libervia-backend: libervia/backend/plugins/plugin_comp_ap_gateway/http

comparison libervia/backend/plugins/plugin_comp_ap_gateway/http_server.py @ 4270:0d7bb4df2343

Reformatted code base using black.

author	Goffi <goffi@goffi.org>
date	Wed, 19 Jun 2024 18:44:57 +0200
parents	49019947cc76
children

comparison

equal deleted inserted replaced

-:64a85ce8be70
+:0d7bb4df2343
 from libervia.backend.core.log import getLogger
 from libervia.backend.tools.common import date_utils, uri
 from libervia.backend.memory.sqla_mapping import SubscriptionState
 from .constants import (
-NS_AP, MEDIA_TYPE_AP, MEDIA_TYPE_AP_ALT, CONTENT_TYPE_WEBFINGER, CONTENT_TYPE_AP,
+NS_AP,
-TYPE_ACTOR, TYPE_INBOX, TYPE_SHARED_INBOX, TYPE_OUTBOX, TYPE_EVENT, AP_REQUEST_TYPES,
+MEDIA_TYPE_AP,
-PAGE_SIZE, ACTIVITY_TYPES_LOWER, ACTIVIY_NO_ACCOUNT_ALLOWED, SIGN_HEADERS, HS2019,
+MEDIA_TYPE_AP_ALT,
-SIGN_EXP, TYPE_FOLLOWERS, TYPE_FOLLOWING, TYPE_ITEM, TYPE_LIKE, TYPE_REACTION,
+CONTENT_TYPE_WEBFINGER,
-ST_AP_CACHE
+CONTENT_TYPE_AP,
+TYPE_ACTOR,
+TYPE_INBOX,
+TYPE_SHARED_INBOX,
+TYPE_OUTBOX,
+TYPE_EVENT,
+AP_REQUEST_TYPES,
+PAGE_SIZE,
+ACTIVITY_TYPES_LOWER,
+ACTIVIY_NO_ACCOUNT_ALLOWED,
+SIGN_HEADERS,
+HS2019,
+SIGN_EXP,
+TYPE_FOLLOWERS,
+TYPE_FOLLOWING,
+TYPE_ITEM,
+TYPE_LIKE,
+TYPE_REACTION,
+ST_AP_CACHE,
 )
 from .regex import RE_SIG_PARAM
 log = getLogger(__name__)
 VERSION = unicodedata.normalize(
-'NFKD',
+"NFKD", f"{C.APP_NAME} ActivityPub Gateway {C.APP_VERSION}"
-f"{C.APP_NAME} ActivityPub Gateway {C.APP_VERSION}"
 )
 class HTTPAPGServer(web_resource.Resource):
 """HTTP Server handling ActivityPub S2S protocol"""
 isLeaf = True
 def __init__(self, ap_gateway):
 self.apg = ap_gateway
 self._seen_digest = deque(maxlen=50)
 super().__init__()
 def response_code(
-self,
+self, request: "HTTPRequest", http_code: int, msg: Optional[str] = None
-request: "HTTPRequest",
-http_code: int,
-msg: Optional[str] = None
 ) -> None:
 """Log and set HTTP return code and associated message"""
 if msg is not None:
 log.warning(msg)
 request.setResponseCode(http_code, None if msg is None else msg.encode())
-def _on_request_error(self, failure_: failure.Failure, request: "HTTPRequest") -> None:
+def _on_request_error(
+self, failure_: failure.Failure, request: "HTTPRequest"
+) -> None:
 exc = failure_.value
 if isinstance(exc, exceptions.NotFound):
-self.response_code(
+self.response_code(request, http.NOT_FOUND, str(exc))
-request,
-http.NOT_FOUND,
-str(exc)
-)
 else:
 log.exception(f"Internal error: {failure_.value}")
 self.response_code(
-request,
+request, http.INTERNAL_SERVER_ERROR, f"internal error: {failure_.value}"
-http.INTERNAL_SERVER_ERROR,
-f"internal error: {failure_.value}"
 )
 request.finish()
 raise failure_
 request.finish()
 query = parse.parse_qs(url_parsed.query)
 resource = query.get("resource", [""])[0]
 account = resource[5:].strip()
 if not resource.startswith("acct:") or not account:
 return web_resource.ErrorPage(
-http.BAD_REQUEST, "Bad Request" , "Invalid webfinger resource"
+http.BAD_REQUEST, "Bad Request", "Invalid webfinger resource"
 ).render(request)
 actor_url = self.apg.build_apurl(TYPE_ACTOR, account)
 resp = {
 "aliases": [actor_url],
 "subject": resource,
 "links": [
-{
+{"rel": "self", "type": "application/activity+json", "href": actor_url}
-"rel": "self",
+],
-"type": "application/activity+json",
-"href": actor_url
-}
-]
 }
 request.setHeader("content-type", CONTENT_TYPE_WEBFINGER)
 request.write(json.dumps(resp).encode())
 request.finish()
 data: dict,
 account_jid: jid.JID,
 node: Optional[str],
 ap_account: str,
 ap_url: str,
-signing_actor: str
+signing_actor: str,
 ) -> None:
 if node is None:
 node = self.apg._m.namespace
 client = await self.apg.get_virtual_client(requestor_actor_id, signing_actor)
 object_ = data.get("object")
