From b89c4f1cdcb4750745823f54e113fc3bb5b1fe21 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 25 Jun 2023 22:26:04 -0600 Subject: [PATCH 1/3] Update ActivityPubFetchService, fix authorized_fetch support --- .../Controllers/InstanceActorController.php | 56 ++++++++++++++++++- app/Models/InstanceActor.php | 56 ++++++++++++++++++- app/Services/ActivityPubFetchService.php | 1 - 3 files changed, 110 insertions(+), 3 deletions(-) diff --git a/app/Http/Controllers/InstanceActorController.php b/app/Http/Controllers/InstanceActorController.php index 0eb796732..9e746fd5b 100644 --- a/app/Http/Controllers/InstanceActorController.php +++ b/app/Http/Controllers/InstanceActorController.php @@ -25,7 +25,61 @@ class InstanceActorController extends Controller public function outbox() { $res = json_encode([ - '@context' => 'https://www.w3.org/ns/activitystreams', + "@context" => [ + "https://www.w3.org/ns/activitystreams", + "https://w3id.org/security/v1", + [ + "manuallyApprovesFollowers" => "as:manuallyApprovesFollowers", + "toot" => "http://joinmastodon.org/ns#", + "featured" => [ + "@id" => "toot:featured", + "@type" => "@id" + ], + "featuredTags" => [ + "@id" => "toot:featuredTags", + "@type" => "@id" + ], + "alsoKnownAs" => [ + "@id" => "as:alsoKnownAs", + "@type" => "@id" + ], + "movedTo" => [ + "@id" => "as:movedTo", + "@type" => "@id" + ], + "schema" => "http://schema.org#", + "PropertyValue" => "schema:PropertyValue", + "value" => "schema:value", + "discoverable" => "toot:discoverable", + "Device" => "toot:Device", + "Ed25519Signature" => "toot:Ed25519Signature", + "Ed25519Key" => "toot:Ed25519Key", + "Curve25519Key" => "toot:Curve25519Key", + "EncryptedMessage" => "toot:EncryptedMessage", + "publicKeyBase64" => "toot:publicKeyBase64", + "deviceId" => "toot:deviceId", + "claim" => [ + "@type" => "@id", + "@id" => "toot:claim" + ], + "fingerprintKey" => [ + "@type" => "@id", + "@id" => "toot:fingerprintKey" + ], + "identityKey" => [ + "@type" => "@id", + "@id" => "toot:identityKey" + ], + "devices" => [ + "@type" => "@id", + "@id" => "toot:devices" + ], + "messageFranking" => "toot:messageFranking", + "messageType" => "toot:messageType", + "cipherText" => "toot:cipherText", + "suspended" => "toot:suspended" + ] + ], 'id' => config('app.url') . '/i/actor/outbox', 'type' => 'OrderedCollection', 'totalItems' => 0, diff --git a/app/Models/InstanceActor.php b/app/Models/InstanceActor.php index 4636b10e9..d496e4b89 100644 --- a/app/Models/InstanceActor.php +++ b/app/Models/InstanceActor.php @@ -23,7 +23,61 @@ class InstanceActor extends Model public function getActor() { return [ - '@context' => 'https://www.w3.org/ns/activitystreams', + "@context" => [ + "https://www.w3.org/ns/activitystreams", + "https://w3id.org/security/v1", + [ + "manuallyApprovesFollowers" => "as:manuallyApprovesFollowers", + "toot" => "http://joinmastodon.org/ns#", + "featured" => [ + "@id" => "toot:featured", + "@type" => "@id" + ], + "featuredTags" => [ + "@id" => "toot:featuredTags", + "@type" => "@id" + ], + "alsoKnownAs" => [ + "@id" => "as:alsoKnownAs", + "@type" => "@id" + ], + "movedTo" => [ + "@id" => "as:movedTo", + "@type" => "@id" + ], + "schema" => "http://schema.org#", + "PropertyValue" => "schema:PropertyValue", + "value" => "schema:value", + "discoverable" => "toot:discoverable", + "Device" => "toot:Device", + "Ed25519Signature" => "toot:Ed25519Signature", + "Ed25519Key" => "toot:Ed25519Key", + "Curve25519Key" => "toot:Curve25519Key", + "EncryptedMessage" => "toot:EncryptedMessage", + "publicKeyBase64" => "toot:publicKeyBase64", + "deviceId" => "toot:deviceId", + "claim" => [ + "@type" => "@id", + "@id" => "toot:claim" + ], + "fingerprintKey" => [ + "@type" => "@id", + "@id" => "toot:fingerprintKey" + ], + "identityKey" => [ + "@type" => "@id", + "@id" => "toot:identityKey" + ], + "devices" => [ + "@type" => "@id", + "@id" => "toot:devices" + ], + "messageFranking" => "toot:messageFranking", + "messageType" => "toot:messageType", + "cipherText" => "toot:cipherText", + "suspended" => "toot:suspended" + ] + ], 'id' => $this->permalink(), 'type' => 'Application', 'inbox' => $this->permalink('/inbox'), diff --git a/app/Services/ActivityPubFetchService.php b/app/Services/ActivityPubFetchService.php index 48cf6b0fe..f44779ab1 100644 --- a/app/Services/ActivityPubFetchService.php +++ b/app/Services/ActivityPubFetchService.php @@ -19,7 +19,6 @@ class