1
0
Fork 0
mirror of https://code.sup39.dev/repos/Wqawg synced 2024-12-31 08:04:52 +09:00
Commit graph

771 commits

Author SHA1 Message Date
fr33domlover
828e015c54 Rename TicketDepR to TicketDepOldR; we're going to use TicketDepR in a new way 2019-07-08 15:54:41 +00:00
fr33domlover
d2e64d2920 Fix outbox item pretty display, it was highlighted but not pretty-encoded 2019-06-30 16:53:53 +00:00
fr33domlover
deedc961c5 If highlight backend not set for pretty JSON, assume Skylighting
Highlighter2 doesn't work for JSON anyway (not sure why yet).
2019-06-30 14:38:23 +00:00
fr33domlover
31d7e9eac7 Display times and link to activity in inbox, outbox and notifications 2019-06-30 14:04:28 +00:00
fr33domlover
dc631a98c5 Fix typo in Create Note summary text formatting 2019-06-30 11:20:43 +00:00
fr33domlover
a09585f074 Specify noteSource when inserting C2S ticket comment 2019-06-30 02:52:40 +00:00
fr33domlover
4b045118f9 Address project followers when posting ticket comment in regular UI 2019-06-30 02:23:58 +00:00
fr33domlover
d8da1f2abf Display summary and pretty JSON for notifications and for outboxes 2019-06-30 01:41:54 +00:00
fr33domlover
2109974709 Publish project outbox URL in project AP JSON 2019-06-30 01:18:52 +00:00
fr33domlover
add8a3a23b Display pretty JSON on user page 2019-06-30 01:17:47 +00:00
fr33domlover
2376cbd479 When receiving Offer in inbox, expect ticket's 'published' NOT to be set 2019-06-29 23:32:34 +00:00
fr33domlover
d73c3928a0 In inbox display, show summary when available, otherwise show highlighted JSON 2019-06-29 23:16:52 +00:00
fr33domlover
f7b7a417eb Highlight JSON with Skylighting by default, Highligher2 isn't working on it 2019-06-29 23:15:41 +00:00
fr33domlover
90cb4fcd88 Data.Aeson.Encode.Pretty.ToEncoding: Use encodePrettyToTextBuilder as base
aeson-pretty implements by formatting using a text Builder, and the ByteString
is encoded from that. So instead of decoding the ByteString to produce Text or
Builder, use the Builder as the starting point, to match how aeson-pretty works
and save computation and weird backwards-decoding stuff.
2019-06-29 22:39:42 +00:00
fr33domlover
183e9a7754 Encode pretty JSON using encodePretty, highlighting doesn't do formatting! 2019-06-29 22:38:42 +00:00
fr33domlover
685b7ec2bc Add option to render pretty AP JSON using Skylighting
highligher2 doesn't have a JSON syntax and the JS lexer seems to be failing,
not sure exactly why yet. To have an alternative, I'm adding a Skylighting
option.
2019-06-29 20:31:01 +00:00
fr33domlover
590e3928a5 Vervis.Migration: Replace fromJust in migration #109 with informative error 2019-06-29 17:18:48 +00:00
fr33domlover
6d72d676e7 Switch OutboxItem's Activity from plain BL to an upgraded PersistJSONObject 2019-06-29 03:19:00 +00:00
fr33domlover
e10b4d452a Treat outbox items in DB as bytestrings to avoid depending on JSON parsing 2019-06-28 23:15:08 +00:00
fr33domlover
e5f9b34ad2 Unset ticket closer PersonId for tickets that aren't closed 2019-06-27 12:19:37 +00:00
fr33domlover
63689aef1a Fix SQL query that selects ticket summary data, was making getTicketsR fail 2019-06-27 11:47:23 +00:00
fr33domlover
9f3e45c113 When Accepting an Offer{Ticket}, automatically add author as ticket follower 2019-06-26 01:37:29 +00:00
fr33domlover
07f76d2a6f Publish Accept activity when creating a new ticket from the Offer 2019-06-26 01:12:11 +00:00
fr33domlover
0a4c2ad817 Add a new-ticket form to /publish page, and handle in sharer outbox 2019-06-23 12:39:44 +00:00
fr33domlover
4be444f5ab Bring back postTicketsR, now implemented using offerTicketC 2019-06-23 10:00:11 +00:00
fr33domlover
55fdb5437c Write C2S Offer{Ticket} handler, not used in any route handlers yet
This patch doesn't just add the handler code, it also does lots of refactoring
and moves around pieces of code that are used in multiple places. There is
still lots of refactoring to make though. In this patch I tried to make minimal
changes to the existing Note handler to avoid breaking it. In later patches
I'll do some more serious refactoring, hopefully resulting with less mess in
the code.
