2019-05-11 12:27:21 +01:00
< ? php
// This file is part of GNU social - https://www.gnu.org/software/social
//
// GNU social is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// GNU social is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with GNU social. If not, see <http://www.gnu.org/licenses/>.
/**
* ActivityPub implementation for GNU social
*
* @ package GNUsocial
* @ author Diogo Cordeiro < diogo @ fc . up . pt >
* @ copyright 2018 - 2019 Free Software Foundation , Inc http :// www . fsf . org
* @ license https :// www . gnu . org / licenses / agpl . html GNU AGPL v3 or later
* @ link http :// www . gnu . org / software / social /
*/
defined ( 'GNUSOCIAL' ) || die ();
/**
* ActivityPub ' s own Explorer
*
* Allows to discovery new ( or the same ) Profiles ( both local or remote )
*
2019-10-11 16:00:11 +01:00
* @ category Plugin
* @ package GNUsocial
* @ author Diogo Cordeiro < diogo @ fc . up . pt >
* @ license https :// www . gnu . org / licenses / agpl . html GNU AGPL v3 or later
2019-05-11 12:27:21 +01:00
*/
class Activitypub_explorer
{
private $discovered_actor_profiles = [];
2019-09-13 18:57:49 +01:00
private $temp_res ; // global variable to hold a temporary http response
2019-05-11 12:27:21 +01:00
/**
* Shortcut function to get a single profile from its URL .
*
2019-10-11 17:08:37 +01:00
* @ param string $url
* @ param bool $grab_online whether to try online grabbing , defaults to true
2019-05-11 12:27:21 +01:00
* @ return Profile
2019-10-11 17:08:37 +01:00
* @ throws HTTP_Request2_Exception Network issues
* @ throws NoProfileException This won ' t happen
* @ throws Exception Invalid request
* @ throws ServerException Error storing remote actor
2019-09-13 11:56:36 +01:00
* @ author Diogo Cordeiro < diogo @ fc . up . pt >
2019-05-11 12:27:21 +01:00
*/
2019-09-13 11:56:36 +01:00
public static function get_profile_from_url ( $url , $grab_online = true )
2019-05-11 12:27:21 +01:00
{
2019-09-13 18:57:49 +01:00
$discovery = new Activitypub_explorer ();
2019-05-11 12:27:21 +01:00
// Get valid Actor object
2019-09-13 11:56:36 +01:00
$actor_profile = $discovery -> lookup ( $url , $grab_online );
2019-05-11 12:27:21 +01:00
if ( ! empty ( $actor_profile )) {
return $actor_profile [ 0 ];
}
throw new Exception ( 'Invalid Actor.' );
}
/**
* Get every profile from the given URL
* This function cleans the $this -> discovered_actor_profiles array
* so that there is no erroneous data
*
2019-10-11 17:08:37 +01:00
* @ param string $url User ' s url
* @ param bool $grab_online whether to try online grabbing , defaults to true
2019-05-11 12:27:21 +01:00
* @ return array of Profile objects
* @ throws HTTP_Request2_Exception
* @ throws NoProfileException
2019-09-13 18:57:49 +01:00
* @ throws Exception
2019-05-11 12:27:21 +01:00
* @ throws ServerException
* @ author Diogo Cordeiro < diogo @ fc . up . pt >
*/
2019-09-13 11:56:36 +01:00
public function lookup ( string $url , bool $grab_online = true )
2019-05-11 12:27:21 +01:00
{
if ( in_array ( $url , ACTIVITYPUB_PUBLIC_TO )) {
return [];
}
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: Started now looking for ' . $url );
2019-05-11 12:27:21 +01:00
$this -> discovered_actor_profiles = [];
2019-09-13 11:56:36 +01:00
return $this -> _lookup ( $url , $grab_online );
2019-05-11 12:27:21 +01:00
}
/**
* Get every profile from the given URL
* This is a recursive function that will accumulate the results on
* $discovered_actor_profiles array
*
2019-10-11 17:08:37 +01:00
* @ param string $url User ' s url
* @ param bool $grab_online whether to try online grabbing , defaults to true
2019-05-11 12:27:21 +01:00
* @ return array of Profile objects
* @ throws HTTP_Request2_Exception
* @ throws NoProfileException
* @ throws ServerException
* @ throws Exception
* @ author Diogo Cordeiro < diogo @ fc . up . pt >
*/
2019-09-13 11:56:36 +01:00
private function _lookup ( string $url , bool $grab_online = true )
2019-05-11 12:27:21 +01:00
{
2019-08-29 16:49:13 +01:00
$grab_local = $this -> grab_local_user ( $url );
// First check if we already have it locally and, if so, return it.