ActivityPubFetchService $baseHeaders = [ 'Accept' => 'application/activity+json, application/ld+json', - 'User-Agent' => '(Pixelfed/'.config('pixelfed.version').'; +'.config('app.url').')' ]; $headers = HttpSignature::instanceActorSign($url, false, $baseHeaders); From 63a7879c29bfa2bbc4f8dd6bacac09bcdacb6f86 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 25 Jun 2023 23:02:02 -0600 Subject: [PATCH 2/3] Update ActivityPubFetchService --- app/Services/ActivityPubFetchService.php | 4 ++-- app/Util/ActivityPub/HttpSignature.php | 11 +++++++---- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/app/Services/ActivityPubFetchService.php b/app/Services/ActivityPubFetchService.php index f44779ab1..d0accdcdc 100644 --- a/app/Services/ActivityPubFetchService.php +++ b/app/Services/ActivityPubFetchService.php @@ -21,9 +21,9 @@ class ActivityPubFetchService 'Accept' => 'application/activity+json, application/ld+json', ]; - $headers = HttpSignature::instanceActorSign($url, false, $baseHeaders); + $headers = HttpSignature::instanceActorSign($url, false, $baseHeaders, 'get'); $headers['Accept'] = 'application/activity+json, application/ld+json'; - $headers['User-Agent'] = '(Pixelfed/'.config('pixelfed.version').'; +'.config('app.url').')'; + $headers['User-Agent'] = 'PixelFedBot/1.0.0 (Pixelfed/'.config('pixelfed.version').'; +'.config('app.url').')'; try { $res = Http::withHeaders($headers) diff --git a/app/Util/ActivityPub/HttpSignature.php b/app/Util/ActivityPub/HttpSignature.php index 835c855c1..5bfdcac09 100644 --- a/app/Util/ActivityPub/HttpSignature.php +++ b/app/Util/ActivityPub/HttpSignature.php @@ -33,7 +33,7 @@ class HttpSignature { return self::_headersToCurlArray($headers); } - public static function instanceActorSign($url, $body = false, $addlHeaders = []) + public static function instanceActorSign($url, $body = false, $addlHeaders = [], $method = 'post') { $keyId = config('app.url') . '/i/actor#main-key'; $privateKey = Cache::rememberForever(InstanceActor::PKI_PRIVATE, function() { @@ -42,7 +42,7 @@ class HttpSignature { if($body) { $digest = self::_digest($body); } - $headers = self::_headersToSign($url, $body ? $digest : false); + $headers = self::_headersToSign($url, $body ? $digest : false, $method); $headers = array_merge($headers, $addlHeaders); $stringToSign = self::_headersToSigningString($headers); $signedHeaders = implode(' ', array_map('strtolower', array_keys($headers))); @@ -125,11 +125,14 @@ class HttpSignature { return base64_encode(hash('sha256', $body, true)); } - protected static function _headersToSign($url, $digest = false) { + protected static function _headersToSign($url, $digest = false, $method = 'post') { $date = new DateTime('UTC'); + if(!in_array($method, ['post', 'get'])) { + throw new \Exception('Invalid method used to sign headers in HttpSignature'); + } $headers = [ - '(request-target)' => 'post '.parse_url($url, PHP_URL_PATH), + '(request-target)' => $method . ' '.parse_url($url, PHP_URL_PATH), 'Host' => parse_url($url, PHP_URL_HOST), 'Date' => $date->format('D, d M Y H:i:s \G\M\T'), ]; From c64c4aa1cbb1183e6954e1cc9e5e940822bb9f85 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 25 Jun 2023 23:10:36 -0600 Subject: [PATCH 3/3] Update ActivityPubFetchService, fix authorized_fetch compatibility. Closes #1850, #2713, #2935 --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index da94e520f..339c52910 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,9 @@ - Update AdminApiController, add instance stats endpoint ([89c3710d](https://github.com/pixelfed/pixelfed/commit/89c3710d)) - Update config, re-add `PF_MAX_USERS` .env variable to limit max users to 1000 by default ([a6d10f03](https://github.com/pixelfed/pixelfed/commit/a6d10f03)) - Update AdminApiController, fix stats ([5c5541fc](https://github.com/pixelfed/pixelfed/commit/5c5541fc)) +- Update AdminApiController, include more data for getUser method ([4f850e54](https://github.com/pixelfed/pixelfed/commit/4f850e54)) +- Update AdminApiController, improve admin moderation tools ([763ce19a](https://github.com/pixelfed/pixelfed/commit/763ce19a)) +- Update ActivityPubFetchService, fix authorized_fetch compatibility. Closes #1850, #2713, #2935 ([63a7879c](https://github.com/pixelfed/pixelfed/commit/63a7879c)) - ([](https://github.com/pixelfed/pixelfed/commit/)) ## [v0.11.8 (2023-05-29)](https://github.com/pixelfed/pixelfed/compare/v0.11.7...v0.11.8)