kopia lustrzana https://github.com/nextcloud/social
662 wiersze
16 KiB
PHP
662 wiersze
16 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
|
|
/**
|
|
* Nextcloud - Social Support
|
|
*
|
|
* This file is licensed under the Affero General Public License version 3 or
|
|
* later. See the COPYING file.
|
|
*
|
|
* @author Maxence Lange <maxence@artificial-owl.com>
|
|
* @copyright 2018, Maxence Lange <maxence@artificial-owl.com>
|
|
* @license GNU AGPL version 3 or any later version
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License as
|
|
* published by the Free Software Foundation, either version 3 of the
|
|
* License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*
|
|
*/
|
|
|
|
namespace OCA\Social\Service;
|
|
|
|
|
|
use daita\MySmallPhpTools\Model\Request;
|
|
use daita\MySmallPhpTools\Traits\TArrayTools;
|
|
use Exception;
|
|
use OCA\Social\AP;
|
|
use OCA\Social\Db\FollowsRequest;
|
|
use OCA\Social\Db\NotesRequest;
|
|
use OCA\Social\Exceptions\ActorDoesNotExistException;
|
|
use OCA\Social\Exceptions\EmptyQueueException;
|
|
use OCA\Social\Exceptions\InvalidResourceException;
|
|
use OCA\Social\Exceptions\LinkedDataSignatureMissingException;
|
|
use OCA\Social\Exceptions\NoHighPriorityRequestException;
|
|
use OCA\Social\Exceptions\QueueStatusException;
|
|
use OCA\Social\Exceptions\Request410Exception;
|
|
use OCA\Social\Exceptions\RequestException;
|
|
use OCA\Social\Exceptions\SocialAppConfigException;
|
|
use OCA\Social\Exceptions\UnknownItemException;
|
|
use OCA\Social\Model\ActivityPub\ACore;
|
|
use OCA\Social\Model\ActivityPub\Activity\Create;
|
|
use OCA\Social\Model\ActivityPub\Activity\Delete;
|
|
use OCA\Social\Model\ActivityPub\Actor\Person;
|
|
use OCA\Social\Model\ActivityPub\Object\Tombstone;
|
|
use OCA\Social\Model\InstancePath;
|
|
use OCA\Social\Model\LinkedDataSignature;
|
|
use OCA\Social\Model\RequestQueue;
|
|
|
|
class ActivityService {
|
|
|
|
|
|
use TArrayTools;
|
|
|
|
|
|
const REQUEST_INBOX = 1;
|
|
|
|
const TIMEOUT_LIVE = 2;
|
|
const TIMEOUT_ASYNC = 5;
|
|
const TIMEOUT_SERVICE = 10;
|
|
|
|
const TO_PUBLIC = 'https://www.w3.org/ns/activitystreams#Public';
|
|
|
|
const DATE_FORMAT = 'D, d M Y H:i:s T';
|
|
const DATE_DELAY = 30;
|
|
|
|
|
|
/** @var NotesRequest */
|
|
private $notesRequest;
|
|
|
|
/** @var FollowsRequest */
|
|
private $followsRequest;
|
|
|
|
/** @var QueueService */
|
|
private $queueService;
|
|
|
|
/** @var AccountService */
|
|
private $accountService;
|
|
|
|
/** @var ConfigService */
|
|
private $configService;
|
|
|
|
/** @var CurlService */
|
|
private $curlService;
|
|
|
|
/** @var MiscService */
|
|
private $miscService;
|
|
|
|
|
|
/** @var array */
|
|
private $failInstances;
|
|
|
|
|
|
/**
|
|
* ActivityService constructor.