2019-06-22 18:03:20 +00:00
fr33domlover
d6b999eaf3 C2S: Handle recipient grouping in dedicated Vervis.API.Recipient module 2019-06-20 23:22:25 +00:00
fr33domlover
7c30ee2d52 Switch activityId from LocalURI to Maybe LocalURI, for C2S posting without ID 2019-06-19 08:53:31 +00:00
fr33domlover
1ae924558f Use updateGet for atomic access to projectNextTicket
`updateGet` isn't atomic by default. In PostgreSQL the default isolation level
if committed read, and an `update` followed by a `get` doesn't guarantee you
get the same value you sent. However I'm making a patch for `persistent` to
make `updateGet` atomic for PostgreSQL.
2019-06-18 10:47:01 +00:00
fr33domlover
fb909adf2e Handle Offer{Ticket} in project inbox, and turn DB ticketTitle into HTML 2019-06-17 19:55:03 +00:00
fr33domlover
4d5fa0551f Refactor the types used in activity authentication and handle project recipient
- The data returned from activity authentication has nicer types now, and no
  mess of big tuples.
- Activity authentication code has its own module now, Vervis.Federation.Auth.
- The sharer inbox handler can now handle and store activities by a local
  project actor, forwarded from a remote actor. This isn't in use right now,
  but once projects start publishing Accept activities, or other things, it may
  be needed.
2019-06-16 21:39:50 +00:00
fr33domlover
e1ae75b50c Add project outbox and outbox item routes 2019-06-16 21:37:31 +00:00
fr33domlover
a65979f5af Give Project an Outbox in the DB 2019-06-16 21:34:06 +00:00
fr33domlover
64a377b12f Use syntax highlighting in outbox item JSON display 2019-06-16 21:32:18 +00:00
fr33domlover
5aaf2ba8a9 Rename OutboxR to SharerOutboxR, because projects will have outboxes too 2019-06-16 14:58:00 +00:00
fr33domlover
ade24bb534 Pretty JSON display for getActorKey1/2 and getOutboxItemR 2019-06-15 19:03:39 +00:00
fr33domlover
499479b662 Decouple OutboxItem from Person via a new table named Outbox 2019-06-15 18:51:26 +00:00
fr33domlover
6452d239f2 Optional activity summary, set it when handling a Note in C2S 2019-06-15 16:24:34 +00:00
fr33domlover
68bdaf65a7 S2S sharer inbox: Handle Offer{Ticket} yay! 2019-06-15 14:51:48 +00:00
fr33domlover
2abb6a44a4 Load settings from default settings filename, not reading it from command line 2019-06-15 08:58:20 +00:00
fr33domlover
057f57ff0d Load settings only at run time, not using compile time settings at all 2019-06-15 08:56:20 +00:00
fr33domlover
4b20ed23b6 Stop using Vervis.Import and NoImplicitPrelude, switch to plain regular imports 2019-06-15 08:24:08 +00:00
fr33domlover
7686f3777e New module structure for ActivityPub C2S and S2S code 2019-06-15 04:39:13 +00:00
fr33domlover
1fb1829f6e Generate an Offer Ticket for every ticket, including project inbox item
CRITICAL: Due to the requirement that each new ticket points to its Offer
activity, ticket creation has been disabled! The next patches should implement
C2S submission of Offer Ticket, and then ticket creation will work again. Sorry
for that.
2019-06-14 17:45:37 +00:00
fr33domlover
4d61672f94 Add a MonadUnliftIO constraint in RemoteActorStore, was removed from MonadSite
Since MonadSite now requires MonadIO, and not MonadUnliftIO, to allow for more
instances, the MonadUnliftIO constraint may need to be added manually
sometimes.
2019-06-14 17:40:57 +00:00
fr33domlover
698059763a When building with dev flag, disable the approot host check middleware
This allows to browse via e.g. localhost:3000 even if the instance host is
something else and the rendered URLs don't have a port number. It still makes
many things impossible or inconvenient, but at least you can launch Vervis
locally for development and see pages. Right now even CSS doesn't work because
of the URLs not matching the actual localhost:3000 access. Maybe gradually I'll
figure it out.
2019-06-14 17:36:31 +00:00
fr33domlover
f8f3a31a8d Yesod.FedURI and Yesod.Hashids switch from MonadHandler to MonadSite 2019-06-14 17:21:38 +00:00
fr33domlover
6df2200f47 Yesod.MonadSite module gets some nice upgrades
- Fork and async are no longer class methods, which simplifies things a lot and
  allows for many more trivial instances, much like with MonadHandler. Fork and
  async are still available, but instead of unnecessarily being class methods,
  they are now provided as follows: You can fork and async a worker (no more
  fork/async for handler, because I never actually need that, and not sure
  there's ever a need for that in general), and you can do that from any
  MonadSite. So, you can fork or async a worker from a Handler, from a Worker,
  from a ReaderT on top of them e.g. inside runDB, and so on.
