diff --git a/lib/Controller/ActivityPubController.php b/lib/Controller/ActivityPubController.php index 51df1b09..a1d50d22 100644 --- a/lib/Controller/ActivityPubController.php +++ b/lib/Controller/ActivityPubController.php @@ -40,6 +40,7 @@ use OCA\Social\Exceptions\SignatureIsGoneException; use OCA\Social\Exceptions\ItemUnknownException; use OCA\Social\Exceptions\UrlCloudException; use OCA\Social\Service\CacheActorService; +use OCA\Social\Service\FediverseService; use OCA\Social\Service\FollowService; use OCA\Social\Service\ImportService; use OCA\Social\Service\MiscService; @@ -61,6 +62,9 @@ class ActivityPubController extends Controller { /** @var SocialPubController */ private $socialPubController; + /** @var FediverseService */ + private $fediverseService; + /** @var CacheActorService */ private $cacheActorService; @@ -85,6 +89,7 @@ class ActivityPubController extends Controller { * * @param IRequest $request * @param SocialPubController $socialPubController + * @param FediverseService $fediverseService * @param CacheActorService $cacheActorService * @param SignatureService $signatureService * @param StreamQueueService $streamQueueService @@ -94,13 +99,14 @@ class ActivityPubController extends Controller { */ public function __construct( IRequest $request, SocialPubController $socialPubController, - CacheActorService $cacheActorService, SignatureService $signatureService, - StreamQueueService $streamQueueService, ImportService $importService, - FollowService $followService, MiscService $miscService + FediverseService $fediverseService, CacheActorService $cacheActorService, + SignatureService $signatureService, StreamQueueService $streamQueueService, + ImportService $importService, FollowService $followService, MiscService $miscService ) { parent::__construct(Application::APP_NAME, $request); $this->socialPubController = $socialPubController; + $this->fediverseService = $fediverseService; $this->cacheActorService = $cacheActorService; $this->signatureService = $signatureService; $this->streamQueueService = $streamQueueService; @@ -178,6 +184,7 @@ class ActivityPubController extends Controller { $requestTime = 0; $origin = $this->signatureService->checkRequest($this->request, $requestTime); + $this->fediverseService->authorized($origin); $activity = $this->importService->importFromJson($body); if (!$this->signatureService->checkObject($activity)) { @@ -221,6 +228,7 @@ class ActivityPubController extends Controller { $requestTime = 0; $origin = $this->signatureService->checkRequest($this->request, $requestTime); + $this->fediverseService->authorized($origin); // TODO - check the recipient <-> username // $actor = $this->actorService->getActor($username); diff --git a/lib/Service/ActivityService.php b/lib/Service/ActivityService.php index c9237508..513a048b 100644 --- a/lib/Service/ActivityService.php +++ b/lib/Service/ActivityService.php @@ -48,6 +48,7 @@ use OCA\Social\Exceptions\RequestResultNotJsonException; use OCA\Social\Exceptions\RequestResultSizeException; use OCA\Social\Exceptions\RequestServerException; use OCA\Social\Exceptions\SocialAppConfigException; +use OCA\Social\Exceptions\UnauthorizedFediverseException; use OCA\Social\Model\ActivityPub\ACore; use OCA\Social\Model\ActivityPub\Activity\Create; use OCA\Social\Model\ActivityPub\Activity\Delete; @@ -284,6 +285,8 @@ class ActivityService { $this->signatureService->signRequest($request, $queue); $this->curlService->request($request); $this->requestQueueService->endRequest($queue, true); + } catch (UnauthorizedFediverseException $e) { + $this->requestQueueService->endRequest($queue, true); } catch (RequestResultNotJsonException $e) { $this->requestQueueService->endRequest($queue, true); } catch (ActorDoesNotExistException $e) { diff --git a/lib/Service/CacheActorService.php b/lib/Service/CacheActorService.php index 5d16fc05..d900741c 100644 --- a/lib/Service/CacheActorService.php +++ b/lib/Service/CacheActorService.php @@ -47,6 +47,7 @@ use OCA\Social\Exceptions\RequestResultSizeException; use OCA\Social\Exceptions\RequestServerException; use OCA\Social\Exceptions\SocialAppConfigException; use OCA\Social\Exceptions\ItemUnknownException; +use OCA\Social\Exceptions\UnauthorizedFediverseException; use OCA\Social\Model\ActivityPub\Actor\Person; @@ -118,6 +119,7 @@ class CacheActorService { * @throws SocialAppConfigException * @throws ItemUnknownException * @throws RequestResultNotJsonException + * @throws UnauthorizedFediverseException */ public function getFromId(string $id, bool $refresh = false): Person { diff --git a/lib/Service/CacheDocumentService.php