Merge pull request #2199 from pixelfed/staging

Federation Refactor

app/Http/Controllers/FederationController.php

@@ -100,110 +100,12 @@ class FederationController extends Controller
         abort_if(!config('federation.activitypub.enabled'), 404);
         abort_if(!config('federation.activitypub.inbox'), 404);
 
-        // $headers = $request->headers->all();
-        // $payload = $request->getContent();
-        // InboxValidator::dispatch($username, $headers, $payload);
-        $profile = Profile::whereNull('domain')->whereUsername($username)->firstOrFail();
-        if($profile->status != null) {
-            return ProfileController::accountCheck($profile);
-        }
-        $body = $request->getContent();
-        $bodyDecoded = json_decode($body, true, 12);
-        if($this->verifySignature($request, $profile) == true) {
-            InboxWorker::dispatch($request->headers->all(), $profile, $bodyDecoded);
-        } else if($this->blindKeyRotation($request, $profile) == true) {
-            InboxWorker::dispatch($request->headers->all(), $profile, $bodyDecoded);
-        } else {
-            abort(400, 'Bad Signature');
-        }
+        $headers = $request->headers->all();
+        $payload = $request->getContent();
+        InboxValidator::dispatchNow($username, $headers, $payload)->onQueue('high');
         return;
     }
 
-
-    protected function verifySignature(Request $request, Profile $profile)
-    {
-        $body = $request->getContent();
-        $bodyDecoded = json_decode($body, true, 8);
-        $signature = $request->header('signature');
-        $date = $request->header('date');
-        $digest = $request->header('digest');
-        if(!$digest) {
-            abort(400, 'Missing digest header');
-        }
-        if(!$signature) {
-            abort(400, 'Missing signature header');
-        }
-        if(!$date) {
-            abort(400, 'Missing date header');
-        }
-        if(!now()->parse($date)->gt(now()->subDays(1)) || !now()->parse($date)->lt(now()->addDays(1))) {
-            abort(400, 'Invalid date');
-        }
-        $signatureData = HttpSignature::parseSignatureHeader($signature);
-        $keyId = Helpers::validateUrl($signatureData['keyId']);
-        $id = Helpers::validateUrl($bodyDecoded['id']);
-        $keyDomain = parse_url($keyId, PHP_URL_HOST);
-        $idDomain = parse_url($id, PHP_URL_HOST);
-        if($keyDomain == config('pixelfed.domain.app') || $idDomain == config('pixelfed.domain.app')) {
-            return false;
-        }
-        if(isset($bodyDecoded['object']) 
-            && is_array($bodyDecoded['object'])
-            && isset($bodyDecoded['object']['attributedTo'])
-        ) {
-            if(parse_url($bodyDecoded['object']['attributedTo'], PHP_URL_HOST) !== $keyDomain) {
-                abort(400, 'Invalid request');
-            }
-        }
-        if(!$keyDomain || !$idDomain || $keyDomain !== $idDomain) {
-            abort(400, 'Invalid request');
-        }
-        $actor = Profile::whereKeyId($keyId)->first();
-        if(!$actor) {
-            $actor = Helpers::profileFirstOrNew($bodyDecoded['actor']);
-        }
-        if(!$actor) {
-            return false;
-        }
-        $pkey = openssl_pkey_get_public($actor->public_key);
-        $inboxPath = "/users/{$profile->username}/inbox";
-        list($verified, $headers) = HttpSignature::verify($pkey, $signatureData, $request->headers->all(), $inboxPath, $body);
-        if($verified == 1) { 
-            return true;
-        } else {
-            return false;
-        }
-    }
-
-    protected function blindKeyRotation(Request $request, Profile $profile)
-    {
-        $signature = $request->header('signature');
-        $date = $request->header('date');
-        if(!$signature) {
-            abort(400, 'Missing signature header');
-        }
-        if(!$date) {
-            abort(400, 'Missing date header');
-        }
-        if(!now()->parse($date)->gt(now()->subDays(1)) || !now()->parse($date)->lt(now()->addDays(1))) {
-            abort(400, 'Invalid date');
-        }
-        $signatureData = HttpSignature::parseSignatureHeader($signature);
-        $keyId = Helpers::validateUrl($signatureData['keyId']);
-        $actor = Profile::whereKeyId($keyId)->whereNotNull('remote_url')->firstOrFail();
-        $res = Zttp::timeout(5)->withHeaders([
-          'Accept'     => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
-          'User-Agent' => 'PixelfedBot v0.1 - https://pixelfed.org',
-        ])->get($actor->remote_url);
-        $res = json_decode($res->body(), true, 8);
-        if($res['publicKey']['id'] !== $actor->key_id) {
-            return false;
-        }
-        $actor->public_key = $res['publicKey']['publicKeyPem'];
-        $actor->save();
-        return $this->verifySignature($request, $profile);
-    }
-
     public function userFollowing(Request $request, $username)
     {
         abort_if(!config('federation.activitypub.enabled'), 404);

