mirror of
https://github.com/pixelfed/pixelfed.git
synced 2024-11-22 22:41:27 +00:00
411 lines
No EOL
12 KiB
PHP
411 lines
No EOL
12 KiB
PHP
<?php
|
|
|
|
namespace App\Util\ActivityPub;
|
|
|
|
use Cache, Purify, Storage, Request, Validator;
|
|
use App\{
|
|
Activity,
|
|
Follower,
|
|
Like,
|
|
Notification,
|
|
Profile,
|
|
Status
|
|
};
|
|
use Zttp\Zttp;
|
|
use Carbon\Carbon;
|
|
use GuzzleHttp\Client;
|
|
use Illuminate\Http\File;
|
|
use Illuminate\Validation\Rule;
|
|
use App\Jobs\AvatarPipeline\CreateAvatar;
|
|
use App\Jobs\RemoteFollowPipeline\RemoteFollowImportRecent;
|
|
use App\Jobs\ImageOptimizePipeline\{ImageOptimize,ImageThumbnail};
|
|
use App\Jobs\StatusPipeline\NewStatusPipeline;
|
|
use HttpSignatures\{GuzzleHttpSignatures, KeyStore, Context, Verifier};
|
|
use Symfony\Bridge\PsrHttpMessage\Factory\DiactorosFactory;
|
|
|
|
class Helpers {
|
|
|
|
public static function validateObject($data)
|
|
{
|
|
// todo: undo
|
|
$verbs = ['Create', 'Announce', 'Like', 'Follow', 'Delete', 'Accept', 'Reject'];
|
|
|
|
$valid = Validator::make($data, [
|
|
'type' => [
|
|
'required',
|
|
Rule::in($verbs)
|
|
],
|
|
'id' => 'required|string',
|
|
'actor' => 'required|string',
|
|
'object' => 'required',
|
|
'object.type' => 'required_if:type,Create',
|
|
'object.attachment' => 'required_if:type,Create',
|
|
'object.attributedTo' => 'required_if:type,Create',
|
|
'published' => 'required_if:type,Create|date'
|
|
])->passes();
|
|
|
|
return $valid;
|
|
}
|
|
|
|
public static function verifyAttachments($data)
|
|
{
|
|
if(!isset($data['object']) || empty($data['object'])) {
|
|
$data = ['object'=>$data];
|
|
}
|
|
|
|
$activity = $data['object'];
|
|
|
|
$mediaTypes = ['Document', 'Image', 'Video'];
|
|
$mimeTypes = ['image/jpeg', 'image/png', 'video/mp4'];
|
|
|
|
if(!isset($activity['attachment']) || empty($activity['attachment'])) {
|
|
return false;
|
|
}
|
|
|
|
$attachment = $activity['attachment'];
|
|
$valid = Validator::make($attachment, [
|
|
'*.type' => [
|
|
'required',
|
|
'string',
|
|
Rule::in($mediaTypes)
|
|
],
|
|
'*.url' => 'required|max:255',
|
|
'*.mediaType' => [
|
|
'required',
|
|
'string',
|
|
Rule::in($mimeTypes)
|
|
],
|
|
'*.name' => 'nullable|string|max:255'
|
|
])->passes();
|
|
|
|
return $valid;
|
|
}
|
|
|
|
public static function normalizeAudience($data, $localOnly = true)
|
|
{
|
|
if(!isset($data['to'])) {
|
|
return;
|
|
}
|
|
|
|
$audience = [];
|
|
$audience['to'] = [];
|
|
$audience['cc'] = [];
|
|
$scope = 'private';
|
|
|
|
if(is_array($data['to']) && !empty($data['to'])) {
|
|
foreach ($data['to'] as $to) {
|
|
if($to == 'https://www.w3.org/ns/activitystreams#Public') {
|
|
$scope = 'public';
|
|
continue;
|
|
}
|
|
$url = $localOnly ? self::validateLocalUrl($to) : self::validateUrl($to);
|
|
if($url != false) {
|
|
array_push($audience['to'], $url);
|
|
}
|
|
}
|
|
}
|
|
|
|
if(is_array($data['cc']) && !empty($data['cc'])) {
|
|
foreach ($data['cc'] as $cc) {
|
|
if($cc == 'https://www.w3.org/ns/activitystreams#Public') {
|
|
$scope = 'unlisted';
|
|
continue;
|
|
}
|
|
$url = $localOnly ? self::validateLocalUrl($cc) : self::validateUrl($cc);
