diff --git a/lib/Controller/ActivityPubController.php b/lib/Controller/ActivityPubController.php index 0286ee72..830fbf09 100644 --- a/lib/Controller/ActivityPubController.php +++ b/lib/Controller/ActivityPubController.php @@ -167,14 +167,15 @@ class ActivityPubController extends Controller { public function sharedInbox(): Response { try { - $this->activityService->checkRequest($this->request); - $body = file_get_contents('php://input'); - $this->miscService->log('Shared Inbox: ' . $body); + $this->miscService->log('Shared Inbox: ' . $body, 0); - $activity = $this->importService->import($body); + $origin = $this->activityService->checkRequest($this->request); + + $activity = $this->importService->importFromJson($body); + $activity->setOrigin($origin); try { - $this->importService->parse($activity); + $this->importService->parseIncomingRequest($activity); } catch (UnknownItemException $e) { } @@ -204,18 +205,18 @@ class ActivityPubController extends Controller { public function inbox(string $username): Response { try { - - $this->activityService->checkRequest($this->request); $body = file_get_contents('php://input'); + $this->miscService->log('Inbox: ' . $body, 0); + + $origin = $this->activityService->checkRequest($this->request); // TODO - check the recipient <-> username // $actor = $this->actorService->getActor($username); - $this->miscService->log('Inbox: ' . $body); - - $activity = $this->importService->import($body); + $activity = $this->importService->importFromJson($body); + $activity->setOrigin($origin); try { - $this->importService->parse($activity); + $this->importService->parseIncomingRequest($activity); } catch (UnknownItemException $e) { } diff --git a/lib/Exceptions/ActivityPubFormatException.php b/lib/Exceptions/ActivityPubFormatException.php new file mode 100644 index 00000000..6bdf1646 --- /dev/null +++ b/lib/Exceptions/ActivityPubFormatException.php @@ -0,0 +1,8 @@ +getId()); - $url2 = parse_url($url); - - if ($this->get('host', $url1, '1') !== $this->get('host', $url2, '2')) { - throw new ActivityCantBeVerifiedException('activity cannot be verified'); - } - - if ($this->get('scheme', $url1, '1') !== $this->get('scheme', $url2, '2')) { - throw new ActivityCantBeVerifiedException('activity cannot be verified'); - } - - if ($this->getInt('port', $url1, 1) !== $this->getInt('port', $url2, 1)) { - throw new ActivityCantBeVerifiedException('activity cannot be verified'); - } - } - - /** * @return string */ @@ -512,6 +493,67 @@ abstract class ACore implements JsonSerializable { } + /** + * @return string + */ + public function getOrigin(): string { + return $this->origin; + } + + /** + * @param string $origin + * + * @return ACore + */ + public function setOrigin(string $origin): ACore { + $this->origin = $origin; + + return $this; + } + + /** + * @param $id + * + * @throws InvalidOriginException + */ + public function checkOrigin($id) { + + $host = parse_url($id, PHP_URL_HOST); + if ($this->getRoot() + ->getOrigin() === $host) { + return; + } + + throw new InvalidOriginException(); + } + + + /** + * @deprecated + * + * @param string $url + * + * @throws ActivityCantBeVerifiedException + */ + public function verify(string $url) { + // TODO - Compare this with checkOrigin() + $url1 = parse_url($this->getId()); + $url2 = parse_url($url); + + if ($this->get('host', $url1, '1') !== $this->get('host', $url2, '2')) { + throw new ActivityCantBeVerifiedException('activity cannot be verified'); + } + + if ($this->get('scheme', $url1, '1') !== $this->get('scheme', $url2, '2')) { + throw new ActivityCantBeVerifiedException('activity cannot be verified'); + } + + if ($this->getInt('port', $url1, 1) !