Refactor all ActivityPub deliveries to be serialized and signed through one concern (#10966)

app/lib/activitypub/activity/follow.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class ActivityPub::Activity::Follow < ActivityPub::Activity
+  include Payloadable
+
   def perform
     target_account = account_from_uri(object_uri)
 
@@ -28,7 +30,7 @@ class ActivityPub::Activity::Follow < ActivityPub::Activity
   end
 
   def reject_follow_request!(target_account)
-    json = ActiveModelSerializers::SerializableResource.new(FollowRequest.new(account: @account, target_account: target_account, uri: @json['id']), serializer: ActivityPub::RejectFollowSerializer, adapter: ActivityPub::Adapter).to_json
+    json = Oj.dump(serialize_payload(FollowRequest.new(account: @account, target_account: target_account, uri: @json['id']), ActivityPub::RejectFollowSerializer))
     ActivityPub::DeliveryWorker.perform_async(json, target_account.id, @account.inbox_url)
   end
 end

app/models/account.rb

@@ -204,6 +204,10 @@ class Account < ApplicationRecord
     end
   end
 
+  def sign?
+    true
+  end
+
   def keypair
     @keypair ||= OpenSSL::PKey::RSA.new(private_key || public_key)
   end

app/models/form/account_batch.rb

@@ -3,6 +3,7 @@
 class Form::AccountBatch
   include ActiveModel::Model
   include Authorization
+  include Payloadable
 
   attr_accessor :account_ids, :action, :current_account
 
@@ -54,13 +55,7 @@ class Form::AccountBatch
 
     return unless follow.account.activitypub?
 
-    json = ActiveModelSerializers::SerializableResource.new(
-      follow,
-      serializer: ActivityPub::RejectFollowSerializer,
-      adapter: ActivityPub::Adapter
-    ).to_json
-
-    ActivityPub::DeliveryWorker.perform_async(json, current_account.id, follow.account.inbox_url)
+    ActivityPub::DeliveryWorker.perform_async(Oj.dump(serialize_payload(follow, ActivityPub::RejectFollowSerializer)), current_account.id, follow.account.inbox_url)
   end
 
   def approve!

app/models/status.rb

@@ -204,6 +204,8 @@ class Status < ApplicationRecord
     public_visibility? || unlisted_visibility?
   end
 
+  alias sign? distributable?
+
   def with_media?
     media_attachments.any?
   end

app/services/after_block_domain_from_account_service.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class AfterBlockDomainFromAccountService < BaseService
+  include Payloadable
+
   # This service does not create an AccountDomainBlock record,
   # it's meant to be called after such a record has been created
   # synchronously, to "clean up"
@@ -31,12 +33,6 @@ class AfterBlockDomainFromAccountService < BaseService
 
     return unless follow.account.activitypub?
 
-    json = ActiveModelSerializers::SerializableResource.new(
-      follow,
-      serializer: ActivityPub::RejectFollowSerializer,
-      adapter: ActivityPub::Adapter
-    ).to_json
-
-    ActivityPub::DeliveryWorker.perform_async(json, @account.id, follow.account.inbox_url)
+    ActivityPub::DeliveryWorker.perform_async(Oj.dump(serialize_payload(follow, ActivityPub::RejectFollowSerializer)), @account.id, follow.account.inbox_url)
   end
 end

app/services/authorize_follow_service.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class AuthorizeFollowService < BaseService
+  include Payloadable
+
   def call(source_account, target_account, **options)
     if options[:skip_follow_request]
       follow_request = FollowRequest.new(account: source_account, target_account: target_account, uri: options[:follow_request_uri])
@@ -24,11 +26,7 @@ class AuthorizeFollowService < BaseService
   end
 
   def build_json(follow_request)
-    ActiveModelSerializers::SerializableResource.new(
-      follow_request,
-      serializer: ActivityPub::AcceptFollowSerializer,
-      adapter: ActivityPub::Adapter
-    ).to_json
+    Oj.dump(serialize_payload(follow_request, ActivityPub::AcceptFollowSerializer))
   end
 
   def build_xml(follow_request)

app/services/block_service.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class BlockService < BaseService
+  include Payloadable
+
   def call(account, target_account)
     return if account.id == target_account.id
 
