2019-01-19 10:56:50 +09:00
|
|
|
{- This file is part of Vervis.
|
|
|
|
-
|
|
|
|
- Written in 2019 by fr33domlover <fr33domlover@riseup.net>.
|
|
|
|
-
|
|
|
|
- ♡ Copying is an act of love. Please copy, reuse and share.
|
|
|
|
-
|
|
|
|
- The author(s) have dedicated all copyright and related and neighboring
|
|
|
|
- rights to this software to the public domain worldwide. This software is
|
|
|
|
- distributed without any warranty.
|
|
|
|
-
|
|
|
|
- You should have received a copy of the CC0 Public Domain Dedication along
|
|
|
|
- with this software. If not, see
|
|
|
|
- <http://creativecommons.org/publicdomain/zero/1.0/>.
|
|
|
|
-}
|
|
|
|
|
|
|
|
module Vervis.Handler.Inbox
|
|
|
|
( getInboxR
|
|
|
|
, postInboxR
|
2019-01-22 00:54:57 +09:00
|
|
|
, getOutboxR
|
|
|
|
, postOutboxR
|
2019-02-07 19:34:33 +09:00
|
|
|
, getActorKey1R
|
|
|
|
, getActorKey2R
|
2019-01-19 10:56:50 +09:00
|
|
|
)
|
|
|
|
where
|
|
|
|
|
|
|
|
import Prelude
|
|
|
|
|
|
|
|
import Control.Applicative ((<|>))
|
|
|
|
import Control.Concurrent.STM.TVar (readTVarIO, modifyTVar')
|
|
|
|
import Control.Exception (displayException)
|
|
|
|
import Control.Monad.IO.Class (liftIO)
|
|
|
|
import Control.Monad.STM (atomically)
|
|
|
|
import Control.Monad.Trans.Except (ExceptT (ExceptT), runExceptT)
|
|
|
|
import Crypto.Error (CryptoFailable (..))
|
|
|
|
import Crypto.PubKey.Ed25519 (publicKey, signature, verify)
|
2019-01-22 00:54:57 +09:00
|
|
|
import Data.Aeson
|
2019-01-19 10:56:50 +09:00
|
|
|
import Data.Bifunctor (first, second)
|
|
|
|
import Data.HashMap.Strict (HashMap)
|
2019-01-22 00:54:57 +09:00
|
|
|
import Data.List.NonEmpty (NonEmpty (..))
|
2019-02-07 19:34:33 +09:00
|
|
|
import Data.PEM (PEM (..))
|
2019-01-19 10:56:50 +09:00
|
|
|
import Data.Text (Text)
|
2019-01-22 00:54:57 +09:00
|
|
|
import Data.Text.Encoding (encodeUtf8)
|
2019-01-19 10:56:50 +09:00
|
|
|
import Data.Text.Lazy.Encoding (decodeUtf8)
|
|
|
|
import Data.Time.Clock (UTCTime, getCurrentTime)
|
|
|
|
import Data.Time.Interval (TimeInterval, toTimeUnit)
|
|
|
|
import Data.Time.Units (Second)
|
2019-01-22 00:54:57 +09:00
|
|
|
import Database.Persist (Entity (..))