 # needed
 await self.apg.new_ap_delete_item(client, None, node, obj)
 elif type_ == TYPE_LIKE:
 await self.handle_attachment_item(client, obj, {"noticed": False})
 elif type_ == TYPE_REACTION:
-await self.handle_attachment_item(client, obj, {
+await self.handle_attachment_item(
-"reactions": {"operation": "update", "remove": [obj["content"]]}
+client,
-})
+obj,
+{"reactions": {"operation": "update", "remove": [obj["content"]]}},
+)
 else:
 log.warning(f"Unmanaged undo type: {type_!r}")
 async def handle_follow_activity(
 self,
 data: dict,
 account_jid: jid.JID,
 node: Optional[str],
 ap_account: str,
 ap_url: str,
-signing_actor: str
+signing_actor: str,
 ) -> None:
 if node is None:
 node = self.apg._m.namespace
 client = await self.apg.get_virtual_client(requestor_actor_id, signing_actor)
 try:
 subscription = await self.apg._p.subscribe(
 client,
 account_jid,
 node,
 # subscriptions from AP are always public
-options=self.apg._pps.set_public_opt()
+options=self.apg._pps.set_public_opt(),
 )
 except pubsub.SubscriptionPending:
 log.info(f"subscription to node {node!r} of {account_jid} is pending")
 # TODO: manage SubscriptionUnconfigured
 else:
 if subscription.state != "subscribed":
 # other states should raise an Exception
 raise exceptions.InternalError('"subscribed" state was expected')
 inbox = await self.apg.get_ap_inbox_from_id(signing_actor, use_shared=False)
 actor_id = self.apg.build_apurl(TYPE_ACTOR, ap_account)
-accept_data = self.apg.create_activity(
+accept_data = self.apg.create_activity("Accept", actor_id, object_=data)
-"Accept", actor_id, object_=data
-)
 await self.apg.sign_and_post(inbox, actor_id, accept_data)
 await self.apg._c.synchronise(client, account_jid, node, resync=False)
 async def handle_accept_activity(
 self,
 data: dict,
 account_jid: jid.JID,
 node: Optional[str],
 ap_account: str,
 ap_url: str,
-signing_actor: str
+signing_actor: str,
 ) -> None:
 if node is None:
 node = self.apg._m.namespace
 client = await self.apg.get_virtual_client(requestor_actor_id, signing_actor)
 objects = await self.apg.ap_get_list(requestor_actor_id, data, "object")
 f"{client.jid}. Ignoring it"
 )
 continue
 try:
 sub = next(
-s for s in follow_node.subscriptions if s.subscriber==account_jid
+s
+for s in follow_node.subscriptions
+if s.subscriber == account_jid
 )
 except StopIteration:
 log.warning(
 "Received a follow accept on a node without subscription: "
 f"{node!r} at {client.jid}. Ignoring it"
 data: dict,
 account_jid: Optional[jid.JID],
 node: Optional[str],
 ap_account: Optional[str],
 ap_url: str,
-signing_actor: str
+signing_actor: str,
 ):
 if node is None:
 node = self.apg._m.namespace
 client = await self.apg.get_virtual_client(requestor_actor_id, signing_actor)
 objects = await self.apg.ap_get_list(requestor_actor_id, data, "object")
 node = self.apg._m.namespace
 sender = await self.apg.ap_get_sender_actor(requestor_actor_id, obj)
 if repeated:
 # we don't check sender when item is repeated, as it should be different
 # from post author in this case
-sender_jid = await self.apg.get_jid_from_id(
+sender_jid = await self.apg.get_jid_from_id(requestor_actor_id, sender)
-requestor_actor_id,
-sender
-)
 repeater_jid = await self.apg.get_jid_from_id(
-requestor_actor_id,
+requestor_actor_id, signing_actor
-signing_actor
 )
 repeated_item_id = obj["id"]
 if self.apg.is_local_url(repeated_item_id):
 # the repeated object is from XMPP, we need to parse the URL to find
 # the right ID
 try:
 url_account, url_item_id = url_args
 if not url_account or not url_item_id:
 raise ValueError
 except (RuntimeError, ValueError):
-raise exceptions.DataError(
+raise exceptions.DataError("local URI is invalid: {repeated_id}")
-"local URI is invalid: {repeated_id}"
-)
 else:
 url_jid, url_node = await self.apg.get_jid_and_node(url_account)
