limit incoming/outgoing requests

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2019-05-30 14:04:15 -01:00 · 2019-05-30 14:04:15 -01:00 · b53e5209ab
commit b53e5209ab
--- a/lib/Controller/ActivityPubController.php
+++ b/lib/Controller/ActivityPubController.php
@ -40,6 +40,7 @@ use OCA\Social\Exceptions\SignatureIsGoneException;
 use OCA\Social\Exceptions\ItemUnknownException;
 use OCA\Social\Exceptions\UrlCloudException;
 use OCA\Social\Service\CacheActorService;
+use OCA\Social\Service\FediverseService;
 use OCA\Social\Service\FollowService;
 use OCA\Social\Service\ImportService;
 use OCA\Social\Service\MiscService;
@ -61,6 +62,9 @@ class ActivityPubController extends Controller {
 	/** @var SocialPubController */
 	private $socialPubController;

+	/** @var FediverseService */
+	private $fediverseService;
+
 	/** @var CacheActorService */
 	private $cacheActorService;

@ -85,6 +89,7 @@ class ActivityPubController extends Controller {
 	 *
 	 * @param IRequest $request
 	 * @param SocialPubController $socialPubController
+	 * @param FediverseService $fediverseService
 	 * @param CacheActorService $cacheActorService
 	 * @param SignatureService $signatureService
 	 * @param StreamQueueService $streamQueueService
@ -94,13 +99,14 @@ class ActivityPubController extends Controller {
 	 */
 	public function __construct(
 		IRequest $request, SocialPubController $socialPubController,
-		CacheActorService $cacheActorService, SignatureService $signatureService,
-		StreamQueueService $streamQueueService, ImportService $importService,
-		FollowService $followService, MiscService $miscService
+		FediverseService $fediverseService, CacheActorService $cacheActorService,
+		SignatureService $signatureService, StreamQueueService $streamQueueService,
+		ImportService $importService, FollowService $followService, MiscService $miscService
 	) {
 		parent::__construct(Application::APP_NAME, $request);

 		$this->socialPubController = $socialPubController;
+		$this->fediverseService = $fediverseService;
 		$this->cacheActorService = $cacheActorService;
 		$this->signatureService = $signatureService;
 		$this->streamQueueService = $streamQueueService;
@ -178,6 +184,7 @@ class ActivityPubController extends Controller {

 			$requestTime = 0;
 			$origin = $this->signatureService->checkRequest($this->request, $requestTime);
+			$this->fediverseService->authorized($origin);

 			$activity = $this->importService->importFromJson($body);
 			if (!$this->signatureService->checkObject($activity)) {
@ -221,6 +228,7 @@ class ActivityPubController extends Controller {

 			$requestTime = 0;
 			$origin = $this->signatureService->checkRequest($this->request, $requestTime);
+			$this->fediverseService->authorized($origin);

 			// TODO - check the recipient <-> username
 //			$actor = $this->actorService->getActor($username);
--- a/lib/Service/ActivityService.php
+++ b/lib/Service/ActivityService.php
@ -48,6 +48,7 @@ use OCA\Social\Exceptions\RequestResultNotJsonException;
 use OCA\Social\Exceptions\RequestResultSizeException;
 use OCA\Social\Exceptions\RequestServerException;
 use OCA\Social\Exceptions\SocialAppConfigException;
+use OCA\Social\Exceptions\UnauthorizedFediverseException;
 use OCA\Social\Model\ActivityPub\ACore;
 use OCA\Social\Model\ActivityPub\Activity\Create;
 use OCA\Social\Model\ActivityPub\Activity\Delete;
@ -284,6 +285,8 @@ class ActivityService {
 			$this->signatureService->signRequest($request, $queue);
 			$this->curlService->request($request);
 			$this->requestQueueService->endRequest($queue, true);
+		} catch (UnauthorizedFediverseException $e) {
+			$this->requestQueueService->endRequest($queue, true);
 		} catch (RequestResultNotJsonException $e) {
 			$this->requestQueueService->endRequest($queue, true);
 		} catch (ActorDoesNotExistException $e) {
--- a/lib/Service/CacheActorService.php
+++ b/lib/Service/CacheActorService.php
@ -47,6 +47,7 @@ use OCA\Social\Exceptions\RequestResultSizeException;
 use OCA\Social\Exceptions\RequestServerException;
 use OCA\Social\Exceptions\SocialAppConfigException;
 use OCA\Social\Exceptions\ItemUnknownException;
+use OCA\Social\Exceptions\UnauthorizedFediverseException;
 use OCA\Social\Model\ActivityPub\Actor\Person;


@ -118,6 +119,7 @@ class CacheActorService {
 	 * @throws SocialAppConfigException
 	 * @throws ItemUnknownException
 	 * @throws RequestResultNotJsonException
+	 * @throws UnauthorizedFediverseException
 	 */
 	public function getFromId(string $id, bool $refresh = false): Person {