|
2019-01-19 10:56:50 +09:00
|
|
|
import Network.HTTP.Client (Manager, HttpException, requestFromURI)
|
2019-01-19 11:57:58 +09:00
|
|
|
import Network.HTTP.Simple (httpJSONEither, getResponseBody, setRequestManager, addRequestHeader)
|
2019-01-22 00:54:57 +09:00
|
|
|
import Network.HTTP.Types.Header (hDate, hHost)
|
2019-01-19 10:56:50 +09:00
|
|
|
import Text.Blaze.Html (Html)
|
2019-02-12 20:53:24 +09:00
|
|
|
import Text.Shakespeare.I18N (RenderMessage)
|
2019-01-19 10:56:50 +09:00
|
|
|
import UnliftIO.Exception (try)
|
2019-01-22 00:54:57 +09:00
|
|
|
import Yesod.Auth (requireAuth)
|
2019-02-12 20:53:24 +09:00
|
|
|
import Yesod.Core (ContentType, defaultLayout, whamlet, toHtml, HandlerSite)
|
2019-02-07 19:34:33 +09:00
|
|
|
import Yesod.Core.Content (TypedContent)
|
2019-01-19 10:56:50 +09:00
|
|
|
import Yesod.Core.Json (requireJsonBody)
|
|
|
|
import Yesod.Core.Handler
|
2019-02-12 20:53:24 +09:00
|
|
|
import Yesod.Form.Fields (Textarea (..), textField, textareaField)
|
|
|
|
import Yesod.Form.Functions
|
|
|
|
import Yesod.Form.Types
|
2019-01-22 00:54:57 +09:00
|
|
|
import Yesod.Persist.Core (runDB, get404)
|
2019-01-19 10:56:50 +09:00
|
|
|
|
|
|
|
import qualified Data.ByteString.Char8 as BC (unpack)
|
|
|
|
import qualified Data.CaseInsensitive as CI (mk)
|
2019-01-22 00:54:57 +09:00
|
|
|
import qualified Data.HashMap.Strict as M (lookup, insert, adjust, fromList)
|
|
|
|
import qualified Data.Text as T (pack, unpack)
|
|
|
|
import qualified Data.Text.Lazy as TL (toStrict)
|
2019-01-19 10:56:50 +09:00
|
|
|
import qualified Data.Vector as V (length, cons, init)
|
|
|
|
import qualified Network.Wai as W (requestMethod, rawPathInfo, requestHeaders)
|
|
|
|
|
|
|
|
import Network.HTTP.Signature hiding (Algorithm (..))
|
2019-01-19 13:21:56 +09:00
|
|
|
import Yesod.HttpSignature (verifyRequestSignature)
|
2019-01-19 10:56:50 +09:00
|
|
|
|
|
|
|
import qualified Network.HTTP.Signature as S (Algorithm (..))
|
|
|
|
|
2019-02-12 20:53:24 +09:00
|
|
|
import Data.Aeson.Encode.Pretty.ToEncoding
|
2019-02-08 08:08:28 +09:00
|
|
|
import Network.FedURI
|
2019-01-22 00:54:57 +09:00
|
|
|
import Web.ActivityPub
|
2019-02-12 20:53:24 +09:00
|
|
|
import Yesod.Auth.Unverified
|
2019-01-22 00:54:57 +09:00
|
|
|
|
2019-02-07 19:34:33 +09:00
|
|
|
import Vervis.ActorKey
|
2019-01-22 00:54:57 +09:00
|
|
|
import Vervis.Foundation
|
|
|
|
import Vervis.Model
|
2019-01-19 10:56:50 +09:00
|
|
|
import Vervis.Settings (AppSettings (appHttpSigTimeLimit))
|
|
|
|
|
|
|
|
getInboxR :: Handler Html
|
|
|
|
getInboxR = do
|
|
|
|
acts <- liftIO . readTVarIO =<< getsYesod appActivities
|
|
|
|
defaultLayout
|
|
|
|
[whamlet|
|
|
|
|
<p>
|
|
|
|
Welcome to the ActivityPub inbox test page! It's the beginning of
|
|
|
|
federation support in Vervis. Currently POSTing activities
|
|
|
|
doesn't do anything, they're just verified and the results are
|
2019-02-12 20:53:24 +09:00
|
|
|
displayed on this page. To test, go to another Vervis instance's
|
|
|
|
outbox page, submit an activity, and come back here to see
|
|
|
|
results.