-if ((url_jid != sender_jid
+if (
-or url_node and url_node != self.apg._m.namespace)):
+url_jid != sender_jid
+or url_node
+and url_node != self.apg._m.namespace
+):
 raise exceptions.DataError(
 "announced ID doesn't match sender ({sender}): "
 f"[repeated_item_id]"
 )
 "at": data.get("published"),
 "uri": uri.build_xmpp_uri(
 "pubsub",
 path=sender_jid.full(),
 node=self.apg._m.namespace,
-item=repeated_item_id
+item=repeated_item_id,
-)
+),
 }
 # we must use activity's id and targets, not the original item ones
 for field in ("id", "to", "bto", "cc", "bcc"):
 obj[field] = data.get(field)
 else:
 if sender != signing_actor:
-log.warning(
+log.warning("Ignoring object not attributed to signing actor: {obj}")
-"Ignoring object not attributed to signing actor: {obj}"
-)
 continue
 await self.apg.new_ap_item(client, account_jid, node, obj)
 async def handle_create_activity(
 data: dict,
 account_jid: Optional[jid.JID],
 node: Optional[str],
 ap_account: Optional[str],
 ap_url: str,
-signing_actor: str
+signing_actor: str,
 ):
 await self.handle_new_ap_items(
 requestor_actor_id, request, data, account_jid, node, signing_actor
 )
 data: dict,
 account_jid: Optional[jid.JID],
 node: Optional[str],
 ap_account: Optional[str],
 ap_url: str,
-signing_actor: str
+signing_actor: str,
 ):
 # Update is the same as create: the item ID stays the same, thus the item will be
 # overwritten
 await self.handle_new_ap_items(
 requestor_actor_id, request, data, account_jid, node, signing_actor
 data: dict,
 account_jid: Optional[jid.JID],
 node: Optional[str],
 ap_account: Optional[str],
 ap_url: str,
-signing_actor: str
+signing_actor: str,
 ):
 # we create a new item
 await self.handle_new_ap_items(
 requestor_actor_id,
 request,
 data,
 account_jid,
 node,
 signing_actor,
-repeated=True
+repeated=True,
 )
 async def handle_attachment_item(
-self,
+self, client: SatXMPPEntity, data: dict, attachment_data: dict
-client: SatXMPPEntity,
-data: dict,
-attachment_data: dict
 ) -> None:
 target_ids = data.get("object")
 if not target_ids:
 raise exceptions.DataError("object should be set")
 elif isinstance(target_ids, list):
 item_node = self.apg._m.namespace
 attachment_node = self.apg._pa.get_attachment_node_name(
 author_jid, item_node, item_id
 )
 cached_node = await self.apg.host.memory.storage.get_pubsub_node(
-client,
+client, author_jid, attachment_node, with_subscriptions=True, create=True
-author_jid,
-attachment_node,
-with_subscriptions=True,
-create=True
 )
 found_items, __ = await self.apg.host.memory.storage.get_items(
 cached_node, item_ids=[client.jid.userhost()]
 )
 if not found_items:
 else:
 found_item = found_items[0]
 old_item_elt = found_item.data
 item_elt = await self.apg._pa.apply_set_handler(
-client,
+client, {"extra": attachment_data}, old_item_elt, None
-{"extra": attachment_data},
-old_item_elt,
-None
 )
 # we reparse the element, as there can be other attachments
 attachments_data = self.apg._pa.items_2_attachment_data(client, [item_elt])
 # and we update the cache
 await self.apg.host.memory.storage.cache_pubsub_items(
-client,
+client, cached_node, [item_elt], attachments_data or [{}]
-cached_node,
-[item_elt],
-attachments_data or [{}]
 )
 if self.apg.is_virtual_jid(author_jid):
 # the attachment is on t a virtual pubsub service (linking to an AP item),
 # we notify all subscribers
 if subscription.state != SubscriptionState.SUBSCRIBED:
 continue
 self.apg.pubsub_service.notifyPublish(
 author_jid,
 attachment_node,
-[(subscription.subscriber, None, [item_elt])]
+[(subscription.subscriber, None, [item_elt])],
 )
 else:
 # the attachment is on an XMPP item, we publish it to the attachment node
 await self.apg._p.send_items(
 client, author_jid, attachment_node, [item_elt]
 data: dict,
 account_jid: Optional[jid.JID],
 node: Optional[str],