- Following the simplification, new MonadSite instances are provided, so far
  just the ones in actual use in the code. ReaderT, ExceptT and lazy RWST. More
  can be added easily. Oh, and WidgetFor got an instance too.

In particular, this change means there's no usage of `forkHandler` anymore, at
all. I wonder if it ever makes a difference to `forkWorker` versus
`forkHandler`. Like, does it cause memory leaks or anything. I guess could
check why `forkResource` etc. is good for in `forkHandler` implementation. I
suppose if needed, I could fix possible memory leaks in `forkWorker`.
2019-06-14 17:10:12 +00:00
fr33domlover
42febca91f Run DB migrations in Worker monad, to allow convenient MonadSite access 2019-06-12 22:17:06 +00:00
fr33domlover
b40ef116b1 For tickets by remote authors, link in the DB to the RemoteActivity, the Offer 2019-06-12 22:14:19 +00:00
fr33domlover
5df8965488 Some cleanup and term updates in Web.ActivityPub to match the spec and plans
* No more full URIs, all terms are used as short non-prefixed names
* Some terms support parsing full URI form for compatibility with objects in DB
* No more @context checking when parsing
* Use the new ForgeFed context URI specified in the spec draft
* Use an extension context URI for all custom properties not specific to forges
* Rename "events" property to "history", thanks cjslep for suggesting this name
2019-06-12 00:11:24 +00:00
fr33domlover
61d1029926 Project team and followers
* Have a project team collection, content is the same as ticket team (but
  potentially ticket team allows people to opt out of updates on specific
  tickets, while project team isn't tied to any specific ticket or other child
  object)
* Have a project followers collection, and address it in ticket comments in
  addition to the already used recipients (project, ticket team, ticket
  followers)
2019-06-11 12:19:51 +00:00
fr33domlover
970fa240fc Deliver to project inbox in postOutboxR and postProjectInboxR 2019-06-09 21:06:26 +00:00
fr33domlover
322d09658e (Hopefully correctly) fill project inboxes with ticket comment Create Notes 2019-06-09 18:41:37 +00:00
fr33domlover
bad1844cfc Reuse the getSharerInboxR code to implement getProjectInboxR 2019-06-09 16:45:53 +00:00
fr33domlover
f4e324e587 Give each project an inbox in DB 2019-06-09 16:21:23 +00:00
fr33domlover
f70aa42060 Add UniquePersonInbox to persistent model; each user has their own unique inbox 2019-06-09 15:56:42 +00:00
fr33domlover
71ab1c4459 Syntax-highlight the pretty JSON display of AP objects 2019-06-09 14:32:57 +00:00
fr33domlover
090c562553 Add an Inbox table in DB, make inbox related tables use it instead of Person
This allows the inbox system to be separate from Person, allowing other kinds
of objects to have inboxes too. Much like there's FollowerSet which works
separately from Tickets, and will allow to have follower sets for projects,
users, etc. too.

Inboxes are made independent from Person users because I'm going to give
Projects inboxes too.
2019-06-09 13:16:32 +00:00
fr33domlover
b1897a20c0 Allow ticket author to be a remote actor 2019-06-07 04:26:32 +00:00
fr33domlover
d73b113b4f Wrap AP Ticket in an Offer activity, this is how tickets will be created 2019-06-06 14:16:48 +00:00
fr33domlover
b69442b448 Move AP Ticket local URI fields into a dedicated TicketLocal type 2019-06-06 10:25:16 +00:00
fr33domlover
e31c8c600b Turn some AP ticket fields into Maybes 2019-06-04 09:36:14 +00:00
fr33domlover
04a2e9a817 In HTML pages with AP support, display link to pretty formatted JSON 2019-06-03 22:22:32 +00:00
fr33domlover
708f626294 Provide ActivityPub representation of tickets in getTicketR 2019-06-03 21:52:34 +00:00
fr33domlover
f7432e515c Add ticketDescription DB entity field, containing pandoc-rendered HTML 2019-06-03 12:45:02 +00:00
fr33domlover
17fe163c09 Rename ticketDesc to ticketSource 2019-06-03 11:02:28 +00:00
fr33domlover
5111cd9bc7 Forgot to record this line of code when renamed ProjectRole entity to Role 2019-06-03 11:01:21 +00:00
fr33domlover
46f116da60 In new comment form, turn CRLF into LF when running the form 2019-06-02 14:59:47 +00:00
fr33domlover
c7dccbb7fe Render in advance and store comment content as HTML alongside Markdown source 2019-06-02 14:41:51 +00:00
fr33domlover
facf4d7f3e Rename messageContent field to messageSource; content will soon be HTML 2019-06-02 12:04:35 +00:00
fr33domlover
21b7325c1b Rename role related tables to reflect the role unification
There used to be project roles and repo roles, and they were separate. A while
ago I merged them, and there has been a single role system, used with both
repos and projects. However the table names were still "ProjectRole" and things
like that. This patch renames some tables to just refer to a "Role" because
there's only one kind of role system.