|
|
*
|
|
* @param NotesRequest $notesRequest
|
|
* @param FollowsRequest $followsRequest
|
|
* @param QueueService $queueService
|
|
* @param AccountService $accountService
|
|
* @param CurlService $curlService
|
|
* @param ConfigService $configService
|
|
* @param MiscService $miscService
|
|
*/
|
|
public function __construct(
|
|
NotesRequest $notesRequest, FollowsRequest $followsRequest, QueueService $queueService,
|
|
AccountService $accountService,
|
|
CurlService $curlService, ConfigService $configService, MiscService $miscService
|
|
) {
|
|
$this->notesRequest = $notesRequest;
|
|
$this->followsRequest = $followsRequest;
|
|
$this->queueService = $queueService;
|
|
$this->accountService = $accountService;
|
|
$this->curlService = $curlService;
|
|
$this->configService = $configService;
|
|
$this->miscService = $miscService;
|
|
}
|
|
|
|
|
|
/**
|
|
* @param Person $actor
|
|
* @param ACore $item
|
|
* @param ACore $activity
|
|
*
|
|
* @return string
|
|
* @throws Exception
|
|
*/
|
|
public function createActivity(Person $actor, ACore $item, ACore &$activity = null): string {
|
|
|
|
$activity = new Create();
|
|
$item->setParent($activity);
|
|
|
|
// $this->activityStreamsService->initCore($activity);
|
|
|
|
$activity->setObject($item);
|
|
$activity->setId($item->getId() . '/activity');
|
|
$activity->setInstancePaths($item->getInstancePaths());
|
|
|
|
// if ($item->getToArray() !== []) {
|
|
// $activity->setToArray($item->getToArray());
|
|
// } else {
|
|
// $activity->setTo($item->getTo());
|
|
// }
|
|
|
|
$activity->setActor($actor);
|
|
$this->signObject($actor, $activity);
|
|
|
|
return $this->request($activity);
|
|
}
|
|
|
|
|
|
/**
|
|
* @param ACore $item
|
|
*
|
|
* @return string
|
|
* @throws Exception
|
|
*/
|
|
public function deleteActivity(ACore $item): string {
|
|
$delete = new Delete();
|
|
$delete->setId($item->getId() . '#delete');
|
|
$delete->setActorId($item->getActorId());
|
|
|
|
$tombstone = new Tombstone($delete);
|
|
$tombstone->setId($item->getId());
|
|
|
|
$delete->setObject($tombstone);
|
|
$delete->addInstancePaths($item->getInstancePaths());
|
|
|
|
return $this->request($delete);
|
|
}
|
|
|
|
|
|
/**
|
|
* @param string $id
|
|
*
|
|
* @return ACore
|
|
* @throws InvalidResourceException
|
|
*/
|
|
public function getItem(string $id): ACore {
|
|
if ($id === '') {
|
|
throw new InvalidResourceException();
|
|
}
|
|
|
|
$requests = [
|
|
'Note'
|
|
];
|
|
|
|
foreach ($requests as $request) {
|
|
try {
|
|
$interface = AP::$activityPub->getInterfaceFromType($request);
|
|
|
|
return $interface->getItemById($id);
|
|
} catch (Exception $e) {
|
|
}
|
|
}
|
|
|
|
throw new InvalidResourceException();
|
|
}
|
|
|
|
|
|
/**
|
|
* @param ACore $activity
|
|
*
|
|
* @return string
|
|
* @throws Exception
|
|
*/
|
|
public function request(ACore $activity): string {
|
|
$this->saveActivity($activity);
|
|
|
|
$author = $this->getAuthorFromItem($activity);
|
|
$instancePaths = $this->generateInstancePaths($activity);
|
|
$token = $this->queueService->generateRequestQueue($instancePaths, $activity, $author);
|
|
$this->manageInit();
|
|
|
|
try {
|
|
$directRequest = $this->queueService->getPriorityRequest($token);
|
|
$directRequest->setTimeout(self::TIMEOUT_LIVE);
|
|
$this->manageRequest($directRequest);
|
|
} catch (RequestException $e) {
|
|
} catch (NoHighPriorityRequestException $e) {
|
|
} catch (EmptyQueueException $e) {
|
|
return '';
|
|
}
|
|
|
|
$this->curlService->asyncWithToken($token);
|
|
|
|
return $token;
|
|
}
|
|
|
|
|
|
public function manageInit() {
|
|
$this->failInstances = [];
|
|
}
|
|
|
|
|
|
/**
|
|
* @param RequestQueue $queue
|
|
*
|
|
* @throws RequestException
|
|
* @throws SocialAppConfigException
|
|
*/
|
|
public function manageRequest(RequestQueue $queue) {
|
|
$host = $queue->getInstance()
|
|
->getAddress();
|
|
if (in_array($host, $this->failInstances)) {
|
|
throw new RequestException();
|
|
}
|
|
|
|
try {
|
|
$this->queueService->initRequest($queue);
|
|
} catch (QueueStatusException $e) {
|
|
return;
|
|
}
|
|
|
|
try {
|
|
$result = $this->generateRequestFromQueue($queue);
|
|
} catch (ActorDoesNotExistException $e) {
|
|
$this->queueService->deleteRequest($queue);
|
|
|
|
return;
