`
activitypub actor endpoint: fetch mf2, convert to AS 2017-08-13 07:12:16 +00:00			`})`
			`logging.info('Returning: %s', json.dumps(obj, indent=2))`

			`self.response.headers.update({`
return parsed JSON from common.get_as2(); use it in activitypub 2017-10-20 14:13:04 +00:00			`'Content-Type': common.CONTENT_TYPE_AS2,`
activitypub actor endpoint: fetch mf2, convert to AS 2017-08-13 07:12:16 +00:00			`'Access-Control-Allow-Origin': '*',`
			`})`
			`self.response.write(json.dumps(obj, indent=2))`


activitypub inbox: accept POSTs, convert to outbound webmention 2017-08-13 21:49:35 +00:00			`class InboxHandler(webapp2.RequestHandler):`
			`"""Accepts POSTs to /[DOMAIN]/inbox and converts to outbound webmentions."""`

			`def post(self, domain):`
			`logging.info('Got: %s', self.request.body)`
activitypub: fetch and include source actor if necessary e.g. for likes and reposts, so that we can render them in our proxy page. 2017-10-13 06:14:46 +00:00
			`# parse and validate AS2 activity`
activitypub inbox: accept POSTs, convert to outbound webmention 2017-08-13 21:49:35 +00:00			`try:`
activitypub: use proxy mf2 URLs for likes and reposts/boosts for #4 2017-10-11 05:42:19 +00:00			`activity = json.loads(self.request.body)`
			`assert activity`
tell common.error() explicitly when to include exc_info 2017-10-17 14:46:42 +00:00			`except (TypeError, ValueError, AssertionError):`
			`common.error(self, "Couldn't parse body as JSON", exc_info=True)`
activitypub and salmon: return 501 on unsupported activity type 2017-10-17 05:21:13 +00:00
AP => webmention: handle full AS2 activities mastodon used to send bare objects for lots of things, e.g. replies, but now sends ful AS2 Create activities with embedded objects much more often. handle those too. thanks for the nudge @swentel! 2018-10-15 15:09:36 +00:00			`obj = activity.get('object') or {}`
			`if isinstance(obj, basestring):`
			`obj = {'id': obj}`

activitypub and salmon: return 501 on unsupported activity type 2017-10-17 05:21:13 +00:00			`type = activity.get('type')`
AP => webmention: handle full AS2 activities mastodon used to send bare objects for lots of things, e.g. replies, but now sends ful AS2 Create activities with embedded objects much more often. handle those too. thanks for the nudge @swentel! 2018-10-15 15:09:36 +00:00			`if type == 'Create':`
			`type = obj.get('type')`
activitypub and salmon: return 501 on unsupported activity type 2017-10-17 05:21:13 +00:00			`if type not in SUPPORTED_TYPES:`
			`common.error(self, 'Sorry, %s activities are not supported yet.' % type,`
			`status=501)`
activitypub inbox: accept POSTs, convert to outbound webmention 2017-08-13 21:49:35 +00:00
AP: add publicKey to actor object needed for mastodon interop 2017-10-01 14:01:35 +00:00			`# TODO: verify signature if there is one`

accept AP follow requests: original patch from @swentel ...from https://github.com/snarfed/bridgy-fed/issues/21#issuecomment-430403595 2018-10-19 13:50:00 +00:00			`if type == 'Follow':`
			`self.accept_follow(activity)`
			`return`

activitypub: fetch and include source actor if necessary e.g. for likes and reposts, so that we can render them in our proxy page. 2017-10-13 06:14:46 +00:00			`# fetch actor if necessary so we have name, profile photo, etc`
AP => webmention: handle full AS2 activities mastodon used to send bare objects for lots of things, e.g. replies, but now sends ful AS2 Create activities with embedded objects much more often. handle those too. thanks for the nudge @swentel! 2018-10-15 15:09:36 +00:00			`if type in ('Like', 'Announce'):`
			`for elem in obj, activity:`
			`actor = elem.get('actor')`
			`if actor and isinstance(actor, basestring):`
			`elem['actor'] = common.get_as2(actor).json()`
activitypub: fetch and include source actor if necessary e.g. for likes and reposts, so that we can render them in our proxy page. 2017-10-13 06:14:46 +00:00
			`# send webmentions to each target`
unify webmention sending from salmon and activitypub into common 2017-10-16 14:13:43 +00:00			`as1 = as2.to_as1(activity)`
AP => wm: switch to proxying reply wm source, unwrap URLs for #35 example: https://webmention.io/realize.be/webmention/hG654HOgobymY54pMaNS 2018-10-17 14:49:04 +00:00			`source_as2 = json.dumps(common.redirect_unwrap(activity))`
			`common.send_webmentions(self, as1, proxy=True, protocol='activitypub',`
			`source_as2=source_as2)`
activitypub inbox: accept POSTs, convert to outbound webmention 2017-08-13 21:49:35 +00:00
accept AP follow requests: original patch from @swentel ...from https://github.com/snarfed/bridgy-fed/issues/21#issuecomment-430403595 2018-10-19 13:50:00 +00:00			`def accept_follow(activity):`
			`logging.info('Sending Accept to inbox')`

			`accept = {`
			`'@context': 'https://www.w3.org/ns/activitystreams',`
			`'id': activity['id'],`
			`'type': 'Accept',`
			`'actor': activity['object'],`
			`'object': {`
			`'type': 'Follow',`
			`'actor': activity['actor'],`
			`'object': activity['object'],`
			`}`
			`}`

			`# source domain - this is still wrong in so many ways ... :)`
			`source_domain = string.replace(activity['object'], 'https://fed.brid.gy/r/', '')`
			`source_domain = string.replace(source_domain, 'http://', '')`
			`source_domain = string.replace(source_domain, 'https://', '')`
			`logging.info('source domain ' + source_domain)`

			`# inbox url.`
			`target = activity['actor']`
			`actor = common.get_as2(target).json()`
			`inbox_url = actor.get('inbox')`
			`logging.info('Inbox url ' + inbox_url)`

			`acct = 'acct:%s@%s' % (source_domain, source_domain)`
			`key = MagicKey.get_or_create(source_domain)`
			`signature = HTTPSignatureAuth(secret=key.private_pem(), key_id=acct,`
			`algorithm='rsa-sha256')`

			`# deliver source object to target actor's inbox.`
			`headers = {`
			`'Content-Type': common.CONTENT_TYPE_AS2,`
			`# required for HTTP Signature`
			`# https://tools.ietf.org/html/draft-cavage-http-signatures-07#section-2.1.3`
			`'Date': datetime.datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT'),`
			`'signature': signature,`
			`}`
			`resp = common.requests_post(inbox_url, json=activity_accept, headers=headers)`
			`self.response.write(resp.text)`

activitypub inbox: accept POSTs, convert to outbound webmention 2017-08-13 21:49:35 +00:00
			`app = webapp2.WSGIApplication([`
mastodon interop: salmon + activitypub + webfinger cleanup, tests 2017-09-03 19:54:10 +00:00			`(r'/%s/?' % common.DOMAIN_RE, ActorHandler),`
			`(r'/%s/inbox' % common.DOMAIN_RE, InboxHandler),`
activitypub inbox: accept POSTs, convert to outbound webmention 2017-08-13 21:49:35 +00:00			`], debug=appengine_config.DEBUG)`