gitea/nas
1
0
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Add ActivityPub actor representing the entire server (#11321)

Browse source 
* Add support for an instance actor

* Skip username validation for local Application accounts

* Add migration script to create instance actor

* Make Codeclimate happy

* Switch to id -99 for instance actor

* Remove unused `icon` and `image` attributes from instance actor

* Use if/elsif/else instead of return + ternary operator

* Add instance actor to fresh installs

* Use instance actor as instance representative

Use instance actor for forwarding reports, relay operations, and spam
auto-reporting.

* Seed database in test environment

* Fix single-user mode

* Fix tests

* Fix specs to accomodate for an extra `Account`

* Auto-reject follows on instance actor

Following an instance actor might make sense, but we are not handling that
right now, so auto-reject.

* Fix webfinger lookup and serialization for instance actor

* Rename instance actor

* Make it clear in the HTML view that the instance actor should not be blocked

* Raise cache time for instance actor as there's no dynamic content

* Re-use /about/more with a flash message for instance actor profile
This commit is contained in:
ThibG 2019-07-19 01:44:42 +02:00 committed by Eugen Rochko
parent 15c7478c55
commit 730c4053d6
23 changed files with 141 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/about_controller.rb
View file

@ -11,7 +11,9 @@ class AboutController < ApplicationController
def show; end
def more; end
def more
flash.now[:notice] = I18n.t('about.instance_actor_flash') if params[:instance_actor]
end
def terms; end

2
app/controllers/application_controller.rb
View file

@ -91,7 +91,7 @@ class ApplicationController < ActionController::Base
end
def single_user_mode?
@single_user_mode ||= Rails.configuration.x.single_user_mode && Account.exists?
@single_user_mode ||= Rails.configuration.x.single_user_mode && Account.where('id > 0').exists?
end
def use_seamless_external_login?

2
app/controllers/home_controller.rb
View file

@ -58,7 +58,7 @@ class HomeController < ApplicationController
if request.path.start_with?('/web')
new_user_session_path
elsif single_user_mode?
short_account_path(Account.local.without_suspended.first)
short_account_path(Account.local.without_suspended.where('id > 0').first)
else
about_path
end

20
app/controllers/instance_actors_controller.rb Normal file
View file

@ -0,0 +1,20 @@
# frozen_string_literal: true
class InstanceActorsController < ApplicationController
include AccountControllerConcern
def show
expires_in 10.minutes, public: true
render json: @account, content_type: 'application/activity+json', serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter, fields: restrict_fields_to
end
private
def set_account
@account = Account.find(-99)
end
def restrict_fields_to
%i(id type preferred_username inbox public_key endpoints url manually_approves_followers)
end
end

4
app/javascript/styles/mastodon/containers.scss
View file

@ -145,6 +145,10 @@
min-height: 100%;
}
.flash-message {
margin-bottom: 10px;
}
@media screen and (max-width: 738px) {
grid-template-columns: minmax(0, 50%) minmax(0, 50%);

2
app/lib/activitypub/activity/follow.rb
View file

@ -8,7 +8,7 @@ class ActivityPub::Activity::Follow < ActivityPub::Activity
return if target_account.nil? || !target_account.local? || delete_arrived_first?(@json['id']) || @account.requested?(target_account)
if target_account.blocking?(@account) || target_account.domain_blocking?(@account.domain) || target_account.moved?
if target_account.blocking?(@account) || target_account.domain_blocking?(@account.domain) || target_account.moved? || target_account.instance_actor?
reject_follow_request!(target_account)
return
end

5
app/lib/activitypub/tag_manager.rb
View file

@ -17,7 +17,7 @@ class ActivityPub::TagManager
case target.object_type
when :person
short_account_url(target)
target.instance_actor? ? about_more_url(instance_actor: true) : short_account_url(target)
when :note, :comment, :activity
return activity_account_status_url(target.account, target) if target.reblog?
short_account_status_url(target.account, target)
@ -29,7 +29,7 @@ class ActivityPub::TagManager
case target.object_type
when :person
account_url(target)
target.instance_actor? ? instance_actor_url : account_url(target)
when :note, :comment, :activity
return activity_account_status_url(target.account, target) if target.reblog?
account_status_url(target.account, target)
@ -119,6 +119,7 @@ class ActivityPub::TagManager
def uri_to_local_id(uri, param = :id)
path_params = Rails.application.routes.recognize_path(uri)
path_params[:username] = Rails.configuration.x.local_domain if path_params[:controller] == 'instance_actors'
path_params[param]
end

