diff sat/plugins/plugin_comp_ap_gateway/http_server.py @ 3981:acc9dfc8ba8d

component AP gateway: parse body immediately on `POST` request: the body is parsed immediately during a `POST` request: this avoids duplication of code, and allows to check the body data before continuing (will be used to filter some requests in a future patch).
author Goffi <goffi@goffi.org>
date Tue, 15 Nov 2022 18:07:34 +0100
parents 9b5092225e46
children 74f7c10a48bc
line wrap: on
line diff
--- a/sat/plugins/plugin_comp_ap_gateway/http_server.py	Tue Nov 15 18:03:07 2022 +0100
+++ b/sat/plugins/plugin_comp_ap_gateway/http_server.py	Tue Nov 15 18:07:34 2022 +0100
@@ -560,6 +560,7 @@
     async def APActorRequest(
         self,
         request: "HTTPRequest",
+        data: Optional[dict],
         account_jid: jid.JID,
         node: Optional[str],
         ap_account: str,
@@ -662,6 +663,7 @@
     async def APOutboxPageRequest(
         self,
         request: "HTTPRequest",
+        data: Optional[dict],
         account_jid: jid.JID,
         node: Optional[str],
         ap_account: str,
@@ -709,7 +711,7 @@
                 )
                 for item in reversed(items)
             ]
-        data = {
+        ret_data = {
             "@context": ["https://www.w3.org/ns/activitystreams"],
             "id": url,
             "type": "OrderedCollectionPage",
@@ -724,19 +726,20 @@
                 last= metadata["rsm"]["last"]
             except KeyError:
                 last = None
-            data["prev"] = f"{base_url}?{parse.urlencode({'after': last})}"
+            ret_data["prev"] = f"{base_url}?{parse.urlencode({'after': last})}"
         if metadata["rsm"]["index"] != 0:
             try:
                 first= metadata["rsm"]["first"]
             except KeyError:
                 first = None
-            data["next"] = f"{base_url}?{parse.urlencode({'before': first})}"
+            ret_data["next"] = f"{base_url}?{parse.urlencode({'before': first})}"
 
-        return data
+        return ret_data
 
     async def APOutboxRequest(
         self,
         request: "HTTPRequest",
+        data: Optional[dict],
         account_jid: jid.JID,
         node: Optional[str],
         ap_account: str,
@@ -794,24 +797,16 @@
     async def APInboxRequest(
         self,
         request: "HTTPRequest",
+        data: Optional[dict],
         account_jid: Optional[jid.JID],
         node: Optional[str],
         ap_account: Optional[str],
         ap_url: str,
         signing_actor: Optional[str]
     ) -> None:
+        assert data is not None
         if signing_actor is None:
             raise exceptions.InternalError("signing_actor must be set for inbox requests")
-        try:
-            data = json.load(request.content)
-            if not isinstance(data, dict):
-                raise ValueError("data should be an object")
-        except (json.JSONDecodeError, ValueError) as e:
-            return self.responseCode(
-                request,
-                http.BAD_REQUEST,
-                f"invalid json in inbox request: {e}"
-            )
         await self.checkSigningActor(data, signing_actor)
         activity_type = (data.get("type") or "").lower()
         if not activity_type in ACTIVITY_TYPES_LOWER:
@@ -844,6 +839,7 @@
     async def APFollowersRequest(
         self,
         request: "HTTPRequest",
+        data: Optional[dict],
         account_jid: jid.JID,
         node: Optional[str],
         ap_account: Optional[str],
@@ -882,6 +878,7 @@
     async def APFollowingRequest(
         self,
         request: "HTTPRequest",
+        data: Optional[dict],
         account_jid: jid.JID,
         node: Optional[str],
         ap_account: Optional[str],
@@ -921,6 +918,7 @@
     async def APRequest(
         self,
         request: "HTTPRequest",
+        data: Optional[dict] = None,
         signing_actor: Optional[str] = None
     ) -> None:
         if self.apg.verbose:
@@ -929,14 +927,8 @@
                 "",
                 f"<<< got {request.method.decode()} request - {request.uri.decode()}"
             ]
-            try:
-                data = json.load(request.content)
-            except (json.JSONDecodeError, ValueError):
-                pass
-            else:
+            if data is not None:
                 to_log.append(pformat(data))
-            finally:
-                request.content.seek(0)
             if self.apg.verbose>=3:
                 headers = "\n".join(
                     f"    {k.decode()}: {v.decode()}"
@@ -990,7 +982,7 @@
             if request_type != "shared_inbox":
                 raise exceptions.DataError(f"Invalid request type: {request_type!r}")
             ret_data = await self.APInboxRequest(
-                request, None, None, None, ap_url, signing_actor
+                request, data, None, None, None, ap_url, signing_actor
             )
         elif request_type == "avatar":
             if len(extra_args) != 1:
@@ -1013,7 +1005,7 @@
                 raise exceptions.DataError(f"Invalid request type: {request_type!r}")
             method = getattr(self, f"AP{request_type.title()}Request")
             ret_data = await method(
-                request, account_jid, node, ap_account, ap_url, signing_actor
+                request, data, account_jid, node, ap_account, ap_url, signing_actor
             )
         if ret_data is not None:
             request.setHeader("content-type", CONTENT_TYPE_AP)
@@ -1027,7 +1019,26 @@
             log.info("\n".join(to_log))
         request.finish()
 
-    async def APPostRequest(self, request: "HTTPRequest"):
+    async def APPostRequest(self, request: "HTTPRequest") -> None:
+        try:
+            data = json.load(request.content)
+            if not isinstance(data, dict):
+                log.warning(f"JSON data should be an object (uri={request.uri.decode()})")
+                self.responseCode(
+                    request,
+                    http.BAD_REQUEST,
+                    f"invalid body, was expecting a JSON object"
+                )
+                request.finish()
+                return
+        except (json.JSONDecodeError, ValueError) as e:
+            self.responseCode(
+                request,
+                http.BAD_REQUEST,
+                f"invalid json in inbox request: {e}"
+            )
+            request.finish()
+            return
         try:
             signing_actor = await self.checkSignature(request)
         except exceptions.EncryptionError as e:
@@ -1050,7 +1061,7 @@
 
         # default response code, may be changed, e.g. in case of exception
         try:
-            return await self.APRequest(request, signing_actor)
+            return await self.APRequest(request, data, signing_actor)
         except Exception as e:
             self._onRequestError(failure.Failure(e), request)