Update ActivityPub helper/inbox

app/Util/ActivityPub/Helpers.php

@@ -36,11 +36,11 @@ class Helpers {
 				Rule::in($verbs)
 			],
 			'id' => 'required|string',
-			'actor' => 'required|string',
+			'actor' => 'required|string|url',
 			'object' => 'required',
 			'object.type' => 'required_if:type,Create',
 			'object.attachment' => 'required_if:type,Create',
-			'object.attributedTo' => 'required_if:type,Create',
+			'object.attributedTo' => 'required_if:type,Create|url',
 			'published' => 'required_if:type,Create|date'
 		])->passes();
 
@@ -63,13 +63,16 @@ class Helpers {
 		}
 
 		$attachment = $activity['attachment'];
+		if(self::validateUrl($attachment['url']) == false) {
+			return false;
+		}
 		$valid = Validator::make($attachment, [
 			'*.type' => [
 				'required',
 				'string',
 				Rule::in($mediaTypes)
 			],
-			'*.url' => 'required|max:255',
+			'*.url' => 'required|url|max:255',
 			'*.mediaType'  => [
 				'required',
 				'string',
@@ -331,6 +334,8 @@ class Helpers {
 
 	public static function importNoteAttachment($data, Status $status)
 	{
+		return;
+
 		if(self::verifyAttachments($data) == false) {
 			return;
 		}
@@ -394,6 +399,10 @@ class Helpers {
 		$username = Purify::clean($res['preferredUsername']);
 		$remoteUsername = "@{$username}@{$domain}";
 
+		abort_if(!self::validateUrl($res['inbox']), 400);
+		abort_if(!self::validateUrl($res['outbox']), 400);
+		abort_if(!self::validateUrl($res['id']), 400);
+
 		$profile = Profile::whereRemoteUrl($res['id'])->first();
 		if(!$profile) {
 			$profile = new Profile;
@@ -418,10 +427,7 @@ class Helpers {
 
 	public static function sendSignedObject($senderProfile, $url, $body)
 	{
-		$url = self::validateUrl($url);
-		if($url == false) {
-			abort(400, 'Invalid url');
-		}
+		abort_if(!self::validateUrl($url), 400);
 
 		$payload = json_encode($body);
 		$headers = HttpSignature::sign($senderProfile, $url, $body);
@@ -434,42 +440,4 @@ class Helpers {
 		$response = curl_exec($ch);
 		return;
 	}
-
-	private static function _headersToSigningString($headers) {
-	}
-
-	public static function validateSignature($request, $payload = null)
-	{
-
-	}
-
-	public static function fetchPublicKey()
-	{
-		$profile = $this->profile;
-		$is_url = $this->is_url;
-		$valid = $this->validateUrl();
-		if (!$valid) {
-			throw new \Exception('Invalid URL provided');
-		}
-		if ($is_url && isset($profile->public_key) && $profile->public_key) {
-			return $profile->public_key;
-		}
-
-		try {
-			$url = $this->profile;
-			$res = Zttp::timeout(30)->withHeaders([
-				'Accept'     => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
-				'User-Agent' => 'PixelFedBot v0.1 - https://pixelfed.org',
-			])->get($url);
-			$actor = json_decode($res->getBody(), true);
-		} catch (Exception $e) {
-			throw new Exception('Unable to fetch public key');
-		}
-		if($actor['publicKey']['owner'] != $profile) {
-			throw new Exception('Invalid key match');
-		}
-		$this->public_key = $actor['publicKey']['publicKeyPem'];
-		$this->key_id = $actor['publicKey']['id'];
-		return $this;
-	}
 }

app/Util/ActivityPub/Inbox.php

@@ -36,6 +36,7 @@ class Inbox
 
     public function handle()
     {
+        abort_if(!Helpers::validateObject($this->payload), 400);
         $this->handleVerb();
     }
 
@@ -136,7 +137,7 @@ class Inbox
     public function handleNoteCreate()
     {
         return;
-        
+
         $activity = $this->payload['object'];
         $actor = $this->actorFirstOrCreate($this->payload['actor']);
         if(!$actor || $actor->domain == null) {
@@ -261,24 +262,24 @@ class Inbox
     {
         $actor = $this->payload['actor'];
         $obj = $this->payload['object'];
+        abort_if(!Helpers::validateUrl($obj), 400);
         if(is_string($obj) && Helpers::validateUrl($obj)) {
             // actor object detected
             // todo delete actor
-        } else if (Helpers::validateUrl($obj['id']) && is_array($obj) && isset($obj['type']) && $obj['type'] == 'Tombstone') {
-            // tombstone detected
-            $status = Status::whereLocal(false)->whereUri($obj['id'])->firstOrFail();
-            $status->forceDelete();
+        } else if (Helpers::validateUrl($obj['id']) && Helpers::validateObject($obj) && $obj['type'] == 'Tombstone') {
+            // todo delete status or object
         }
     }
 
     public function handleLikeActivity()
     {
         $actor = $this->payload['actor'];
+
+        abort_if(!Helpers::validateUrl($actor), 400);
+
         $profile = self::actorFirstOrCreate($actor);
         $obj = $this->payload['object'];
-        if(Helpers::validateLocalUrl($obj) == false) {
-            return;
-        }
+        abort_if(!Helpers::validateLocalUrl($obj), 400);
         $status = Helpers::statusFirstOrFetch($obj);
         if(!$status || !$profile) {
             return;
@@ -288,10 +289,11 @@ class Inbox
             'status_id' => $status->id
         ]);
 
-        if($like->wasRecentlyCreated == false) {
-            return;
+        if($like->wasRecentlyCreated == true) {
+            LikePipeline::dispatch($like);
         }
-        LikePipeline::dispatch($like);
+
+        return;
     }