6
app/lib/webfinger_resource.rb
View file

@ -23,11 +23,17 @@ class WebfingerResource
def username_from_url
if account_show_page?
path_params[:username]
elsif instance_actor_page?
Rails.configuration.x.local_domain
else
raise ActiveRecord::RecordNotFound
end
end
def instance_actor_page?
path_params[:controller] == 'instance_actors'
end
def account_show_page?
path_params[:controller] == 'accounts' && path_params[:action] == 'show'
end

8
app/models/account.rb
View file

@ -77,7 +77,7 @@ class Account < ApplicationRecord
validates :username, format: { with: /\A#{USERNAME_RE}\z/i }, if: -> { !local? && will_save_change_to_username? }
# Local user validations
validates :username, format: { with: /\A[a-z0-9_]+\z/i }, length: { maximum: 30 }, if: -> { local? && will_save_change_to_username? }
validates :username, format: { with: /\A[a-z0-9_]+\z/i }, length: { maximum: 30 }, if: -> { local? && will_save_change_to_username? && actor_type != 'Application' }
validates_with UniqueUsernameValidator, if: -> { local? && will_save_change_to_username? }
validates_with UnreservedUsernameValidator, if: -> { local? && will_save_change_to_username? }
validates :display_name, length: { maximum: 30 }, if: -> { local? && will_save_change_to_display_name? }
@ -139,6 +139,10 @@ class Account < ApplicationRecord
%w(Application Service).include? actor_type
end
def instance_actor?
id == -99
end
alias bot bot?
def bot=(val)
@ -498,7 +502,7 @@ class Account < ApplicationRecord
end
def generate_keys
return unless local? && !Rails.env.test?
return unless local? && private_key.blank? && public_key.blank?
keypair = OpenSSL::PKey::RSA.new(2048)
self.private_key = keypair.to_pem

2
app/models/concerns/account_finder_concern.rb
View file

@ -13,7 +13,7 @@ module AccountFinderConcern
end
def representative
find_local(Setting.site_contact_username.strip.gsub(/\A@/, '')) || Account.local.without_suspended.first
Account.find(-99)
end
def find_local(username)

14
app/serializers/activitypub/actor_serializer.rb
View file

@ -39,11 +39,17 @@ class ActivityPub::ActorSerializer < ActivityPub::Serializer
delegate :moved?, to: :object
def id
account_url(object)
object.instance_actor? ? instance_actor_url : account_url(object)
end
def type
object.bot? ? 'Service' : 'Person'
if object.instance_actor?
'Application'
elsif object.bot?
'Service'
else
'Person'
end
end
def following
@ -55,7 +61,7 @@ class ActivityPub::ActorSerializer < ActivityPub::Serializer
end
def inbox
account_inbox_url(object)
object.instance_actor? ? instance_actor_inbox_url : account_inbox_url(object)
end
def outbox
@ -95,7 +101,7 @@ class ActivityPub::ActorSerializer < ActivityPub::Serializer
end
def url
short_account_url(object)
object.instance_actor? ? about_more_url(instance_actor: true) : short_account_url(object)
end
def avatar_exists?