// If the local fetch fails and remote grab is required: store locally and return.
2019-09-13 11:56:36 +01:00
if ( ! $grab_local && ( ! $grab_online || ! $this -> grab_remote_user ( $url ))) {
2019-05-11 12:27:21 +01:00
throw new Exception ( 'User not found.' );
}
return $this -> discovered_actor_profiles ;
}
/**
* This ensures that we are using a valid ActivityPub URI
*
2019-10-11 17:08:37 +01:00
* @ param string $url
2019-09-13 18:57:49 +01:00
* @ return bool success state ( related to the response )
2019-05-11 12:27:21 +01:00
* @ throws Exception ( If the HTTP request fails )
2019-10-11 16:00:11 +01:00
* @ author Diogo Cordeiro < diogo @ fc . up . pt >
2019-05-11 12:27:21 +01:00
*/
private function ensure_proper_remote_uri ( $url )
{
2019-10-11 16:00:11 +01:00
$client = new HTTPClient ();
2019-10-11 19:09:08 +01:00
$response = $client -> get ( $url , ACTIVITYPUB_HTTP_CLIENT_HEADERS );
2019-05-11 12:27:21 +01:00
$res = json_decode ( $response -> getBody (), true );
if ( self :: validate_remote_response ( $res )) {
$this -> temp_res = $res ;
return true ;
} else {
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: Invalid potential remote actor while ensuring URI: ' . $url . '. He returned the following: ' . json_encode ( $res , JSON_UNESCAPED_SLASHES ));
2019-05-11 12:27:21 +01:00
}
return false ;
}
/**
* Get a local user profile from its URL and joins it on
* $this -> discovered_actor_profiles
*
2019-10-11 17:08:37 +01:00
* @ param string $uri Actor ' s uri
* @ param bool $online
2019-09-13 18:57:49 +01:00
* @ return bool success state
2019-05-11 12:27:21 +01:00
* @ throws NoProfileException
* @ throws Exception
* @ author Diogo Cordeiro < diogo @ fc . up . pt >
*/
private function grab_local_user ( $uri , $online = false )
{
if ( $online ) {
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: Searching locally for ' . $uri . ' with online resources.' );
2019-05-11 12:27:21 +01:00
} else {
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: Searching locally for ' . $uri . ' offline.' );
2019-05-11 12:27:21 +01:00
}
// Ensure proper remote URI
// If an exception occurs here it's better to just leave everything
// break than to continue processing
if ( $online && $this -> ensure_proper_remote_uri ( $uri )) {
$uri = $this -> temp_res [ " id " ];
}
// Try standard ActivityPub route
// Is this a known filthy little mudblood?
$aprofile = self :: get_aprofile_by_url ( $uri );
if ( $aprofile instanceof Activitypub_profile ) {
2019-10-11 17:08:37 +01:00
// Assert: This AProfile has a Profile, no try catch.
2019-05-11 12:27:21 +01:00
$profile = $aprofile -> local_profile ();
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: Found a local Aprofile for ' . $uri );
2019-05-11 12:27:21 +01:00
// We found something!
2019-10-11 16:00:11 +01:00
$this -> discovered_actor_profiles [] = $profile ;
2019-05-11 12:27:21 +01:00
unset ( $this -> temp_res ); // IMPORTANT to avoid _dangerous_ noise in the Explorer system
return true ;
} else {
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: Unable to find a local Aprofile for ' . $uri . ' - looking for a Profile instead.' );
2019-05-11 12:27:21 +01:00
// Well, maybe it is a pure blood?
// Iff, we are in the same instance:
2019-11-02 01:52:57 +00:00
$ACTIVITYPUB_BASE_ACTOR_URI = common_local_url ( 'userbyid' , [ 'id' => null ], null , null , false , true ); // @FIXME: Could this be too hardcoded?
$ACTIVITYPUB_BASE_ACTOR_URI_length = strlen ( $ACTIVITYPUB_BASE_ACTOR_URI );
if ( substr ( $uri , 0 , $ACTIVITYPUB_BASE_ACTOR_URI_length ) === $ACTIVITYPUB_BASE_ACTOR_URI ) {
2019-05-11 12:27:21 +01:00
try {
2019-10-11 17:08:37 +01:00
$profile = Profile :: getByID (( int ) substr ( $uri , $ACTIVITYPUB_BASE_ACTOR_URI_length ));
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: Found a Profile for ' . $uri );
2019-05-11 12:27:21 +01:00
// We found something!