app/Jobs/CommentPipeline/CommentPipeline.php

@@ -30,6 +30,9 @@ class CommentPipeline implements ShouldQueue
      * @var bool
      */
     public $deleteWhenMissingModels = true;
+
+    public $timeout = 5;
+    public $tries = 1;
     
     /**
      * Create a new job instance.

app/Jobs/InboxPipeline/InboxValidator.php

@@ -23,6 +23,9 @@ class InboxValidator implements ShouldQueue
     protected $headers;
     protected $payload;
 
+    public $timeout = 5;
+    public $tries = 1;
+
     /**
      * Create a new job instance.
      *
@@ -48,18 +51,24 @@ class InboxValidator implements ShouldQueue
 
         $profile = Profile::whereNull('domain')->whereUsername($username)->first();
 
+        if(!isset($headers['signature']) || !isset($headers['date'])) {
+            return;
+        }
+
         if(empty($profile) || empty($headers) || empty($payload)) {
-            return true;
+            return;
         }
 
         if($profile->status != null) {
-            return true;
+            return;
         }
 
         if($this->verifySignature($headers, $profile, $payload) == true) {
-            InboxWorker::dispatchNow($headers, $profile, $payload)->onQueue('high');
+            (new Inbox($headers, $profile, $payload))->handle();
+            return;
         } else if($this->blindKeyRotation($headers, $profile, $payload) == true) {
-            InboxWorker::dispatchNow($headers, $profile, $payload)->onQueue('high');
+            (new Inbox($headers, $profile, $payload))->handle();
+            return;
         } else {
             return;
         }
@@ -73,13 +82,15 @@ class InboxValidator implements ShouldQueue
         $signature = is_array($headers['signature']) ? $headers['signature'][0] : $headers['signature'];
         $date = is_array($headers['date']) ? $headers['date'][0] : $headers['date'];
         if(!$signature) {
-            abort(400, 'Missing signature header');
+            return;
         }
         if(!$date) {
-            abort(400, 'Missing date header');
+            return;
         }
-        if(!now()->parse($date)->gt(now()->subDays(1)) || !now()->parse($date)->lt(now()->addDays(1))) {
-            abort(400, 'Invalid date');
+        if(!now()->parse($date)->gt(now()->subDays(1)) || 
+           !now()->parse($date)->lt(now()->addDays(1))
+       ) {
+            return;
         }
         $signatureData = HttpSignature::parseSignatureHeader($signature);
         $keyId = Helpers::validateUrl($signatureData['keyId']);
@@ -91,10 +102,12 @@ class InboxValidator implements ShouldQueue
             && isset($bodyDecoded['object']['attributedTo'])
         ) {
             if(parse_url($bodyDecoded['object']['attributedTo'], PHP_URL_HOST) !== $keyDomain) {
+                return;
                 abort(400, 'Invalid request');
             }
         }
         if(!$keyDomain || !$idDomain || $keyDomain !== $idDomain) {
+            return;
             abort(400, 'Invalid request');
         }
         $actor = Profile::whereKeyId($keyId)->first();
@@ -103,11 +116,11 @@ class InboxValidator implements ShouldQueue
             $actor = Helpers::profileFirstOrNew($actorUrl);
         }
         if(!$actor) {
-            return false;
+            return;
         }
         $pkey = openssl_pkey_get_public($actor->public_key);
         $inboxPath = "/users/{$profile->username}/inbox";
-        list($verified, $headers) = HTTPSignature::verify($pkey, $signatureData, $headers, $inboxPath, $body);