--- a/lib/Service/CacheDocumentService.php
+++ b/lib/Service/CacheDocumentService.php
@ -43,6 +43,8 @@ use OCA\Social\Exceptions\RequestNetworkException;
 use OCA\Social\Exceptions\RequestResultNotJsonException;
 use OCA\Social\Exceptions\RequestResultSizeException;
 use OCA\Social\Exceptions\RequestServerException;
+use OCA\Social\Exceptions\SocialAppConfigException;
+use OCA\Social\Exceptions\UnauthorizedFediverseException;
 use OCP\Files\IAppData;
 use OCP\Files\NotFoundException;
 use OCP\Files\NotPermittedException;
@ -96,13 +98,15 @@ class CacheDocumentService {
 	 * @return string
 	 * @throws CacheContentMimeTypeException
 	 * @throws MalformedArrayException
+	 * @throws NotFoundException
 	 * @throws NotPermittedException
 	 * @throws RequestContentException
 	 * @throws RequestNetworkException
-	 * @throws RequestServerException
-	 * @throws RequestResultSizeException
 	 * @throws RequestResultNotJsonException
-	 * @throws NotFoundException
+	 * @throws RequestResultSizeException
+	 * @throws RequestServerException
+	 * @throws SocialAppConfigException
+	 * @throws UnauthorizedFediverseException
 	 */
 	public function saveRemoteFileToCache(string $url, &$mime = '') {

@ -190,9 +194,11 @@ class CacheDocumentService {
 	 * @throws MalformedArrayException
 	 * @throws RequestContentException
 	 * @throws RequestNetworkException
-	 * @throws RequestServerException
-	 * @throws RequestResultSizeException
 	 * @throws RequestResultNotJsonException
+	 * @throws RequestResultSizeException
+	 * @throws RequestServerException
+	 * @throws SocialAppConfigException
+	 * @throws UnauthorizedFediverseException
 	 */
 	public function retrieveContent(string $url) {
 		$url = parse_url($url);
--- a/lib/Service/CurlService.php
+++ b/lib/Service/CurlService.php
@ -48,6 +48,7 @@ use OCA\Social\Exceptions\RequestResultSizeException;
 use OCA\Social\Exceptions\RequestServerException;
 use OCA\Social\Exceptions\SocialAppConfigException;
 use OCA\Social\Exceptions\ItemUnknownException;
+use OCA\Social\Exceptions\UnauthorizedFediverseException;
 use OCA\Social\Model\ActivityPub\Actor\Person;

 class CurlService {
@ -64,6 +65,9 @@ class CurlService {
 	/** @var ConfigService */
 	private $configService;

+	/** @var FediverseService */
+	private $fediverseService;
+
 	/** @var MiscService */
 	private $miscService;

@ -79,10 +83,14 @@ class CurlService {
 	 * CurlService constructor.
 	 *
 	 * @param ConfigService $configService
+	 * @param FediverseService $fediverseService
 	 * @param MiscService $miscService
 	 */
-	public function __construct(ConfigService $configService, MiscService $miscService) {
+	public function __construct(
+		ConfigService $configService, FediverseService $fediverseService, MiscService $miscService
+	) {
 		$this->configService = $configService;
+		$this->fediverseService = $fediverseService;
 		$this->miscService = $miscService;
 	}

@ -94,9 +102,11 @@ class CurlService {
 	 * @throws InvalidResourceException
 	 * @throws RequestContentException
 	 * @throws RequestNetworkException
+	 * @throws RequestResultNotJsonException
 	 * @throws RequestResultSizeException
 	 * @throws RequestServerException
-	 * @throws RequestResultNotJsonException
+	 * @throws SocialAppConfigException
+	 * @throws UnauthorizedFediverseException
 	 */
 	public function webfingerAccount(string $account): array {
 		$account = $this->withoutBeginAt($account);
@ -144,6 +154,7 @@ class CurlService {
 	 * @throws SocialAppConfigException
 	 * @throws ItemUnknownException
 	 * @throws RequestResultNotJsonException
+	 * @throws UnauthorizedFediverseException
 	 */
 	public function retrieveAccount(string $account): Person {
 		$result = $this->webfingerAccount($account);
@ -178,9 +189,11 @@ class CurlService {
 	 * @throws MalformedArrayException
 	 * @throws RequestContentException
 	 * @throws RequestNetworkException
-	 * @throws RequestServerException
-	 * @throws RequestResultSizeException
 	 * @throws RequestResultNotJsonException
+	 * @throws RequestResultSizeException
+	 * @throws RequestServerException
+	 * @throws SocialAppConfigException
+	 * @throws UnauthorizedFediverseException
 	 */
 	public function retrieveObject($id): array {

@ -205,11 +218,14 @@ class CurlService {
 	 * @return mixed
 	 * @throws RequestContentException
 	 * @throws RequestNetworkException
+	 * @throws RequestResultNotJsonException
 	 * @throws RequestResultSizeException
 	 * @throws RequestServerException
-	 * @throws RequestResultNotJsonException
+	 * @throws SocialAppConfigException
+	 * @throws UnauthorizedFediverseException
 	 */
 	public function request(Request $request) {
+		$this->fediverseService->authorized($request->getAddress());

