diff --git a/app/Util/ActivityPub/Helpers.php b/app/Util/ActivityPub/Helpers.php new file mode 100644 index 000000000..9e79b65dd --- /dev/null +++ b/app/Util/ActivityPub/Helpers.php @@ -0,0 +1,411 @@ + [ + 'required', + Rule::in($verbs) + ], + 'id' => 'required|string', + 'actor' => 'required|string', + 'object' => 'required', + 'object.type' => 'required_if:type,Create', + 'object.attachment' => 'required_if:type,Create', + 'object.attributedTo' => 'required_if:type,Create', + 'published' => 'required_if:type,Create|date' + ])->passes(); + + return $valid; + } + + public static function verifyAttachments($data) + { + if(!isset($data['object']) || empty($data['object'])) { + $data = ['object'=>$data]; + } + + $activity = $data['object']; + + $mediaTypes = ['Document', 'Image', 'Video']; + $mimeTypes = ['image/jpeg', 'image/png', 'video/mp4']; + + if(!isset($activity['attachment']) || empty($activity['attachment'])) { + return false; + } + + $attachment = $activity['attachment']; + $valid = Validator::make($attachment, [ + '*.type' => [ + 'required', + 'string', + Rule::in($mediaTypes) + ], + '*.url' => 'required|max:255', + '*.mediaType' => [ + 'required', + 'string', + Rule::in($mimeTypes) + ], + '*.name' => 'nullable|string|max:255' + ])->passes(); + + return $valid; + } + + public static function normalizeAudience($data, $localOnly = true) + { + if(!isset($data['to'])) { + return; + } + + $audience = []; + $audience['to'] = []; + $audience['cc'] = []; + $scope = 'private'; + + if(is_array($data['to']) && !empty($data['to'])) { + foreach ($data['to'] as $to) { + if($to == 'https://www.w3.org/ns/activitystreams#Public') { + $scope = 'public'; + continue; + } + $url = $localOnly ? self::validateLocalUrl($to) : self::validateUrl($to); + if($url != false) { + array_push($audience['to'], $url); + } + } + } + + if(is_array($data['cc']) && !empty($data['cc'])) { + foreach ($data['cc'] as $cc) { + if($cc == 'https://www.w3.org/ns/activitystreams#Public') { + $scope = 'unlisted'; + continue; + } + $url = $localOnly ? self::validateLocalUrl($cc) : self::validateUrl($cc); + if($url != false) { + array_push($audience['cc'], $url); + } + } + } + $audience['scope'] = $scope; + return $audience; + } + + public static function userInAudience($profile, $data) + { + $audience = self::normalizeAudience($data); + $url = $profile->permalink(); + return in_array($url, $audience); + } + + public static function validateUrl($url) + { + $localhosts = [ + '127.0.0.1', 'localhost', '::1' + ]; + + $valid = filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED|FILTER_FLAG_HOST_REQUIRED); + + if(in_array(parse_url($valid, PHP_URL_HOST), $localhosts)) { + return false; + } + + return $valid; + } + + public static function validateLocalUrl($url) + { + $url = self::validateUrl($url); + if($url) { + $domain = config('pixelfed.domain.app'); + $host = parse_url($url, PHP_URL_HOST); + $url = $domain === $host ? $url : false; + return $url; + } + return false; + } + + public static function zttpUserAgent() + { + return [ + 'Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"', + 'User-Agent' => 'PixelFedBot - https://pixelfed.org', + ]; + } + + public static function fetchFromUrl($url) + { + $res = Zttp::withHeaders(self::zttpUserAgent())->get($url); + $res = json_decode($res->body(), true, 8); + if(json_last_error() == JSON_ERROR_NONE) { + return $res; + } else { + return false; + } + } + + public static function fetchProfileFromUrl($url) + { + return self::fetchFromUrl($url); + } + + public static function statusFirstOrFetch($url, $replyTo = true) + { + $url = self::validateUrl($url); + if($url == false) { + return; + } + + $host = parse_url($url, PHP_URL_HOST); + $local = config('pixelfed.domain.app') == $host ? true : false; + + if($local) { + $id = (int) last(explode('/', $url)); + return Status::findOrFail($id); + } else { + $cached = Status::whereUrl($url)->first(); + if($cached) { + return $cached; + } + $res = self::fetchFromUrl($url); + if(!