libervia-backend: sat/plugins/plugin_comp_ap_gateway/http

annotate sat/plugins/plugin_comp_ap_gateway/http_server.py @ 3745:a8c7e5cef0cb

comp AP gateway: signature checking, caching and threads management: - HTTP signature is checked for incoming messages - AP actor can now be followed using pubsub subscription. When following is accepted, the node is cached - replies to posts are put in cached pubsub comment nodes, with a `comments_max_depth` option to limit the number of comment nodes for a root message (documentation will come to explain this). ticket 364

author	Goffi <goffi@goffi.org>
date	Tue, 22 Mar 2022 17:00:42 +0100
parents	86eea17cafa7
children	125c7043b277

rev	line source
3682 7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	1 #!/usr/bin/env python3
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	2
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	3 # Libervia ActivityPub Gateway
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	4 # Copyright (C) 2009-2021 Jérôme Poisson (goffi@goffi.org)
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	5
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	6 # This program is free software: you can redistribute it and/or modify
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	7 # it under the terms of the GNU Affero General Public License as published by
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	8 # the Free Software Foundation, either version 3 of the License, or
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	9 # (at your option) any later version.
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	10
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	11 # This program is distributed in the hope that it will be useful,
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	14 # GNU Affero General Public License for more details.
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	15
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	16 # You should have received a copy of the GNU Affero General Public License
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	17 # along with this program. If not, see <http://www.gnu.org/licenses/>.
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	18
3745 a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	19 import time
3729 86eea17cafa7 component AP gateway: split plugin in several files: Goffi <goffi@goffi.org> parents: 3728 diff changeset	20 from typing import Optional, Dict, List
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	21 import json
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	22 from urllib import parse
3745 a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	23 from collections import deque
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	24 import unicodedata
3745 a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	25 from pprint import pformat
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	26
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	27 from twisted.web import http, resource as web_resource, server
3745 a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	28 from twisted.internet import reactor, defer
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	29 from twisted.words.protocols.jabber import jid, error
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	30 from wokkel import pubsub, rsm
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	31
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	32 from sat.core import exceptions
3682 7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	33 from sat.core.constants import Const as C
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	34 from sat.core.i18n import _
3682 7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	35 from sat.core.log import getLogger
3745 a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	36 from sat.tools.common import date_utils
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	37 from sat.memory.sqla_mapping import SubscriptionState
3729 86eea17cafa7 component AP gateway: split plugin in several files: Goffi <goffi@goffi.org> parents: 3728 diff changeset	38
3745 a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	39 from .constants import (
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	40 CONTENT_TYPE_AP, TYPE_ACTOR, TYPE_INBOX, TYPE_SHARED_INBOX, TYPE_OUTBOX,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	41 AP_REQUEST_TYPES, PAGE_SIZE, ACTIVITY_TYPES_LOWER, ACTIVIY_NO_ACCOUNT_ALLOWED,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	42 SIGN_HEADERS, HS2019, SIGN_EXP
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	43 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	44 from .regex import RE_SIG_PARAM
3682 7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	45
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	46
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	47 log = getLogger(__name__)
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	48
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	49 VERSION = unicodedata.normalize(
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	50 'NFKD',
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	51 f"{C.APP_NAME} ActivityPub Gateway {C.APP_VERSION}"
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	52 )
3682 7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	53
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	54
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	55 class HTTPAPGServer(web_resource.Resource):
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	56 """HTTP Server handling ActivityPub S2S protocol"""
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	57 isLeaf = True
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	58
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	59 def __init__(self, ap_gateway):
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	60 self.apg = ap_gateway
3745 a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	61 self._seen_digest = deque(maxlen=50)
3682 7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	62 super().__init__()
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	63
3745 a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	64 def responseCode(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	65 self,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	66 request: "HTTPRequest",
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	67 http_code: int,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	68 msg: Optional[str] = None
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	69 ) -> None:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	70 """Log and set HTTP return code and associated message"""
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	71 log.warning(msg)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	72 request.setResponseCode(http_code, None if msg is None else msg.encode())
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	73
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	74 async def webfinger(self, request):
3682 7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	75 url_parsed = parse.urlparse(request.uri.decode())
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	76 query = parse.parse_qs(url_parsed.query)
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	77 resource = query.get("resource", [""])[0]
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	78 account = resource[5:].strip()
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	79 if not resource.startswith("acct:") or not account:
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	80 return web_resource.ErrorPage(
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	81 http.BAD_REQUEST, "Bad Request" , "Invalid webfinger resource"