|
|
if($url != false) {
|
|
array_push($audience['cc'], $url);
|
|
}
|
|
}
|
|
}
|
|
$audience['scope'] = $scope;
|
|
return $audience;
|
|
}
|
|
|
|
public static function userInAudience($profile, $data)
|
|
{
|
|
$audience = self::normalizeAudience($data);
|
|
$url = $profile->permalink();
|
|
return in_array($url, $audience);
|
|
}
|
|
|
|
public static function validateUrl($url)
|
|
{
|
|
$localhosts = [
|
|
'127.0.0.1', 'localhost', '::1'
|
|
];
|
|
|
|
$valid = filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED|FILTER_FLAG_HOST_REQUIRED);
|
|
|
|
if(in_array(parse_url($valid, PHP_URL_HOST), $localhosts)) {
|
|
return false;
|
|
}
|
|
|
|
return $valid;
|
|
}
|
|
|
|
public static function validateLocalUrl($url)
|
|
{
|
|
$url = self::validateUrl($url);
|
|
if($url) {
|
|
$domain = config('pixelfed.domain.app');
|
|
$host = parse_url($url, PHP_URL_HOST);
|
|
$url = $domain === $host ? $url : false;
|
|
return $url;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
public static function zttpUserAgent()
|
|
{
|
|
return [
|
|
'Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
|
|
'User-Agent' => 'PixelFedBot - https://pixelfed.org',
|
|
];
|
|
}
|
|
|
|
public static function fetchFromUrl($url)
|
|
{
|
|
$res = Zttp::withHeaders(self::zttpUserAgent())->get($url);
|
|
$res = json_decode($res->body(), true, 8);
|
|
if(json_last_error() == JSON_ERROR_NONE) {
|
|
return $res;
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
public static function fetchProfileFromUrl($url)
|
|
{
|
|
return self::fetchFromUrl($url);
|
|
}
|
|
|
|
public static function statusFirstOrFetch($url, $replyTo = true)
|
|
{
|
|
$url = self::validateUrl($url);
|
|
if($url == false) {
|
|
return;
|
|
}
|
|
|
|
$host = parse_url($url, PHP_URL_HOST);
|
|
$local = config('pixelfed.domain.app') == $host ? true : false;
|
|
|
|
if($local) {
|
|
$id = (int) last(explode('/', $url));
|
|
return Status::findOrFail($id);
|
|
} else {
|
|
$cached = Status::whereUrl($url)->first();
|
|
if($cached) {
|
|
return $cached;
|
|
}
|
|
$res = self::fetchFromUrl($url);
|
|
if(!$res || empty($res)) {
|
|
return;
|
|
}
|
|
|
|
if(isset($res['object'])) {
|
|
$activity = $res;
|
|
} else {
|
|
$activity = ['object' => $res];
|
|
}
|
|
|
|
$profile = self::profileFirstOrNew($activity['object']['attributedTo']);
|
|
if(isset($activity['object']['inReplyTo']) && !empty($activity['object']['inReplyTo']) && $replyTo == true) {
|
|
$reply_to = self::statusFirstOrFetch($activity['object']['inReplyTo'], false);
|
|
$reply_to = $reply_to->id;
|
|
} else {
|
|
$reply_to = null;
|
|
}
|
|
|
|
$status = new Status;
|
|
$status->profile_id = $profile->id;
|
|
$status->url = $url;
|
|
$status->caption = strip_tags($res['content']);
|
|
$status->rendered = Purify::clean($res['content']);
|
|
$status->created_at = Carbon::parse($res['published']);
|
|
$status->in_reply_to_id = $reply_to;
|
|
$status->local = false;
|
|
$status->save();
|
|
|
|
self::importNoteAttachment($res, $status);
|
|
|
|
return $status;
|
|
}
|
|
}
|
|
|
|
public static function importNoteAttachment($data, Status $status)
