[ 'required', 'string', Rule::in($verbs) ], 'id' => 'required|string', 'actor' => 'required|string|url', 'object' => 'required', 'object.type' => 'required_if:type,Create', 'object.attributedTo' => 'required_if:type,Create|url', 'published' => 'required_if:type,Create|date' ])->passes(); return $valid; } public static function verifyAttachments($data) { if(!isset($data['object']) || empty($data['object'])) { $data = ['object'=>$data]; } $activity = $data['object']; $mimeTypes = explode(',', config_cache('pixelfed.media_types')); $mediaTypes = in_array('video/mp4', $mimeTypes) ? ['Document', 'Image', 'Video'] : ['Document', 'Image']; // Peertube // $mediaTypes = in_array('video/mp4', $mimeTypes) ? ['Document', 'Image', 'Video', 'Link'] : ['Document', 'Image']; if(!isset($activity['attachment']) || empty($activity['attachment'])) { return false; } // peertube // $attachment = is_array($activity['url']) ? // collect($activity['url']) // ->filter(function($media) { // return $media['type'] == 'Link' && $media['mediaType'] == 'video/mp4'; // }) // ->take(1) // ->values() // ->toArray()[0] : $activity['attachment']; $attachment = $activity['attachment']; $valid = Validator::make($attachment, [ '*.type' => [ 'required', 'string', Rule::in($mediaTypes) ], '*.url' => 'required|url|max:255', '*.mediaType' => [ 'required', 'string', Rule::in($mimeTypes) ], '*.name' => 'sometimes|nullable|string|max:255' ])->passes(); return $valid; } public static function normalizeAudience($data, $localOnly = true) { if(!isset($data['to'])) { return; } $audience = []; $audience['to'] = []; $audience['cc'] = []; $scope = 'private'; if(is_array($data['to']) && !empty($data['to'])) { foreach ($data['to'] as $to) { if($to == 'https://www.w3.org/ns/activitystreams#Public') { $scope = 'public'; continue; } $url = $localOnly ? self::validateLocalUrl($to) : self::validateUrl($to); if($url != false) { array_push($audience['to'], $url); } } } if(is_array($data['cc']) && !empty($data['cc'])) { foreach ($data['cc'] as $cc) { if($cc == 'https://www.w3.org/ns/activitystreams#Public') { $scope = 'unlisted'; continue; } $url = $localOnly ? self::validateLocalUrl($cc) : self::validateUrl($cc); if($url != false) { array_push($audience['cc'], $url); } } } $audience['scope'] = $scope; return $audience; } public static function userInAudience($profile, $data) { $audience = self::normalizeAudience($data); $url = $profile->permalink(); return in_array($url, $audience['to']) || in_array($url, $audience['cc']); } public static function validateUrl($url) { if(is_array($url)) { $url = $url[0]; } $hash = hash('sha256', $url); $key = "helpers:url:valid:sha256-{$hash}"; $ttl = now()->addMinutes(5); $valid = Cache::remember($key, $ttl, function() use($url) { $localhosts = [ '127.0.0.1', 'localhost', '::1' ]; if(mb_substr($url, 0, 8) !== 'https://') { return false; } $valid = filter_var($url, FILTER_VALIDATE_URL); if(!$valid) { return false; } $host = parse_url($valid, PHP_URL_HOST); // if(count(dns_get_record($host, DNS_A | DNS_AAAA)) == 0) { // return false; // } if(config('costar.enabled') == true) { if( (config('costar.domain.block') != null && Str::contains($host, config('costar.domain.block')) == true) || (config('costar.actor.block') != null && in_array($url, config('costar.actor.block')) == true) ) { return false; } } if(app()->environment() === 'production') { $bannedInstances = InstanceService::getBannedDomains(); if(in_array($host, $bannedInstances)) { return false; } } if(in_array($host, $localhosts)) { return false; } return $url; }); return $valid; } public static function validateLocalUrl($url) { $url = self::validateUrl($url); if($url == true) { $domain = config('pixelfed.domain.app'); $host = parse_url($url, PHP_URL_HOST); $url = $domain === $host ? $url : false; return $url; } return false; } public static function zttpUserAgent() { $version = config('pixelfed.version'); $url = config('app.url'); return [ 'Accept' => 'application/activity+json', 'User-Agent' => "(Pixelfed/{$version}; +{$url})", ]; } public static function fetchFromUrl($url = false) { if(self::validateUrl($url) == false) { return; } $hash = hash('sha256', $url); $key = "helpers:url:fetcher:sha256-{$hash}"; $ttl = now()->addMinutes(5); return Cache::remember($key, $ttl, function() use($url) { $res = ActivityPubFetchService::get($url); $res = json_decode($res, true, 8); if(json_last_error() == JSON_ERROR_NONE) { return $res; } else { return