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	82 ).render(request)
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	83
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	84 actor_url = self.apg.buildAPURL(TYPE_ACTOR, account)
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	85
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	86 resp = {
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	87 "subject": resource,
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	88 "links": [
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	89 {
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	90 "rel": "self",
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	91 "type": "application/activity+json",
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	92 "href": actor_url
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	93 }
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	94 ]
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	95 }
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	96 request.setHeader("content-type", CONTENT_TYPE_AP)
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	97 request.write(json.dumps(resp).encode())
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	98 request.finish()
3682 7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	99
3745 a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	100 async def handleFollowActivity(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	101 self,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	102 request: "HTTPRequest",
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	103 data: dict,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	104 account_jid: jid.JID,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	105 node: Optional[str],
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	106 ap_account: str,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	107 ap_url: str,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	108 signing_actor: str
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	109 ) -> None:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	110 if node is None:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	111 node = self.apg._m.namespace
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	112 client = await self.apg.getVirtualClient(signing_actor)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	113 try:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	114 subscription = await self.apg._p.subscribe(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	115 client,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	116 account_jid,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	117 node
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	118 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	119 except pubsub.SubscriptionPending:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	120 log.info(f"subscription to node {node!r} of {account_jid} is pending")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	121 # TODO: manage SubscriptionUnconfigured
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	122 else:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	123 if subscription.state != "subscribed":
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	124 # other states should raise an Exception
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	125 raise exceptions.InternalError('"subscribed" state was expected')
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	126 inbox = await self.apg.getAPInboxFromId(signing_actor)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	127 actor_id = self.apg.buildAPURL(TYPE_ACTOR, ap_account)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	128 accept_data = self.apg.createActivity(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	129 "Accept", actor_id, object_=data
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	130 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	131 await self.apg.signAndPost(inbox, actor_id, accept_data)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	132
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	133 async def handleAcceptActivity(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	134 self,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	135 request: "HTTPRequest",
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	136 data: dict,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	137 account_jid: jid.JID,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	138 node: Optional[str],
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	139 ap_account: str,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	140 ap_url: str,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	141 signing_actor: str
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	142 ) -> None:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	143 if node is None:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	144 node = self.apg._m.namespace
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	145 client = await self.apg.getVirtualClient(signing_actor)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	146 objects = await self.apg.apGetList(data, "object")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	147 for obj in objects:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	148 type_ = obj.get("type")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	149 if type_ == "Follow":
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	150 follow_node = await self.apg.host.memory.storage.getPubsubNode(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	151 client, client.jid, node, with_subscriptions=True
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	152 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	153 if follow_node is None:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	154 log.warning(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	155 f"Received a follow accept on an unknown node: {node!r} at "
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	156 f"{client.jid}. Ignoring it"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	157 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	158 continue
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	159 try:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	160 sub = next(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	161 s for s in follow_node.subscriptions if s.subscriber==account_jid
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	162 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	163 except StopIteration:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	164 log.warning(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	165 "Received a follow accept on a node without subscription: "
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	166 f"{node!r} at {client.jid}. Ignoring it"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	167 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	168 else:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	169 if sub.state == SubscriptionState.SUBSCRIBED:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	170 log.warning(f"Already subscribed to {node!r} at {client.jid}")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	171 elif sub.state == SubscriptionState.PENDING:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	172 follow_node.subscribed = True
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	173 sub.state = SubscriptionState.SUBSCRIBED