|
2019-01-19 10:56:50 +09:00
|
|
|
<p>Last 10 activities posted:
|
|
|
|
<ul>
|
|
|
|
$forall (time, result) <- acts
|
|
|
|
<li>
|
|
|
|
<div>#{show time}
|
|
|
|
$case result
|
|
|
|
$of Left e
|
|
|
|
<div>#{e}
|
|
|
|
$of Right (ct, o)
|
|
|
|
<div><code>#{BC.unpack ct}
|
|
|
|
<div><pre>#{decodeUtf8 o}
|
|
|
|
|]
|
|
|
|
|
|
|
|
postInboxR :: Handler ()
|
|
|
|
postInboxR = do
|
|
|
|
now <- liftIO getCurrentTime
|
|
|
|
r <- runExceptT $ getActivity now
|
|
|
|
let item = (now, second (second encodePretty) r)
|
|
|
|
acts <- getsYesod appActivities
|
|
|
|
liftIO $ atomically $ modifyTVar' acts $ \ vec ->
|
|
|
|
let vec' = item `V.cons` vec
|
|
|
|
in if V.length vec' > 10
|
|
|
|
then V.init vec'
|
|
|
|
else vec'
|
|
|
|
case r of
|
|
|
|
Right _ -> return ()
|
|
|
|
Left _ -> notAuthenticated
|
|
|
|
where
|
|
|
|
liftE = ExceptT . pure
|
|
|
|
getActivity :: UTCTime -> ExceptT String Handler (ContentType, HashMap Text Value)
|
|
|
|
getActivity now = do
|
|
|
|
contentType <- do
|
|
|
|
ctypes <- lookupHeaders "Content-Type"
|
|
|
|
liftE $ case ctypes of
|
|
|
|
[] -> Left "Content-Type not specified"
|
|
|
|
[x] -> case x of
|
|
|
|
"application/activity+json" -> Right x
|
|
|
|
"application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"" -> Right x
|
|
|
|
_ -> Left "Unknown Content-Type"
|
|
|
|
_ -> Left "More than one Content-Type given"
|
2019-01-19 13:21:56 +09:00
|
|
|
HttpSigVerResult result <- ExceptT . fmap (first displayException) $ verifyRequestSignature now
|
|
|
|
uActor <- liftE result
|
2019-01-19 10:56:50 +09:00
|
|
|
o <- requireJsonBody
|
|
|
|
activityActor <-
|
|
|
|
liftE $
|
|
|
|
case M.lookup "actor" o of
|
|
|
|
Nothing -> Left "Activity has no actor member"
|
|
|
|
Just v -> case v of
|
2019-02-08 08:08:28 +09:00
|
|
|
String t -> case parseFedURI t of
|
|
|
|
Left e -> Left $ "Activity actor URI parsing failed: " ++ e
|
|
|
|
Right uri -> Right uri
|
2019-01-19 10:56:50 +09:00
|
|
|
_ -> Left "Activity actor isn't a JSON string"
|
|
|
|
liftE $ if activityActor == uActor
|
|
|
|
then Right ()
|
|
|
|
else Left "Activity's actor != Signature key's actor"
|
|
|
|
liftE $ case M.lookup "object" o of
|
|
|
|
Nothing -> Right ()
|
|
|
|
Just v -> case v of
|
|
|
|
Object obj -> case M.lookup "actor" obj <|> M.lookup "attributedTo" obj of
|
|
|
|
Nothing -> Right ()
|
|
|
|
Just v' -> case v' of
|
2019-02-08 08:08:28 +09:00
|
|
|
String t -> case parseFedURI t of
|
|
|
|
Left e -> Left $ "Activity actor URI parsing failed: " ++ e
|
|
|
|
Right uri ->
|
2019-01-19 10:56:50 +09:00
|
|
|
if uri == uActor
|
|
|
|
then Right ()
|
|
|
|
else Left "Activity object's actor doesn't match activity's actor"
|
|
|
|
_ -> Left "Activity actor isn't a JSON string"
|
|
|
|
_ -> Left "Activity's object isn't a JSON object"
|
|
|
|
return (contentType, o)
|
2019-01-22 00:54:57 +09:00
|
|
|
|
2019-02-12 20:53:24 +09:00
|
|
|
{-
|
2019-01-22 00:54:57 +09:00
|
|
|
jsonField :: (FromJSON a, ToJSON a) => Field Handler a