false; } }); } public static function fetchProfileFromUrl($url) { return self::fetchFromUrl($url); } public static function pluckval($val) { if(is_string($val)) { return $val; } if(is_array($val)) { return !empty($val) ? $val[0] : null; } return null; } public static function statusFirstOrFetch($url, $replyTo = false) { $url = self::validateUrl($url); if($url == false) { return; } $host = parse_url($url, PHP_URL_HOST); $local = config('pixelfed.domain.app') == $host ? true : false; if($local) { $id = (int) last(explode('/', $url)); return Status::whereNotIn('scope', ['draft','archived'])->findOrFail($id); } $cached = Status::whereNotIn('scope', ['draft','archived']) ->whereUri($url) ->orWhere('object_url', $url) ->first(); if($cached) { return $cached; } $res = self::fetchFromUrl($url); if(!$res || empty($res) || isset($res['error']) || !isset($res['@context']) ) { return; } if(isset($res['object'])) { $activity = $res; } else { $activity = ['object' => $res]; } $scope = 'private'; $cw = isset($res['sensitive']) ? (bool) $res['sensitive'] : false; if(isset($res['to']) == true) { if(is_array($res['to']) && in_array('https://www.w3.org/ns/activitystreams#Public', $res['to'])) { $scope = 'public'; } if(is_string($res['to']) && 'https://www.w3.org/ns/activitystreams#Public' == $res['to']) { $scope = 'public'; } } if(isset($res['cc']) == true) { if(is_array($res['cc']) && in_array('https://www.w3.org/ns/activitystreams#Public', $res['cc'])) { $scope = 'unlisted'; } if(is_string($res['cc']) && 'https://www.w3.org/ns/activitystreams#Public' == $res['cc']) { $scope = 'unlisted'; } } if(config('costar.enabled') == true) { $blockedKeywords = config('costar.keyword.block'); if($blockedKeywords !== null) { $keywords = config('costar.keyword.block'); foreach($keywords as $kw) { if(Str::contains($res['content'], $kw) == true) { return; } } } $unlisted = config('costar.domain.unlisted'); if(in_array(parse_url($url, PHP_URL_HOST), $unlisted) == true) { $unlisted = true; $scope = 'unlisted'; } else { $unlisted = false; } $cwDomains = config('costar.domain.cw'); if(in_array(parse_url($url, PHP_URL_HOST), $cwDomains) == true) { $cw = true; } } $id = isset($res['id']) ? self::pluckval($res['id']) : self::pluckval($url); $idDomain = parse_url($id, PHP_URL_HOST); $urlDomain = parse_url($url, PHP_URL_HOST); if(!self::validateUrl($id)) { return; } $attributedTo = is_string($activity['object']['attributedTo']) ? $activity['object']['attributedTo'] : (is_array($activity['object']['attributedTo']) ? collect($activity['object']['attributedTo']) ->filter(function($o) { return $o && isset($o['type']) && $o['type'] == 'Person'; }) ->pluck('id') ->first() : null ); if($attributedTo) { $actorDomain = parse_url($attributedTo, PHP_URL_HOST); if(!self::validateUrl($attributedTo) || $idDomain !== $actorDomain || $actorDomain !== $urlDomain ) { return; } } if($idDomain !== $urlDomain) { return; } $profile = self::profileFirstOrNew($attributedTo); if(isset($activity['object']['inReplyTo']) && !empty($activity['object']['inReplyTo']) || $replyTo == true) { $reply_to = self::statusFirstOrFetch(self::pluckval($activity['object']['inReplyTo']), false); $reply_to = optional($reply_to)->id; } else { $reply_to = null; } $ts = self::pluckval($res['published']); if($scope == 'public' && in_array($urlDomain, InstanceService::getUnlistedDomains())) { $scope = 'unlisted'; } if(in_array($urlDomain, InstanceService::getNsfwDomains())) { $cw = true; } $statusLockKey = 'helpers:status-lock:' . hash('sha256', $res['id']); $status = Cache::lock($statusLockKey) ->get(function () use( $profile, $res, $url, $ts, $reply_to, $cw, $scope, $id ) { if($res['type'] === 'Question') { $status = self::storePoll( $profile, $res, $url, $ts, $reply_to, $cw, $scope, $id ); return $status; } return self::storeStatus($url, $profile, $res); }); return $status; } public static function storeStatus($url, $profile, $activity) { $id = isset($activity['id']) ? self::pluckval($activity['id']) : self::pluckval($activity['url']); $url = isset($activity['url']) && is_string($activity['url']) ? $activity['url'] : $id; $idDomain = parse_url($id, PHP_URL_HOST); $urlDomain = parse_url($url, PHP_URL_HOST); if(!self::validateUrl($id) || !self::validateUrl($url)) { return; } $reply_to = self::getReplyTo($activity); return DB::transaction(function() use($url, $profile, $activity, $reply_to, $id) { $ts = self::pluckval($activity['published']); $scope = self::getScope($activity, $url); $cw = self::getSensitive($activity, $url); $pid = is_object($profile) ? $profile->id : (is_array($profile) ? $profile['id'] : null); if(!