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	174 await self.apg.host.memory.storage.add(follow_node)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	175 else:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	176 raise exceptions.InternalError(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	177 f"Unhandled subscription state {sub.state!r}"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	178 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	179 else:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	180 log.warning(f"Unmanaged accept type: {type_!r}")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	181
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	182 async def handleCreateActivity(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	183 self,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	184 request: "HTTPRequest",
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	185 data: dict,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	186 account_jid: Optional[jid.JID],
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	187 node: Optional[str],
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	188 ap_account: Optional[str],
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	189 ap_url: str,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	190 signing_actor: str
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	191 ):
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	192 digest = request.getHeader("digest")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	193 if digest in self._seen_digest:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	194 log.debug(f"Ignoring duplicated request (digest: {digest!r})")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	195 return
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	196 self._seen_digest.append(digest)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	197 if node is None:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	198 node = self.apg._m.namespace
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	199 client = await self.apg.getVirtualClient(signing_actor)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	200 objects = await self.apg.apGetList(data, "object")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	201 for obj in objects:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	202 sender = await self.apg.apGetSenderActor(obj)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	203 if sender != signing_actor:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	204 log.warning(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	205 "Ignoring object not attributed to signing actor: {obj}"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	206 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	207 else:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	208 await self.apg.newAPItem(client, account_jid, node, obj)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	209
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	210 async def APActorRequest(
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	211 self,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	212 request: "HTTPRequest",
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	213 account_jid: jid.JID,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	214 node: Optional[str],
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	215 ap_account: str,
3745 a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	216 actor_url: str,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	217 signing_actor: Optional[str]
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	218 ) -> dict:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	219 inbox_url = self.apg.buildAPURL(TYPE_INBOX, ap_account)
3745 a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	220 shared_inbox = self.apg.buildAPURL(TYPE_SHARED_INBOX)
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	221 outbox_url = self.apg.buildAPURL(TYPE_OUTBOX, ap_account)
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	222
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	223 # we have to use AP account as preferredUsername because it is used to retrieve
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	224 # actor handle (see https://socialhub.activitypub.rocks/t/how-to-retrieve-user-server-tld-handle-from-actors-url/2196)
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	225 preferred_username = ap_account.split("@", 1)[0]
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	226 return {
3682 7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	227 "@context": [
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	228 "https://www.w3.org/ns/activitystreams",
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	229 "https://w3id.org/security/v1"
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	230 ],
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	231
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	232 "id": actor_url,
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	233 "type": "Person",
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	234 "preferredUsername": preferred_username,
3682 7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	235 "inbox": inbox_url,
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	236 "outbox": outbox_url,
3682 7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	237 "publicKey": {
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	238 "id": f"{actor_url}#main-key",
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	239 "owner": actor_url,
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	240 "publicKeyPem": self.apg.public_key_pem
3745 a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	241 },
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	242 "endpoints": {
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	243 "sharedInbox": shared_inbox
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	244 },
3682 7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	245 }
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	246
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	247 def getCanonicalURL(self, request: "HTTPRequest") -> str:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	248 return parse.urljoin(
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	249 f"https://{self.apg.public_url}",
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	250 request.path.decode().rstrip("/")
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	251 )
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	252
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	253 def queryData2RSMRequest(
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	254 self,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	255 query_data: Dict[str, List[str]]
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	256 ) -> rsm.RSMRequest:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	257 """Get RSM kwargs to use with RSMRequest from query data"""
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	258 page = query_data.get("page")
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	259
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	260 if page == ["first"]:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	261 return rsm.RSMRequest(max_=PAGE_SIZE, before="")
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	262 elif page == ["last"]:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	263 return rsm.RSMRequest(max_=PAGE_SIZE)
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	264 else:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	265 for query_key in ("index", "before", "after"):
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	266 try:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	267 kwargs={query_key: query_data[query_key][0], "max_": PAGE_SIZE}
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	268 except (KeyError, IndexError, ValueError):
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	269 pass