|
|
} catch (Request410Exception $e) {
|
|
$this->queueService->deleteRequest($queue);
|
|
|
|
return;
|
|
}
|
|
|
|
try {
|
|
$accepted = [200, 202];
|
|
if (in_array($this->getint('_code', $result, 500), $accepted)) {
|
|
$this->queueService->endRequest($queue, true);
|
|
} else {
|
|
$this->queueService->endRequest($queue, false);
|
|
$this->failInstances[] = $host;
|
|
}
|
|
} catch (QueueStatusException $e) {
|
|
}
|
|
}
|
|
|
|
|
|
/** // ====> instanceService
|
|
*
|
|
* @param ACore $activity
|
|
*
|
|
* @return InstancePath[]
|
|
*/
|
|
private function generateInstancePaths(ACore $activity): array {
|
|
$instancePaths = [];
|
|
foreach ($activity->getInstancePaths() as $instancePath) {
|
|
if ($instancePath->getType() === InstancePath::TYPE_FOLLOWERS) {
|
|
$instancePaths = array_merge(
|
|
$instancePaths, $this->generateInstancePathsFollowers($instancePath)
|
|
);
|
|
} else {
|
|
$instancePaths[] = $instancePath;
|
|
}
|
|
}
|
|
|
|
return $instancePaths;
|
|
}
|
|
|
|
|
|
/**
|
|
* @param InstancePath $instancePath
|
|
*
|
|
* @return InstancePath[]
|
|
*/
|
|
private function generateInstancePathsFollowers(InstancePath $instancePath): array {
|
|
$follows = $this->followsRequest->getByFollowId($instancePath->getUri());
|
|
|
|
$sharedInboxes = [];
|
|
$instancePaths = [];
|
|
foreach ($follows as $follow) {
|
|
if (!$follow->gotActor()) {
|
|
// TODO - check if cache can be empty at this point ?
|
|
continue;
|
|
}
|
|
|
|
$sharedInbox = $follow->getActor()
|
|
->getSharedInbox();
|
|
if (in_array($sharedInbox, $sharedInboxes)) {
|
|
continue;
|
|
}
|
|
|
|
$sharedInboxes[] = $sharedInbox;
|
|
$instancePaths[] = new InstancePath(
|
|
$sharedInbox, InstancePath::TYPE_GLOBAL, $instancePath->getPriority()
|
|
);
|
|
// $result[] = $this->generateRequest(
|
|
// new InstancePath($sharedInbox, InstancePath::TYPE_GLOBAL), $activity
|
|
// );
|
|
}
|
|
|
|
return $instancePaths;
|
|
}
|
|
|
|
|
|
/**
|
|
* @param RequestQueue $queue
|
|
*
|
|
* @return Request[]
|
|
* @throws ActorDoesNotExistException
|
|
* @throws Request410Exception
|
|
* @throws RequestException
|
|
* @throws SocialAppConfigException
|
|
*/
|
|
public function generateRequestFromQueue(RequestQueue $queue): array {
|
|
//InstancePath $path, string $activity, string $author
|
|
// $queue->getInstance(), $queue->getActivity(), $queue->getAuthor()
|
|
// );
|
|
$path = $queue->getInstance();
|
|
|
|
// $document = json_encode($activity);
|
|
$date = gmdate(self::DATE_FORMAT);
|
|
$localActor = $this->getActorFromAuthor($queue->getAuthor());
|
|
|
|
// TODO: move this to SignatureService ?
|
|
$localActorLink =
|
|
$this->configService->getUrlSocial() . '@' . $localActor->getPreferredUsername();
|
|
$signature = "(request-target): post " . $path->getPath() . "\nhost: " . $path->getAddress()
|
|
. "\ndate: " . $date;
|
|
openssl_sign($signature, $signed, $localActor->getPrivateKey(), OPENSSL_ALGO_SHA256);
|
|
|
|
$signed = base64_encode($signed);
|
|
$header =
|
|
'keyId="' . $localActorLink . '",headers="(request-target) host date",signature="'
|
|
. $signed . '"';
|
|
|
|
$requestType = Request::TYPE_GET;
|
|
if ($path->getType() === InstancePath::TYPE_INBOX
|
|
|| $path->getType() === InstancePath::TYPE_GLOBAL
|
|
|| $path->getType() === InstancePath::TYPE_FOLLOWERS) {
|
|
$requestType = Request::TYPE_POST;
|
|
}
|
|
|
|
$request = new Request($path->getPath(), $requestType);
|
|
$request->setTimeout($queue->getTimeout());
|
|
$request->addHeader('Host: ' . $path->getAddress());
|
|
$request->addHeader('Date: ' . $date);
|
|
$request->addHeader('Signature: ' . $header);
|
|
|
|
$request->setDataJson($queue->getActivity());
|
|
$request->setAddress($path->getAddress());
|
|
|
|
return $this->curlService->request($request);
|
|
}
|
|
|
|
|
|
/**
|
|
* @param IRequest $request
|
|
*
|
|
* @return string
|
|
* @throws InvalidResourceException
|
|
* @throws MalformedArrayException
|
|
* @throws RequestException
|
|
* @throws SignatureException
|
|
* @throws SocialAppConfigException
|
|
* @throws UrlCloudException
|
|
* @throws SignatureIsGoneException
|
|
* @throws InvalidOriginException
|
|
*/
|
|
public function checkRequest(IRequest $request): string {
|
|
// TODO : check host is our current host.
