From a12712cc887e5b8234df27ed4f16c6fffaf62a4b Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 4 Dec 2022 20:29:01 -0700 Subject: [PATCH 1/3] Update MediaService, add summary attribute for better alt text federation --- app/Services/MediaService.php | 1 + 1 file changed, 1 insertion(+) diff --git a/app/Services/MediaService.php b/app/Services/MediaService.php index 6960af5f1..8ca90118f 100644 --- a/app/Services/MediaService.php +++ b/app/Services/MediaService.php @@ -79,6 +79,7 @@ class MediaService 'mediaType' => $s['mime'], 'url' => $s['url'], 'name' => $s['description'], + 'summary' => $s['description'], 'blurhash' => $s['blurhash'], 'license' => $license ]; From 25bc08adb9f2133debc8335be3b41671d3585fec Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 4 Dec 2022 22:15:50 -0700 Subject: [PATCH 2/3] Update FederationController --- app/Http/Controllers/FederationController.php | 58 +++++++++---------- app/Jobs/InboxPipeline/InboxValidator.php | 13 +++-- app/Jobs/InboxPipeline/InboxWorker.php | 15 ++--- 3 files changed, 41 insertions(+), 45 deletions(-) diff --git a/app/Http/Controllers/FederationController.php b/app/Http/Controllers/FederationController.php index d5189081c..e78ac6287 100644 --- a/app/Http/Controllers/FederationController.php +++ b/app/Http/Controllers/FederationController.php @@ -29,6 +29,7 @@ use App\Util\ActivityPub\{ Outbox }; use Zttp\Zttp; +use App\Services\InstanceService; class FederationController extends Controller { @@ -142,13 +143,19 @@ class FederationController extends Controller $headers = $request->headers->all(); $payload = $request->getContent(); + if(!$payload || empty($payload)) { + return; + } $obj = json_decode($payload, true, 8); + if(!isset($obj['id'])) { + return; + } + $domain = parse_url($obj['id'], PHP_URL_HOST); + if(in_array($domain, InstanceService::getBannedDomains())) { + return; + } if(isset($obj['type']) && $obj['type'] === 'Delete') { - if(!isset($obj['id'])) { - return; - } - usleep(5000); $lockKey = 'pf:ap:del-lock:' . hash('sha256', $obj['id']); if( isset($obj['actor']) && isset($obj['object']) && @@ -160,20 +167,19 @@ class FederationController extends Controller ) { if(Cache::get($lockKey) !== null) { return; + } else { + Cache::put($lockKey, 1, 3600); + usleep(5000); } } - Cache::put($lockKey, 1, 3600); dispatch(new DeleteWorker($headers, $payload))->onQueue('delete'); } else { - if(!isset($obj['id'])) { - return; - } - usleep(5000); $lockKey = 'pf:ap:user-inbox:activity:' . hash('sha256', $obj['id']); if(Cache::get($lockKey) !== null) { return; } Cache::put($lockKey, 1, 3600); + usleep(5000); dispatch(new InboxValidator($username, $headers, $payload))->onQueue('high'); } return; @@ -186,12 +192,22 @@ class FederationController extends Controller $headers = $request->headers->all(); $payload = $request->getContent(); + + if(!$payload || empty($payload)) { + return; + } + $obj = json_decode($payload, true, 8); + if(!isset($obj['id'])) { + return; + } + + $domain = parse_url($obj['id'], PHP_URL_HOST); + if(in_array($domain, InstanceService::getBannedDomains())) { + return; + } if(isset($obj['type']) && $obj['type'] === 'Delete') { - if(!isset($obj['id'])) { - return; - } $lockKey = 'pf:ap:del-lock:' . hash('sha256', $obj['id']); if( isset($obj['actor']) && isset($obj['object']) && @@ -217,15 +233,6 @@ class FederationController extends Controller { abort_if(!config_cache('federation.activitypub.enabled'), 404); - $profile = Profile::whereNull('remote_url') - ->whereUsername($username) - ->whereIsPrivate(false) - ->firstOrFail(); - - if($profile->status != null) { - abort(404); - } - $obj = [ '@context' => 'https://www.w3.org/ns/activitystreams', 'id' => $request->getUri(), @@ -240,15 +247,6 @@ class FederationController extends Controller { abort_if(!config_cache('federation.activitypub.enabled'), 404); - $profile = Profile::whereNull('remote_url') - ->whereUsername($username) - ->whereIsPrivate(false) - ->firstOrFail(); - - if($profile->status != null) { - abort(404); - } - $obj = [ '@context' => 'https://www.w3.org/ns/activitystreams', 'id' => $request->getUri(), diff --git a/app/Jobs/InboxPipeline/InboxValidator.php b/app/Jobs/InboxPipeline/InboxValidator.php index 22a023304..366d81326 100644 --- a/app/Jobs/InboxPipeline/InboxValidator.php +++ b/app/Jobs/InboxPipeline/InboxValidator.php @@ -49,12 +49,15 @@ class InboxValidator implements ShouldQueue { $username = $this->username; $headers = $this->headers; + + if(empty($headers) || empty($this->payload) || !isset($headers['signature']) || !isset($headers['date'])) { + return; + } + $payload = json_decode($this->payload, true, 8); - $profile = Profile::whereNull('domain')->whereUsername($username)->first(); - if(isset($payload['id'])) { - $lockKey = hash('sha256', $payload['id']); + $lockKey = 'ap:icid:' . hash('sha256', $payload['id']); if(Cache::get($lockKey) !== null) { // Job processed already return 1; @@ -62,9 +65,7 @@ class InboxValidator implements ShouldQueue Cache::put($lockKey, 1, 3600); } - if(!isset($headers['signature']) || !isset($headers['date'])) { - return; - } + $profile = Profile::whereNull('domain')->whereUsername($username)->first(); if(empty($profile) || empty($headers) || empty($payload)) { return; diff --git a/app/Jobs/InboxPipeline/InboxWorker.php b/app/Jobs/InboxPipeline/InboxWorker.php index 23371c3ce..e3165666a 100644 --- a/app/Jobs/InboxPipeline/InboxWorker.php +++ b/app/Jobs/InboxPipeline/InboxWorker.php @@ -47,10 +47,15 @@ class InboxWorker implements ShouldQueue { $profile = null; $headers = $this->headers; + + if(empty($headers) || empty($this->payload) || !isset($headers['signature']) || !isset($headers['date'])) { + return; + } + $payload = json_decode($this->payload, true, 8); if(isset($payload['id'])) { - $lockKey = hash('sha256', $payload['id']); + $lockKey = 'ap:icid:' . hash('sha256', $payload['id']); if(Cache::get($lockKey) !== null) { // Job processed already return 1; @@ -58,14 +63,6 @@ class InboxWorker implements ShouldQueue Cache::put($lockKey, 1, 3600); } - if(!isset($headers['signature']) || !isset($headers['date'])) { - return; - } - - if(empty($headers) || empty($payload)) { - return; - } - if($this->verifySignature($headers, $payload) == true) { (new Inbox($headers, $profile, $payload))->handle(); return; From 9f7672f5703cc6b9722558e5ee310929800a2f4f Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 4 Dec 2022 22:21:09 -0700 Subject: [PATCH 3/3] Update AvatarObserver, fix cloud delete bug by checking if cloud storage is enabled --- app/Observers/AvatarObserver.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Observers/AvatarObserver.php b/app/Observers/AvatarObserver.php index 987db3097..6c644099e 100644 --- a/app/Observers/AvatarObserver.php +++ b/app/Observers/AvatarObserver.php @@ -65,7 +65,7 @@ class AvatarObserver @unlink($path); } - if($avatar->cdn_url) { + if($avatar->cdn_url && config_cache('pixelfed.cloud_storage')) { $disk = Storage::disk(config('filesystems.cloud')); $base = Str::startsWith($avatar->media_path, 'cache/avatars/'); if($base && $disk->exists($avatar->media_path)) {