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	270 else:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	271 return rsm.RSMRequest(**kwargs)
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	272 raise ValueError(f"Invalid query data: {query_data!r}")
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	273
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	274 async def APOutboxPageRequest(
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	275 self,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	276 request: "HTTPRequest",
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	277 account_jid: jid.JID,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	278 node: Optional[str],
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	279 ap_account: str,
3729 86eea17cafa7 component AP gateway: split plugin in several files: Goffi <goffi@goffi.org> parents: 3728 diff changeset	280 ap_url: str,
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	281 query_data: Dict[str, List[str]]
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	282 ) -> dict:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	283 # we only keep useful keys, and sort to have consistent URL which can
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	284 # be used as ID
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	285 url_keys = sorted(set(query_data) & {"page", "index", "before", "after"})
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	286 query_data = {k: query_data[k] for k in url_keys}
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	287 try:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	288 items, metadata = await self.apg._p.getItems(
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	289 client=self.apg.client,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	290 service=account_jid,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	291 node=node,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	292 rsm_request=self.queryData2RSMRequest(query_data),
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	293 extra = {C.KEY_USE_CACHE: False}
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	294 )
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	295 except error.StanzaError as e:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	296 log.warning(f"Can't get data from pubsub node {node} at {account_jid}: {e}")
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	297 return {}
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	298
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	299 base_url = self.getCanonicalURL(request)
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	300 url = f"{base_url}?{parse.urlencode(query_data, True)}"
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	301 data = {
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	302 "@context": "https://www.w3.org/ns/activitystreams",
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	303 "id": url,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	304 "type": "OrderedCollectionPage",
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	305 "partOf": base_url,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	306 "orderedItems" : [
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	307 await self.apg.mbdata2APitem(
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	308 self.apg.client,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	309 await self.apg._m.item2mbdata(
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	310 self.apg.client,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	311 item,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	312 account_jid,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	313 node
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	314 )
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	315 )
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	316 for item in reversed(items)
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	317 ]
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	318 }
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	319
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	320 # AP OrderedCollection must be in reversed chronological order, thus the opposite
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	321 # of what we get with RSM (at least with Libervia Pubsub)
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	322 if not metadata["complete"]:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	323 try:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	324 last= metadata["rsm"]["last"]
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	325 except KeyError:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	326 last = None
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	327 data["prev"] = f"{base_url}?{parse.urlencode({'after': last})}"
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	328 if metadata["rsm"]["index"] != 0:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	329 try:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	330 first= metadata["rsm"]["first"]
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	331 except KeyError:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	332 first = None
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	333 data["next"] = f"{base_url}?{parse.urlencode({'before': first})}"
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	334
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	335 return data
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	336
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	337 async def APOutboxRequest(
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	338 self,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	339 request: "HTTPRequest",
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	340 account_jid: jid.JID,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	341 node: Optional[str],
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	342 ap_account: str,
3745 a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	343 ap_url: str,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	344 signing_actor: Optional[str]
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	345 ) -> dict:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	346 if node is None:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	347 node = self.apg._m.namespace
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	348
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	349 parsed_url = parse.urlparse(request.uri.decode())
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	350 query_data = parse.parse_qs(parsed_url.query)
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	351 if query_data:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	352 return await self.APOutboxPageRequest(
3729 86eea17cafa7 component AP gateway: split plugin in several files: Goffi <goffi@goffi.org> parents: 3728 diff changeset	353 request, account_jid, node, ap_account, ap_url, query_data
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	354 )
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	355
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	356 # XXX: we can't use disco#info here because this request won't work on a bare jid
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	357 # due to security considerations of XEP-0030 (we don't have presence
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	358 # subscription).
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	359 # The current workaround is to do a request as if RSM was available, and actually
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	360 # check its availability according to result.