2019-10-11 16:00:11 +01:00
$this -> discovered_actor_profiles [] = $profile ;
2019-05-11 12:27:21 +01:00
unset ( $this -> temp_res ); // IMPORTANT to avoid _dangerous_ noise in the Explorer system
return true ;
} catch ( Exception $e ) {
// Let the exception go on its merry way.
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: Unable to find a Profile for ' . $uri );
2019-05-11 12:27:21 +01:00
}
}
}
// If offline grabbing failed, attempt again with online resources
if ( ! $online ) {
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: Will try everything again with online resources against: ' . $uri );
2019-05-11 12:27:21 +01:00
return $this -> grab_local_user ( $uri , true );
}
return false ;
}
/**
* Get a remote user ( s ) profile ( s ) from its URL and joins it on
* $this -> discovered_actor_profiles
*
2019-10-11 17:08:37 +01:00
* @ param string $url User ' s url
2019-09-13 18:57:49 +01:00
* @ return bool success state
2019-05-11 12:27:21 +01:00
* @ throws HTTP_Request2_Exception
* @ throws NoProfileException
* @ throws ServerException
2019-09-13 18:57:49 +01:00
* @ throws Exception
2019-05-11 12:27:21 +01:00
* @ author Diogo Cordeiro < diogo @ fc . up . pt >
*/
private function grab_remote_user ( $url )
{
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: Trying to grab a remote actor for ' . $url );
2019-05-11 12:27:21 +01:00
if ( ! isset ( $this -> temp_res )) {
2019-10-11 16:00:11 +01:00
$client = new HTTPClient ();
2019-10-11 19:09:08 +01:00
$response = $client -> get ( $url , ACTIVITYPUB_HTTP_CLIENT_HEADERS );
2019-05-11 12:27:21 +01:00
$res = json_decode ( $response -> getBody (), true );
} else {
$res = $this -> temp_res ;
unset ( $this -> temp_res );
}
if ( isset ( $res [ 'type' ]) && $res [ 'type' ] === 'OrderedCollection' && isset ( $res [ 'first' ])) { // It's a potential collection of actors!!!
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: Found a collection of actors for ' . $url );
2019-05-11 12:27:21 +01:00
$this -> travel_collection ( $res [ 'first' ]);
return true ;
} elseif ( self :: validate_remote_response ( $res )) {
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: Found a valid remote actor for ' . $url );
$this -> discovered_actor_profiles [] = $this -> store_profile ( $res );
2019-05-11 12:27:21 +01:00
return true ;
} else {
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: Invalid potential remote actor while grabbing remotely: ' . $url . '. He returned the following: ' . json_encode ( $res , JSON_UNESCAPED_SLASHES ));
2019-05-11 12:27:21 +01:00
}
return false ;
}
/**
* Save remote user profile in local instance
*
2019-10-11 17:08:37 +01:00
* @ param array $res remote response
2019-05-11 12:27:21 +01:00
* @ return Profile remote Profile object
* @ throws NoProfileException
* @ throws ServerException
2019-09-13 18:57:49 +01:00
* @ throws Exception
2019-05-11 12:27:21 +01:00
* @ author Diogo Cordeiro < diogo @ fc . up . pt >
*/
private function store_profile ( $res )
{
// ActivityPub Profile
2019-10-11 16:00:11 +01:00
$aprofile = new Activitypub_profile ;
$aprofile -> uri = $res [ 'id' ];
$aprofile -> nickname = $res [ 'preferredUsername' ];
2020-03-28 03:13:06 +00:00
$aprofile -> fullname = $res [ 'name' ] ? ? null ;
2019-10-11 16:00:11 +01:00
$aprofile -> bio = isset ( $res [ 'summary' ]) ? substr ( strip_tags ( $res [ 'summary' ]), 0 , 1000 ) : null ;
$aprofile -> inboxuri = $res [ 'inbox' ];
2020-03-28 03:13:06 +00:00
$aprofile -> sharedInboxuri = $res [ 'endpoints' ][ 'sharedInbox' ] ? ? $res [ 'inbox' ];
$aprofile -> profileurl = $res [ 'url' ] ? ? $aprofile -> uri ;
2019-05-11 12:27:21 +01:00
$aprofile -> do_insert ();
$profile = $aprofile -> local_profile ();
// Public Key
$apRSA = new Activitypub_rsa ();
$apRSA -> profile_id = $profile -> getID ();
$apRSA -> public_key = $res [ 'publicKey' ][ 'publicKeyPem' ];
$apRSA -> store_keys ();
// Avatar
if ( isset ( $res [ 'icon' ][ 'url' ])) {
try {
$this -> update_avatar ( $profile , $res [ 'icon' ][ 'url' ]);
} catch ( Exception $e ) {
// Let the exception go, it isn't a serious issue
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: An error ocurred while grabbing remote avatar: ' . $e -> getMessage ());
2019-05-11 12:27:21 +01:00
}
}
return $profile ;
}
/**
* Download and update given avatar image
*
2019-10-11 17:08:37 +01:00
* @ param Profile $profile
* @ param string $url
2019-05-11 12:27:21 +01:00
* @ return Avatar The Avatar we have on disk .