$pid) { return; } $status = new Status; $status->profile_id = $pid; $status->url = $url; $status->uri = $url; $status->object_url = $id; $status->caption = strip_tags($activity['content']); $status->rendered = Purify::clean($activity['content']); $status->created_at = Carbon::parse($ts)->tz('UTC'); $status->in_reply_to_id = $reply_to; $status->local = false; $status->is_nsfw = $cw; $status->scope = $scope; $status->visibility = $scope; $status->cw_summary = $cw == true && isset($activity['summary']) ? Purify::clean(strip_tags($activity['summary'])) : null; $status->save(); if($reply_to == null) { self::importNoteAttachment($activity, $status); } else { StatusReplyPipeline::dispatch($status); } if(isset($activity['tag']) && is_array($activity['tag']) && !empty($activity['tag'])) { StatusTagsPipeline::dispatch($activity, $status); } return $status; }); } public static function getSensitive($activity, $url) { $id = isset($activity['id']) ? self::pluckval($activity['id']) : self::pluckval($url); $url = isset($activity['url']) ? self::pluckval($activity['url']) : $id; $urlDomain = parse_url($url, PHP_URL_HOST); $cw = isset($activity['sensitive']) ? (bool) $activity['sensitive'] : false; if(in_array($urlDomain, InstanceService::getNsfwDomains())) { $cw = true; } return $cw; } public static function getReplyTo($activity) { $reply_to = null; $inReplyTo = isset($activity['inReplyTo']) && !empty($activity['inReplyTo']) ? self::pluckval($activity['inReplyTo']) : false; if($inReplyTo) { $reply_to = self::statusFirstOrFetch($inReplyTo); if($reply_to) { $reply_to = optional($reply_to)->id; } } else { $reply_to = null; } return $reply_to; } public static function getScope($activity, $url) { $id = isset($activity['id']) ? self::pluckval($activity['id']) : self::pluckval($url); $url = isset($activity['url']) ? self::pluckval($activity['url']) : $id; $urlDomain = parse_url($url, PHP_URL_HOST); $scope = 'private'; if(isset($activity['to']) == true) { if(is_array($activity['to']) && in_array('https://www.w3.org/ns/activitystreams#Public', $activity['to'])) { $scope = 'public'; } if(is_string($activity['to']) && 'https://www.w3.org/ns/activitystreams#Public' == $activity['to']) { $scope = 'public'; } } if(isset($activity['cc']) == true) { if(is_array($activity['cc']) && in_array('https://www.w3.org/ns/activitystreams#Public', $activity['cc'])) { $scope = 'unlisted'; } if(is_string($activity['cc']) && 'https://www.w3.org/ns/activitystreams#Public' == $activity['cc']) { $scope = 'unlisted'; } } if($scope == 'public' && in_array($urlDomain, InstanceService::getUnlistedDomains())) { $scope = 'unlisted'; } return $scope; } private static function storePoll($profile, $res, $url, $ts, $reply_to, $cw, $scope, $id) { if(!isset($res['endTime']) || !isset($res['oneOf']) || !is_array($res['oneOf']) || count($res['oneOf']) > 4) { return; } $options = collect($res['oneOf'])->map(function($option) { return $option['name']; })->toArray(); $cachedTallies = collect($res['oneOf'])->map(function($option) { return $option['replies']['totalItems'] ?? 0; })->toArray(); $status = new Status; $status->profile_id = $profile->id; $status->url = isset($res['url']) ? $res['url'] : $url; $status->uri = isset($res['url']) ? $res['url'] : $url; $status->object_url = $id; $status->caption = strip_tags($res['content']); $status->rendered = Purify::clean($res['content']); $status->created_at = Carbon::parse($ts)->tz('UTC'); $status->in_reply_to_id = null; $status->local = false; $status->is_nsfw = $cw; $status->scope = 'draft'; $status->visibility = 'draft'; $status->cw_summary = $cw == true && isset($res['summary']) ? Purify::clean(strip_tags($res['summary'])) : null; $status->save(); $poll = new Poll; $poll->status_id = $status->id; $poll->profile_id = $status->profile_id; $poll->poll_options = $options; $poll->cached_tallies = $cachedTallies; $poll->votes_count = array_sum($cachedTallies); $poll->expires_at = now()->parse($res['endTime']); $poll->last_fetched_at = now(); $poll->save(); $status->type = 'poll'; $status->scope = $scope; $status->visibility = $scope; $status->save(); return $status; } public static function statusFetch($url) { return self::statusFirstOrFetch($url); } public static function importNoteAttachment($data, Status $status) { if(self::verifyAttachments($data) == false) { // \Log::info('importNoteAttachment::failedVerification.', [$data['id']]); $status->viewType(); return; } $attachments = isset($data['object']) ? $data['object']['attachment'] : $data['attachment']; // peertube // if(!