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	361 try:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	362 __, metadata = await self.apg._p.getItems(
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	363 client=self.apg.client,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	364 service=account_jid,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	365 node=node,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	366 max_items=0,
3745 a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	367 rsm_request=rsm.RSMRequest(max_=0),
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	368 extra = {C.KEY_USE_CACHE: False}
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	369 )
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	370 except error.StanzaError as e:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	371 log.warning(f"Can't get data from pubsub node {node} at {account_jid}: {e}")
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	372 return {}
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	373 try:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	374 items_count = metadata["rsm"]["count"]
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	375 except KeyError:
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	376 log.warning(
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	377 f"No RSM metadata found when requesting pubsub node {node} at "
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	378 f"{account_jid}, defaulting to items_count=20"
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	379 )
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	380 items_count = 20
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	381
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	382 url = self.getCanonicalURL(request)
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	383 url_first_page = f"{url}?{parse.urlencode({'page': 'first'})}"
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	384 url_last_page = f"{url}?{parse.urlencode({'page': 'last'})}"
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	385 return {
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	386 "@context": "https://www.w3.org/ns/activitystreams",
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	387 "id": url,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	388 "totalItems": items_count,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	389 "type": "OrderedCollection",
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	390 "first": url_first_page,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	391 "last": url_last_page,
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	392 }
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	393
3745 a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	394 async def APInboxRequest(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	395 self,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	396 request: "HTTPRequest",
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	397 account_jid: Optional[jid.JID],
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	398 node: Optional[str],
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	399 ap_account: Optional[str],
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	400 ap_url: str,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	401 signing_actor: Optional[str]
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	402 ) -> None:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	403 if signing_actor is None:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	404 raise exceptions.InternalError("signing_actor must be set for inbox requests")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	405 if node is None:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	406 node = self.apg._m.namespace
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	407 try:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	408 data = json.load(request.content)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	409 if not isinstance(data, dict):
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	410 raise ValueError("data should be an object")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	411 except (json.JSONDecodeError, ValueError) as e:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	412 return self.responseCode(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	413 request,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	414 http.BAD_REQUEST,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	415 f"invalid json in inbox request: {e}"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	416 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	417 await self.checkSigningActor(data, signing_actor)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	418 activity_type = (data.get("type") or "").lower()
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	419 if not activity_type in ACTIVITY_TYPES_LOWER:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	420 return self.responseCode(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	421 request,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	422 http.UNSUPPORTED_MEDIA_TYPE,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	423 f"request is not an activity, ignoring"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	424 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	425
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	426 if account_jid is None and activity_type not in ACTIVIY_NO_ACCOUNT_ALLOWED:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	427 return self.responseCode(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	428 request,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	429 http.UNSUPPORTED_MEDIA_TYPE,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	430 f"{activity_type.title()!r} activity must target an account"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	431 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	432
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	433 try:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	434 method = getattr(self, f"handle{activity_type.title()}Activity")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	435 except AttributeError:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	436 return self.responseCode(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	437 request,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	438 http.UNSUPPORTED_MEDIA_TYPE,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	439 f"{activity_type.title()} activity is not yet supported"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	440 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	441 else:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	442 await method(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	443 request, data, account_jid, node, ap_account, ap_url, signing_actor
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	444 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	445
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	446 async def APRequest(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	447 self,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	448 request: "HTTPRequest",
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	449 signing_actor: Optional[str] = None
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	450 ) -> None:
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	451 path = request.path.decode()
3729 86eea17cafa7 component AP gateway: split plugin in several files: Goffi <goffi@goffi.org> parents: 3728 diff changeset	452 ap_url = parse.urljoin(
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	453 f"https://{self.apg.public_url}",
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	454 path
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	455 )
3745 a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	456 request_type, extra_args = self.apg.parseAPURL(ap_url)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	457 if len(extra_args) == 0:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	458 if request_type != "shared_inbox":
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	459 raise exceptions.DataError(f"Invalid request type: {request_type!r}")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	460 ret_data = await self.APInboxRequest(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	461 request, None, None, None, ap_url, signing_actor
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	462 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	463 else:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	464 if len(extra_args) > 1:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	465 log.warning(f"unexpected extra arguments: {extra_args!r}")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	466 ap_account = extra_args[0]
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	467 account_jid, node = await self.apg.getJIDAndNode(ap_account)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	468 if request_type not in AP_REQUEST_TYPES.get(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	469 request.method.decode().upper(), []
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	470 ):
