2016-11-15 17:56:29 +02:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2016-02-24 13:57:29 +02:00
|
|
|
class FollowRemoteAccountService < BaseService
|
2016-10-12 22:07:00 +03:00
|
|
|
include OStatus2::MagicKey
|
|
|
|
|
2016-11-15 17:56:29 +02:00
|
|
|
DFRN_NS = 'http://purl.org/macgirvin/dfrn/1.0'
|
2016-10-12 23:55:00 +03:00
|
|
|
|
2016-02-24 13:57:29 +02:00
|
|
|
# Find or create a local account for a remote user.
|
|
|
|
# When creating, look up the user's webfinger and fetch all
|
|
|
|
# important information from their feed
|
|
|
|
# @param [String] uri User URI in the form of username@domain
|
|
|
|
# @return [Account]
|
2017-04-19 18:28:35 +03:00
|
|
|
def call(uri, redirected = nil)
|
2016-02-22 17:00:20 +02:00
|
|
|
username, domain = uri.split('@')
|
2016-03-21 19:26:47 +02:00
|
|
|
|
2016-10-06 17:36:16 +03:00
|
|
|
return Account.find_local(username) if TagManager.instance.local_domain?(domain)
|
2016-03-21 19:26:47 +02:00
|
|
|
|
2016-09-04 22:15:52 +03:00
|
|
|
account = Account.find_remote(username, domain)
|
2017-04-16 17:38:29 +03:00
|
|
|
return account unless account_needs_webfinger_update?(account)
|
2016-09-20 01:39:03 +03:00
|
|
|
|
2016-11-03 17:57:44 +02:00
|
|
|
Rails.logger.debug "Looking up webfinger for #{uri}"
|
|
|
|
|
2016-02-22 19:10:30 +02:00
|
|
|
data = Goldfinger.finger("acct:#{uri}")
|
2016-02-20 23:53:20 +02:00
|
|
|
|
2016-10-13 14:41:06 +03:00
|
|
|
raise Goldfinger::Error, 'Missing resource links' if data.link('http://schemas.google.com/g/2010#updates-from').nil? || data.link('salmon').nil? || data.link('http://webfinger.net/rel/profile-page').nil? || data.link('magic-public-key').nil?
|
|
|
|
|
2017-04-19 18:28:35 +03:00
|
|
|
# Disallow account hijacking
|
2016-11-03 17:57:44 +02:00
|
|
|
confirmed_username, confirmed_domain = data.subject.gsub(/\Aacct:/, '').split('@')
|
|
|
|
|
2017-04-19 18:28:35 +03:00
|
|
|
unless confirmed_username.casecmp(username).zero? && confirmed_domain.casecmp(domain).zero?
|
|
|
|
return call("#{confirmed_username}@#{confirmed_domain}", true) if redirected.nil?
|
|
|
|
raise Goldfinger::Error, 'Requested and returned acct URI do not match'
|
|
|
|
end
|
|
|
|
|
2016-11-03 17:57:44 +02:00
|
|
|
return Account.find_local(confirmed_username) if TagManager.instance.local_domain?(confirmed_domain)
|
|
|
|
|
|
|
|
confirmed_account = Account.find_remote(confirmed_username, confirmed_domain)
|
2017-04-15 04:16:05 +03:00
|
|
|
if confirmed_account.nil?
|
|
|
|
Rails.logger.debug "Creating new remote account for #{uri}"
|
2016-11-03 17:57:44 +02:00
|
|
|
|
2017-04-15 04:16:05 +03:00
|
|
|
domain_block = DomainBlock.find_by(domain: domain)
|
|
|
|
account = Account.new(username: confirmed_username, domain: confirmed_domain)
|
|
|
|
account.suspended = true if domain_block && domain_block.suspend?
|
|
|
|
account.silenced = true if domain_block && domain_block.silence?
|
|
|
|
account.private_key = nil
|
|
|
|
else
|
|
|
|
account = confirmed_account
|
|
|
|
end
|
2016-11-03 17:57:44 +02:00
|
|
|
|
2017-04-15 04:16:05 +03:00
|
|
|
account.last_webfingered_at = Time.now.utc
|
2017-01-23 18:38:38 +02:00
|
|
|
|
2016-02-20 23:53:20 +02:00
|
|
|
account.remote_url = data.link('http://schemas.google.com/g/2010#updates-from').href
|
|
|
|
account.salmon_url = data.link('salmon').href
|
2016-02-23 20:17:37 +02:00
|
|
|
account.url = data.link('http://webfinger.net/rel/profile-page').href
|
2016-02-20 23:53:20 +02:00
|
|
|
account.public_key = magic_key_to_pem(data.link('magic-public-key').href)
|
|
|
|
|
2017-04-05 22:41:50 +03:00
|
|
|
body, xml = get_feed(account.remote_url)
|
|
|
|
hubs = get_hubs(xml)
|
2016-02-20 23:53:20 +02:00
|
|
|
|
2016-10-12 23:55:00 +03:00
|
|
|
account.uri = get_account_uri(xml)
|
2016-02-20 23:53:20 +02:00
|
|
|
account.hub_url = hubs.first.attribute('href').value
|
2016-02-22 19:10:30 +02:00
|
|
|
|
2016-02-20 23:53:20 +02:00
|
|
|
account.save!