b/lib/Service/CacheDocumentService.php index 0877846d..84aa32a2 100644 --- a/lib/Service/CacheDocumentService.php +++ b/lib/Service/CacheDocumentService.php @@ -43,6 +43,8 @@ use OCA\Social\Exceptions\RequestNetworkException; use OCA\Social\Exceptions\RequestResultNotJsonException; use OCA\Social\Exceptions\RequestResultSizeException; use OCA\Social\Exceptions\RequestServerException; +use OCA\Social\Exceptions\SocialAppConfigException; +use OCA\Social\Exceptions\UnauthorizedFediverseException; use OCP\Files\IAppData; use OCP\Files\NotFoundException; use OCP\Files\NotPermittedException; @@ -96,13 +98,15 @@ class CacheDocumentService { * @return string * @throws CacheContentMimeTypeException * @throws MalformedArrayException + * @throws NotFoundException * @throws NotPermittedException * @throws RequestContentException * @throws RequestNetworkException - * @throws RequestServerException - * @throws RequestResultSizeException * @throws RequestResultNotJsonException - * @throws NotFoundException + * @throws RequestResultSizeException + * @throws RequestServerException + * @throws SocialAppConfigException + * @throws UnauthorizedFediverseException */ public function saveRemoteFileToCache(string $url, &$mime = '') { @@ -190,9 +194,11 @@ class CacheDocumentService { * @throws MalformedArrayException * @throws RequestContentException * @throws RequestNetworkException - * @throws RequestServerException - * @throws RequestResultSizeException * @throws RequestResultNotJsonException + * @throws RequestResultSizeException + * @throws RequestServerException + * @throws SocialAppConfigException + * @throws UnauthorizedFediverseException */ public function retrieveContent(string $url) { $url = parse_url($url); diff --git a/lib/Service/CurlService.php b/lib/Service/CurlService.php index 7900649b..01eabb30 100644 --- a/lib/Service/CurlService.php +++ b/lib/Service/CurlService.php @@ -48,6 +48,7 @@ use OCA\Social\Exceptions\RequestResultSizeException; use OCA\Social\Exceptions\RequestServerException; use OCA\Social\Exceptions\SocialAppConfigException; use OCA\Social\Exceptions\ItemUnknownException; +use OCA\Social\Exceptions\UnauthorizedFediverseException; use OCA\Social\Model\ActivityPub\Actor\Person; class CurlService { @@ -64,6 +65,9 @@ class CurlService { /** @var ConfigService */ private $configService; + /** @var FediverseService */ + private $fediverseService; + /** @var MiscService */ private $miscService; @@ -79,10 +83,14 @@ class CurlService { * CurlService constructor. * * @param ConfigService $configService + * @param FediverseService $fediverseService * @param MiscService $miscService */ - public function __construct(ConfigService $configService, MiscService $miscService) { + public function __construct( + ConfigService $configService, FediverseService $fediverseService, MiscService $miscService + ) { $this->configService = $configService; + $this->fediverseService = $fediverseService; $this->miscService = $miscService; } @@ -94,9 +102,11 @@ class CurlService { * @throws InvalidResourceException * @throws RequestContentException * @throws RequestNetworkException + * @throws RequestResultNotJsonException * @throws RequestResultSizeException * @throws RequestServerException - * @throws RequestResultNotJsonException + * @throws SocialAppConfigException + * @throws UnauthorizedFediverseException */ public function webfingerAccount(string $account): array { $account = $this->withoutBeginAt($account); @@ -144,6 +154,7 @@ class CurlService { * @throws SocialAppConfigException * @throws ItemUnknownException * @throws RequestResultNotJsonException + * @throws UnauthorizedFediverseException */ public function retrieveAccount(string $account): Person { $result = $this->webfingerAccount($account); @@ -178,9 +189,11 @@ class CurlService { * @throws MalformedArrayException * @throws RequestContentException * @throws RequestNetworkException - * @throws RequestServerException - * @throws RequestResultSizeException * @throws RequestResultNotJsonException + * @throws RequestResultSizeException + * @throws RequestServerException + * @throws SocialAppConfigException + * @throws UnauthorizedFediverseException */ public function retrieveObject($id): array { @@ -205,11 +218,14 @@ class CurlService { * @return mixed * @throws RequestContentException * @throws RequestNetworkException + * @throws RequestResultNotJsonException * @throws RequestResultSizeException * @throws RequestServerException - * @throws RequestResultNotJsonException + * @throws SocialAppConfigException + * @throws UnauthorizedFediverseException */ public function request(Request $request) { + $this->fediverseService->authorized($request->getAddress()); $this->maxDownloadSizeReached = false; $curl = $this->initRequest($request); diff --git a/lib/Service/DocumentService.php b/lib/Service/DocumentService.php index 1dfbcd2f..d860a018 100644 --- a/lib/Service/DocumentService.php +++ b/lib/Service/DocumentService.php @@ -46,6 +46,7 @@ use OCA\Social\Exceptions\RequestResultNotJsonException; use OCA\Social\Exceptions\RequestResultSizeException; use OCA\Social\Exceptions\RequestServerException; use OCA\Social\Exceptions\SocialAppConfigException; +use OCA\Social\Exceptions\UnauthorizedFediverseException; use OCA\Social\Exceptions\UrlCloudException; use OCA\Social\Model\ActivityPub\Actor\Person; use OCA\Social\Model\ActivityPub\Object\Document; @@ -117,6 +118,7 @@ class DocumentService { * @throws CacheDocumentDoesNotExistException * @throws MalformedArrayException * @throws RequestResultNotJsonException + * @throws SocialAppConfigException */ public function cacheRemoteDocument(string $id, bool $public = false) { $document = $this->cacheDocumentsRequest->getById($id, $public); @@ -169,6 +171,8 @@ class DocumentService { $this->cacheDocumentsRequest->endCaching($document); } catch (RequestContentException $e) { $this->cacheDocumentsRequest->deleteById($id); + } catch (UnauthorizedFediverseException $e) { + $this->cacheDocumentsRequest->deleteById($id); } catch (RequestNetworkException $e) { $this->cacheDocumentsRequest->endCaching($document); } catch (RequestServerException $e) { @@ -189,6 +193,7 @@ class DocumentService { * @throws CacheDocumentDoesNotExistException * @throws MalformedArrayException * @throws RequestResultNotJsonException + * @throws SocialAppConfigException */ public function getFromCache(string $id, bool $public = false) { $document = $this->cacheRemoteDocument($id, $public); diff --git a/lib/Service/FediverseService.php b/lib/Service/FediverseService.php index 19f6e5e9..c5d8664f 100644 --- a/lib/Service/FediverseService.php +++ b/lib/Service/FediverseService.php @@ -31,6 +31,7 @@ declare(strict_types=1); namespace OCA\Social\Service; use Exception; +use OCA\Social\Exceptions\SocialAppConfigException; use OCA\Social\Exceptions\UnauthorizedFediverseException; @@ -68,6 +69,7 @@ class FediverseService { * * @return bool * @throws UnauthorizedFediverseException + * @throws SocialAppConfigException */ public function authorized(string $address): bool { if ($this->getAccessType() === @@ -78,11 +80,11 @@ class FediverseService { if ($this->getAccessType() === $this->configService->accessTypeList['WHITELIST'] - && $this->isListed($address)) { + && ($this->isListed($address) || $this->isLocal($address))) { return true; } - throw new UnauthorizedFediverseException(); + throw new UnauthorizedFediverseException('Unauthorized Fediverse'); } @@ -95,7 +97,7 @@ class FediverseService { return; } - throw new UnauthorizedFediverseException(); + throw new UnauthorizedFediverseException('Jailed Fediverse'); } @@ -122,6 +124,19 @@ class FediverseService { } + /** + * @param string $address + * + * @return bool + * @throws SocialAppConfigException + */ + public function isLocal(string $address): bool { + $local = $this->configService->getCloudAddress(true); + + return ($local === $address); + } + + /** * @return array */ diff --git a/lib/Service/StreamQueueService.php b/lib/Service/StreamQueueService.php index ab14666b..63a59beb 100644 --- a/lib/Service/StreamQueueService.php +++ b/lib/Service/StreamQueueService.php @@ -48,6 +48,7 @@ use OCA\Social\Exceptions\RequestResultNotJsonException; use OCA\Social\Exceptions\RequestResultSizeException; use OCA\Social\Exceptions\RequestServerException; use OCA\Social\Exceptions\SocialAppConfigException; +use OCA\Social\Exceptions\UnauthorizedFediverseException; use OCA\Social\Model\ActivityPub\Object\Note; use OCA\Social\Model\ActivityPub\Stream; use OCA\Social\Model\StreamQueue; @@ -259,6 +260,12 @@ class StreamQueueService { . $e->getMessage(), 1 ); $cache->removeItem($item->getUrl()); + } catch (UnauthorizedFediverseException $e) { + $this->miscService->log( + 'Error caching stream: ' . json_encode($item) . ' ' . get_class($e) . ' ' + . $e->getMessage(), 1 + ); + $cache->removeItem($item->getUrl()); } catch (RequestNetworkException $e) { $this->miscService->log( 'Error caching stream: ' . json_encode($item) . ' ' . get_class($e) . ' ' @@ -299,6 +306,7 @@ class StreamQueueService { * @throws RequestResultSizeException * @throws RequestServerException * @throws SocialAppConfigException + * @throws UnauthorizedFediverseException */ private function cacheItem(CacheItem &$item) {