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	471 raise exceptions.DataError(f"Invalid request type: {request_type!r}")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	472 method = getattr(self, f"AP{request_type.title()}Request")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	473 ret_data = await method(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	474 request, account_jid, node, ap_account, ap_url, signing_actor
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	475 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	476 if ret_data is not None:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	477 request.setHeader("content-type", CONTENT_TYPE_AP)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	478 request.write(json.dumps(ret_data).encode())
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	479 request.finish()
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	480
3745 a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	481 async def APPostRequest(self, request: "HTTPRequest"):
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	482 try:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	483 signing_actor = await self.checkSignature(request)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	484 except exceptions.EncryptionError as e:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	485 self.responseCode(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	486 request,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	487 http.FORBIDDEN,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	488 f"invalid signature: {e}"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	489 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	490 request.finish()
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	491 return
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	492
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	493 return await self.APRequest(request, signing_actor)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	494
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	495 async def checkSigningActor(self, data: dict, signing_actor: str) -> None:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	496 """That that signing actor correspond to actor declared in data
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	497
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	498 @param data: request payload
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	499 @param signing_actor: actor ID of the signing entity, as returned by
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	500 checkSignature
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	501 @raise exceptions.NotFound: no actor found in data
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	502 @raise exceptions.EncryptionError: signing actor doesn't match actor in data
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	503 """
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	504 actor = await self.apg.apGetSenderActor(data)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	505
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	506 if signing_actor != actor:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	507 raise exceptions.EncryptionError(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	508 f"signing actor ({signing_actor}) doesn't match actor in data ({actor})"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	509 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	510
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	511 async def checkSignature(self, request: "HTTPRequest") -> str:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	512 """Check and validate HTTP signature
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	513
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	514 @return: id of the signing actor
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	515
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	516 @raise exceptions.EncryptionError: signature is not present or doesn't match
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	517 """
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	518 signature = request.getHeader("Signature")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	519 if signature is None:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	520 raise exceptions.EncryptionError("No signature found")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	521 sign_data = {
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	522 m["key"]: m["uq_value"] or m["quoted_value"][1:-1]
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	523 for m in RE_SIG_PARAM.finditer(signature)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	524 }
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	525 try:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	526 key_id = sign_data["keyId"]
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	527 except KeyError:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	528 raise exceptions.EncryptionError('"keyId" is missing from signature')
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	529 algorithm = sign_data.get("algorithm", HS2019)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	530 signed_headers = sign_data.get(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	531 "headers",
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	532 "(created)" if algorithm==HS2019 else "date"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	533 ).lower().split()
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	534 try:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	535 headers_to_check = SIGN_HEADERS[None] + SIGN_HEADERS[request.method]
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	536 except KeyError:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	537 raise exceptions.InternalError(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	538 f"there should be a list of headers for {request.method} method"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	539 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	540 if not headers_to_check:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	541 raise exceptions.InternalError("headers_to_check must not be empty")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	542
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	543 for header in headers_to_check:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	544 if isinstance(header, tuple):
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	545 if len(set(header).intersection(signed_headers)) == 0:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	546 raise exceptions.EncryptionError(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	547 f"at least one of following header must be signed: {header}"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	548 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	549 elif header not in signed_headers:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	550 raise exceptions.EncryptionError(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	551 f"the {header!r} header must be signed"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	552 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	553
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	554 body = request.content.read()
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	555 request.content.seek(0)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	556 headers = {}
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	557 for to_sign in signed_headers:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	558 if to_sign == "(request-target)":
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	559 method = request.method.decode().lower()
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	560 uri = parse.unquote(request.uri.decode())
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	561 headers[to_sign] = f"{method} /{uri.lstrip('/')}"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	562 elif to_sign in ("(created)", "(expires)"):
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	563 if algorithm != HS2019:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	564 raise exceptions.EncryptionError(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	565 f"{to_sign!r} pseudo-header can only be used with {HS2019} "
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	566 "algorithm"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	567 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	568 key = to_sign[1:-1]
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	569 value = sign_data.get(key)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	570 if not value:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	571 raise exceptions.EncryptionError(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	572 "{key!r} parameter is missing from signature"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	573 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	574 try:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	575 if float(value) < 0:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	576 raise ValueError