$res || empty($res)) { + return; + } + + if(isset($res['object'])) { + $activity = $res; + } else { + $activity = ['object' => $res]; + } + + $profile = self::profileFirstOrNew($activity['object']['attributedTo']); + if(isset($activity['object']['inReplyTo']) && !empty($activity['object']['inReplyTo']) && $replyTo == true) { + $reply_to = self::statusFirstOrFetch($activity['object']['inReplyTo'], false); + $reply_to = $reply_to->id; + } else { + $reply_to = null; + } + + $status = new Status; + $status->profile_id = $profile->id; + $status->url = $url; + $status->caption = strip_tags($res['content']); + $status->rendered = Purify::clean($res['content']); + $status->created_at = Carbon::parse($res['published']); + $status->in_reply_to_id = $reply_to; + $status->local = false; + $status->save(); + + self::importNoteAttachment($res, $status); + + return $status; + } + } + + public static function importNoteAttachment($data, Status $status) + { + if(self::verifyAttachments($data) == false) { + return; + } + $attachments = isset($data['object']) ? $data['object']['attachment'] : $data['attachment']; + $user = $status->profile; + $monthHash = hash('sha1', date('Y').date('m')); + $userHash = hash('sha1', $user->id.(string) $user->created_at); + $storagePath = "public/m/{$monthHash}/{$userHash}"; + $allowed = explode(',', config('pixelfed.media_types')); + foreach($attachments as $media) { + $type = $media['mediaType']; + $url = $media['url']; + $valid = self::validateUrl($url); + if(in_array($type, $allowed) == false || $valid == false) { + continue; + } + $info = pathinfo($url); + + // pleroma attachment fix + $url = str_replace(' ', '%20', $url); + + $img = file_get_contents($url, false, stream_context_create(['ssl' => ["verify_peer"=>false,"verify_peer_name"=>false]])); + $file = '/tmp/'.str_random(16).$info['basename']; + file_put_contents($file, $img); + $fdata = new File($file); + $path = Storage::putFile($storagePath, $fdata, 'public'); + $media = new Media(); + $media->status_id = $status->id; + $media->profile_id = $status->profile_id; + $media->user_id = null; + $media->media_path = $path; + $media->size = $fdata->getSize(); + $media->mime = $fdata->getMimeType(); + $media->save(); + + ImageThumbnail::dispatch($media); + ImageOptimize::dispatch($media); + unlink($file); + } + return; + } + + public static function profileFirstOrNew($url, $runJobs = false) + { + $res = self::fetchProfileFromUrl($url); + $domain = parse_url($res['url'], PHP_URL_HOST); + $username = $res['preferredUsername']; + $remoteUsername = "@{$username}@{$domain}"; + + $profile = Profile::whereRemoteUrl($res['url'])->first(); + if(!$profile) { + $profile = new Profile; + $profile->domain = $domain; + $profile->username = $remoteUsername; + $profile->name = strip_tags($res['name']); + $profile->bio = Purify::clean($res['summary']); + $profile->sharedInbox = isset($res['endpoints']) && isset($res['endpoints']['sharedInbox']) ? $res['endpoints']['sharedInbox'] : null; + $profile->inbox_url = $res['inbox']; + $profile->outbox_url = $res['outbox']; + $profile->remote_url = $res['url']; + $profile->public_key = $res['publicKey']['publicKeyPem']; + $profile->key_id = $res['publicKey']['id']; + $profile->save(); + if($runJobs == true) { + RemoteFollowImportRecent::dispatch($res, $profile); + CreateAvatar::dispatch($profile); + } + } + return $profile; + } + + public static function sendSignedObject($senderProfile, $url, $body) + { + $profile = $senderProfile; + $keyId = $profile->keyId(); + $privateKey = openssl_pkey_get_private($profile->private_key); + + + $date = date('D, d M Y h:i:s').' GMT'; + $host = parse_url($url, PHP_URL_HOST); + $headers = [ + '(request-target)' => 'post '.parse_url($url, PHP_URL_PATH), + 'Date' => $date, + 'Host' => $host, + 'Content-Type' => 'application/activity+json', + ]; + if($body) { + $payload = is_string($body) ? $body : json_encode($body); + $digest = base64_encode(hash('sha256', $payload, true)); + $headers['Digest'] = 'SHA-256=' . $digest; + } + $stringToSign = self::_headersToSigningString($headers); + $signedHeaders = implode(' ', array_map('strtolower', array_keys($headers))); + openssl_sign($stringToSign, $signature, $privateKey, OPENSSL_ALGO_SHA256); + openssl_free_key($privateKey); + $signature = base64_encode($signature); + $signatureHeader = 'keyId="'.$keyId.'",headers="'.$signedHeaders.'",algorithm="rsa-sha256",signature="'.$signature.'"'; + unset($headers['(request-target)']); + $headers['Signature'] = $signatureHeader; + Zttp::withHeaders($headers)->post($url, $body); + return; + } + + private static function _headersToSigningString($headers) { + return implode("\n", array_map(function($k, $v){ + return strtolower($k).': '.$v; + }, array_keys($headers), $headers)); + } + + public static function validateSignature($request, $payload = null) + { + $date = Carbon::parse($request['date']); + $min = Carbon::now()->subHours(13); + $max = Carbon::now()->addHours(13); + + if($date->gt($min) == false || $date->lt($max) == false) { + return false; + } + $json = json_encode($payload); + $digest = base64_encode(hash('sha256', $json, true)); + $parts = explode(',', $request['signature']); + $signatureData = []; + foreach($parts as $part) { + if(preg_match('/(.+)="(.+)"/', $part, $match)) { + $signatureData[$match[1]] = $match[2]; + } + } + + $actor = $payload['actor']; + $profile = self::profileFirstOrNew($actor, true); + if(!$profile) { + return false; + } + $publicKey = $profile->public_key; + $path = $request['path']; + $host = $request['host']; + $signingString = "(request-target): post {$path}".PHP_EOL. + "host: {$host}".PHP_EOL. + "date: {$request['date']}".PHP_EOL. + "digest: {$request['digest']}".PHP_EOL. + "content-type: {$request['contentType']}"; + $verified = openssl_verify($signingString, base64_decode($signatureData['signature']), $publicKey, OPENSSL_ALGO_SHA256); + return (bool) $verified; + } + + public static function fetchPublicKey() + { + $profile = $this->profile; + $is_url = $this->is_url; + $valid = $this->validateUrl(); + if (!$valid) { + throw new \Exception('Invalid URL provided'); + } + if ($is_url && isset($profile->public_key) && $profile->public_key) { + return $profile->public_key; + } + + try { + $url = $this->profile; + $res = Zttp::timeout(30)->withHeaders([ + 'Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"', + 'User-Agent' => 'PixelFedBot v0.1 - https://pixelfed.org', + ])->get($url); + $actor = json_decode($res->getBody(), true); + } catch (Exception $e) { + throw new Exception('Unable to fetch public key'); + } + if($actor['publicKey']['owner'] != $profile) { + throw new Exception('Invalid key match'); + } + $this->public_key = $actor['publicKey']['publicKeyPem']; + $this->key_id = $actor['publicKey']['id']; + return $this; + } +} \ No newline at end of file