You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

291 lines
8.9 KiB

  1. # frozen_string_literal: true
  2. class ActivityPub::ProcessAccountService < BaseService
  3. include JsonLdHelper
  4. include DomainControlHelper
  5. # Should be called with confirmed valid JSON
  6. # and WebFinger-resolved username and domain
  7. def call(username, domain, json, options = {})
  8. return if json['inbox'].blank? || unsupported_uri_scheme?(json['id']) || domain_not_allowed?(domain)
  9. @options = options
  10. @json = json
  11. @uri = @json['id']
  12. @username = username
  13. @domain = domain
  14. @collections = {}
  15. RedisLock.acquire(lock_options) do |lock|
  16. if lock.acquired?
  17. @account = Account.remote.find_by(uri: @uri) if @options[:only_key]
  18. @account ||= Account.find_remote(@username, @domain)
  19. @old_public_key = @account&.public_key
  20. @old_protocol = @account&.protocol
  21. create_account if @account.nil?
  22. update_account
  23. process_tags
  24. process_attachments
  25. else
  26. raise Mastodon::RaceConditionError
  27. end
  28. end
  29. return if @account.nil?
  30. after_protocol_change! if protocol_changed?
  31. after_key_change! if key_changed? && !@options[:signed_with_known_key]
  32. clear_tombstones! if key_changed?
  33. unless @options[:only_key]
  34. check_featured_collection! if @account.featured_collection_url.present?
  35. check_links! unless @account.fields.empty?
  36. end
  37. @account
  38. rescue Oj::ParseError
  39. nil
  40. end
  41. private
  42. def create_account
  43. @account = Account.new
  44. @account.protocol = :activitypub
  45. @account.username = @username
  46. @account.domain = @domain
  47. @account.private_key = nil
  48. @account.suspended_at = domain_block.created_at if auto_suspend?
  49. @account.silenced_at = domain_block.created_at if auto_silence?
  50. end
  51. def update_account
  52. @account.last_webfingered_at = Time.now.utc unless @options[:only_key]
  53. @account.protocol = :activitypub
  54. set_immediate_attributes!
  55. set_fetchable_attributes! unless @options[:only_keys]
  56. @account.save_with_optional_media!
  57. end
  58. def set_immediate_attributes!
  59. @account.inbox_url = @json['inbox'] || ''
  60. @account.outbox_url = @json['outbox'] || ''
  61. @account.shared_inbox_url = (@json['endpoints'].is_a?(Hash) ? @json['endpoints']['sharedInbox'] : @json['sharedInbox']) || ''
  62. @account.followers_url = @json['followers'] || ''
  63. @account.featured_collection_url = @json['featured'] || ''
  64. @account.devices_url = @json['devices'] || ''
  65. @account.url = url || @uri
  66. @account.uri = @uri
  67. @account.display_name = @json['name'] || ''
  68. @account.note = @json['summary'] || ''
  69. @account.locked = @json['manuallyApprovesFollowers'] || false
  70. @account.fields = property_values || {}
  71. @account.also_known_as = as_array(@json['alsoKnownAs'] || []).map { |item| value_or_id(item) }
  72. @account.actor_type = actor_type
  73. @account.discoverable = @json['discoverable'] || false
  74. end
  75. def set_fetchable_attributes!
  76. @account.avatar_remote_url = image_url('icon') || '' unless skip_download?
  77. @account.header_remote_url = image_url('image') || '' unless skip_download?
  78. @account.public_key = public_key || ''
  79. @account.statuses_count = outbox_total_items if outbox_total_items.present?
  80. @account.following_count = following_total_items if following_total_items.present?
  81. @account.followers_count = followers_total_items if followers_total_items.present?
  82. @account.hide_collections = following_private? || followers_private?
  83. @account.moved_to_account = @json['movedTo'].present? ? moved_account : nil
  84. end
  85. def after_protocol_change!
  86. ActivityPub::PostUpgradeWorker.perform_async(@account.domain)
  87. end
  88. def after_key_change!
  89. RefollowWorker.perform_async(@account.id)
  90. end
  91. def check_featured_collection!
  92. ActivityPub::SynchronizeFeaturedCollectionWorker.perform_async(@account.id)
  93. end
  94. def check_links!
  95. VerifyAccountLinksWorker.perform_async(@account.id)
  96. end
  97. def actor_type
  98. if @json['type'].is_a?(Array)
  99. @json['type'].find { |type| ActivityPub::FetchRemoteAccountService::SUPPORTED_TYPES.include?(type) }
  100. else
  101. @json['type']
  102. end
  103. end
  104. def image_url(key)
  105. value = first_of_value(@json[key])
  106. return if value.nil?
  107. return value['url'] if value.is_a?(Hash)
  108. image = fetch_resource_without_id_validation(value)
  109. image['url'] if image
  110. end
  111. def public_key
  112. value = first_of_value(@json['publicKey'])
  113. return if value.nil?
