From e08869cbfc33c8294fac647cbef9236427ac83f8 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Fri, 9 Dec 2022 05:06:47 -0700 Subject: [PATCH 1/3] Update FederationController, fix outbox --- app/Http/Controllers/FederationController.php | 22 +++++++++---------- 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/app/Http/Controllers/FederationController.php b/app/Http/Controllers/FederationController.php index 0f1f5b853..0a6b75bf6 100644 --- a/app/Http/Controllers/FederationController.php +++ b/app/Http/Controllers/FederationController.php @@ -118,20 +118,18 @@ class FederationController extends Controller public function userOutbox(Request $request, $username) { abort_if(!config_cache('federation.activitypub.enabled'), 404); - abort_if(!config('federation.activitypub.outbox'), 404); - // $profile = Profile::whereNull('domain') - // ->whereNull('status') - // ->whereIsPrivate(false) - // ->whereUsername($username) - // ->firstOrFail(); + if(!$request->wantsJson()) { + return redirect('/' . $username); + } - // $key = 'ap:outbox:latest_10:pid:' . $profile->id; - // $ttl = now()->addMinutes(15); - // $res = Cache::remember($key, $ttl, function() use($profile) { - // return Outbox::get($profile); - // }); - $res = []; + $res = [ + '@context' => 'https://www.w3.org/ns/activitystreams', + 'id' => 'https://' . config('pixelfed.domain.app') . '/users/' . $username . '/outbox', + 'type' => 'OrderedCollection', + 'totalItems' => 0, + 'orderedItems' => [] + ]; return response(json_encode($res, JSON_UNESCAPED_SLASHES))->header('Content-Type', 'application/ld+json; profile="http://www.w3.org/ns/activitystreams"'); } From d1b888b5a6972745e2b9c76e2576f871c7c12771 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Fri, 9 Dec 2022 05:08:20 -0700 Subject: [PATCH 2/3] Update InboxPipeline, increase timeout from 60s to 300s --- app/Jobs/InboxPipeline/InboxValidator.php | 2 +- app/Jobs/InboxPipeline/InboxWorker.php | 2 +- app/Jobs/InboxPipeline/SharedInboxWorker.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/Jobs/InboxPipeline/InboxValidator.php b/app/Jobs/InboxPipeline/InboxValidator.php index 3587ec2f5..9e0c89a47 100644 --- a/app/Jobs/InboxPipeline/InboxValidator.php +++ b/app/Jobs/InboxPipeline/InboxValidator.php @@ -26,7 +26,7 @@ class InboxValidator implements ShouldQueue protected $headers; protected $payload; - public $timeout = 60; + public $timeout = 300; public $tries = 1; public $maxExceptions = 1; diff --git a/app/Jobs/InboxPipeline/InboxWorker.php b/app/Jobs/InboxPipeline/InboxWorker.php index be5eaab95..4af86bbe6 100644 --- a/app/Jobs/InboxPipeline/InboxWorker.php +++ b/app/Jobs/InboxPipeline/InboxWorker.php @@ -25,7 +25,7 @@ class InboxWorker implements ShouldQueue protected $headers; protected $payload; - public $timeout = 60; + public $timeout = 300; public $tries = 1; public $maxExceptions = 1; diff --git a/app/Jobs/InboxPipeline/SharedInboxWorker.php b/app/Jobs/InboxPipeline/SharedInboxWorker.php index 0bdcc4e5d..423919581 100644 --- a/app/Jobs/InboxPipeline/SharedInboxWorker.php +++ b/app/Jobs/InboxPipeline/SharedInboxWorker.php @@ -17,7 +17,7 @@ class SharedInboxWorker implements ShouldQueue protected $profile; protected $payload; - public $timeout = 60; + public $timeout = 300; public $tries = 1; /** From 3cfa8b69fb74a1631805bababc570b8bce825175 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Fri, 9 Dec 2022 05:45:48 -0700 Subject: [PATCH 3/3] Update InboxPipeline --- app/Jobs/InboxPipeline/InboxValidator.php | 20 ++++++++------------ app/Jobs/InboxPipeline/InboxWorker.php | 19 ++++++++----------- 2 files changed, 16 insertions(+), 23 deletions(-) diff --git a/app/Jobs/InboxPipeline/InboxValidator.php b/app/Jobs/InboxPipeline/InboxValidator.php