* @ throws Exception in various failure cases
2019-10-11 16:00:11 +01:00
* @ author GNU social
2019-05-11 12:27:21 +01:00
*/
public static function update_avatar ( Profile $profile , $url )
{
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: Started grabbing remote avatar from: ' . $url );
2019-05-11 12:27:21 +01:00
if ( ! filter_var ( $url , FILTER_VALIDATE_URL )) {
// TRANS: Server exception. %s is a URL.
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: Failed because it is an invalid url: ' . $url );
2019-05-11 12:27:21 +01:00
throw new ServerException ( sprintf ( 'Invalid avatar URL %s.' , $url ));
}
// @todo FIXME: This should be better encapsulated
// ripped from oauthstore.php (for old OMB client)
$temp_filename = tempnam ( sys_get_temp_dir (), 'listener_avatar' );
try {
$imgData = HTTPClient :: quickGet ( $url );
// Make sure it's at least an image file. ImageFile can do the rest.
if ( false === getimagesizefromstring ( $imgData )) {
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: Failed because the downloaded avatar: ' . $url . 'is not a valid image.' );
2019-05-11 12:27:21 +01:00
throw new UnsupportedMediaException ( 'Downloaded avatar was not an image.' );
}
file_put_contents ( $temp_filename , $imgData );
unset ( $imgData ); // No need to carry this in memory.
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: Stored dowloaded avatar in: ' . $temp_filename );
2019-05-11 12:27:21 +01:00
$id = $profile -> getID ();
$imagefile = new ImageFile ( null , $temp_filename );
$filename = Avatar :: filename (
$id ,
image_type_to_extension ( $imagefile -> type ),
null ,
common_timestamp ()
);
rename ( $temp_filename , Avatar :: path ( $filename ));
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: Moved avatar from: ' . $temp_filename . ' to ' . $filename );
2019-05-11 12:27:21 +01:00
} catch ( Exception $e ) {
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: Something went wrong while processing the avatar from: ' . $url . ' details: ' . $e -> getMessage ());
2019-05-11 12:27:21 +01:00
unlink ( $temp_filename );
throw $e ;
}
// @todo FIXME: Hardcoded chmod is lame, but seems to be necessary to
// keep from accidentally saving images from command-line (queues)
// that can't be read from web server, which causes hard-to-notice
// problems later on:
//
// http://status.net/open-source/issues/2663
chmod ( Avatar :: path ( $filename ), 0644 );
$profile -> setOriginal ( $filename );
$orig = clone ( $profile );
$profile -> avatar = $url ;
$profile -> update ( $orig );
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: Seted Avatar from: ' . $url . ' to profile.' );
2019-05-11 12:27:21 +01:00
return Avatar :: getUploaded ( $profile );
}
/**
* Validates a remote response in order to determine whether this
* response is a valid profile or not
*
2019-10-11 17:08:37 +01:00
* @ param array $res remote response
2019-09-13 18:57:49 +01:00
* @ return bool success state
2019-10-11 16:00:11 +01:00
* @ author Diogo Cordeiro < diogo @ fc . up . pt >
2019-05-11 12:27:21 +01:00
*/
public static function validate_remote_response ( $res )
{
if ( ! isset ( $res [ 'id' ], $res [ 'preferredUsername' ], $res [ 'inbox' ], $res [ 'publicKey' ][ 'publicKeyPem' ])) {
return false ;
}
return true ;
}
/**
* Get a ActivityPub Profile from it ' s uri
* Unfortunately GNU social cache is not truly reliable when handling
* potential ActivityPub remote profiles , as so it is important to use
* this hacky workaround ( at least for now )
*
2019-10-11 17:08:37 +01:00
* @ param string $v URL
2019-09-13 18:57:49 +01:00
* @ return bool | Activitypub_profile false if fails | Aprofile object if successful
2019-10-11 16:00:11 +01:00
* @ author Diogo Cordeiro < diogo @ fc . up . pt >
2019-05-11 12:27:21 +01:00
*/
public static function get_aprofile_by_url ( $v )
{
$i = Managed_DataObject :: getcached ( " Activitypub_profile " , " uri " , $v );
if ( empty ( $i )) { // false = cache miss
$i = new Activitypub_profile ;
$result = $i -> get ( " uri " , $v );
if ( $result ) {
// Hit!