  114. return value['publicKeyPem'] if value.is_a?(Hash)
  115. key = fetch_resource_without_id_validation(value)
  116. key['publicKeyPem'] if key
  117. end
  118. def url
  119. return if @json['url'].blank?
  120. url_candidate = url_to_href(@json['url'], 'text/html')
  121. if unsupported_uri_scheme?(url_candidate) || mismatching_origin?(url_candidate)
  122. nil
  123. else
  124. url_candidate
  125. end
  126. end
  127. def property_values
  128. return unless @json['attachment'].is_a?(Array)
  129. as_array(@json['attachment']).select { |attachment| attachment['type'] == 'PropertyValue' }.map { |attachment| attachment.slice('name', 'value') }
  130. end
  131. def mismatching_origin?(url)
  132. needle = Addressable::URI.parse(url).host
  133. haystack = Addressable::URI.parse(@uri).host
  134. !haystack.casecmp(needle).zero?
  135. end
  136. def outbox_total_items
  137. collection_info('outbox').first
  138. end
  139. def following_total_items
  140. collection_info('following').first
  141. end
  142. def followers_total_items
  143. collection_info('followers').first
  144. end
  145. def following_private?
  146. !collection_info('following').last
  147. end
  148. def followers_private?
  149. !collection_info('followers').last
  150. end
  151. def collection_info(type)
  152. return [nil, nil] if @json[type].blank?
  153. return @collections[type] if @collections.key?(type)
  154. collection = fetch_resource_without_id_validation(@json[type])
  155. total_items = collection.is_a?(Hash) && collection['totalItems'].present? && collection['totalItems'].is_a?(Numeric) ? collection['totalItems'] : nil
  156. has_first_page = collection.is_a?(Hash) && collection['first'].present?
  157. @collections[type] = [total_items, has_first_page]
  158. rescue HTTP::Error, OpenSSL::SSL::SSLError
  159. @collections[type] = [nil, nil]
  160. end
  161. def moved_account
  162. account = ActivityPub::TagManager.instance.uri_to_resource(@json['movedTo'], Account)
  163. account ||= ActivityPub::FetchRemoteAccountService.new.call(@json['movedTo'], id: true, break_on_redirect: true)
  164. account
  165. end
  166. def skip_download?
  167. @account.suspended? || domain_block&.reject_media?
  168. end
  169. def auto_suspend?
  170. domain_block&.suspend?
  171. end
  172. def auto_silence?
  173. domain_block&.silence?
  174. end
  175. def domain_block
  176. return @domain_block if defined?(@domain_block)
  177. @domain_block = DomainBlock.rule_for(@domain)
  178. end
  179. def key_changed?
  180. !@old_public_key.nil? && @old_public_key != @account.public_key
  181. end
  182. def clear_tombstones!
  183. Tombstone.where(account_id: @account.id).delete_all
  184. end
  185. def protocol_changed?
  186. !@old_protocol.nil? && @old_protocol != @account.protocol
  187. end
  188. def lock_options
  189. { redis: Redis.current, key: "process_account:#{@uri}" }
  190. end
  191. def process_tags
  192. return if @json['tag'].blank?
  193. as_array(@json['tag']).each do |tag|
  194. process_emoji tag if equals_or_includes?(tag['type'], 'Emoji')
  195. end
  196. end
  197. def process_attachments
  198. return if @json['attachment'].blank?
  199. previous_proofs = @account.identity_proofs.to_a
  200. current_proofs = []
  201. as_array(@json['attachment']).each do |attachment|
  202. next unless equals_or_includes?(attachment['type'], 'IdentityProof')
  203. current_proofs << process_identity_proof(attachment)
  204. end
  205. previous_proofs.each do |previous_proof|
  206. next if current_proofs.any? { |current_proof| current_proof.id == previous_proof.id }
  207. previous_proof.delete
  208. end
  209. end
  210. def process_emoji(tag)
  211. return if skip_download?
  212. return if tag['name'].blank? || tag['icon'].blank? || tag['icon']['url'].blank?
  213. shortcode = tag['name'].delete(':')
  214. image_url = tag['icon']['url']
  215. uri = tag['id']
  216. updated = tag['updated']
  217. emoji = CustomEmoji.find_by(shortcode: shortcode, domain: @account.domain)
  218. return unless emoji.nil? || image_url != emoji.image_remote_url || (updated && updated >= emoji.updated_at)
  219. emoji ||= CustomEmoji.new(domain: @account.domain, shortcode: shortcode, uri: uri)
  220. emoji.image_remote_url = image_url
  221. emoji.save
  222. end
  223. def process_identity_proof(attachment)
  224. provider = attachment['signatureAlgorithm']
  225. provider_username = attachment['name']
  226. token = attachment['signatureValue']
  227. @account.identity_proofs.where(provider: provider, provider_username: provider_username).find_or_create_by(provider: provider, provider_username: provider_username, token: token)
  228. end
  229. end