2019-05-31 15:02:57 +00:00
fr33domlover
eb514b8c3f Use path segment in HighlightStyleR, addStylesheet doesn't support query params 2019-05-27 19:54:11 +00:00
fr33domlover
e02a0fa4db Make pandoc highlight style configurable in settings and in query parameter 2019-05-27 18:30:48 +00:00
fr33domlover
b8b226d15c Highlight code segments in pandoc rendered source file views 2019-05-27 13:28:57 +00:00
fr33domlover
18e9c16afb Define breadcrumbs for TicketTeamR and TicketParticipantsR 2019-05-26 10:32:56 +00:00
fr33domlover
70d51faa70 In notifications page, remove accidental display of hidden field labels 2019-05-25 22:27:20 +00:00
fr33domlover
b7e2776e6a Implement getTicketTeamR & getTicketParticipantsR (AS2 & HTML showing the JSON) 2019-05-25 22:05:59 +00:00
fr33domlover
ae1e10cab2 Vervis.Handler.Ticket: Import esqueleto qualified 2019-05-25 22:04:06 +00:00
fr33domlover
9689e9d471 Fix redirection bug in SharerInboxR 2019-05-25 20:24:13 +00:00
fr33domlover
95a0806ef3 Fix MessageR, setting audience to the one specified in the Create activity 2019-05-25 13:01:15 +00:00
fr33domlover
e848fe5fed Add unique UniqueLocalMessageCreate 2019-05-25 12:59:54 +00:00
fr33domlover
2eade80cfb Rewrite the localMessageCreate migration to insert real activities
A thing still missing there is that it sets empty audience for comments on
remote tickets, but that's fine because dev.angeley.es doesn't have such
comments in the database.
2019-05-25 12:44:09 +00:00
fr33domlover
e81eb80b8b Add field localMessageCreate, pointing to the OutboxItem that created it
I added a migration that creates an ugly fake OutboxItem for messages that
don't have one. I'll try to turn it into a real one. And then very possibly
remove the whole ugly migration, replacing it with addFielfRefRequiredEmpty,
which should work for empty instances.
2019-05-25 03:23:57 +00:00
fr33domlover
d77877eba5 In persistent models for migrations, suffix the names of uniques too 2019-05-25 03:20:01 +00:00
fr33domlover
5479c99e1c Serve trivial HTML (that just displays the JSON object) in getMessageR 2019-05-24 16:09:58 +00:00
fr33domlover
bd99729656 Loading settings was using deprecated functions, switch to new ones 2019-05-24 15:45:36 +00:00
fr33domlover
23e760e373 Build with LTS 13, GHC 8.6 2019-05-24 11:49:39 +00:00
fr33domlover
b64984495f Switch all HandlerT/WidgetT uses to HandlerFor/WidgetFor 2019-05-23 09:12:24 +00:00
fr33domlover
c531f41565 Implement basic notifications in DB and UI 2019-05-22 21:50:30 +00:00
fr33domlover
6d55b8c5d7 Display remote actor name in remote message view 2019-05-21 09:11:13 +00:00
fr33domlover
d1fea9eb51 Store names of remote actors in DB for display 2019-05-21 08:44:11 +00:00
fr33domlover
2573ff1d93 Parse and publish actor outboxes 2019-05-21 00:36:05 +00:00
fr33domlover
40d9a0990d Serve AS2 in getSharerInboxR 2019-05-21 00:14:49 +00:00
fr33domlover
7bcbe52274 Implement getOutboxR, both (trivial) HTML and AS2 2019-05-20 23:51:06 +00:00
fr33domlover
f07b56c259 Implement getOutboxItemR, serving AS2 and basic HTML 2019-05-18 10:09:47 +00:00
fr33domlover
6d304b9307 Smarter treatment of recipients that are collections
- Allow client to specify recipients that don't need to be delivered to
- When fetching recipient, recognize collections and don't try to deliver to
  them
- Remember collections in DB, and use that to skip HTTP delivery
2019-05-17 22:42:01 +00:00
fr33domlover
48882d65ad Allow AP C2S client to list recipients that aren't actors to deliver to 2019-05-17 10:47:53 +00:00
fr33domlover
07281f6900 Fix infinite loop in ActivityPub audience parsing 2019-05-16 21:22:45 +00:00
fr33domlover
b12ad49b62 Remove unused accidentally left line 2019-05-16 21:21:51 +00:00
fr33domlover
ebc3f016b6 In outbox POST handler logging, fix the display of OutboxItemId number 2019-05-12 20:24:33 +00:00
fr33domlover
d70d34bb6b Debug logs for periodic delivery 2019-05-11 22:26:06 +00:00
fr33domlover
48cfccd3d2 Use forkFinally in ResultShare to be sure we always catch exceptions & set MVar 2019-05-10 21:33:08 +00:00