 ap_account: Optional[str],
 ap_url: str,
-signing_actor: str
+signing_actor: str,
 ) -> None:
 client = await self.apg.get_virtual_client(requestor_actor_id, signing_actor)
 await self.handle_attachment_item(client, data, {"noticed": True})
 async def handle_emojireact_activity(
 data: dict,
 account_jid: Optional[jid.JID],
 node: Optional[str],
 ap_account: Optional[str],
 ap_url: str,
-signing_actor: str
+signing_actor: str,
 ) -> None:
 client = await self.apg.get_virtual_client(requestor_actor_id, signing_actor)
-await self.handle_attachment_item(client, data, {
+await self.handle_attachment_item(
-"reactions": {"operation": "update", "add": [data["content"]]}
+client, data, {"reactions": {"operation": "update", "add": [data["content"]]}}
-})
+)
 async def handle_join_activity(
 self,
 requestor_actor_id: str,
 request: "HTTPRequest",
 data: dict,
 account_jid: Optional[jid.JID],
 node: Optional[str],
 ap_account: Optional[str],
 ap_url: str,
-signing_actor: str
+signing_actor: str,
 ) -> None:
 client = await self.apg.get_virtual_client(requestor_actor_id, signing_actor)
 await self.handle_attachment_item(client, data, {"rsvp": {"attending": "yes"}})
 async def handle_leave_activity(
 data: dict,
 account_jid: Optional[jid.JID],
 node: Optional[str],
 ap_account: Optional[str],
 ap_url: str,
-signing_actor: str
+signing_actor: str,
 ) -> None:
 client = await self.apg.get_virtual_client(requestor_actor_id, signing_actor)
 await self.handle_attachment_item(client, data, {"rsvp": {"attending": "no"}})
 async def ap_actor_request(
 data: Optional[dict],
 account_jid: jid.JID,
 node: Optional[str],
 ap_account: str,
 ap_url: str,
-signing_actor: Optional[str]
+signing_actor: Optional[str],
 ) -> dict:
 inbox = self.apg.build_apurl(TYPE_INBOX, ap_account)
 shared_inbox = self.apg.build_apurl(TYPE_SHARED_INBOX)
 outbox = self.apg.build_apurl(TYPE_OUTBOX, ap_account)
 followers = self.apg.build_apurl(TYPE_FOLLOWERS, ap_account)
 events = self.apg.build_apurl(TYPE_OUTBOX, events_account)
 actor_data = {
 "@context": [
 "https://www.w3.org/ns/activitystreams",
-"https://w3id.org/security/v1"
+"https://w3id.org/security/v1",
 ],
 # XXX: Mastodon doesn't like percent-encode arobas, so we have to unescape it
 #   if it is escaped
 "id": ap_url.replace("%40", "@"),
 "type": "Person",
 "preferredUsername": preferred_username,
 "followers": followers,
 "following": following,
 "publicKey": {
 "id": f"{ap_url}#main-key",
 "owner": ap_url,
-"publicKeyPem": self.apg.public_key_pem
+"publicKeyPem": self.apg.public_key_pem,
 },
 "endpoints": {
 "sharedInbox": shared_inbox,
 "events": events,
 },
 else:
 avatar_url = self.apg.build_apurl("avatar", filename)
 actor_data["icon"] = {
 "type": "Image",
 "url": avatar_url,
-"mediaType": media_type
+"mediaType": media_type,
 }
 return actor_data
 def get_canonical_url(self, request: "HTTPRequest") -> str:
 return parse.urljoin(
 f"https://{self.apg.public_url}",
-request.path.decode().rstrip("/")
+request.path.decode().rstrip("/"),
 # we unescape "@" for the same reason as in [ap_actor_request]
 ).replace("%40", "@")
 def query_data_2_rsm_request(
-self,
+self, query_data: Dict[str, List[str]]
-query_data: Dict[str, List[str]]
 ) -> rsm.RSMRequest:
 """Get RSM kwargs to use with RSMRequest from query data"""
 page = query_data.get("page")
 if page == ["first"]:
 elif page == ["last"]:
 return rsm.RSMRequest(max_=PAGE_SIZE)
 else:
 for query_key in ("index", "before", "after"):
 try:
-kwargs={query_key: query_data[query_key][0], "max_": PAGE_SIZE}
+kwargs = {query_key: query_data[query_key][0], "max_": PAGE_SIZE}
 except (KeyError, IndexError, ValueError):
 pass
 else:
 return rsm.RSMRequest(**kwargs)
 raise ValueError(f"Invalid query data: {query_data!r}")
 data: Optional[dict],
 account_jid: jid.JID,