 		$this->maxDownloadSizeReached = false;
 		$curl = $this->initRequest($request);
--- a/lib/Service/DocumentService.php
+++ b/lib/Service/DocumentService.php
@ -46,6 +46,7 @@ use OCA\Social\Exceptions\RequestResultNotJsonException;
 use OCA\Social\Exceptions\RequestResultSizeException;
 use OCA\Social\Exceptions\RequestServerException;
 use OCA\Social\Exceptions\SocialAppConfigException;
+use OCA\Social\Exceptions\UnauthorizedFediverseException;
 use OCA\Social\Exceptions\UrlCloudException;
 use OCA\Social\Model\ActivityPub\Actor\Person;
 use OCA\Social\Model\ActivityPub\Object\Document;
@ -117,6 +118,7 @@ class DocumentService {
 	 * @throws CacheDocumentDoesNotExistException
 	 * @throws MalformedArrayException
 	 * @throws RequestResultNotJsonException
+	 * @throws SocialAppConfigException
 	 */
 	public function cacheRemoteDocument(string $id, bool $public = false) {
 		$document = $this->cacheDocumentsRequest->getById($id, $public);
@ -169,6 +171,8 @@ class DocumentService {
 			$this->cacheDocumentsRequest->endCaching($document);
 		} catch (RequestContentException $e) {
 			$this->cacheDocumentsRequest->deleteById($id);
+		} catch (UnauthorizedFediverseException $e) {
+			$this->cacheDocumentsRequest->deleteById($id);
 		} catch (RequestNetworkException $e) {
 			$this->cacheDocumentsRequest->endCaching($document);
 		} catch (RequestServerException $e) {
@ -189,6 +193,7 @@ class DocumentService {
 	 * @throws CacheDocumentDoesNotExistException
 	 * @throws MalformedArrayException
 	 * @throws RequestResultNotJsonException
+	 * @throws SocialAppConfigException
 	 */
 	public function getFromCache(string $id, bool $public = false) {
 		$document = $this->cacheRemoteDocument($id, $public);
--- a/lib/Service/FediverseService.php
+++ b/lib/Service/FediverseService.php
@ -31,6 +31,7 @@ declare(strict_types=1);
 namespace OCA\Social\Service;

 use Exception;
+use OCA\Social\Exceptions\SocialAppConfigException;
 use OCA\Social\Exceptions\UnauthorizedFediverseException;


@ -68,6 +69,7 @@ class FediverseService {
 	 *
 	 * @return bool
 	 * @throws UnauthorizedFediverseException
+	 * @throws SocialAppConfigException
 	 */
 	public function authorized(string $address): bool {
 		if ($this->getAccessType() ===
@ -78,11 +80,11 @@ class FediverseService {

 		if ($this->getAccessType() ===
 			$this->configService->accessTypeList['WHITELIST']
-			&& $this->isListed($address)) {
+			&& ($this->isListed($address) || $this->isLocal($address))) {
 			return true;
 		}

-		throw new UnauthorizedFediverseException();
+		throw new UnauthorizedFediverseException('Unauthorized Fediverse');
 	}


@ -95,7 +97,7 @@ class FediverseService {
 			return;
 		}

-		throw new UnauthorizedFediverseException();
+		throw new UnauthorizedFediverseException('Jailed Fediverse');
 	}


@ -122,6 +124,19 @@ class FediverseService {
 	}


+	/**
+	 * @param string $address
+	 *
+	 * @return bool
+	 * @throws SocialAppConfigException
+	 */
+	public function isLocal(string $address): bool {
+		$local = $this->configService->getCloudAddress(true);
+
+		return ($local === $address);
+	}
+
+
 	/**
 	 * @return array
 	 */
--- a/lib/Service/StreamQueueService.php
+++ b/lib/Service/StreamQueueService.php
@ -48,6 +48,7 @@ use OCA\Social\Exceptions\RequestResultNotJsonException;
 use OCA\Social\Exceptions\RequestResultSizeException;
 use OCA\Social\Exceptions\RequestServerException;
 use OCA\Social\Exceptions\SocialAppConfigException;
+use OCA\Social\Exceptions\UnauthorizedFediverseException;
 use OCA\Social\Model\ActivityPub\Object\Note;
 use OCA\Social\Model\ActivityPub\Stream;
 use OCA\Social\Model\StreamQueue;
@ -259,6 +260,12 @@ class StreamQueueService {
 					. $e->getMessage(), 1
 				);
 				$cache->removeItem($item->getUrl());
+			} catch (UnauthorizedFediverseException $e) {
+				$this->miscService->log(
+					'Error caching stream: ' . json_encode($item) . ' ' . get_class($e) . ' '
+					. $e->getMessage(), 1
+				);
+				$cache->removeItem($item->getUrl());
 			} catch (RequestNetworkException $e) {
 				$this->miscService->log(
 					'Error caching stream: ' . json_encode($item) . ' ' . get_class($e) . ' '
@ -299,6 +306,7 @@ class StreamQueueService {
 	 * @throws RequestResultSizeException
 	 * @throws RequestServerException
 	 * @throws SocialAppConfigException
+	 * @throws UnauthorizedFediverseException
 	 */
 	private function cacheItem(CacheItem &$item) {