@@ -26,11 +28,7 @@ class BlockService < BaseService
   end
 
   def build_json(block)
-    ActiveModelSerializers::SerializableResource.new(
-      block,
-      serializer: ActivityPub::BlockSerializer,
-      adapter: ActivityPub::Adapter
-    ).to_json
+    Oj.dump(serialize_payload(block, ActivityPub::BlockSerializer))
   end
 
   def build_xml(block)

app/services/concerns/payloadable.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Payloadable
+  def serialize_payload(record, serializer, options = {})
+    signer    = options.delete(:signer)
+    sign_with = options.delete(:sign_with)
+    payload   = ActiveModelSerializers::SerializableResource.new(record, options.merge(serializer: serializer, adapter: ActivityPub::Adapter)).as_json
+
+    if (record.respond_to?(:sign?) && record.sign?) && signer && signing_enabled?
+      ActivityPub::LinkedDataSignature.new(payload).sign!(signer, sign_with: sign_with)
+    else
+      payload
+    end
+  end
+
+  def signing_enabled?
+    true
+  end
+end

app/services/favourite_service.rb

@@ -2,6 +2,7 @@
 
 class FavouriteService < BaseService
   include Authorization
+  include Payloadable
 
   # Favourite a status and notify remote user
   # @param [Account] account
@@ -43,11 +44,7 @@ class FavouriteService < BaseService
   end
 
   def build_json(favourite)
-    Oj.dump(ActivityPub::LinkedDataSignature.new(ActiveModelSerializers::SerializableResource.new(
-      favourite,
-      serializer: ActivityPub::LikeSerializer,
-      adapter: ActivityPub::Adapter
-    ).as_json).sign!(favourite.account))
+    Oj.dump(serialize_payload(favourite, ActivityPub::LikeSerializer))
   end
 
   def build_xml(favourite)

app/services/follow_service.rb

@@ -2,6 +2,7 @@
 
 class FollowService < BaseService
   include Redisable
+  include Payloadable
 
   # Follow a remote user, notify remote user about the follow
   # @param [Account] source_account From which to follow
@@ -78,10 +79,6 @@ class FollowService < BaseService
   end
 
   def build_json(follow_request)
-    ActiveModelSerializers::SerializableResource.new(
-      follow_request,
-      serializer: ActivityPub::FollowSerializer,
-      adapter: ActivityPub::Adapter
-    ).to_json
+    Oj.dump(serialize_payload(follow_request, ActivityPub::FollowSerializer))
   end
 end

app/services/process_mentions_service.rb

@@ -2,6 +2,7 @@
 
 class ProcessMentionsService < BaseService
   include StreamEntryRenderer
+  include Payloadable
 
   # Scan status for mentions and fetch remote mentioned users, create
   # local mention pointers, send Salmon notifications to mentioned
@@ -61,12 +62,7 @@ class ProcessMentionsService < BaseService
 
   def activitypub_json
     return @activitypub_json if defined?(@activitypub_json)
-    payload = ActiveModelSerializers::SerializableResource.new(
-      @status,
-      serializer: ActivityPub::ActivitySerializer,
-      adapter: ActivityPub::Adapter
-    ).as_json
-    @activitypub_json = Oj.dump(@status.distributable? ? ActivityPub::LinkedDataSignature.new(payload).sign!(@status.account) : payload)
+    @activitypub_json = Oj.dump(serialize_payload(@status, ActivityPub::ActivitySerializer, signer: @status.account))
   end
 
   def resolve_account_service

app/services/reblog_service.rb

@@ -3,6 +3,7 @@
 class ReblogService < BaseService
   include Authorization
   include StreamEntryRenderer
+  include Payloadable
 