index 9e0c89a47..fcc827dc4 100644 --- a/app/Jobs/InboxPipeline/InboxValidator.php +++ b/app/Jobs/InboxPipeline/InboxValidator.php @@ -80,9 +80,6 @@ class InboxValidator implements ShouldQueue if($this->verifySignature($headers, $profile, $payload) == true) { (new Inbox($headers, $profile, $payload))->handle(); return; - } else if($this->blindKeyRotation($headers, $profile, $payload) == true) { - (new Inbox($headers, $profile, $payload))->handle(); - return; } else { return; } @@ -96,18 +93,18 @@ class InboxValidator implements ShouldQueue $signature = is_array($headers['signature']) ? $headers['signature'][0] : $headers['signature']; $date = is_array($headers['date']) ? $headers['date'][0] : $headers['date']; if(!$signature) { - return; + return false; } if(!$date) { - return; + return false; } if(!now()->parse($date)->gt(now()->subDays(1)) || !now()->parse($date)->lt(now()->addDays(1)) ) { - return; + return false; } if(!isset($bodyDecoded['id'])) { - return; + return false; } $signatureData = HttpSignature::parseSignatureHeader($signature); $keyId = Helpers::validateUrl($signatureData['keyId']); @@ -127,12 +124,11 @@ class InboxValidator implements ShouldQueue } } if(parse_url($attr, PHP_URL_HOST) !== $keyDomain) { - return; + return false; } } if(!$keyDomain || !$idDomain || $keyDomain !== $idDomain) { - return; - abort(400, 'Invalid request'); + return false; } $actor = Profile::whereKeyId($keyId)->first(); if(!$actor) { @@ -140,11 +136,11 @@ class InboxValidator implements ShouldQueue $actor = Helpers::profileFirstOrNew($actorUrl); } if(!$actor) { - return; + return false; } $pkey = openssl_pkey_get_public($actor->public_key); if(!$pkey) { - return 0; + return false; } $inboxPath = "/users/{$profile->username}/inbox"; list($verified, $headers) = HttpSignature::verify($pkey, $signatureData, $headers, $inboxPath, $body); diff --git a/app/Jobs/InboxPipeline/InboxWorker.php b/app/Jobs/InboxPipeline/InboxWorker.php index 4af86bbe6..0dd76e9ab 100644 --- a/app/Jobs/InboxPipeline/InboxWorker.php +++ b/app/Jobs/InboxPipeline/InboxWorker.php @@ -68,9 +68,6 @@ class InboxWorker implements ShouldQueue if($this->verifySignature($headers, $payload) == true) { (new Inbox($headers, $profile, $payload))->handle(); return; - } else if($this->blindKeyRotation($headers, $payload) == true) { - (new Inbox($headers, $profile, $payload))->handle(); - return; } else { return; } @@ -83,18 +80,18 @@ class InboxWorker implements ShouldQueue $signature = is_array($headers['signature']) ? $headers['signature'][0] : $headers['signature']; $date = is_array($headers['date']) ? $headers['date'][0] : $headers['date']; if(!$signature) { - return; + return false; } if(!$date) { - return; + return false; } if(!now()->parse($date)->gt(now()->subDays(1)) || !now()->parse($date)->lt(now()->addDays(1)) ) { - return; + return false; } if(!isset($bodyDecoded['id'])) { - return; + return false; } $signatureData = HttpSignature::parseSignatureHeader($signature); $keyId = Helpers::validateUrl($signatureData['keyId']); @@ -114,11 +111,11 @@ class InboxWorker implements ShouldQueue } } if(parse_url($attr, PHP_URL_HOST) !== $keyDomain) { - return; + return false; } } if(!$keyDomain || !$idDomain || $keyDomain !== $idDomain) { - return; + return false; } $actor = Profile::whereKeyId($keyId)->first(); if(!$actor) { @@ -126,11 +123,11 @@ class InboxWorker implements ShouldQueue $actor = Helpers::profileFirstOrNew($actorUrl); } if(!$actor) { - return; + return false; } $pkey = openssl_pkey_get_public($actor->public_key); if(!$pkey) { - return 0; + return false; } $inboxPath = "/f/inbox"; list($verified, $headers) = HttpSignature::verify($pkey, $signatureData, $headers, $inboxPath, $body);