Sākums Izpētīt Palīdzība
Pierakstīties
ajdunevent
/
gnu-social
atdalīts no diogo/gnu-social
Vērot 1
Pievienot zvaigznīti 0
Atdalīts 0
Faili
Koks: 6e031d623a
Atzari Tagi
gnu-social
/
plugins
/
ActivityPub
/
actions
/
apinbox.php

apinbox.php 6.1 KB
Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145 
  1. <?php
    2. 

  2. // This file is part of GNU social - https://www.gnu.org/software/social
    3. 

  3. //
    4. 

  4. // GNU social is free software: you can redistribute it and/or modify
    5. 

  5. // it under the terms of the GNU Affero General Public License as published by
    6. 

  6. // the Free Software Foundation, either version 3 of the License, or
    7. 

  7. // (at your option) any later version.
    8. 

  8. //
    9. 

  9. // GNU social is distributed in the hope that it will be useful,
    10. 

  10. // but WITHOUT ANY WARRANTY; without even the implied warranty of
    11. 

  11. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    12. 

  12. // GNU Affero General Public License for more details.
    13. 

  13. //
    14. 

  14. // You should have received a copy of the GNU Affero General Public License
    15. 

  15. // along with GNU social.  If not, see <http://www.gnu.org/licenses/>.
    16. 

  16. 

  17. /**
    18. 

  18.  * ActivityPub implementation for GNU social
    19. 

  19.  *
    20. 

  20.  * @package   GNUsocial
    21. 

  21.  * @author    Diogo Cordeiro <diogo@fc.up.pt>
    22. 

  22.  * @copyright 2018-2019 Free Software Foundation, Inc http://www.fsf.org
    23. 

  23.  * @license   https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
    24. 

  24.  * @link      http://www.gnu.org/software/social/
    25. 

  25.  */
    26. 

  26. 

  27. defined('GNUSOCIAL') || die();
    28. 

  28. 

  29. /**
    30. 

  30.  * Inbox Request Handler
    31. 

  31.  *
    32. 

  32.  * @category  Plugin
    33. 

  33.  * @package   GNUsocial
    34. 

  34.  * @author    Diogo Cordeiro <diogo@fc.up.pt>
    35. 

  35.  * @license   https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
    36. 

  36.  */
    37. 

  37. class apInboxAction extends ManagedAction
    38. 

  38. {
    39. 

  39.     protected $needLogin = false;
    40. 

  40.     protected $canPost = true;
    41. 

  41. 

  42.     /**
    43. 

  43.      * Handle the Inbox request
    44. 

  44.      *
    45. 

  45.      * @return void
    46. 

  46.      * @throws ServerException
    47. 

  47.      * @author Diogo Cordeiro <diogo@fc.up.pt>
    48. 

  48.      */
    49. 

  49.     protected function handle()
    50. 

  50.     {
    51. 

  51.         $path = !empty($this->trimmed('id')) ? common_local_url('apInbox', ['id' => $this->trimmed('id')]) : common_local_url('apInbox');
    52. 

  52.         $path = parse_url($path, PHP_URL_PATH);
    53. 

  53. 

  54.         if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    55. 

  55.             ActivityPubReturn::error('Only POST requests allowed.');
    56. 

  56.         }
    57. 

  57. 

  58.         common_debug('ActivityPub Inbox: Received a POST request.');
    59. 

  59.         $body = $data = file_get_contents('php://input');
    60. 

  60.         common_debug('ActivityPub Inbox: Request contents: ' . $data);
    61. 

  61.         $data = json_decode(file_get_contents('php://input'), true);
    62. 

  62. 

  63.         if (!isset($data['actor'])) {
    64. 

  64.             ActivityPubReturn::error('Actor not found in the request.');
    65. 

  65.         }
    66. 

  66. 

  67.         try {
    68. 

  68.             $actor = Activitypub_explorer::get_profile_from_url($data['actor']);
    69. 

  69.         } catch (HTTP_Request2_Exception $e) {
    70. 

  70.             ActivityPubReturn::error('Failed to retrieve remote actor information.');
    71. 

  71.         } catch (NoProfileException $e) {
    72. 

  72.             // Assert: This won't happen.
    73. 

  73.             common_log(LOG_ERR, 'PLEASE REPORT THIS: ActivityPub Inbox Handler failed with NoProfileException while retrieving remote actor information: ' . $e->getMessage());
    74. 

  74.             ActivityPubReturn::error('An unknown error has occurred. This was logged, please alert the sysadmin.');
    75. 