== $this->getInt('port', $url2, 1)) { + throw new ActivityCantBeVerifiedException('activity cannot be verified'); + } + } + + /** * @param string $published * diff --git a/lib/Model/ActivityPub/Activity/Tombstone.php b/lib/Model/ActivityPub/Tombstone.php similarity index 94% rename from lib/Model/ActivityPub/Activity/Tombstone.php rename to lib/Model/ActivityPub/Tombstone.php index e1d606b0..8904081f 100644 --- a/lib/Model/ActivityPub/Activity/Tombstone.php +++ b/lib/Model/ActivityPub/Tombstone.php @@ -28,11 +28,10 @@ declare(strict_types=1); */ -namespace OCA\Social\Model\ActivityPub\Activity; +namespace OCA\Social\Model\ActivityPub; use JsonSerializable; -use OCA\Social\Model\ActivityPub\ACore; /** diff --git a/lib/Service/ActivityPub/DeleteService.php b/lib/Service/ActivityPub/DeleteService.php index 7f7044dd..fe39704f 100644 --- a/lib/Service/ActivityPub/DeleteService.php +++ b/lib/Service/ActivityPub/DeleteService.php @@ -33,6 +33,7 @@ namespace OCA\Social\Service\ActivityPub; use Exception; use OCA\Social\Db\NotesRequest; +use OCA\Social\Exceptions\InvalidOriginException; use OCA\Social\Exceptions\InvalidResourceException; use OCA\Social\Exceptions\UnknownItemException; use OCA\Social\Model\ActivityPub\ACore; @@ -80,9 +81,14 @@ class DeleteService implements ICoreService { * @param ACore $delete * * @throws UnknownItemException + * @throws InvalidOriginException */ public function parse(ACore $delete) { + if (!$delete->isRoot()) { + throw new UnknownItemException(); + } + if ($delete->gotObject()) { $id = $delete->getObject() ->getId(); @@ -90,6 +96,8 @@ class DeleteService implements ICoreService { $id = $delete->getObjectId(); } + $delete->checkOrigin($id); + /** @var Delete $delete */ try { $item = $this->activityService->getItem($id); diff --git a/lib/Service/ActivityPub/FollowService.php b/lib/Service/ActivityPub/FollowService.php index 15a74ee2..8e700bfe 100644 --- a/lib/Service/ActivityPub/FollowService.php +++ b/lib/Service/ActivityPub/FollowService.php @@ -235,9 +235,11 @@ class FollowService implements ICoreService { * @throws Exception */ public function parse(ACore $follow) { + /** @var Follow $follow */ if ($follow->isRoot()) { - $follow->verify($follow->getActorId()); + $follow->checkOrigin($follow->getActorId()); + try { $this->followsRequest->getByPersons($follow->getActorId(), $follow->getObjectId()); } catch (FollowDoesNotExistException $e) { @@ -248,24 +250,25 @@ class FollowService implements ICoreService { $this->confirmFollowRequest($follow); } } + } else { $parent = $follow->getParent(); - if ($parent->isRoot() === false) { + if (!$parent->isRoot()) { return; } if ($parent->getType() === Undo::TYPE) { - $parent->verify($follow->getActorId()); + $parent->checkOrigin($follow->getActorId()); $this->followsRequest->deleteByPersons($follow); } if ($parent->getType() === Reject::TYPE) { - $parent->verify($follow->getObjectId()); + $parent->checkOrigin($follow->getObjectId()); $this->followsRequest->deleteByPersons($follow); } if ($parent->getType() === Accept::TYPE) { - $parent->verify($follow->getObjectId()); + $parent->checkOrigin($follow->getObjectId()); $this->followsRequest->accepted($follow); } diff --git a/lib/Service/ActivityPub/NoteService.php b/lib/Service/ActivityPub/NoteService.php index ebce852b..d2e5c9c4 100644 --- a/lib/Service/ActivityPub/NoteService.php +++ b/lib/Service/ActivityPub/NoteService.php @@ -35,6 +35,7 @@ use OC\User\NoUserException; use OCA\Social\Db\NotesRequest; use OCA\Social\Exceptions\ActivityCantBeVerifiedException; use OCA\Social\Exceptions\ActorDoesNotExistException; +use OCA\Social\Exceptions\InvalidOriginException; use OCA\Social\Exceptions\NoteNotFoundException; use OCA\Social\Exceptions\RequestException; use OCA\Social\Exceptions\SocialAppConfigException; @@ -259,21 +260,22 @@ class NoteService implements ICoreService { * * @param ACore $note * - * @throws ActivityCantBeVerifiedException + * @throws InvalidOriginException */ public function parse(ACore $note) { + /** @var Note $note */ if ($note->isRoot()) { return; } $parent = $note->getParent(); - if ($parent->isRoot() === false) { + if (!