|
|
|
|
jsonField = checkMMap fromTextarea toTextarea textareaField
|
|
|
|
where
|
|
|
|
toTextarea = Textarea . TL.toStrict . encodePrettyToLazyText
|
|
|
|
fromTextarea = return . first T.pack . eitherDecodeStrict' . encodeUtf8 . unTextarea
|
2019-02-12 20:53:24 +09:00
|
|
|
-}
|
2019-01-22 00:54:57 +09:00
|
|
|
|
2019-02-12 20:53:24 +09:00
|
|
|
fedUriField
|
|
|
|
:: (Monad m, RenderMessage (HandlerSite m) FormMessage) => Field m FedURI
|
|
|
|
fedUriField = Field
|
|
|
|
{ fieldParse = parseHelper $ \ t ->
|
|
|
|
case parseFedURI t of
|
|
|
|
Left e -> Left $ MsgInvalidUrl $ T.pack e <> ": " <> t
|
|
|
|
Right u -> Right u
|
|
|
|
, fieldView = \theId name attrs val isReq ->
|
|
|
|
[whamlet|<input ##{theId} name=#{name} *{attrs} type=url :isReq:required value=#{either id renderFedURI val}>|]
|
|
|
|
, fieldEnctype = UrlEncoded
|
|
|
|
}
|
|
|
|
|
|
|
|
activityForm :: Form (FedURI, Text)
|
|
|
|
activityForm = renderDivs $ (,)
|
|
|
|
<$> areq fedUriField "To" (Just defto)
|
|
|
|
<*> areq textField "Message" (Just defmsg)
|
2019-01-22 00:54:57 +09:00
|
|
|
where
|
2019-02-12 20:53:24 +09:00
|
|
|
defto = FedURI "forge.angeley.es" "/p/fr33" ""
|
|
|
|
defmsg = "Hi! Nice to meet you :)"
|
2019-01-22 00:54:57 +09:00
|
|
|
|
|
|
|
activityWidget :: Widget -> Enctype -> Widget
|
|
|
|
activityWidget widget enctype =
|
|
|
|
[whamlet|
|
2019-02-12 20:53:24 +09:00
|
|
|
<p>
|
|
|
|
This is a federation test page. Provide a recepient actor URI and
|
|
|
|
message text, and a Create activity creating a new Note will be sent
|
|
|
|
to the destination server.
|
2019-01-22 00:54:57 +09:00
|
|
|
<form method=POST action=@{OutboxR} enctype=#{enctype}>
|
|
|
|
^{widget}
|
|
|
|
<input type=submit>
|
|
|
|
|]
|
|
|
|
|
|
|
|
getOutboxR :: Handler Html
|
|
|
|
getOutboxR = do
|
|
|
|
((_result, widget), enctype) <- runFormPost activityForm
|
|
|
|
defaultLayout $ activityWidget widget enctype
|
|
|
|
|
2019-02-12 20:53:24 +09:00
|
|
|
route2uri' :: (Route App -> Text) -> Route App -> FedURI
|
|
|
|
route2uri' renderUrl r =
|
|
|
|
case parseFedURI $ renderUrl r of
|
|
|
|
Left e -> error e
|
|
|
|
Right u -> u
|
|
|
|
|
2019-01-22 00:54:57 +09:00
|
|
|
postOutboxR :: Handler Html
|
|
|
|
postOutboxR = do
|
|
|
|
((result, widget), enctype) <- runFormPost activityForm
|
|
|
|
defaultLayout $ activityWidget widget enctype
|
|
|
|
case result of
|
|
|
|
FormMissing -> setMessage "Field(s) missing"
|
|
|
|
FormFailure _l -> setMessage "Invalid input, see below"
|
2019-02-12 20:53:24 +09:00
|
|
|
FormSuccess (to, msg) -> do
|
|
|
|
shr <- do
|
|
|
|
Entity _pid person <- requireVerifiedAuth
|
|
|
|
sharer <- runDB $ get404 $ personIdent person
|
|
|
|
return $ sharerIdent sharer
|
2019-01-22 00:54:57 +09:00
|
|
|
renderUrl <- getUrlRender
|
2019-02-12 20:53:24 +09:00
|
|
|
let route2uri = route2uri' renderUrl
|
2019-02-15 07:13:58 +09:00
|
|
|
actor = route2uri $ SharerR shr
|
|
|
|
actorID = renderUrl $ SharerR shr
|
2019-02-12 20:53:24 +09:00
|
|