 node: Optional[str],
 ap_account: str,
 ap_url: str,
-query_data: Dict[str, List[str]]
+query_data: Dict[str, List[str]],
 ) -> dict:
 if node is None:
 node = self.apg._m.namespace
 # we only keep useful keys, and sort to have consistent URL which can
 # be used as ID
 items, metadata = await self.apg._p.get_items(
 client=self.apg.client,
 service=account_jid,
 node=node,
 rsm_request=self.query_data_2_rsm_request(query_data),
-extra = {C.KEY_USE_CACHE: False}
+extra={C.KEY_USE_CACHE: False},
 )
 except error.StanzaError as e:
 log.warning(f"Can't get data from pubsub node {node} at {account_jid}: {e}")
 return {}
 base_url = self.get_canonical_url(request)
 url = f"{base_url}?{parse.urlencode(query_data, True)}"
 if node and node.startswith(self.apg._events.namespace):
 ordered_items = [
 await self.apg.ap_events.event_data_2_ap_item(
-self.apg._events.event_elt_2_event_data(item),
+self.apg._events.event_elt_2_event_data(item), account_jid
-account_jid
 )
 for item in reversed(items)
 ]
 else:
 ordered_items = [
 await self.apg.mb_data_2_ap_item(
 self.apg.client,
 await self.apg._m.item_2_mb_data(
-self.apg.client,
+self.apg.client, item, account_jid, node
-item,
+),
-account_jid,
-node
-)
 )
 for item in reversed(items)
 ]
 ret_data = {
 "@context": ["https://www.w3.org/ns/activitystreams"],
 "id": url,
 "type": "OrderedCollectionPage",
 "partOf": base_url,
-"orderedItems": ordered_items
+"orderedItems": ordered_items,
 }
 if "rsm" not in metadata:
 # no RSM available, we return what we have
 return ret_data
 # AP OrderedCollection must be in reversed chronological order, thus the opposite
 # of what we get with RSM (at least with Libervia Pubsub)
 if not metadata["complete"]:
 try:
-last= metadata["rsm"]["last"]
+last = metadata["rsm"]["last"]
 except KeyError:
 last = None
 ret_data["prev"] = f"{base_url}?{parse.urlencode({'after': last})}"
 if metadata["rsm"]["index"] != 0:
 try:
-first= metadata["rsm"]["first"]
+first = metadata["rsm"]["first"]
 except KeyError:
 first = None
 ret_data["next"] = f"{base_url}?{parse.urlencode({'before': first})}"
 return ret_data
 data: Optional[dict],
 account_jid: jid.JID,
 node: Optional[str],
 ap_account: str,
 ap_url: str,
-signing_actor: Optional[str]
+signing_actor: Optional[str],
 ) -> dict:
 if node is None:
 node = self.apg._m.namespace
 parsed_url = parse.urlparse(request.uri.decode())
 client=self.apg.client,
 service=account_jid,
 node=node,
 max_items=0,
 rsm_request=rsm.RSMRequest(max_=0),
-extra = {C.KEY_USE_CACHE: False}
+extra={C.KEY_USE_CACHE: False},
 )
 except error.StanzaError as e:
 log.warning(f"Can't get data from pubsub node {node} at {account_jid}: {e}")
 return {}
 try:
 data: Optional[dict],
 account_jid: Optional[jid.JID],
 node: Optional[str],
 ap_account: Optional[str],
 ap_url: str,
-signing_actor: Optional[str]
+signing_actor: Optional[str],
 ) -> None:
 assert data is not None
 if signing_actor is None:
 raise exceptions.InternalError("signing_actor must be set for inbox requests")
 await self.check_signing_actor(requestor_actor_id, data, signing_actor)
 activity_type = (data.get("type") or "").lower()
 if not activity_type in ACTIVITY_TYPES_LOWER:
 return self.response_code(
 request,
 http.UNSUPPORTED_MEDIA_TYPE,
-f"request is not an activity, ignoring"
+f"request is not an activity, ignoring",
 )
 if account_jid is None and activity_type not in ACTIVIY_NO_ACCOUNT_ALLOWED:
 return self.response_code(
 request,
 http.UNSUPPORTED_MEDIA_TYPE,
-f"{activity_type.title()!r} activity must target an account"
+f"{activity_type.title()!r} activity must target an account",
 )
 try:
 method = getattr(self, f"handle_{activity_type}_activity")
 except AttributeError:
 return self.response_code(
 request,
 http.UNSUPPORTED_MEDIA_TYPE,
-f"{activity_type.title()} activity is not yet supported"