$parent->isRoot()) { return; } if ($parent->getType() === Create::TYPE) { - $parent->verify(($note->getAttributedTo())); + $parent->checkOrigin($note->getAttributedTo()); try { $this->notesRequest->getNoteById($note->getId()); } catch (NoteNotFoundException $e) { diff --git a/lib/Service/ActivityService.php b/lib/Service/ActivityService.php index 5f94fbc5..69a5f6a1 100644 --- a/lib/Service/ActivityService.php +++ b/lib/Service/ActivityService.php @@ -40,6 +40,7 @@ use OCA\Social\Db\FollowsRequest; use OCA\Social\Db\NotesRequest; use OCA\Social\Exceptions\ActorDoesNotExistException; use OCA\Social\Exceptions\EmptyQueueException; +use OCA\Social\Exceptions\InvalidOriginException; use OCA\Social\Exceptions\InvalidResourceException; use OCA\Social\Exceptions\NoHighPriorityRequestException; use OCA\Social\Exceptions\QueueStatusException; @@ -52,8 +53,8 @@ use OCA\Social\Exceptions\UrlCloudException; use OCA\Social\Model\ActivityPub\ACore; use OCA\Social\Model\ActivityPub\Activity\Create; use OCA\Social\Model\ActivityPub\Activity\Delete; -use OCA\Social\Model\ActivityPub\Activity\Tombstone; use OCA\Social\Model\ActivityPub\Person; +use OCA\Social\Model\ActivityPub\Tombstone; use OCA\Social\Model\InstancePath; use OCA\Social\Model\RequestQueue; use OCA\Social\Service\ActivityPub\PersonService; @@ -410,6 +411,7 @@ class ActivityService { /** * @param IRequest $request * + * @return string * @throws InvalidResourceException * @throws MalformedArrayException * @throws RequestException @@ -417,8 +419,16 @@ class ActivityService { * @throws SocialAppConfigException * @throws UrlCloudException * @throws SignatureIsGoneException + * @throws InvalidOriginException */ - public function checkRequest(IRequest $request) { + public function checkRequest(IRequest $request): string { + // TODO : check host is our current host. + +// $host = $request->getHeader('host'); +// if ($host === '') { +// throw new SignatureException('host is not set'); +// } + $dTime = new DateTime($request->getHeader('date')); $dTime->format(self::DATE_FORMAT); @@ -427,11 +437,12 @@ class ActivityService { } try { - $this->checkSignature($request); + $origin = $this->checkSignature($request); } catch (Request410Exception $e) { throw new SignatureIsGoneException(); } + return $origin; } @@ -465,6 +476,7 @@ class ActivityService { /** * @param IRequest $request * + * @return * @throws InvalidResourceException * @throws MalformedArrayException * @throws Request410Exception @@ -472,6 +484,7 @@ class ActivityService { * @throws SignatureException * @throws SocialAppConfigException * @throws UrlCloudException + * @throws InvalidOriginException */ private function checkSignature(IRequest $request) { $signatureHeader = $request->getHeader('Signature'); @@ -480,6 +493,8 @@ class ActivityService { $this->mustContains(['keyId', 'headers', 'signature'], $sign); $keyId = $sign['keyId']; + $origin = $this->getKeyOrigin($keyId); + $headers = $sign['headers']; $signed = base64_decode($sign['signature']); $estimated = $this->generateEstimatedSignature($headers, $request); @@ -490,6 +505,23 @@ class ActivityService { throw new SignatureException('signature cannot be checked'); } + return $origin; + } + + + /** + * @param $id + * + * @return string + * @throws InvalidOriginException + */ + private function getKeyOrigin($id) { + $host = parse_url($id, PHP_URL_HOST); + if (is_string($host) && ($host !== '')) { + return $host; + } + + throw new InvalidOriginException(); } diff --git a/lib/Service/ImportService.php b/lib/Service/ImportService.php index f2e848fb..6ed9be1f 100644 --- a/lib/Service/ImportService.php +++ b/lib/Service/ImportService.php @@ -33,6 +33,8 @@ namespace OCA\Social\Service; use daita\MySmallPhpTools\Traits\TArrayTools; use Exception; +use OCA\Social\Exceptions\ActivityPubFormatException; +use OCA\Social\Exceptions\InvalidResourceException; use OCA\Social\Exceptions\SocialAppConfigException; use OCA\Social\Exceptions\UnknownItemException; use OCA\Social\Exceptions\UrlCloudException; @@ -41,7 +43,7 @@ use