@ -0,0 +1,37 @@ | |||
# frozen_string_literal: true | |||
class Api::PushController < ApiController | |||
def update | |||
mode = params['hub.mode'] | |||
topic = params['hub.topic'] | |||
callback = params['hub.callback'] | |||
lease_seconds = params['hub.lease_seconds'] | |||
secret = params['hub.secret'] | |||
case mode | |||
when 'subscribe' | |||
response, status = Pubsubhubbub::SubscribeService.new.call(topic_to_account(topic), callback, secret, lease_seconds) | |||
when 'unsubscribe' | |||
response, status = Pubsubhubbub::UnsubscribeService.new.call(topic_to_account(topic), callback) | |||
else | |||
response = "Unknown mode: #{mode}" | |||
status = 422 | |||
end | |||
render plain: response, status: status | |||
end | |||
private | |||
def topic_to_account(topic_url) | |||
return if topic_url.blank? | |||
uri = Addressable::URI.parse(topic_url) | |||
params = Rails.application.routes.recognize_path(uri.path) | |||
domain = uri.host + (uri.port ? ":#{uri.port}" : '') | |||
return unless TagManager.instance.local_domain?(domain) && params[:controller] == 'accounts' && params[:action] == 'show' && params[:format] == 'atom' | |||
Account.find_local(params[:username]) | |||
end | |||
end |
@ -0,0 +1,29 @@ | |||
# frozen_string_literal: true | |||
class Subscription < ApplicationRecord | |||
MIN_EXPIRATION = 3600 * 24 | |||
MAX_EXPIRATION = 3600 * 24 * 30 | |||
belongs_to :account | |||
validates :callback_url, presence: true | |||
validates :callback_url, uniqueness: { scope: :account_id } | |||
scope :active, -> { where(confirmed: true).where('expires_at > ?', Time.now.utc) } | |||
def lease_seconds=(str) | |||
self.expires_at = Time.now.utc + [[MIN_EXPIRATION, str.to_i].max, MAX_EXPIRATION].min.seconds | |||
end | |||
def lease_seconds | |||
(expires_at - Time.now.utc).to_i | |||
end | |||
before_validation :set_min_expiration | |||
private | |||
def set_min_expiration | |||
self.lease_seconds = 0 unless expires_at | |||
end | |||
end |
@ -0,0 +1,13 @@ | |||
# frozen_string_literal: true | |||
class Pubsubhubbub::SubscribeService < BaseService | |||
def call(account, callback, secret, lease_seconds) | |||
return ['Invalid topic URL', 422] if account.nil? | |||
return ['Invalid callback URL', 422] unless !callback.blank? && callback =~ /\A#{URI.regexp(%w(http https))}\z/ | |||
subscription = Subscription.where(account: account, callback_url: callback).first_or_create!(account: account, callback_url: callback) | |||
Pubsubhubbub::ConfirmationWorker.perform_async(subscription.id, 'subscribe', secret, lease_seconds) | |||
['', 202] | |||
end | |||
end |
@ -0,0 +1,15 @@ | |||
# frozen_string_literal: true | |||
class Pubsubhubbub::SubscribeService < BaseService | |||
def call(account, callback) | |||
return ['Invalid topic URL', 422] if account.nil? | |||
subscription = Subscription.where(account: account, callback_url: callback) | |||
unless subscription.nil? | |||
Pubsubhubbub::ConfirmationWorker.perform_async(subscription.id, 'unsubscribe') | |||
end | |||
['', 202] | |||
end | |||
end |
@ -0,0 +1,29 @@ | |||
# frozen_string_literal: true | |||
class Pubsubhubbub::ConfirmationWorker | |||
include Sidekiq::Worker | |||
include RoutingHelper | |||
def perform(subscription_id, mode, secret = nil, lease_seconds = nil) | |||
subscription = Subscription.find(subscription_id) | |||
challenge = SecureRandom.hex | |||
subscription.secret = secret | |||