|
appendPath u t = u { furiPath = furiPath u <> t }
|
|
|
|
activity = CreateActivity Create
|
|
|
|
{ createId = appendPath actor "/fake-activity"
|
|
|
|
, createTo = to
|
|
|
|
, createActor = actor
|
|
|
|
, createObject = Note
|
|
|
|
{ noteId = appendPath actor "/fake-note"
|
|
|
|
, noteAttrib = actor
|
|
|
|
, noteTo = to
|
|
|
|
, noteReplyTo = Nothing
|
|
|
|
, noteContent = msg
|
|
|
|
}
|
|
|
|
}
|
2019-01-22 00:54:57 +09:00
|
|
|
manager <- getsYesod appHttpManager
|
|
|
|
eres <- httpGetAP manager to
|
|
|
|
case eres of
|
|
|
|
Left (APGetErrorHTTP e) -> setMessage $ toHtml $ "Failed to GET the recipient actor: " <> T.pack (displayException e)
|
|
|
|
Left (APGetErrorJSON e) -> setMessage $ toHtml $ "Failed to parse recipient actor JSON: " <> T.pack (displayException e)
|
2019-01-22 07:24:09 +09:00
|
|
|
Left (APGetErrorContentType e) -> setMessage $ toHtml $ "Got unexpected Content-Type for actor JSON: " <> e
|
2019-01-22 00:54:57 +09:00
|
|
|
Right response -> do
|
|
|
|
let actor = getResponseBody response
|
|
|
|
if actorId actor /= to
|
|
|
|
then setMessage "Fetched actor JSON but its id doesn't match the URL we fetched"
|
|
|
|
else do
|
2019-02-07 19:34:33 +09:00
|
|
|
(akey1, akey2, new1) <- liftIO . readTVarIO =<< getsYesod appActorKeys
|
|
|
|
let (keyID, akey) =
|
|
|
|
if new1
|
2019-02-12 20:53:24 +09:00
|
|
|
then (renderUrl ActorKey1R, akey1)
|
|
|
|
else (renderUrl ActorKey2R, akey2)
|
2019-02-07 19:34:33 +09:00
|
|
|
sign b = (KeyId $ encodeUtf8 keyID, actorKeySign akey b)
|
2019-02-12 20:53:24 +09:00
|
|
|
eres' <- httpPostAP manager (actorInbox actor) (hRequestTarget :| [hHost, hDate, hActivityPubActor]) sign actorID activity
|
2019-02-08 08:08:28 +09:00
|
|
|
case eres' of
|
2019-01-22 00:54:57 +09:00
|
|
|
Left e -> setMessage $ toHtml $ "Failed to POST to recipient's inbox: " <> T.pack (displayException e)
|
|
|
|
Right _ -> setMessage "Activity posted! You can go to the target server's /inbox to see the result."
|
|
|
|
defaultLayout $ activityWidget widget enctype
|
2019-02-07 19:34:33 +09:00
|
|
|
|
|
|
|
getActorKey :: ((ActorKey, ActorKey, Bool) -> ActorKey) -> Route App -> Handler TypedContent
|
|
|
|
getActorKey choose route = do
|
|
|
|
actorKey <-
|
|
|
|
liftIO . fmap (actorKeyPublicBin . choose) . readTVarIO =<<
|
|
|
|
getsYesod appActorKeys
|
2019-02-12 20:53:24 +09:00
|
|
|
route2uri <- route2uri' <$> getUrlRender
|
2019-02-07 19:34:33 +09:00
|
|
|
selectRep $
|
|
|
|
provideAP PublicKey
|
|
|
|
{ publicKeyId = route2uri route
|
|
|
|
, publicKeyExpires = Nothing
|
|
|
|
, publicKeyOwner = route2uri HomeR
|
|
|
|
, publicKeyPem = PEM "PUBLIC KEY" [] actorKey
|
|
|
|
, publicKeyAlgo = Just AlgorithmEd25519
|
|
|
|
, publicKeyShared = True
|
|
|
|
}
|
|
|
|
|
|
|
|
getActorKey1R :: Handler TypedContent
|
|
|
|
getActorKey1R = getActorKey (\ (k1, _, _) -> k1) ActorKey1R
|
|
|
|
|
|
|
|
getActorKey2R :: Handler TypedContent
|
|
|
|
getActorKey2R = getActorKey (\ (k1, _, _) -> k1) ActorKey2R
|