fr33domlover
f88dcef0d7 Do some debug logging during delivery in outbox POST handler 2019-05-10 20:38:55 +00:00
fr33domlover
770983e829 In outbox POST handler, run async delivery using Worker instead of Handler
Worker is enough and seems much simpler. forkHandler does stuff with
forkResourceT and more stuff that I don't exactly understand and which may
involve more resource allocation. I guess forkWorker would generally be the
preferred approach, and there are bugs with delivery leading to sudden
CPU/memory peaks forcing me to kill the process. Maybe not related, just
mentioning it ^_^
2019-05-10 04:36:21 +00:00
fr33domlover
e29053145f Log errors for linked delivery from outbox, both in handler and periodic 2019-05-09 23:09:34 +00:00
fr33domlover
635952a797 When parsing a LocalURI, use a *valid* dummy host
The previous dummy host was "h", which doesn't contain periods, so the `FedURI`
parser rejects it.
2019-05-09 22:03:19 +00:00
fr33domlover
273fcf972f When delivering activities, sign the Digest header
Looks like I forgot to add it to the list of headers to sign
2019-05-09 21:26:33 +00:00
fr33domlover
ddb6bb0472 When publishing a comment via PublishR, don't specify 'published' time
The server expects not to see it, and wants to set it by itself
2019-05-07 03:12:47 +00:00
fr33domlover
0e4070db75 In ticket discussion, have links to the individual messages (MessageR route) 2019-05-07 02:54:45 +00:00
fr33domlover
9bc78bf303 When posting ticket comment in regular UI, don't specify published time
The outbox handler wants to set it, and it expects it not be set by the client.
2019-05-07 01:51:21 +00:00
fr33domlover
a6bfb0cf36 Show note about federation being disabled, and list other known instances 2019-05-05 22:00:26 +00:00
fr33domlover
6bba8ff47f Fix breadcrumb of TicketMessageR 2019-05-05 21:02:26 +00:00
fr33domlover
67a77b1897 In layout header, link to federation status info page 2019-05-05 11:36:10 +00:00
fr33domlover
8303baa69d Implement GETing the personal inbox 2019-05-05 10:20:55 +00:00
fr33domlover
f6eaca2fa8 When project receives remote ticket comment, add author to followers 2019-05-03 23:55:49 +00:00
fr33domlover
5770c62692 Plug the project inbox handler code into the actual POST handler function 2019-05-03 23:18:57 +00:00
fr33domlover
b0a26722d3 Do inbox forwarding in project inbox handler 2019-05-03 21:04:53 +00:00
fr33domlover
5d5c56695e Remember for deliveries in the DB, whether they should sign forwarding 2019-05-02 09:31:56 +00:00
fr33domlover
93cf861ed0 When delivering a comment on a remote ticket, enable inbox forwarding
In the new inbox forwarding scheme, we use an additional special HTTP signature
to indicate that we allow or expect forwarding, and to allow that forwarding to
later be verified. When delivering a comment on a remote ticket, we'd like the
project to do inbox forwarding. Based on the URI alone, it's impossible to tell
which recipient is the project, and I guess there are various tricks we could
use here, but for now a very simple solution is used: Enable forwarding for all
remote recipients whose host is the same as the ticket's host.
2019-05-02 02:06:47 +00:00
fr33domlover
3d9438714b In sharer inbox, accept forwarded activities, including ones of local users 2019-05-01 23:13:22 +00:00
fr33domlover
f789a773e4 Stop using YesodHttpSig, move code from Foundation to Federation 2019-04-29 07:39:20 +00:00
fr33domlover
951364036f Update activity POSTing code to use the new forwarding mechanism
It's not documented yet, but basically I replaced the custom input string with
an HTTPSig based one.
2019-04-28 10:18:50 +00:00
fr33domlover
1fcec035f0 Do some checks on the host in FedURI parsing
Until now, there were some simple host checks when verifying the HTTP sig,
meant to forbid hosts that are IP addresses, local hosts, and maybe other weird
cases. These checks moved to Network.FedURI, so now FedURIs in general aren't
allowed to have such hosts. The host type is still `Text` though, for now.