   # Reblog a status and notify its remote author
   # @param [Account] account Account to reblog from
@@ -53,10 +54,6 @@ class ReblogService < BaseService
   end
 
   def build_json(reblog)
-    Oj.dump(ActivityPub::LinkedDataSignature.new(ActiveModelSerializers::SerializableResource.new(
-      reblog,
-      serializer: ActivityPub::ActivitySerializer,
-      adapter: ActivityPub::Adapter
-    ).as_json).sign!(reblog.account))
+    Oj.dump(serialize_payload(reblog, ActivityPub::ActivitySerializer, signer: reblog.account))
   end
 end

app/services/reject_follow_service.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class RejectFollowService < BaseService
+  include Payloadable
+
   def call(source_account, target_account)
     follow_request = FollowRequest.find_by!(account: source_account, target_account: target_account)
     follow_request.reject!
@@ -19,11 +21,7 @@ class RejectFollowService < BaseService
   end
 
   def build_json(follow_request)
-    ActiveModelSerializers::SerializableResource.new(
-      follow_request,
-      serializer: ActivityPub::RejectFollowSerializer,
-      adapter: ActivityPub::Adapter
-    ).to_json
+    Oj.dump(serialize_payload(follow_request, ActivityPub::RejectFollowSerializer))
   end
 
   def build_xml(follow_request)

app/services/remove_status_service.rb

@@ -3,6 +3,7 @@
 class RemoveStatusService < BaseService
   include StreamEntryRenderer
   include Redisable
+  include Payloadable
 
   def call(status, **options)
     @payload      = Oj.dump(event: :delete, payload: status.id.to_s)
@@ -115,15 +116,7 @@ class RemoveStatusService < BaseService
   end
 
   def signed_activity_json
-    @signed_activity_json ||= Oj.dump(ActivityPub::LinkedDataSignature.new(activity_json).sign!(@account))
-  end
-
-  def activity_json
-    @activity_json ||= ActiveModelSerializers::SerializableResource.new(
-      @status,
-      serializer: @status.reblog? ? ActivityPub::UndoAnnounceSerializer : ActivityPub::DeleteSerializer,
-      adapter: ActivityPub::Adapter
-    ).as_json
+    @signed_activity_json ||= Oj.dump(serialize_payload(@status, @status.reblog? ? ActivityPub::UndoAnnounceSerializer : ActivityPub::DeleteSerializer, signer: @account))
   end
 
   def remove_reblogs

app/services/report_service.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class ReportService < BaseService
+  include Payloadable
+
   def call(source_account, target_account, options = {})
     @source_account = source_account
     @target_account = target_account
@@ -44,12 +46,7 @@ class ReportService < BaseService
   end
 
   def payload
-    Oj.dump(ActiveModelSerializers::SerializableResource.new(
-      @report,
-      serializer: ActivityPub::FlagSerializer,
-      adapter: ActivityPub::Adapter,
-      account: some_local_account
-    ).as_json)
+    Oj.dump(serialize_payload(@report, ActivityPub::FlagSerializer, account: some_local_account))
   end
 
   def some_local_account

app/services/suspend_account_service.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class SuspendAccountService < BaseService
+  include Payloadable
+
   ASSOCIATIONS_ON_SUSPEND = %w(
     account_pins
     active_relationships
@@ -118,23 +120,11 @@ class SuspendAccountService < BaseService
   end
 
   def delete_actor_json
-    return @delete_actor_json if defined?(@delete_actor_json)
-
-    payload = ActiveModelSerializers::SerializableResource.new(
-      @account,
-      serializer: ActivityPub::DeleteActorSerializer,
-      adapter: ActivityPub::Adapter
-    ).as_json
-
-    @delete_actor_json = Oj.dump(ActivityPub::LinkedDataSignature.new(payload).sign!(@account))
+    @delete_actor_json ||= Oj.dump(serialize_payload(@account, ActivityPub::DeleteActorSerializer, signer: @account))
   end
 