+        list($verified, $headers) = HttpSignature::verify($pkey, $signatureData, $headers, $inboxPath, $body);
         if($verified == 1) { 
             return true;
         } else {
@@ -120,22 +133,24 @@ class InboxValidator implements ShouldQueue
         $signature = is_array($headers['signature']) ? $headers['signature'][0] : $headers['signature'];
         $date = is_array($headers['date']) ? $headers['date'][0] : $headers['date'];
         if(!$signature) {
-            return false;
+            return;
         }
         if(!$date) {
-            return false;
+            return;
         }
-        if(!now()->parse($date)->gt(now()->subDays(1)) || !now()->parse($date)->lt(now()->addDays(1))) {
-            return false;
+        if(!now()->parse($date)->gt(now()->subDays(1)) || 
+           !now()->parse($date)->lt(now()->addDays(1))
+       ) {
+            return;
         }
         $signatureData = HttpSignature::parseSignatureHeader($signature);
         $keyId = Helpers::validateUrl($signatureData['keyId']);
         $actor = Profile::whereKeyId($keyId)->whereNotNull('remote_url')->first();
         if(!$actor) {
-            return false;
+            return;
         }
         if(Helpers::validateUrl($actor->remote_url) == false) {
-            return false;
+            return;
         }
         $res = Zttp::timeout(5)->withHeaders([
           'Accept'     => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
@@ -143,7 +158,7 @@ class InboxValidator implements ShouldQueue
         ])->get($actor->remote_url);
         $res = json_decode($res->body(), true, 8);
         if($res['publicKey']['id'] !== $actor->key_id) {
-            return false;
+            return;
         }
         $actor->public_key = $res['publicKey']['publicKeyPem'];
         $actor->save();

app/Jobs/LikePipeline/LikePipeline.php

@@ -28,6 +28,9 @@ class LikePipeline implements ShouldQueue
      */
     public $deleteWhenMissingModels = true;
 
+    public $timeout = 5;
+    public $tries = 1;
+
     /**
      * Create a new job instance.
      *

app/Jobs/StatusPipeline/NewStatusPipeline.php

@@ -23,6 +23,9 @@ class NewStatusPipeline implements ShouldQueue
      * @var bool
      */
     public $deleteWhenMissingModels = true;
+
+    public $timeout = 5;
+    public $tries = 1;
     
     /**
      * Create a new job instance.

app/Jobs/StatusPipeline/StatusEntityLexer.php

@@ -8,6 +8,7 @@ use App\Mention;
 use App\Profile;
 use App\Status;
 use App\StatusHashtag;
+use App\Services\PublicTimelineService;
 use App\Util\Lexer\Autolink;
 use App\Util\Lexer\Extractor;
 use DB;
@@ -136,7 +137,13 @@ class StatusEntityLexer implements ShouldQueue
 
     public function deliver()
     {
-        if(config('federation.activitypub.enabled') == true) {
+        $status = $this->status;
+
+        if($status->uri == null && $status->scope == 'public') {
+            PublicTimelineService::add($status->id);
+        }
+
+        if(config('federation.activitypub.enabled') == true && config('app.env') == 'production') {
             StatusActivityPubDeliver::dispatch($this->status);
         }
     }

resources/assets/js/components/ComposeModal.vue

@@ -616,7 +616,6 @@ export default {
 		mediaWatcher() {
 			let self = this;
 			$(document).on('change', '#pf-dz', function(e) {
-				e.preventDefault();
 				self.mediaUpload();
 			});
 		},