|
|
|
|
// $host = $request->getHeader('host');
|
|
// if ($host === '') {
|
|
// throw new SignatureException('host is not set');
|
|
// }
|
|
|
|
$dTime = new DateTime($request->getHeader('date'));
|
|
$dTime->format(self::DATE_FORMAT);
|
|
|
|
if ($dTime->getTimestamp() < (time() - self::DATE_DELAY)) {
|
|
throw new SignatureException('object is too old');
|
|
}
|
|
|
|
try {
|
|
$origin = $this->checkSignature($request);
|
|
} catch (Request410Exception $e) {
|
|
throw new SignatureIsGoneException();
|
|
}
|
|
|
|
return $origin;
|
|
}
|
|
|
|
|
|
/**
|
|
* @param Person $actor
|
|
* @param ACore $object
|
|
*/
|
|
public function signObject(Person $actor, ACore &$object) {
|
|
$signature = new LinkedDataSignature();
|
|
$signature->setPrivateKey($actor->getPrivateKey());
|
|
$signature->setType('RsaSignature2017');
|
|
$signature->setCreator($actor->getId() . '#main-key');
|
|
$signature->setCreated($object->getPublished());
|
|
$signature->setObject(json_decode(json_encode($object), true));
|
|
|
|
try {
|
|
$signature->sign();
|
|
$object->setSignature($signature);
|
|
} catch (LinkedDataSignatureMissingException $e) {
|
|
}
|
|
}
|
|
|
|
|
|
/**
|
|
* @param ACore $object
|
|
*
|
|
* @return bool
|
|
* @throws InvalidResourceException
|
|
* @throws Request410Exception
|
|
* @throws RequestException
|
|
* @throws SocialAppConfigException
|
|
* @throws UrlCloudException
|
|
* @throws InvalidOriginException
|
|
*/
|
|
public function checkObject(ACore $object): bool {
|
|
try {
|
|
$actorId = $object->getActorId();
|
|
|
|
$signature = new LinkedDataSignature();
|
|
$signature->import(json_decode($object->getSource(), true));
|
|
$signature->setPublicKey($this->retrieveKey($actorId));
|
|
|
|
if ($signature->verify()) {
|
|
$object->setOrigin($this->getKeyOrigin($actorId));
|
|
|
|
return true;
|
|
}
|
|
} catch (LinkedDataSignatureMissingException $e) {
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
|
|
/**
|
|
* $signature = new LinkedDataSignature();
|
|
* @param ACore $activity
|
|
*
|
|
* @return string
|
|
*/
|
|
private function getAuthorFromItem(Acore $activity): string {
|
|
if ($activity->gotActor()) {
|
|
return $activity->getActor()
|
|
->getId();
|
|
}
|
|
|
|
return $activity->getActorId();
|
|
}
|
|
|
|
|
|
/**
|
|
* @param string $author
|
|
*
|
|
* @return Person
|
|
* @throws SocialAppConfigException
|
|
* @throws ActorDoesNotExistException
|
|
*/
|
|
private function getActorFromAuthor(string $author): Person {
|
|
return $this->accountService->getFromId($author);
|
|
}
|
|
|
|
|
|
// /**
|
|
// * @param IRequest $request
|
|
// *
|
|
// * @return string
|
|
// * @throws InvalidResourceException
|
|
// * @throws MalformedArrayException
|
|
// * @throws Request410Exception
|
|
// * @throws RequestException
|
|
// * @throws SignatureException
|
|
// * @throws SocialAppConfigException
|
|
// * @throws UrlCloudException
|
|
// * @throws InvalidOriginException
|
|
// */
|
|
// private function checkSignature(IRequest $request): string {
|
|
// $signatureHeader = $request->getHeader('Signature');
|
|
//
|
|
// $sign = $this->parseSignatureHeader($signatureHeader);
|
|