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	577 except ValueError:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	578 raise exceptions.EncryptionError(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	579 f"{to_sign} must be a Unix timestamp"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	580 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	581 headers[to_sign] = value
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	582 else:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	583 value = request.getHeader(to_sign)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	584 if not value:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	585 raise exceptions.EncryptionError(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	586 f"value of header {to_sign!r} is missing!"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	587 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	588 elif to_sign == "host":
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	589 # we check Forwarded/X-Forwarded-Host headers
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	590 # as we need original host if a proxy has modified the header
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	591 forwarded = request.getHeader("forwarded")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	592 if forwarded is not None:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	593 try:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	594 host = [
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	595 f[5:] for f in forwarded.split(";")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	596 if f.startswith("host=")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	597 ][0] or None
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	598 except IndexError:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	599 host = None
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	600 else:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	601 host = None
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	602 if host is None:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	603 host = request.getHeader("x-forwarded-host")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	604 if host:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	605 value = host
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	606 elif to_sign == "digest":
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	607 hashes = {
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	608 algo.lower(): hash_ for algo, hash_ in (
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	609 digest.split("=", 1) for digest in value.split(",")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	610 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	611 }
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	612 try:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	613 given_digest = hashes["sha-256"]
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	614 except KeyError:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	615 raise exceptions.EncryptionError(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	616 "Only SHA-256 algorithm is currently supported for digest"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	617 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	618 __, computed_digest = self.apg.getDigest(body)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	619 if given_digest != computed_digest:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	620 raise exceptions.EncryptionError(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	621 f"SHA-256 given and computed digest differ:\n"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	622 f"given: {given_digest!r}\ncomputed: {computed_digest!r}"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	623 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	624 headers[to_sign] = value
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	625
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	626 # date check
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	627 limit_ts = time.time() + SIGN_EXP
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	628 if "(created)" in headers:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	629 created = float(headers["created"])
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	630 else:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	631 created = date_utils.date_parse(headers["date"])
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	632
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	633
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	634 try:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	635 expires = float(headers["expires"])
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	636 except KeyError:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	637 pass
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	638 else:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	639 if expires < created:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	640 log.warning(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	641 f"(expires) [{expires}] set in the past of (created) [{created}] "
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	642 "ignoring it according to specs"
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	643 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	644 else:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	645 limit_ts = min(limit_ts, expires)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	646
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	647 if created > limit_ts:
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	648 raise exceptions.EncryptionError("Signature has expired")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	649
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	650 return await self.apg.checkSignature(
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	651 sign_data["signature"],
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	652 key_id,
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	653 headers
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	654 )
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	655
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	656 def render(self, request):
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	657 request.setHeader("server", VERSION)
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	658 return super().render(request)
3682 7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	659
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	660 def render_GET(self, request):
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	661 path = request.path.decode().lstrip("/")
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	662 if path.startswith(".well-known/webfinger"):
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	663 defer.ensureDeferred(self.webfinger(request))
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	664 return server.NOT_DONE_YET
3682 7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	665 elif path.startswith(self.apg.ap_path):
3728 b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	666 defer.ensureDeferred(self.APRequest(request))
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	667 return server.NOT_DONE_YET
b15644cae50d component AP gateway: JID/node ⟺ AP outbox conversion: Goffi <goffi@goffi.org> parents: 3684 diff changeset	668
3682 7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	669 return web_resource.NoResource().render(request)
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	670
3745 a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	671 def render_POST(self, request):
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	672 path = request.path.decode().lstrip("/")
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	673 if not path.startswith(self.apg.ap_path):
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	674 return web_resource.NoResource().render(request)
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	675 defer.ensureDeferred(self.APPostRequest(request))
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	676 return server.NOT_DONE_YET
a8c7e5cef0cb comp AP gateway: signature checking, caching and threads management: Goffi <goffi@goffi.org> parents: 3729 diff changeset	677
3682 7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	678
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	679 class HTTPRequest(server.Request):
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	680 pass
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	681
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	682
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	683 class HTTPServer(server.Site):
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	684 requestFactory = HTTPRequest
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	685
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	686 def __init__(self, ap_gateway):
7c990aaa49d3 comp AP Gateway: ActivityPub Component first draft: Goffi <goffi@goffi.org> parents: diff changeset	687 super().__init__(HTTPAPGServer(ap_gateway))

Mercurial > libervia-backend

annotate sat/plugins/plugin_comp_ap_gateway/http_server.py @ 3745:a8c7e5cef0cb