|
|
{
|
|
if(self::verifyAttachments($data) == false) {
|
|
return;
|
|
}
|
|
$attachments = isset($data['object']) ? $data['object']['attachment'] : $data['attachment'];
|
|
$user = $status->profile;
|
|
$monthHash = hash('sha1', date('Y').date('m'));
|
|
$userHash = hash('sha1', $user->id.(string) $user->created_at);
|
|
$storagePath = "public/m/{$monthHash}/{$userHash}";
|
|
$allowed = explode(',', config('pixelfed.media_types'));
|
|
foreach($attachments as $media) {
|
|
$type = $media['mediaType'];
|
|
$url = $media['url'];
|
|
$valid = self::validateUrl($url);
|
|
if(in_array($type, $allowed) == false || $valid == false) {
|
|
continue;
|
|
}
|
|
$info = pathinfo($url);
|
|
|
|
// pleroma attachment fix
|
|
$url = str_replace(' ', '%20', $url);
|
|
|
|
$img = file_get_contents($url, false, stream_context_create(['ssl' => ["verify_peer"=>false,"verify_peer_name"=>false]]));
|
|
$file = '/tmp/'.str_random(16).$info['basename'];
|
|
file_put_contents($file, $img);
|
|
$fdata = new File($file);
|
|
$path = Storage::putFile($storagePath, $fdata, 'public');
|
|
$media = new Media();
|
|
$media->status_id = $status->id;
|
|
$media->profile_id = $status->profile_id;
|
|
$media->user_id = null;
|
|
$media->media_path = $path;
|
|
$media->size = $fdata->getSize();
|
|
$media->mime = $fdata->getMimeType();
|
|
$media->save();
|
|
|
|
ImageThumbnail::dispatch($media);
|
|
ImageOptimize::dispatch($media);
|
|
unlink($file);
|
|
}
|
|
return;
|
|
}
|
|
|
|
public static function profileFirstOrNew($url, $runJobs = false)
|
|
{
|
|
$res = self::fetchProfileFromUrl($url);
|
|
$domain = parse_url($res['url'], PHP_URL_HOST);
|
|
$username = $res['preferredUsername'];
|
|
$remoteUsername = "@{$username}@{$domain}";
|
|
|
|
$profile = Profile::whereRemoteUrl($res['url'])->first();
|
|
if(!$profile) {
|
|
$profile = new Profile;
|
|
$profile->domain = $domain;
|
|
$profile->username = $remoteUsername;
|
|
$profile->name = strip_tags($res['name']);
|
|
$profile->bio = Purify::clean($res['summary']);
|
|
$profile->sharedInbox = isset($res['endpoints']) && isset($res['endpoints']['sharedInbox']) ? $res['endpoints']['sharedInbox'] : null;
|
|
$profile->inbox_url = $res['inbox'];
|
|
$profile->outbox_url = $res['outbox'];
|
|
$profile->remote_url = $res['url'];
|
|
$profile->public_key = $res['publicKey']['publicKeyPem'];
|
|
$profile->key_id = $res['publicKey']['id'];
|
|
$profile->save();
|
|
if($runJobs == true) {
|
|
RemoteFollowImportRecent::dispatch($res, $profile);
|
|
CreateAvatar::dispatch($profile);
|
|
}
|
|
}
|
|
return $profile;
|
|
}
|
|
|
|
public static function sendSignedObject($senderProfile, $url, $body)
|
|
{
|
|
$profile = $senderProfile;
|
|
$keyId = $profile->keyId();
|
|
$privateKey = openssl_pkey_get_private($profile->private_key);
|
|
|
|
|
|
$date = date('D, d M Y h:i:s').' GMT';
|
|
$host = parse_url($url, PHP_URL_HOST);
|
|
$headers = [
|
|
'(request-target)' => 'post '.parse_url($url, PHP_URL_PATH),
|
|
'Date' => $date,
|
|
'Host' => $host,
|
|
'Content-Type' => 'application/activity+json',
|
|
];
|
|
if($body) {
|
|