   def build_reject_json(follow)
-    ActiveModelSerializers::SerializableResource.new(
-      follow,
-      serializer: ActivityPub::RejectFollowSerializer,
-      adapter: ActivityPub::Adapter
-    ).to_json
+    Oj.dump(serialize_payload(follow, ActivityPub::RejectFollowSerializer))
   end
 
   def delivery_inboxes

app/services/unblock_service.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class UnblockService < BaseService
+  include Payloadable
+
   def call(account, target_account)
     return unless account.blocking?(target_account)
 
@@ -20,11 +22,7 @@ class UnblockService < BaseService
   end
 
   def build_json(unblock)
-    ActiveModelSerializers::SerializableResource.new(
-      unblock,
-      serializer: ActivityPub::UndoBlockSerializer,
-      adapter: ActivityPub::Adapter
-    ).to_json
+    Oj.dump(serialize_payload(unblock, ActivityPub::UndoBlockSerializer))
   end
 
   def build_xml(block)

app/services/unfavourite_service.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class UnfavouriteService < BaseService
+  include Payloadable
+
   def call(account, status)
     favourite = Favourite.find_by!(account: account, status: status)
     favourite.destroy!
@@ -21,11 +23,7 @@ class UnfavouriteService < BaseService
   end
 
   def build_json(favourite)
-    Oj.dump(ActivityPub::LinkedDataSignature.new(ActiveModelSerializers::SerializableResource.new(
-      favourite,
-      serializer: ActivityPub::UndoLikeSerializer,
-      adapter: ActivityPub::Adapter
-    ).as_json).sign!(favourite.account))
+    Oj.dump(serialize_payload(favourite, ActivityPub::UndoLikeSerializer))
   end
 
   def build_xml(favourite)

app/services/unfollow_service.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class UnfollowService < BaseService
+  include Payloadable
+
   # Unfollow and notify the remote user
   # @param [Account] source_account Where to unfollow from
   # @param [Account] target_account Which to unfollow
@@ -50,19 +52,11 @@ class UnfollowService < BaseService
   end
 
   def build_json(follow)
-    ActiveModelSerializers::SerializableResource.new(
-      follow,
-      serializer: ActivityPub::UndoFollowSerializer,
-      adapter: ActivityPub::Adapter
-    ).to_json
+    Oj.dump(serialize_payload(follow, ActivityPub::UndoFollowSerializer))
   end
 
   def build_reject_json(follow)
-    ActiveModelSerializers::SerializableResource.new(
-      follow,
-      serializer: ActivityPub::RejectFollowSerializer,
-      adapter: ActivityPub::Adapter
-    ).to_json
+    Oj.dump(serialize_payload(follow, ActivityPub::RejectFollowSerializer))
   end
 
   def build_xml(follow)

app/services/vote_service.rb

@@ -2,6 +2,7 @@
 
 class VoteService < BaseService
   include Authorization
+  include Payloadable
 
   def call(account, poll, choices)
     authorize_with account, poll, :vote?
@@ -50,10 +51,6 @@ class VoteService < BaseService
   end
 
   def build_json(vote)
-    ActiveModelSerializers::SerializableResource.new(
-      vote,
-      serializer: ActivityPub::VoteSerializer,
-      adapter: ActivityPub::Adapter
-    ).to_json
+    Oj.dump(serialize_payload(vote, ActivityPub::VoteSerializer))
   end
 end

app/workers/activitypub/distribute_poll_update_worker.rb

@@ -2,6 +2,7 @@
 
 class ActivityPub::DistributePollUpdateWorker
   include Sidekiq::Worker
+  include Payloadable
 
   sidekiq_options queue: 'push', unique: :until_executed, retry: 0
 
@@ -41,20 +42,8 @@ class ActivityPub::DistributePollUpdateWorker
     @inboxes
   end
 