$attachments) { // $obj = isset($data['object']) ? $data['object'] : $data; // $attachments = is_array($obj['url']) ? $obj['url'] : null; // } $user = $status->profile; $storagePath = MediaPathService::get($user, 2); $allowed = explode(',', config_cache('pixelfed.media_types')); foreach($attachments as $media) { $type = $media['mediaType']; $url = $media['url']; $blurhash = isset($media['blurhash']) ? $media['blurhash'] : null; $license = isset($media['license']) ? License::nameToId($media['license']) : null; $valid = self::validateUrl($url); if(in_array($type, $allowed) == false || $valid == false) { continue; } $media = new Media(); $media->blurhash = $blurhash; $media->remote_media = true; $media->status_id = $status->id; $media->profile_id = $status->profile_id; $media->user_id = null; $media->media_path = $url; $media->remote_url = $url; if($license) { $media->license = $license; } $media->mime = $type; $media->version = 3; $media->save(); if(config_cache('pixelfed.cloud_storage') == true) { MediaStoragePipeline::dispatch($media); } } $status->viewType(); return; } public static function profileFirstOrNew($url, $runJobs = false) { $url = self::validateUrl($url); if($url == false || strlen($url) > 190) { return; } $hash = base64_encode($url); $key = 'ap:profile:by_url:' . $hash; $ttl = now()->addSeconds(60); $profile = Cache::remember($key, $ttl, function() use($url, $runJobs) { $host = parse_url($url, PHP_URL_HOST); $local = config('pixelfed.domain.app') == $host ? true : false; if($local == true) { $id = last(explode('/', $url)); return Profile::whereNull('status') ->whereNull('domain') ->whereUsername($id) ->firstOrFail(); } $res = self::fetchProfileFromUrl($url); if(isset($res['id']) == false) { return; } $domain = parse_url($res['id'], PHP_URL_HOST); if(!isset($res['preferredUsername']) && !isset($res['nickname'])) { return; } $username = (string) Purify::clean($res['preferredUsername'] ?? $res['nickname']); if(empty($username)) { return; } $remoteUsername = $username; $webfinger = "@{$username}@{$domain}"; abort_if(!self::validateUrl($res['inbox']), 400); abort_if(!self::validateUrl($res['id']), 400); $profile = Profile::whereRemoteUrl($res['id'])->first(); if(!$profile) { $instance = Instance::firstOrCreate([ 'domain' => $domain ]); if($instance->wasRecentlyCreated == true) { \App\Jobs\InstancePipeline\FetchNodeinfoPipeline::dispatch($instance)->onQueue('low'); } $profile = DB::transaction(function() use($domain, $webfinger, $res, $runJobs) { $profile = new Profile(); $profile->domain = strtolower($domain); $profile->username = Purify::clean($webfinger); $profile->name = isset($res['name']) ? Purify::clean($res['name']) : 'user'; $profile->bio = isset($res['summary']) ? Purify::clean($res['summary']) : null; $profile->sharedInbox = isset($res['endpoints']) && isset($res['endpoints']['sharedInbox']) ? $res['endpoints']['sharedInbox'] : null; $profile->inbox_url = $res['inbox']; $profile->outbox_url = isset($res['outbox']) ? $res['outbox'] : null; $profile->remote_url = $res['id']; $profile->public_key = $res['publicKey']['publicKeyPem']; $profile->key_id = $res['publicKey']['id']; $profile->webfinger = Purify::clean($webfinger); $profile->last_fetched_at = now(); $profile->save(); RemoteAvatarFetch::dispatch($profile); return $profile; }); } else { // Update info after 24 hours if($profile->last_fetched_at == null || $profile->last_fetched_at->lt(now()->subHours(24)) == true ) { $profile->name = isset($res['name']) ? Purify::clean($res['name']) : 'user'; $profile->bio = isset($res['summary']) ? Purify::clean($res['summary']) : null; $profile->last_fetched_at = now(); $profile->sharedInbox = isset($res['endpoints']) && isset($res['endpoints']['sharedInbox']) && Helpers::validateUrl($res['endpoints']['sharedInbox']) ? $res['endpoints']['sharedInbox'] : null; $profile->save(); } RemoteAvatarFetch::dispatch($profile); } return $profile; }); return $profile; } public static function profileFetch($url) { return self::profileFirstOrNew($url); } public static function sendSignedObject($profile, $url, $body) { ActivityPubDeliveryService::queue() ->from($profile) ->to($url) ->payload($body) ->send(); } }