$payload = is_string($body) ? $body : json_encode($body);
|
|
$digest = base64_encode(hash('sha256', $payload, true));
|
|
$headers['Digest'] = 'SHA-256=' . $digest;
|
|
}
|
|
$stringToSign = self::_headersToSigningString($headers);
|
|
$signedHeaders = implode(' ', array_map('strtolower', array_keys($headers)));
|
|
openssl_sign($stringToSign, $signature, $privateKey, OPENSSL_ALGO_SHA256);
|
|
openssl_free_key($privateKey);
|
|
$signature = base64_encode($signature);
|
|
$signatureHeader = 'keyId="'.$keyId.'",headers="'.$signedHeaders.'",algorithm="rsa-sha256",signature="'.$signature.'"';
|
|
unset($headers['(request-target)']);
|
|
$headers['Signature'] = $signatureHeader;
|
|
Zttp::withHeaders($headers)->post($url, $body);
|
|
return;
|
|
}
|
|
|
|
private static function _headersToSigningString($headers) {
|
|
return implode("\n", array_map(function($k, $v){
|
|
return strtolower($k).': '.$v;
|
|
}, array_keys($headers), $headers));
|
|
}
|
|
|
|
public static function validateSignature($request, $payload = null)
|
|
{
|
|
$date = Carbon::parse($request['date']);
|
|
$min = Carbon::now()->subHours(13);
|
|
$max = Carbon::now()->addHours(13);
|
|
|
|
if($date->gt($min) == false || $date->lt($max) == false) {
|
|
return false;
|
|
}
|
|
$json = json_encode($payload);
|
|
$digest = base64_encode(hash('sha256', $json, true));
|
|
$parts = explode(',', $request['signature']);
|
|
$signatureData = [];
|
|
foreach($parts as $part) {
|
|
if(preg_match('/(.+)="(.+)"/', $part, $match)) {
|
|
$signatureData[$match[1]] = $match[2];
|
|
}
|
|
}
|
|
|
|
$actor = $payload['actor'];
|
|
$profile = self::profileFirstOrNew($actor, true);
|
|
if(!$profile) {
|
|
return false;
|
|
}
|
|
$publicKey = $profile->public_key;
|
|
$path = $request['path'];
|
|
$host = $request['host'];
|
|
$signingString = "(request-target): post {$path}".PHP_EOL.
|
|
"host: {$host}".PHP_EOL.
|
|
"date: {$request['date']}".PHP_EOL.
|
|
"digest: {$request['digest']}".PHP_EOL.
|
|
"content-type: {$request['contentType']}";
|
|
$verified = openssl_verify($signingString, base64_decode($signatureData['signature']), $publicKey, OPENSSL_ALGO_SHA256);
|
|
return (bool) $verified;
|
|
}
|
|
|
|
public static function fetchPublicKey()
|
|
{
|
|
$profile = $this->profile;
|
|
$is_url = $this->is_url;
|
|
$valid = $this->validateUrl();
|
|
if (!$valid) {
|
|
throw new \Exception('Invalid URL provided');
|
|
}
|
|
if ($is_url && isset($profile->public_key) && $profile->public_key) {
|
|
return $profile->public_key;
|
|
}
|
|
|
|
try {
|
|
$url = $this->profile;
|
|
$res = Zttp::timeout(30)->withHeaders([
|
|
'Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
|
|
'User-Agent' => 'PixelFedBot v0.1 - https://pixelfed.org',
|
|
])->get($url);
|
|
$actor = json_decode($res->getBody(), true);
|
|
} catch (Exception $e) {
|
|
throw new Exception('Unable to fetch public key');
|
|
}
|
|
if($actor['publicKey']['owner'] != $profile) {
|
|
throw new Exception('Invalid key match');
|
|
}
|
|
$this->public_key = $actor['publicKey']['publicKeyPem'];
|
|
$this->key_id = $actor['publicKey']['id'];
|
|
return $this;
|
|
}
|
|
} |