subscription.lease_seconds = lease_seconds | |||
response = HTTP.headers(user_agent: 'Mastodon/PubSubHubbub') | |||
.timeout(:per_operation, write: 20, connect: 20, read: 50) | |||
.get(subscription.callback_url, params: { | |||
'hub.topic' => account_url(subscription.account, format: :atom), | |||
'hub.mode' => mode, | |||
'hub.challenge' => challenge, | |||
'hub.lease_seconds' => subscription.lease_seconds, | |||
}) | |||
if mode == 'subscribe' && response.body.to_s == challenge | |||
subscription.save! | |||
elsif (mode == 'unsubscribe' && response.body.to_s == challenge) || !subscription.confirmed? | |||
subscription.destroy! | |||
end | |||
end | |||
end |
@ -0,0 +1,28 @@ | |||
# frozen_string_literal: true | |||
class Pubsubhubbub::DeliveryWorker | |||
include Sidekiq::Worker | |||
include RoutingHelper | |||
def perform(subscription_id, payload) | |||
subscription = Subscription.find(subscription_id) | |||
headers = {} | |||
headers['User-Agent'] = 'Mastodon/PubSubHubbub' | |||
headers['Link'] = LinkHeader.new([[api_push_url, [%w(rel hub)]], [account_url(subscription.account, format: :atom), [%w(rel self)]]]).to_s | |||
headers['X-Hub-Signature'] = signature(subscription.secret, payload) unless subscription.secret.blank? | |||
response = HTTP.timeout(:per_operation, write: 50, connect: 20, read: 50) | |||
.headers(headers) | |||
.post(subscription.callback_url, body: payload) | |||
raise "Delivery failed for #{subscription.callback_url}: HTTP #{response.code}" unless response.code > 199 && response.code < 300 | |||
end | |||
private | |||
def signature(secret, payload) | |||
hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), secret, payload) | |||
"sha1=#{hmac}" | |||
end | |||
end |
@ -0,0 +1,15 @@ | |||
# frozen_string_literal: true | |||
class Pubsubhubbub::DistributionWorker | |||
include Sidekiq::Worker | |||
def perform(stream_entry_id) | |||
stream_entry = StreamEntry.find(stream_entry_id) | |||
account = stream_entry.account | |||
payload = AccountsController.render(:show, assigns: { account: account, entries: [stream_entry] }, formats: [:atom]) | |||
Subscription.where(account: account).active.select('id').find_each do |subscription| | |||
Pubsubhubbub::DeliveryWorker.perform_async(subscription.id, payload) | |||
end | |||
end | |||
end |
@ -0,0 +1,15 @@ | |||
class CreateSubscriptions < ActiveRecord::Migration[5.0] | |||
def change | |||
create_table :subscriptions do |t| | |||
t.string :callback_url, null: false, default: '' | |||
t.string :secret | |||
t.datetime :expires_at, null: true, default: nil | |||
t.boolean :confirmed, null: false, default: false | |||
t.integer :account_id, null: false | |||
t.timestamps | |||
end | |||
add_index :subscriptions, [:callback_url, :account_id], unique: true | |||
end | |||
end |
@ -0,0 +1,13 @@ | |||
require 'rails_helper' | |||
RSpec.describe Api::PushController, type: :controller do | |||
describe 'POST #update' do | |||
context 'with hub.mode=subscribe' do | |||
pending | |||
end | |||
context 'with hub.mode=unsubscribe' do | |||
pending | |||
end | |||
end | |||
end |
@ -0,0 +1,6 @@ | |||
Fabricator(:subscription) do | |||
callback_url "http://example.com/callback" | |||
secret "foobar" | |||
expires_at "2016-11-28 11:30:07" | |||
confirmed false | |||
end |
@ -0,0 +1,5 @@ | |||
require 'rails_helper' | |||
RSpec.describe Subscription, type: :model do | |||
pending "add some examples to (or delete) #{__FILE__}" | |||
end |