2019-04-28 09:47:32 +00:00
fr33domlover
342467297a Put inbox activity auth code in a dedicated function in Vervis.Federation 2019-04-26 21:41:01 +00:00
fr33domlover
9d5399d636 Give project actors signing keys, just like user actors, needed for forwarding
Since project actors are the ones sending inbox forwards, they need to announce
keys and allow their HTTP Signatures to be verified.
2019-04-26 13:04:00 +00:00
fr33domlover
811217fd17 Return keyid and digest after inbox verification, for use in forwarding 2019-04-26 04:15:07 +00:00
fr33domlover
f346da9106 New module Yesod.ActivityPub, use it in Vervis.Federation for delivery POSTing 2019-04-26 03:23:49 +00:00
fr33domlover
71d21ad459 In httpPostAP, support the new signature headers 2019-04-26 00:25:50 +00:00
fr33domlover
46fb4d1512 Add settings switch for activity debug reports 2019-04-25 22:46:27 +00:00
fr33domlover
d24710c46a When receiving activity to inbox, verify the body digest
This patch does a small simple change, however at the cost of the request body
not being available for display in the latest activity list, unless processing
succeeds. I'll fix this situation in a separate patch.
2019-04-25 18:05:02 +00:00
fr33domlover
57374ec816 When POSTing activities, set a Digest header using SHA-256 2019-04-25 15:49:15 +00:00
fr33domlover
825a91d185 Incomplete project inbox handler 2019-04-24 00:47:21 +00:00
fr33domlover
f462a67680 Implement sharer inbox handler
It runs checks against all the relevant tables, but ultimately just inserts the
activity into the recipient's inbox and nothing more, leaving the RemoteMessage
creation and inbox forwarding to the project inbox handler.
2019-04-23 02:57:53 +00:00
fr33domlover
e06f40b665 Switch from single inbox to individual inbox URIs; disable inbox post for now
Inbox post is disabled but in the next patches I'll code and integrate a fixed
complete one, hopefully finally getting ticket comment federation ready for
testing.

I'm making this change because if an actor receives an activity due to being
addressed in bto, ot bcc, or being listed in some remote collection, the server
doesn't have a way to tell which actor(s) are the intended recipients, without
having an individual inbox URL for each actor. I could use a different hack for
this, but it wouldn't be compatible with other AP servers (unless the whole
fediverse agrees on a method).

I wasn't using sharedInbox anyway, and it's an optimization either way.
2019-04-21 10:58:57 +00:00
fr33domlover
f7f15e0f63 When sending ticket comment in regular Vervis UI, deliver it using ActivityPub 2019-04-20 21:34:45 +00:00
fr33domlover
4f5c6532ee Switch postOutboxR to the new handler 2019-04-19 03:14:12 +00:00
fr33domlover
fc2ace3370 Insert ticket commenter to ticket followers, and never deliver to themselves 2019-04-18 23:37:33 +00:00
fr33domlover
47a9e0b5a0 Group by sharer ID too, hopefully this time it's enough 2019-04-18 20:20:58 +00:00
fr33domlover
4386e0f8af If federation is disabled, don't run periodic delivery 2019-04-18 19:50:31 +00:00
fr33domlover
50f12f855d In ticket summary SQL query, group by ticket ID, not by discussion ID
Each ticket has a single discussion ID, and each ticket has a unique one, so,
given an inner join of tickets and discussions, I think there should be exactly
1 way select a (ticket, discussion) pair given any of these.

But for some reason, PostgreSQL started complaining. Not sure what changed.
Anyway, for now, I switched the groupBy from discussion.id to ticket.id, which
is essentially the same, but for some reason makes PostgreSQL happy. It can't
tell that given a discussion ID, there's exactly 1 way to choose the ticket. Or
something like that. I wonder if I messed up something in DB migrations.
2019-04-18 19:35:04 +00:00
fr33domlover
b8c669f6fc New outbox post: Raise error if federation disabled but remote recipients found 2019-04-18 11:43:33 +00:00
fr33domlover
f37b9b3f52 Run the delivery worker priodically, settings control how often to run 2019-04-18 10:38:01 +00:00
fr33domlover
c9c7da5902 More insertBy' usage, and remove withHostLock from new outbox post handler 2019-04-16 18:03:02 +00:00
fr33domlover
735a6a39cb Use insertBy' in instanceAndActor 2019-04-16 17:26:06 +00:00
fr33domlover
b0da8747a2 In ActorFetchShare, use insertBy' to allow non-shared insertions
Before this patch, the shared fetch used plain insert, because it relied on
being the only place in the codebase where new RemoteActors get inserted. I was
hoping for that to be the case, but while I tweak things and handle fetching
URIs that can be an actor or a public key (for which ActorFetchShare isn't
sufficient without some smart modification), I'd like concurrent insertions to
be safe, without getting in the way of ActorFetchShare.