-  def signed_payload
-    Oj.dump(ActivityPub::LinkedDataSignature.new(unsigned_payload).sign!(@account))
-  end
-
-  def unsigned_payload
-    ActiveModelSerializers::SerializableResource.new(
-      @status,
-      serializer: ActivityPub::UpdatePollSerializer,
-      adapter: ActivityPub::Adapter
-    ).as_json
-  end
-
   def payload
-    @payload ||= @status.distributable? ? signed_payload : Oj.dump(unsigned_payload)
+    @payload ||= Oj.dump(serialize_payload(@status, ActivityPub::UpdatePollSerializer, signer: @account))
   end
 
   def relay!

app/workers/activitypub/distribution_worker.rb

@@ -2,6 +2,7 @@
 
 class ActivityPub::DistributionWorker
   include Sidekiq::Worker
+  include Payloadable
 
   sidekiq_options queue: 'push'
 
@@ -41,20 +42,8 @@ class ActivityPub::DistributionWorker
                  end
   end
 
-  def signed_payload
-    Oj.dump(ActivityPub::LinkedDataSignature.new(unsigned_payload).sign!(@account))
-  end
-
-  def unsigned_payload
-    ActiveModelSerializers::SerializableResource.new(
-      @status,
-      serializer: ActivityPub::ActivitySerializer,
-      adapter: ActivityPub::Adapter
-    ).as_json
-  end
-
   def payload
-    @payload ||= @status.distributable? ? signed_payload : Oj.dump(unsigned_payload)
+    @payload ||= Oj.dump(serialize_payload(@status, ActivityPub::ActivitySerializer, signer: @account))
   end
 
   def relay!

app/workers/activitypub/reply_distribution_worker.rb

@@ -5,6 +5,7 @@
 
 class ActivityPub::ReplyDistributionWorker
   include Sidekiq::Worker
+  include Payloadable
 
   sidekiq_options queue: 'push'
 
@@ -27,19 +28,7 @@ class ActivityPub::ReplyDistributionWorker
     @inboxes ||= @account.followers.inboxes
   end
 
-  def signed_payload
-    Oj.dump(ActivityPub::LinkedDataSignature.new(unsigned_payload).sign!(@status.account))
-  end
-
-  def unsigned_payload
-    ActiveModelSerializers::SerializableResource.new(
-      @status,
-      serializer: ActivityPub::ActivitySerializer,
-      adapter: ActivityPub::Adapter
-    ).as_json
-  end
-
   def payload
-    @payload ||= @status.distributable? ? signed_payload : Oj.dump(unsigned_payload)
+    @payload ||= Oj.dump(serialize_payload(@status, ActivityPub::ActivitySerializer, signer: @status.account))
   end
 end

app/workers/activitypub/update_distribution_worker.rb

@@ -2,6 +2,7 @@
 
 class ActivityPub::UpdateDistributionWorker
   include Sidekiq::Worker
+  include Payloadable
 
   sidekiq_options queue: 'push'
 
@@ -27,14 +28,6 @@ class ActivityPub::UpdateDistributionWorker
   end
 
   def signed_payload
-    @signed_payload ||= Oj.dump(ActivityPub::LinkedDataSignature.new(payload).sign!(@account, sign_with: @options[:sign_with]))
-  end
-
-  def payload
-    @payload ||= ActiveModelSerializers::SerializableResource.new(
-      @account,
-      serializer: ActivityPub::UpdateSerializer,
-      adapter: ActivityPub::Adapter
-    ).as_json
+    @signed_payload ||= Oj.dump(serialize_payload(@account, ActivityPub::UpdateSerializer, signer: @account, sign_with: @options[:sign_with]))
   end
 end