shadowfacts.net/lib/activitypub/inbox.ts

189 lines
6.2 KiB
TypeScript
Raw Permalink Normal View History

import { Router, Request, Response } from "express";
import uuidv4 from "uuid/v4";
2019-08-18 22:09:28 +00:00
import {createActivity, getActor, signAndSend} from "./federate";
import { Activity, FollowActivity, AcceptActivity, UndoActivity, CreateActivity, NoteObject, DeleteActivity } from "./activity";
2019-02-22 00:17:59 +00:00
import sanitizeHtml from "sanitize-html";
import Note from "../entity/Note";
import { getConnection } from "typeorm";
import Actor from "../entity/Actor";
2019-08-18 22:09:28 +00:00
import Article from "../entity/Article";
const domain = process.env.DOMAIN;
2019-02-20 23:07:29 +00:00
export default function inbox(router: Router) {
router.post("/ap/inbox", handleInbox);
router.post("/inbox", handleInbox);
}
2019-08-18 22:09:28 +00:00
function handleInbox(req: Request, res: Response) {
const activity = req.body as Activity;
if (activity.type === "Follow") {
handleFollow(activity, req, res);
} else if (activity.type === "Create") {
handleCreate(activity, req, res);
} else if (activity.type === "Undo") {
handleUndo(activity, req, res);
} else if (activity.type === "Delete") {
handleDelete(activity, req, res);
} else {
res.end(); // TODO: handle this better
}
}
async function handleFollow(activity: Activity, req: Request, res: Response) {
if (typeof req.body.object !== "string") {
res.end(); // TODO: handle this better
return;
}
const follow = activity as FollowActivity;
if (follow.object !== `https://${domain}/ap/actor`) {
res.end();
return;
}
const actor = await getActor(follow.actor, true); // always force re-fetch the actor on follow
if (!actor) {
// if the actor ceases existing between the time the Follow is sent and when receive it, ignore it and end the request
res.end();
return;
}
const acceptObject = {
"@context": "https://www.w3.org/ns/activitystreams",
"id": `https://${domain}/ap/${uuidv4()}`,
"type": "Accept",
"actor": `https://${domain}/ap/actor`,
"object": follow
} as AcceptActivity;
2019-08-18 22:09:28 +00:00
try {
await signAndSend(acceptObject, actor.inbox);
// prefer shared server inbox
const serverInbox = actor.endpoints && actor.endpoints.sharedInbox ? actor.endpoints.sharedInbox : actor.inbox;
await getConnection().createQueryBuilder()
.update(Actor)
.set({
isFollower: true,
inbox: serverInbox
})
.where("id = :id", {id: actor.id})
.execute();
res.end();
} catch (err) {
res.status(500).json({ message: "Encountered error handling follow.", error: err }).end();
}
}
async function handleCreate(activity: Activity, req: Request, res: Response) {
const create = activity as CreateActivity;
if (create.object.type == "Note") {
handleCreateNote(create, req, res);
} else {
res.end();
}
}
2019-02-22 00:17:59 +00:00
function sanitizeStatus(content: string): string {
return sanitizeHtml(content, {
allowedTags: ["a", "span", "p", "br", "b", "strong", "i", "em", "s", "del", "u", "code", "pre", "ul", "ol", "li", "blockquote", "img"],
allowedAttributes: {
"a": ["href", "data-user"],
"img": ["src"]
},
transformTags: {
"a": sanitizeHtml.simpleTransform("a", { rel: "noopener", target: "_blank" })
}
});
}
async function handleCreateNote(create: CreateActivity, req: Request, res: Response) {
const noteObject = create.object as NoteObject;
2019-08-18 21:15:39 +00:00
const actor = await getActor(noteObject.attributedTo); // get and cache the actor if it's not already cached
2019-08-18 22:09:28 +00:00
const asPublic = "https://www.w3.org/ns/activitystreams#Public";
const article = await getConnection().getRepository(Article).findOne({ where: { conversation: noteObject.conversation } });
if (!article) {
console.log(`Ignoring message not in response to an article: ${noteObject.id}`);
res.end();
} else if (!process.env.ACCEPT_NON_PUBLIC_NOTES && !noteObject.to.includes(asPublic) && !noteObject.cc.includes(asPublic)) {
console.log(`Ignoring non-public post: ${noteObject.id}`);
try {
const note: NoteObject = {
type: "Note",
id: `https://${domain}/ap/object/${uuidv4()}`,
to: [actor.id],
cc: [],
directMessage: true,
attributedTo: `https://${domain}/ap/actor`,
content: `<a href="${actor.url}" class="mention">@<span>${actor.preferredUsername}</span></a> Non-public posts are not accepted. To respond to a blog post, use either Public or Unlisted.`,
published: new Date().toISOString(),
inReplyTo: noteObject.id,
conversation: noteObject.conversation || `https://${domain}/ap/conversation/${uuidv4()}`
};
const responseCreate = createActivity(note);
signAndSend(responseCreate, actor.inbox);
} catch (err) {
console.error(`Couldn't send non-public reply Note to ${noteObject.id}`, err);
}
res.end();
} else {
const sanitizedContent = sanitizeStatus(noteObject.content);
const note = new Note();
note.id = noteObject.id;
note.actor = await getConnection().getRepository(Actor).findOne(actor.id);
note.content = sanitizedContent;
note.attributedTo = noteObject.attributedTo;
note.inReplyTo = noteObject.inReplyTo;
note.conversation = noteObject.conversation;
note.published = noteObject.published;
try {
await getConnection().getRepository(Note).save(note);
res.end();
} catch (err) {
console.error(`Encountered error storing reply ${noteObject.id}`, err);
res.status(500).end();
}
}
}
async function handleDelete(activity: Activity, req: Request, res: Response) {
const deleteActivity = activity as DeleteActivity;
try {
await getConnection().getRepository(Note).createQueryBuilder()
.delete()
.from(Note, "note")
.where("note.id = :id", { id: deleteActivity.object })
2019-08-18 21:15:39 +00:00
.andWhere("note.\"actorId\" = :actor", { actor: deleteActivity.actor })
.execute();
} catch (err) {
console.error(`Encountered error deleting ${deleteActivity.object}`, err);
}
res.end();
}
2019-08-18 22:09:28 +00:00
function handleUndo(activity: Activity, req: Request, res: Response) {
const undo = activity as UndoActivity;
if (undo.object.type === "Follow") {
handleUndoFollow(undo, req, res);
} else {
res.end();
}
}
async function handleUndoFollow(undo: UndoActivity, req: Request, res: Response) {
const follow = undo.object as FollowActivity;
if (follow.object !== `https://${domain}/ap/actor` || undo.actor !== follow.actor) {
res.end();
return;
}
try {
await getConnection().createQueryBuilder()
.update(Actor)
.set({ isFollower: false })
.where("id = :id", { id: follow.actor })
.execute();
} catch (err) {
console.error(`Error handling unfollow from ${follow.actor}`, err);
}
res.end();
}