// $this->mustContains(['keyId', 'headers', 'signature'], $sign);
|
|
//
|
|
// $keyId = $sign['keyId'];
|
|
// $origin = $this->getKeyOrigin($keyId);
|
|
//
|
|
// $headers = $sign['headers'];
|
|
// $signed = base64_decode($sign['signature']);
|
|
// $estimated = $this->generateEstimatedSignature($headers, $request);
|
|
//
|
|
// $publicKey = $this->retrieveKey($keyId);
|
|
//
|
|
// if ($publicKey === '' || openssl_verify($estimated, $signed, $publicKey, 'sha256') !== 1) {
|
|
// throw new SignatureException('signature cannot be checked');
|
|
// }
|
|
//
|
|
// return $origin;
|
|
// }
|
|
//
|
|
|
|
// /**
|
|
// * @param $id
|
|
// *
|
|
// * @return string
|
|
// * @throws InvalidOriginException
|
|
// */
|
|
// private function getKeyOrigin($id) {
|
|
// $host = parse_url($id, PHP_URL_HOST);
|
|
// if (is_string($host) && ($host !== '')) {
|
|
// return $host;
|
|
// }
|
|
//
|
|
// throw new InvalidOriginException();
|
|
// }
|
|
//
|
|
//
|
|
// /**
|
|
// * @param string $headers
|
|
// * @param IRequest $request
|
|
// *
|
|
// * @return string
|
|
// */
|
|
// private function generateEstimatedSignature(string $headers, IRequest $request): string {
|
|
// $keys = explode(' ', $headers);
|
|
//
|
|
// $target = '';
|
|
// try {
|
|
// $target = strtolower($request->getMethod()) . " " . $request->getRequestUri();
|
|
// } catch (Exception $e) {
|
|
// }
|
|
//
|
|
// $estimated = "(request-target): " . $target;
|
|
//
|
|
// foreach ($keys as $key) {
|
|
// if ($key === '(request-target)') {
|
|
// continue;
|
|
// }
|
|
//
|
|
// $estimated .= "\n" . $key . ': ' . $request->getHeader($key);
|
|
// }
|
|
//
|
|
// return $estimated;
|
|
// }
|
|
//
|
|
//
|
|
// /**
|
|
// * @param $signatureHeader
|
|
// *
|
|
// * @return array
|
|
// */
|
|
// private function parseSignatureHeader($signatureHeader) {
|
|
// $sign = [];
|
|
//
|
|
// $entries = explode(',', $signatureHeader);
|
|
// foreach ($entries as $entry) {
|
|
// list($k, $v) = explode('=', $entry, 2);
|
|
// preg_match('/"([^"]+)"/', $v, $varr);
|
|
// $v = trim($varr[0], '"');
|
|
//
|
|
// $sign[$k] = $v;
|
|
// }
|
|
//
|
|
// return $sign;
|
|
// }
|
|
|
|
|
|
// /**
|
|
// * @param $keyId
|
|
// *
|
|
// * @return string
|
|
// * @throws InvalidResourceException
|
|
// * @throws RequestException
|
|
// * @throws SocialAppConfigException
|
|
// * @throws UrlCloudException
|
|
// * @throws Request410Exception
|
|
// */
|
|
// private function retrieveKey($keyId): string {
|
|
// $actor = $this->cacheActorService->getFromId($keyId);
|
|
//
|
|
// return $actor->getPublicKey();
|
|
// }
|
|
|
|
|
|
/**
|
|
* @param ACore $activity
|
|
*/
|
|
private function saveActivity(ACore $activity) {
|
|
// TODO: save activity in DB ?
|
|
|
|
if ($activity->gotObject()) {
|
|
$this->saveObject($activity->getObject());
|
|
}
|
|
}
|
|
|
|
|
|
/**
|
|
* @param ACore $activity
|
|
*/
|
|
private function saveObject(ACore $activity) {
|
|
try {
|
|
if ($activity->gotObject()) {
|
|
$this->saveObject($activity->getObject());
|
|
}
|
|
|
|
$service = AP::$activityPub->getInterfaceForItem($activity);
|
|
$service->save($activity);
|
|
} catch (UnknownItemException $e) {
|
|
}
|
|
}
|
|
|
|
|
|
}
|
|
|