25
app/serializers/webfinger_serializer.rb
View file

@ -10,15 +10,26 @@ class WebfingerSerializer < ActiveModel::Serializer
end
def aliases
[short_account_url(object), account_url(object)]
if object.instance_actor?
[instance_actor_url]
else
[short_account_url(object), account_url(object)]
end
end
def links
[
{ rel: 'http://webfinger.net/rel/profile-page', type: 'text/html', href: short_account_url(object) },
{ rel: 'http://schemas.google.com/g/2010#updates-from', type: 'application/atom+xml', href: account_url(object, format: 'atom') },
{ rel: 'self', type: 'application/activity+json', href: account_url(object) },
{ rel: 'http://ostatus.org/schema/1.0/subscribe', template: "#{authorize_interaction_url}?uri={uri}" },
]
if object.instance_actor?
[
{ rel: 'http://webfinger.net/rel/profile-page', type: 'text/html', href: about_more_url(instance_actor: true) },
{ rel: 'self', type: 'application/activity+json', href: instance_actor_url },
]
else
[
{ rel: 'http://webfinger.net/rel/profile-page', type: 'text/html', href: short_account_url(object) },
{ rel: 'http://schemas.google.com/g/2010#updates-from', type: 'application/atom+xml', href: account_url(object, format: 'atom') },
{ rel: 'self', type: 'application/activity+json', href: account_url(object) },
{ rel: 'http://ostatus.org/schema/1.0/subscribe', template: "#{authorize_interaction_url}?uri={uri}" },
]
end
end
end

2
app/views/about/more.html.haml
View file

@ -43,5 +43,7 @@
= mail_to @instance_presenter.site_contact_email, nil, title: @instance_presenter.site_contact_email
.column-3
= render 'application/flashes'
.box-widget
.rich-formatting= @instance_presenter.site_extended_description.html_safe.presence || t('about.extended_description_html')

57
app/views/well_known/webfinger/show.xml.ruby
View file

@ -4,30 +4,47 @@ doc << Ox::Element.new('XRD').tap do |xrd|
xrd['xmlns'] = 'http://docs.oasis-open.org/ns/xri/xrd-1.0'
xrd << (Ox::Element.new('Subject') << @account.to_webfinger_s)
xrd << (Ox::Element.new('Alias') << short_account_url(@account))
xrd << (Ox::Element.new('Alias') << account_url(@account))
xrd << Ox::Element.new('Link').tap do |link|
link['rel'] = 'http://webfinger.net/rel/profile-page'
link['type'] = 'text/html'
link['href'] = short_account_url(@account)
end
if @account.instance_actor?
xrd << (Ox::Element.new('Alias') << instance_actor_url)
xrd << Ox::Element.new('Link').tap do |link|
link['rel'] = 'http://schemas.google.com/g/2010#updates-from'
link['type'] = 'application/atom+xml'
link['href'] = account_url(@account, format: 'atom')
end
xrd << Ox::Element.new('Link').tap do |link|
link['rel'] = 'http://webfinger.net/rel/profile-page'
link['type'] = 'text/html'
link['href'] = about_more_url(instance_actor: true)
end
xrd << Ox::Element.new('Link').tap do |link|
link['rel'] = 'self'
link['type'] = 'application/activity+json'
link['href'] = account_url(@account)
end
xrd << Ox::Element.new('Link').tap do |link|
link['rel'] = 'self'
link['type'] = 'application/activity+json'
link['href'] = instance_actor_url
end
else
xrd << (Ox::Element.new('Alias') << short_account_url(@account))
xrd << (Ox::Element.new('Alias') << account_url(@account))
xrd << Ox::Element.new('Link').tap do |link|
link['rel'] = 'http://ostatus.org/schema/1.0/subscribe'
link['template'] = "#{authorize_interaction_url}?acct={uri}"
xrd << Ox::Element.new('Link').tap do |link|
link['rel'] = 'http://webfinger.net/rel/profile-page'
link['type'] = 'text/html'
link['href'] = short_account_url(@account)
end
xrd << Ox::Element.new('Link').tap do |link|
link['rel'] = 'http://schemas.google.com/g/2010#updates-from'
link['type'] = 'application/atom+xml'
link['href'] = account_url(@account, format: 'atom')
end
xrd << Ox::Element.new('Link').tap do |link|
link['rel'] = 'self'
link['type'] = 'application/activity+json'
link['href'] = account_url(@account)
end
xrd << Ox::Element.new('Link').tap do |link|
link['rel'] = 'http://ostatus.org/schema/1.0/subscribe'
link['template'] = "#{authorize_interaction_url}?acct={uri}"
end
end
end