+f"{activity_type.title()} activity is not yet supported",
 )
 else:
 await method(
-requestor_actor_id, request, data, account_jid, node, ap_account, ap_url,
+requestor_actor_id,
-signing_actor
+request,
+data,
+account_jid,
+node,
+ap_account,
+ap_url,
+signing_actor,
 )
 async def ap_followers_request(
 self,
 request: "HTTPRequest",
 data: Optional[dict],
 account_jid: jid.JID,
 node: Optional[str],
 ap_account: Optional[str],
 ap_url: str,
-signing_actor: Optional[str]
+signing_actor: Optional[str],
 ) -> dict:
 if node is None:
 node = self.apg._m.namespace
 client = self.apg.client
 subscribers = await self.apg._pps.get_public_node_subscriptions(
 if self.apg.is_virtual_jid(subscriber):
 # the subscriber is an AP user subscribed with this gateway
 ap_account = self.apg._e.unescape(subscriber.user)
 else:
 # regular XMPP user
-ap_account = await self.apg.get_ap_account_from_jid_and_node(subscriber, node)
+ap_account = await self.apg.get_ap_account_from_jid_and_node(
+subscriber, node
+)
 followers.append(ap_account)
 url = self.get_canonical_url(request)
 return {
 "@context": ["https://www.w3.org/ns/activitystreams"],
 "type": "OrderedCollection",
-"id": url,
-"totalItems": len(subscribers),
-"first": {
-"type": "OrderedCollectionPage",
 "id": url,
-"orderedItems": followers
+"totalItems": len(subscribers),
-}
+"first": {
+"type": "OrderedCollectionPage",
+"id": url,
+"orderedItems": followers,
+},
 }
 async def ap_following_request(
 self,
 request: "HTTPRequest",
 data: Optional[dict],
 account_jid: jid.JID,
 node: Optional[str],
 ap_account: Optional[str],
 ap_url: str,
-signing_actor: Optional[str]
+signing_actor: Optional[str],
 ) -> dict[str, Any]:
 client = self.apg.client
-subscriptions = await self.apg._pps.subscriptions(
+subscriptions = await self.apg._pps.subscriptions(client, account_jid, node)
-client, account_jid, node
-)
 following = []
 for sub_dict in subscriptions:
 service = jid.JID(sub_dict["service"])
 if self.apg.is_virtual_jid(service):
 # the subscription is to an AP actor with this gateway
 )
 following.append(ap_account)
 url = self.get_canonical_url(request)
 return {
 "@context": ["https://www.w3.org/ns/activitystreams"],
 "type": "OrderedCollection",
-"id": url,
-"totalItems": len(subscriptions),
-"first": {
-"type": "OrderedCollectionPage",
 "id": url,
-"orderedItems": following
+"totalItems": len(subscriptions),
-}
+"first": {
+"type": "OrderedCollectionPage",
+"id": url,
+"orderedItems": following,
+},
 }
 def _get_to_log(
 self,
 request: "HTTPRequest",
 data: Optional[dict] = None,
 ) -> List[str]:
 """Get base data to logs in verbose mode"""
 from pprint import pformat
 to_log = [
 "",
-f"<<< got {request.method.decode()} request - {request.uri.decode()}"
+f"<<< got {request.method.decode()} request - {request.uri.decode()}",
 ]
 if data is not None:
 to_log.append(pformat(data))
-if self.apg.verbose>=3:
+if self.apg.verbose >= 3:
 headers = "\n".join(
 f"    {k.decode()}: {v.decode()}"
-for k,v in request.getAllHeaders().items()
+for k, v in request.getAllHeaders().items()
 )
 to_log.append(f"  headers:\n{headers}")
 return to_log
 def get_requestor_actor_id(
-self,
+self, data: dict | None = None, uri_extra_args: list[str] | None = None
-data: dict|None = None,
-uri_extra_args: list[str]|None = None
 ) -> str:
 """Find the actor ID of the requestor.
 The requestor here is actually the local actor which will do the requests to
 achieve the task (e.g. retrieve external actor data), not the requestor of the
 ):
 return self.apg.build_apurl(TYPE_ACTOR, ap_account)
 # Still nothing, we'll have to use a generic actor.
 log.warning(
-"Can't find destinee in \"to\" field, using generic requestor for signature."
+'Can\'t find destinee in "to" field, using generic requestor for signature.'