With this patch, it now uses insertBy', which doesn't mind concurrent
insertions.
2019-04-16 16:33:08 +00:00
fr33domlover
7c2fad7417 Implement fetchAPIDOrH using a dedicated error type 2019-04-16 16:10:17 +00:00
fr33domlover
25fcceabde postOutboxR: Use ResultShare for fetching recipient actor 2019-04-16 14:34:17 +00:00
fr33domlover
d5eefd1553 Implement outbox remote delivery, in handler and periodic, not used yet 2019-04-16 14:27:50 +00:00
fr33domlover
7946fe441d Add field errorSince to RemoteActor to track inbox POST unreachability 2019-04-12 01:09:45 +00:00
fr33domlover
3f9364e4aa Rename RemoteSharer entity to RemoteActor 2019-04-12 00:56:27 +00:00
fr33domlover
7621c0280a Rewrite ticketFollowers migration without insertKey, it causes problems 2019-04-11 16:43:46 +00:00
fr33domlover
9a306e762c Unfinished updated outbox handler 2019-04-11 13:44:44 +00:00
fr33domlover
7dda068ba3 Make the DB migrations not depend on current model 2019-04-11 13:26:57 +00:00
fr33domlover
1d854423cb Switch Audience from Vector to list and fix Public bug
* No good reason to use Vector, let's use list, it's just easier
* The Public URI recognizing code wasn't being used; now it is
2019-04-01 23:40:29 +00:00
fr33domlover
0c280c7af6 Add setting that says how much time to keep retrying activity delivery 2019-04-01 23:38:44 +00:00
fr33domlover
c2415301bc More type-safe handling of DB key Hashids 2019-03-29 03:25:32 +00:00
fr33domlover
228e954706 Create Note outbox handler, not in use yet
I wrote a function handleOutboxNote that's supposed to do the whole outbox POST
handler process. There's an outbox item table in the DB now, I adapted things
in various source files. Ticket comment federation work is still in progress.
2019-03-28 21:08:30 +00:00
fr33domlover
cdb1c8b121 Add settings option to disable federation 2019-03-25 00:17:24 +00:00
fr33domlover
e36d960d2b Rename handleActivity to handleInboxActivity 2019-03-23 15:45:44 +00:00
fr33domlover
85c6354291 Switch jsonb support from persistent-postgresql to a custom module
The custom module provides a parametric wrapper, allowing any specific
FromJSON/ToJSON instance to be used. It's a standalone module though, and not a
wrapper of persistent-postgresql, because persistent-postgresql uses aeson
Value and it prevents using toEncoding to get from the value directly to a
string.
2019-03-23 15:29:50 +00:00
fr33domlover
0032456925 Add noteAudience; record recipient of local remotely-targetted activities in DB 2019-03-23 02:57:34 +00:00
fr33domlover
58a56b6743 Make noteId optional, to support taking a Note in postOutboxR 2019-03-23 02:05:30 +00:00
fr33domlover
88d4c976ee Add route getMessageR, returns an Activity Note for any locally created Message 2019-03-22 20:46:42 +00:00
fr33domlover
6c186355f3 Change some top-level routes' breadcrumbs to be under HomeR 2019-03-22 05:17:58 +00:00
fr33domlover
c27636a438 Add route /publish for sending activities, getOutboxR now free to return outbox 2019-03-22 05:17:54 +00:00
fr33domlover
d40e1b8891 In outbox post form, provide parent and context, and default to ticket comment 2019-03-21 23:56:47 +00:00
fr33domlover
ad3a20d783 Receive remote comments on local ticket discussion 2019-03-21 22:57:15 +00:00
fr33domlover
72f96a0dff When verifying HTTPsig, return iid&rsid and remove duplicate shared usage check
* Adapt DB related code to return the InstanceId and RemoteSharerId
* Previously, when fetching a known shared key, we were running a DB
  check/update for the shared usage record. I noticed - and hopefully I
  correctly noticed - that this check already runs when we discover the keyId
  points to a shared key we already know. So, after successful sig
  verification, there's no need to run the check again. So I removed it.