$i -> encache ();
} else {
return false ;
}
}
return $i ;
}
/**
* Given a valid actor profile url returns its inboxes
*
2019-10-11 17:08:37 +01:00
* @ param string $url of Actor profile
2019-09-13 18:57:49 +01:00
* @ return bool | array false if fails | array with inbox and shared inbox if successful
2019-05-11 12:27:21 +01:00
* @ throws HTTP_Request2_Exception
* @ throws Exception
* @ author Diogo Cordeiro < diogo @ fc . up . pt >
*/
public static function get_actor_inboxes_uri ( $url )
{
2019-10-11 16:00:11 +01:00
$client = new HTTPClient ();
2019-10-11 19:09:08 +01:00
$response = $client -> get ( $url , ACTIVITYPUB_HTTP_CLIENT_HEADERS );
2019-05-11 12:27:21 +01:00
if ( ! $response -> isOk ()) {
throw new Exception ( 'Invalid Actor URL.' );
}
$res = json_decode ( $response -> getBody (), true );
if ( self :: validate_remote_response ( $res )) {
return [
'inbox' => $res [ 'inbox' ],
'sharedInbox' => isset ( $res [ 'endpoints' ][ 'sharedInbox' ]) ? $res [ 'endpoints' ][ 'sharedInbox' ] : $res [ 'inbox' ]
];
}
return false ;
}
/**
* Allows the Explorer to transverse a collection of persons .
*
2019-10-11 17:08:37 +01:00
* @ param string $url
2019-09-13 18:57:49 +01:00
* @ return bool
2019-05-11 12:27:21 +01:00
* @ throws HTTP_Request2_Exception
* @ throws NoProfileException
* @ throws ServerException
* @ author Diogo Cordeiro < diogo @ fc . up . pt >
*/
private function travel_collection ( $url )
{
2019-10-11 16:00:11 +01:00
$client = new HTTPClient ();
2019-10-11 19:09:08 +01:00
$response = $client -> get ( $url , ACTIVITYPUB_HTTP_CLIENT_HEADERS );
2019-05-11 12:27:21 +01:00
$res = json_decode ( $response -> getBody (), true );
if ( ! isset ( $res [ 'orderedItems' ])) {
return false ;
}
foreach ( $res [ " orderedItems " ] as $profile ) {
if ( $this -> _lookup ( $profile ) == false ) {
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: Found an invalid actor for ' . $profile );
2019-05-11 12:27:21 +01:00
// TODO: Invalid actor found, fallback to OStatus
}
}
// Go through entire collection
if ( ! is_null ( $res [ " next " ])) {
2019-10-20 20:07:46 +01:00
$this -> travel_collection ( $res [ " next " ]);
2019-05-11 12:27:21 +01:00
}
return true ;
}
/**
* Get a remote user array from its URL ( this function is only used for
* profile updating and shall not be used for anything else )
*
2019-10-11 17:08:37 +01:00
* @ param string $url User ' s url
* @ return array
* @ throws Exception Either network issues or unsupported Activity format
2019-05-11 12:27:21 +01:00
* @ author Diogo Cordeiro < diogo @ fc . up . pt >
*/
public static function get_remote_user_activity ( $url )
{
2019-10-11 16:00:11 +01:00
$client = new HTTPClient ();
2019-10-11 19:09:08 +01:00
$response = $client -> get ( $url , ACTIVITYPUB_HTTP_CLIENT_HEADERS );
2019-05-11 12:27:21 +01:00
$res = json_decode ( $response -> getBody (), true );
if ( Activitypub_explorer :: validate_remote_response ( $res )) {
2019-10-11 16:00:11 +01:00
common_debug ( 'ActivityPub Explorer: Found a valid remote actor for ' . $url );
2019-05-11 12:27:21 +01:00
return $res ;
}
throw new Exception ( 'ActivityPub Explorer: Failed to get activity.' );
}
}