 )
-return self.apg.build_apurl(
+return self.apg.build_apurl(TYPE_ACTOR, f"libervia@{self.apg.public_url}")
-TYPE_ACTOR, f"libervia@{self.apg.public_url}"
-)
 async def ap_request(
 self,
 request: "HTTPRequest",
-data: dict|None = None,
+data: dict | None = None,
-signing_actor: str|None = None,
+signing_actor: str | None = None,
-requestor_actor_id: str|None = None,
+requestor_actor_id: str | None = None,
 ) -> None:
 if self.apg.verbose:
 to_log = self._get_to_log(request, data)
 path = request.path.decode()
-ap_url = parse.urljoin(
+ap_url = parse.urljoin(f"https://{self.apg.public_url}", path)
-f"https://{self.apg.public_url}",
-path
-)
 request_type, extra_args = self.apg.parse_apurl(ap_url)
 header_accept = request.getHeader("accept") or ""
-if ((MEDIA_TYPE_AP not in header_accept
+if (
-and MEDIA_TYPE_AP_ALT not in header_accept
+MEDIA_TYPE_AP not in header_accept
-and request_type in self.apg.html_redirect)):
+and MEDIA_TYPE_AP_ALT not in header_accept
+and request_type in self.apg.html_redirect
+):
 # this is not a AP request, and we have a redirections for it
 kw = {}
 if extra_args:
 kw["jid"], kw["node"] = await self.apg.get_jid_and_node(extra_args[0])
 kw["jid_user"] = kw["jid"].user
 for redirection in redirections:
 filters = redirection["filters"]
 if not filters:
 break
 # if we have filter, they must all match
-elif all(v in kw[k] for k,v in filters.items()):
+elif all(v in kw[k] for k, v in filters.items()):
 break
 else:
 # no redirection is matching
 redirection = None
 if redirection is not None:
-kw = {k: parse.quote(str(v), safe="") for k,v in kw.items()}
+kw = {k: parse.quote(str(v), safe="") for k, v in kw.items()}
 target_url = redirection["url"].format(**kw)
 content = web_util.redirectTo(target_url.encode(), request)
 request.write(content)
 request.finish()
 return
 if requestor_actor_id is None:
-requestor_actor_id = self.get_requestor_actor_id(
+requestor_actor_id = self.get_requestor_actor_id(data, extra_args)
-data, extra_args
-)
 if len(extra_args) == 0:
 if request_type != "shared_inbox":
 raise exceptions.DataError(f"Invalid request type: {request_type!r}")
 ret_data = await self.ap_inbox_request(
 requestor_actor_id, request, data, None, None, None, ap_url, signing_actor
 if len(extra_args) > 1:
 log.warning(f"unexpected extra arguments: {extra_args!r}")
 ap_account = extra_args[0]
 account_jid, node = await self.apg.get_jid_and_node(ap_account)
 if request_type not in AP_REQUEST_TYPES.get(
 request.method.decode().upper(), []
 ):
 raise exceptions.DataError(f"Invalid request type: {request_type!r}")
 method = getattr(self, f"ap_{request_type}_request")
 ret_data = await method(
-requestor_actor_id, request, data, account_jid, node, ap_account, ap_url, signing_actor
+requestor_actor_id,
+request,
+data,
+account_jid,
+node,
+ap_account,
+ap_url,
+signing_actor,
 )
 if ret_data is not None:
 request.setHeader("content-type", CONTENT_TYPE_AP)
 request.write(json.dumps(ret_data).encode())
 if self.apg.verbose:
 to_log.append(f"--- RET (code: {request.code})---")
-if self.apg.verbose>=2:
+if self.apg.verbose >= 2:
 if ret_data is not None:
 from pprint import pformat
 to_log.append(f"{pformat(ret_data)}")
 to_log.append("---")
 log.info("\n".join(to_log))
 request.finish()
 if not isinstance(data, dict):
 log.warning(f"JSON data should be an object (uri={request.uri.decode()})")
 self.response_code(
 request,
 http.BAD_REQUEST,
-f"invalid body, was expecting a JSON object"
+f"invalid body, was expecting a JSON object",
 )
 request.finish()
 return
 except (json.JSONDecodeError, ValueError) as e:
 self.response_code(
-request,
+request, http.BAD_REQUEST, f"invalid json in inbox request: {e}"
-http.BAD_REQUEST,
-f"invalid json in inbox request: {e}"
 )
 request.finish()
 return
 else:
 request.content.seek(0)
 if self.apg.verbose:
 to_log = self._get_to_log(request)
 to_log.append(f"  body: {request.content.read()!r}")
 request.content.seek(0)
 log.info("\n".join(to_log))
-self.response_code(
+self.response_code(request, http.FORBIDDEN, f"invalid signature: {e}")
-request,
-http.FORBIDDEN,
-f"invalid signature: {e}"
-)
 request.finish()
 return
 except Exception as e:
 self.response_code(
-request,
+request, http.INTERNAL_SERVER_ERROR, f"Can't check signature: {e}"
-http.INTERNAL_SERVER_ERROR,
-f"Can't check signature: {e}"
 )
 request.finish()
 return
 request.setResponseCode(http.ACCEPTED)
 )
 except Exception as e:
 self._on_request_error(failure.Failure(e), request)
 async def check_signing_actor(
-self,
+self, requestor_actor_id: str, data: dict, signing_actor: str
-requestor_actor_id: str,
-data: dict,
-signing_actor: str
 ) -> None:
 """That that signing actor correspond to actor declared in data
 @param requestor_actor_id: ID of the actor doing the request.