  75.         } catch (ServerException $e) {
    76. 

  76.             ActivityPubReturn::error('Could not store this remote actor.');
    77. 

  77.         } catch (Exception $e) {
    78. 

  78.             ActivityPubReturn::error('Invalid actor.');
    79. 

  79.         }
    80. 

  80.         try {
    81. 

  81.             $aprofile = Activitypub_profile::from_profile($actor);
    82. 

  82.         } catch (Exception $e) {
    83. 

  83.             // Assert: This won't happen.
    84. 

  84.             common_log(LOG_ERR, 'PLEASE REPORT THIS: ActivityPub Inbox Handler failed while retrieving AProfile from Profile: ' . $e->getMessage());
    85. 

  85.             ActivityPubReturn::error('An unknown error has occurred. This was logged, please alert the sysadmin.');
    86. 

  86.         }
    87. 

  87. 

  88.         $actor_public_key = new Activitypub_rsa();
    89. 

  89.         $actor_public_key = $actor_public_key->ensure_public_key($actor);
    90. 

  90. 

  91.         common_debug('ActivityPub Inbox: HTTP Signature: Validation will now start!');
    92. 

  92. 

  93.         $headers = getallheaders();
    94. 

  94.         common_debug('ActivityPub Inbox: Request Headers: ' . print_r($headers, true));
    95. 

  95. 

  96.         if (!isset($headers['Signature'])) {
    97. 

  97.             common_debug('ActivityPub Inbox: HTTP Signature: Missing Signature header.');
    98. 

  98.             ActivityPubReturn::error('Missing Signature header.', 400);
    99. 

  99.         }
    100. 

  100. 

  101.         // Extract the signature properties
    102. 

  102.         $signatureData = HTTPSignature::parseSignatureHeader($headers['Signature']);
    103. 

  103.         common_debug('ActivityPub Inbox: HTTP Signature Data: ' . print_r($signatureData, true));
    104. 

  104.         if (isset($signatureData['error'])) {
    105. 

  105.             common_debug('ActivityPub Inbox: HTTP Signature: ' . json_encode($signatureData, true));
    106. 

  106.             ActivityPubReturn::error(json_encode($signatureData, true), 400);
    107. 

  107.         }
    108. 

  108. 

  109.         list($verified, /*$headers*/) = HTTPSignature::verify($actor_public_key, $signatureData, $headers, $path, $body);
    110. 

  110. 

  111.         // If the signature fails verification the first time, update profile as it might have changed public key
    112. 

  112.         if ($verified !== 1) {
    113. 

  113.             try {
    114. 

  114.                 $res = Activitypub_explorer::get_remote_user_activity($aprofile->getUri());
    115. 

  115.             } catch (Exception $e) {
    116. 

  116.                 ActivityPubReturn::error('Invalid remote actor.');
    117. 

  117.             }
    118. 

  118.             try {
    119. 

  119.                 $actor = Activitypub_profile::update_profile($aprofile, $res);
    120. 

  120.             } catch (Exception $e) {
    121. 

  121.                 ActivityPubReturn::error('Failed to updated remote actor information.');
    122. 

  122.             }
    123. 

  123.             $actor_public_key = new Activitypub_rsa();
    124. 

  124.             $actor_public_key = $actor_public_key->ensure_public_key($actor);
    125. 

  125.             list($verified, /*$headers*/) = HTTPSignature::verify($actor_public_key, $signatureData, $headers, $path, $body);
    126. 

  126.         }
    127. 

  127. 

  128.         // If it still failed despite profile update
    129. 

  129.         if ($verified !== 1) {
    130. 

  130.             common_debug('ActivityPub Inbox: HTTP Signature: Invalid signature.');
    131. 

  131.             ActivityPubReturn::error('Invalid signature.');
    132. 

  132.         }
    133. 

  133. 

  134.         // HTTP signature checked out, make sure the "actor" of the activity matches that of the signature
    135. 

  135.         common_debug('ActivityPub Inbox: HTTP Signature: Authorized request. Will now start the inbox handler.');
    136. 

  136. 

  137.         try {
    138. 

  138.             new Activitypub_inbox_handler($data, $actor);
    139. 

  139.             ActivityPubReturn::answer();
    140. 

  140.         } catch (Exception $e) {
    141. 

  141.             ActivityPubReturn::error($e->getMessage());
    142. 

  142.         }
    143. 

  143.     }
    144. 

  144. }
    145. 

  145.