|
2017-04-08 04:24:35 +03:00
|
|
|
get_profile(body, account)
|
2016-02-20 23:53:20 +02:00
|
|
|
|
2016-11-15 17:56:29 +02:00
|
|
|
account
|
2016-02-20 23:53:20 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
2017-04-16 17:38:29 +03:00
|
|
|
def account_needs_webfinger_update?(account)
|
|
|
|
account&.last_webfingered_at.nil? || account.last_webfingered_at <= 1.day.ago
|
|
|
|
end
|
|
|
|
|
2016-02-20 23:53:20 +02:00
|
|
|
def get_feed(url)
|
|
|
|
response = http_client.get(Addressable::URI.parse(url))
|
2017-04-05 22:41:50 +03:00
|
|
|
[response.to_s, Nokogiri::XML(response)]
|
2016-02-20 23:53:20 +02:00
|
|
|
end
|
|
|
|
|
2016-10-12 23:55:00 +03:00
|
|
|
def get_hubs(xml)
|
|
|
|
hubs = xml.xpath('//xmlns:link[@rel="hub"]')
|
|
|
|
raise Goldfinger::Error, 'No PubSubHubbub hubs found' if hubs.empty? || hubs.first.attribute('href').nil?
|
|
|
|
hubs
|
|
|
|
end
|
|
|
|
|
|
|
|
def get_account_uri(xml)
|
|
|
|
author_uri = xml.at_xpath('/xmlns:feed/xmlns:author/xmlns:uri')
|
|
|
|
|
|
|
|
if author_uri.nil?
|
|
|
|
owner = xml.at_xpath('/xmlns:feed').at_xpath('./dfrn:owner', dfrn: DFRN_NS)
|
|
|
|
author_uri = owner.at_xpath('./xmlns:uri') unless owner.nil?
|
|
|
|
end
|
|
|
|
|
|
|
|
raise Goldfinger::Error, 'Author URI could not be found' if author_uri.nil?
|
|
|
|
author_uri.content
|
|
|
|
end
|
|
|
|
|
2017-04-05 22:41:50 +03:00
|
|
|
def get_profile(body, account)
|
|
|
|
RemoteProfileUpdateWorker.perform_async(account.id, body.force_encoding('UTF-8'), false)
|
2016-02-28 15:26:26 +02:00
|
|
|
end
|
|
|
|
|
2016-02-20 23:53:20 +02:00
|
|
|
def http_client
|
Fix #24 - Thread resolving for remote statuses
This is a big one, so let me enumerate:
Accounts as well as stream entry pages now contain Link headers that
reference the Atom feed and Webfinger URL for the former and Atom entry
for the latter. So you only need to HEAD those resources to get that
information, no need to download and parse HTML <link>s.
ProcessFeedService will now queue ThreadResolveWorker for each remote
status that it cannot find otherwise. Furthermore, entries are now
processed in reverse order (from bottom to top) in case a newer entry
references a chronologically previous one.
ThreadResolveWorker uses FetchRemoteStatusService to obtain a status
and attach the child status it was queued for to it.
FetchRemoteStatusService looks up the URL, first with a HEAD, tests
if it's an Atom feed, in which case it processes it directly. Next
for Link headers to the Atom feed, in which case that is fetched
and processed. Lastly if it's HTML, it is checked for <link>s to the Atom
feed, and if such is found, that is fetched and processed. The account for
the status is derived from author/name attribute in the XML and the hostname
in the URL (domain). FollowRemoteAccountService and ProcessFeedService
are used.
This means that potentially threads are resolved recursively until a dead-end
is encountered, however it is performed asynchronously over background jobs,
so it should be ok.
2016-09-21 02:34:14 +03:00
|
|
|
HTTP.timeout(:per_operation, write: 20, connect: 20, read: 50)
|
2016-02-20 23:53:20 +02:00
|
|
|
end
|
|
|
|
end
|