 @param data: request payload
 raise exceptions.EncryptionError(
 f"signing actor ({signing_actor}) doesn't match actor in data ({actor})"
 )
 async def check_signature(
-self,
+self, requestor_actor_id: str, request: "HTTPRequest"
-requestor_actor_id: str,
-request: "HTTPRequest"
 ) -> str:
 """Check and validate HTTP signature
 @param requestor_actor_id: ID of the actor doing the request.
 @return: id of the signing actor
 try:
 key_id = sign_data["keyId"]
 except KeyError:
 raise exceptions.EncryptionError('"keyId" is missing from signature')
 algorithm = sign_data.get("algorithm", HS2019)
-signed_headers = sign_data.get(
+signed_headers = (
-"headers",
+sign_data.get("headers", "(created)" if algorithm == HS2019 else "date")
-"(created)" if algorithm==HS2019 else "date"
+.lower()
-).lower().split()
+.split()
+)
 try:
 headers_to_check = SIGN_HEADERS[None] + SIGN_HEADERS[request.method]
 except KeyError:
 raise exceptions.InternalError(
 f"there should be a list of headers for {request.method} method"
 if len(set(header).intersection(signed_headers)) == 0:
 raise exceptions.EncryptionError(
 f"at least one of following header must be signed: {header}"
 )
 elif header not in signed_headers:
-raise exceptions.EncryptionError(
+raise exceptions.EncryptionError(f"the {header!r} header must be signed")
-f"the {header!r} header must be signed"
-)
 body = request.content.read()
 request.content.seek(0)
 headers = {}
 for to_sign in signed_headers:
 # as we need original host if a proxy has modified the header
 forwarded = request.getHeader("forwarded")
 if forwarded is not None:
 try:
 host = [
-f[5:] for f in forwarded.split(";")
+f[5:]
+for f in forwarded.split(";")
 if f.startswith("host=")
 ][0] or None
 except IndexError:
 host = None
 else:
 host = request.getHeader("x-forwarded-host")
 if host:
 value = host
 elif to_sign == "digest":
 hashes = {
-algo.lower(): hash_ for algo, hash_ in (
+algo.lower(): hash_
+for algo, hash_ in (
 digest.split("=", 1) for digest in value.split(",")
 )
 }
 try:
 given_digest = hashes["sha-256"]
 if "(created)" in headers:
 created = float(headers["created"])
 else:
 created = date_utils.date_parse(headers["date"])
 try:
 expires = float(headers["expires"])
 except KeyError:
 pass
 else:
 if created > limit_ts:
 raise exceptions.EncryptionError("Signature has expired")
 try:
 return await self.apg.check_signature(
-requestor_actor_id,
+requestor_actor_id, sign_data["signature"], key_id, headers
-sign_data["signature"],
-key_id,
-headers
 )
 except exceptions.EncryptionError:
-method, url = headers["(request-target)"].rsplit(' ', 1)
+method, url = headers["(request-target)"].rsplit(" ", 1)
 headers["(request-target)"] = f"{method} {parse.unquote(url)}"
 log.debug(
 "Using workaround for (request-target) encoding bug in signature, "
 "see https://github.com/mastodon/mastodon/issues/18871"
 )
 return await self.apg.check_signature(
-requestor_actor_id,
+requestor_actor_id, sign_data["signature"], key_id, headers
-sign_data["signature"],
-key_id,
-headers
 )
 def render(self, request):
 request.setHeader("server", VERSION)
 return super().render(request)

Mercurial > libervia-backend

comparison libervia/backend/plugins/plugin_comp_ap_gateway/http_server.py @ 4270:0d7bb4df2343