2019-03-21 21:38:59 +00:00
fr33domlover
061c84349d Recognize the 3 variants of the Public collection URI when parsing audience 2019-03-21 19:13:36 +00:00
fr33domlover
77324442fc Fetch local messages by LocalMessageId, not by MessageId 2019-03-21 19:06:52 +00:00
fr33domlover
68b0ae7829 When receiving HTTP signed request, check the keyId host for weird cases
- Exclude hosts without periods, so things like localhost and IPv6 are rejected
- Exclude hosts without letters, so things like IPv4 are rejected
- Exclude the instance's own host, just in case somehow some fake activity
  slips in and gets approved, maybe even accidentally when delivered by another
  server
2019-03-20 12:27:40 +00:00
fr33domlover
747bbd5f0c Publish actor documents for projects, and add some new properties to Actor 2019-03-20 12:01:10 +00:00
fr33domlover
ade1157a04 Add a custom ActivityPub actor type: Project 2019-03-20 10:36:00 +00:00
fr33domlover
3f2a178830 New module Yesod.FedURI: Render routes into FedURI and LocalURI 2019-03-20 10:08:36 +00:00
fr33domlover
6f3df6d569 Allow actors not to list any public keys at all 2019-03-20 09:31:08 +00:00
fr33domlover
716487f2b8 In ticket comment tree, support mixing local and remote (federated) comments 2019-03-20 08:07:37 +00:00
fr33domlover
e0de4cdcc7 Remove Discussion's nextMessage field, it's not being used anymore 2019-03-18 20:18:25 +00:00
fr33domlover
4b351ef62e Automatically set approot to https://HOST and require Host header to match 2019-03-16 17:15:31 +00:00
fr33domlover
a9eaf35d5e When verifying HTTP sig, require ActivityPub-Actor to be signed only if present 2019-03-16 15:48:25 +00:00
fr33domlover
475e398d6d Switch ticket comment IDs to use Hashids-of-MessageId instead of custom number 2019-03-15 16:36:02 +00:00
fr33domlover
9e881554ea Make frg:isShared key property optional, it was accidentally required 2019-03-15 16:33:10 +00:00
fr33domlover
0e0afa78f9 Parse/encoding audience targetting activity fields 2019-03-14 02:30:36 +00:00
fr33domlover
24c091a248 Add activity types Follow, Accept, Reject 2019-03-13 23:37:58 +00:00
fr33domlover
f6cbc1eb8a Use file based switches to relax keyfile loading rules 2019-03-11 02:01:41 +00:00
fr33domlover
2a39378468 HTTP Signature verification: RSA-SHA256 and PEM/ASN1 support
Before, things worked like this:

* Only signatures of Ed25519 keys could be verified
* Key encoding placed the plain binary Ed25519 key in the PEM, instead of the
  key's ASN1 encoding

With this patch it now works like this:

* Ed25519 signatures are supported as before
* RSA keys are now supported too, assuming RSA-SHA256 signatures
* Both Ed25519 and RSA keys are encoded and decoded using actual PEM with ASN1
2019-03-10 23:15:42 +00:00
fr33domlover
ef57f29a54 Adapt Activity/Create/Note to new ActivityPub typeclass and add safety checks 2019-03-10 06:42:03 +00:00
fr33domlover
61d1aa6720 Define HMAC based access token and switch CapSignKey from Ed25519 to HMAC 2019-03-09 21:21:36 +00:00
fr33domlover
fdbe46741b When POSTing an activity, protect remote actor DB insertion with withHostLock 2019-03-09 17:12:43 +00:00
fr33domlover
e341f62587 Fix typo in comment 2019-03-09 15:44:31 +00:00
fr33domlover
468202cf45 Fix instance mutex deadlock, accidentally initialized the MVar empty 2019-03-09 15:43:30 +00:00
fr33domlover
37216d9045 Move remote actor DB code from Foundation to separate module 2019-03-09 15:40:02 +00:00
fr33domlover
b0e33af4d8 Fix typo in actor key route 2019-03-06 01:49:55 +00:00
fr33domlover
043022d117 When verifying HTTP sig, make Ed25519 verification failure message clearer 2019-03-06 01:31:30 +00:00
fr33domlover
c26289cf42 Don't check CSRF token in InboxR, POSTs there freely come from other servers 2019-03-05 09:00:22 +00:00
fr33domlover
6e721797e9 Catch sig generation error when sending signed HTTP POST 2019-03-05 08:26:41 +00:00
fr33domlover
97594dc945 Fix default actor URI in OutboxR form, from /p to /s 2019-03-04 20:12:19 +00:00
fr33domlover
378ca1b3d4 Fix bug in FedURI parsing 2019-03-04 20:11:58 +00:00
fr33domlover
bb662e798f Display clearer error message when GETing recipient actor fails 2019-03-04 15:47:22 +00:00
fr33domlover
78b5bad2c4 Support bypassing email verification of new users 2019-03-04 14:51:51 +00:00