OCA\Social\Model\ActivityPub\Activity\Accept; use OCA\Social\Model\ActivityPub\Activity\Create; use OCA\Social\Model\ActivityPub\Activity\Delete; use OCA\Social\Model\ActivityPub\Activity\Reject; -use OCA\Social\Model\ActivityPub\Activity\Tombstone; +use OCA\Social\Model\ActivityPub\Tombstone; use OCA\Social\Model\ActivityPub\Document; use OCA\Social\Model\ActivityPub\Follow; use OCA\Social\Model\ActivityPub\Image; @@ -108,10 +110,14 @@ class ImportService { * @throws UnknownItemException * @throws UrlCloudException * @throws SocialAppConfigException + * @throws ActivityPubFormatException */ - public function import(string $json) { + public function importFromJson(string $json) { $data = json_decode($json, true); - $activity = $this->createItem($data, null); + if (!is_array($data)) { + throw new ActivityPubFormatException(); + } + $activity = $this->importFromData($data, null); return $activity; } @@ -126,9 +132,14 @@ class ImportService { * @throws UrlCloudException * @throws SocialAppConfigException */ - private function createItem(array $data, $root = null): ACore { + private function importFromData(array $data, $root = null): ACore { + + // TODO - missing : Person (why not ?), OrderCollection (not yet), Document (should ?) + switch ($this->get('type', $data, '')) { + case Accept::TYPE: + $item = new Accept($root); + break; - switch ($this->get('type', $data)) { case Create::TYPE: $item = new Create($root); break; @@ -137,34 +148,30 @@ class ImportService { $item = new Delete($root); break; - case Tombstone::TYPE: - $item = new Tombstone($root); - break; - - case Note::TYPE: - $item = new Note($root); + case Follow::TYPE: + $item = new Follow($root); break; case Image::TYPE: $item = new Image($root); break; - case Follow::TYPE: - $item = new Follow($root); - break; - - case Undo::TYPE: - $item = new Undo($root); - break; - - case Accept::TYPE: - $item = new Accept($root); + case Note::TYPE: + $item = new Note($root); break; case Reject::TYPE: $item = new Reject($root); break; + case Tombstone::TYPE: + $item = new Tombstone($root); + break; + + case Undo::TYPE: + $item = new Undo($root); + break; + default: throw new UnknownItemException(); } @@ -174,14 +181,16 @@ class ImportService { $item->setSource(json_encode($data, JSON_UNESCAPED_SLASHES)); try { - $object = $this->createItem($this->getArray('object', $data, []), $item); + $object = $this->importFromData($this->getArray('object', $data, []), $item); + $object->setParent($item); $item->setObject($object); } catch (UnknownItemException $e) { } try { /** @var Document $icon */ - $icon = $this->createItem($this->getArray('icon', $data, []), $item); + $icon = $this->importFromData($this->getArray('icon', $data, []), $item); + $icon->setParent($item); $item->setIcon($icon); } catch (UnknownItemException $e) { } @@ -195,44 +204,25 @@ class ImportService { * * @throws UnknownItemException */ - public function parse(Acore $activity) { + public function parseIncomingRequest(ACore $activity) { if ($activity->gotObject()) { try { - $this->parse($activity->getObject()); + $this->parseIncomingRequest($activity->getObject()); } catch (UnknownItemException $e) { } } switch ($activity->getType()) { -// case 'Activity': -// $service = $this; -// break; case Delete::TYPE: $service = $this->deleteService; break; -// case Undo::TYPE: -// $service = $this->undoService; -// break; -// -// case Accept::TYPE: -// $service = $this->acceptService; -// break; -// -// case Reject::TYPE: -// $service = $this->rejectService; -// break; - case Follow::TYPE: $service = $this->followService; break; -// case Image::TYPE: -// $service = $this->imageService; -// break; - case Note::TYPE: $service = $this->noteService; break; @@ -251,5 +241,16 @@ class ImportService { } + /** + * @param ACore $activity + * + * @param string $id + * + * @throws InvalidResourceException + */ + public function verifyOrigin(ACore $activity, string $id) { + throw new InvalidResourceException(); + } + }