friendica_2021-01/src/Protocol/ActivityPub/Receiver.php

663 lines
20 KiB
PHP

<?php
/**
* @file src/Protocol/ActivityPub/Receiver.php
*/
namespace Friendica\Protocol\ActivityPub;
use Friendica\Database\DBA;
use Friendica\Util\HTTPSignature;
use Friendica\Core\Protocol;
use Friendica\Model\Contact;
use Friendica\Model\APContact;
use Friendica\Model\Item;
use Friendica\Model\User;
use Friendica\Util\JsonLD;
use Friendica\Util\LDSignature;
use Friendica\Protocol\ActivityPub;
/**
* @brief ActivityPub Receiver Protocol class
*
* To-Do:
* - Update (Image, Video, Article, Note)
* - Event
* - Undo Announce
*
* Check what this is meant to do:
* - Add
* - Block
* - Flag
* - Remove
* - Undo Block
* - Undo Accept (Problem: This could invert a contact accept or an event accept)
*
* General:
* - Possibly using the LD-JSON parser
*/
class Receiver
{
const PUBLIC_COLLECTION = 'as:Public';
const ACCOUNT_TYPES = ['as:Person', 'as:Organization', 'as:Service', 'as:Group', 'as:Application'];
const CONTENT_TYPES = ['as:Note', 'as:Article', 'as:Video', 'as:Image'];
const ACTIVITY_TYPES = ['as:Like', 'as:Dislike', 'as:Accept', 'as:Reject', 'as:TentativeAccept'];
/**
* Checks if the web request is done for the AP protocol
*
* @return is it AP?
*/
public static function isRequest()
{
return stristr(defaults($_SERVER, 'HTTP_ACCEPT', ''), 'application/activity+json') ||
stristr(defaults($_SERVER, 'HTTP_ACCEPT', ''), 'application/ld+json');
}
/**
* Checks incoming message from the inbox
*
* @param $body
* @param $header
* @param integer $uid User ID
*/
public static function processInbox($body, $header, $uid)
{
$http_signer = HTTPSignature::getSigner($body, $header);
if (empty($http_signer)) {
logger('Invalid HTTP signature, message will be discarded.', LOGGER_DEBUG);
return;
} else {
logger('HTTP signature is signed by ' . $http_signer, LOGGER_DEBUG);
}
$activity = json_decode($body, true);
if (empty($activity)) {
logger('Invalid body.', LOGGER_DEBUG);
return;
}
$ldactivity = JsonLD::compact($activity);
$actor = JsonLD::fetchElement($ldactivity, 'as:actor');
logger('Message for user ' . $uid . ' is from actor ' . $actor, LOGGER_DEBUG);
if (LDSignature::isSigned($activity)) {
$ld_signer = LDSignature::getSigner($activity);
if (empty($ld_signer)) {
logger('Invalid JSON-LD signature from ' . $actor, LOGGER_DEBUG);
}
if (!empty($ld_signer && ($actor == $http_signer))) {
logger('The HTTP and the JSON-LD signature belong to ' . $ld_signer, LOGGER_DEBUG);
$trust_source = true;
} elseif (!empty($ld_signer)) {
logger('JSON-LD signature is signed by ' . $ld_signer, LOGGER_DEBUG);
$trust_source = true;
} elseif ($actor == $http_signer) {
logger('Bad JSON-LD signature, but HTTP signer fits the actor.', LOGGER_DEBUG);
$trust_source = true;
} else {
logger('Invalid JSON-LD signature and the HTTP signer is different.', LOGGER_DEBUG);
$trust_source = false;
}
} elseif ($actor == $http_signer) {
logger('Trusting post without JSON-LD signature, The actor fits the HTTP signer.', LOGGER_DEBUG);
$trust_source = true;
} else {
logger('No JSON-LD signature, different actor.', LOGGER_DEBUG);
$trust_source = false;
}
self::processActivity($ldactivity, $body, $uid, $trust_source);
}
/**
*
*
* @param array $activity
* @param integer $uid User ID
* @param $trust_source
*
* @return
*/
private static function prepareObjectData($ldactivity, $uid, &$trust_source)
{
$actor = JsonLD::fetchElement($ldactivity, 'as:actor');
if (empty($actor)) {
logger('Empty actor', LOGGER_DEBUG);
return [];
}
$type = JsonLD::fetchElement($ldactivity, '@type');
// Fetch all receivers from to, cc, bto and bcc
$receivers = self::getReceivers($ldactivity, $actor);
// When it is a delivery to a personal inbox we add that user to the receivers
if (!empty($uid)) {
$owner = User::getOwnerDataById($uid);
$additional = ['uid:' . $uid => $uid];
$receivers = array_merge($receivers, $additional);
}
logger('Receivers: ' . json_encode($receivers), LOGGER_DEBUG);
$object_id = JsonLD::fetchElement($ldactivity, 'as:object');
if (empty($object_id)) {
logger('No object found', LOGGER_DEBUG);
return [];
}
// Fetch the content only on activities where this matters
if (in_array($type, ['as:Create', 'as:Announce'])) {
if ($type == 'as:Announce') {
$trust_source = false;
}
$object_data = self::fetchObject($object_id, $ldactivity['as:object'], $trust_source);
if (empty($object_data)) {
logger("Object data couldn't be processed", LOGGER_DEBUG);
return [];
}
// We had been able to retrieve the object data - so we can trust the source
$trust_source = true;
} elseif (in_array($type, ['as:Like', 'as:Dislike'])) {
// Create a mostly empty array out of the activity data (instead of the object).
// This way we later don't have to check for the existence of ech individual array element.
$object_data = self::processObject($ldactivity);
$object_data['name'] = $type;
$object_data['author'] = JsonLD::fetchElement($ldactivity, 'as:actor');
$object_data['object'] = $object_id;
$object_data['object_type'] = ''; // Since we don't fetch the object, we don't know the type
} else {
$object_data = [];
$object_data['id'] = JsonLD::fetchElement($ldactivity, '@id');
$object_data['object'] = $ldactivity['as:object'];
$object_data['object_type'] = JsonLD::fetchElement($ldactivity, 'as:object', '@type');
}
$object_data = self::addActivityFields($object_data, $ldactivity);
$object_data['type'] = $type;
$object_data['owner'] = $actor;
$object_data['receiver'] = array_merge(defaults($object_data, 'receiver', []), $receivers);
logger('Processing ' . $object_data['type'] . ' ' . $object_data['object_type'] . ' ' . $object_data['id'], LOGGER_DEBUG);
return $object_data;
}
/**
* Processes the activity object
*
* @param array $activity Array with activity data
* @param string $body
* @param integer $uid User ID
* @param boolean $trust_source Do we trust the source?
*/
public static function processActivity($ldactivity, $body = '', $uid = null, $trust_source = false)
{
$type = JsonLD::fetchElement($ldactivity, '@type');
if (!$type) {
logger('Empty type', LOGGER_DEBUG);
return;
}
if (!JsonLD::fetchElement($ldactivity, 'as:object')) {
logger('Empty object', LOGGER_DEBUG);
return;
}
if (!JsonLD::fetchElement($ldactivity, 'as:actor')) {
logger('Empty actor', LOGGER_DEBUG);
return;
}
// $trust_source is called by reference and is set to true if the content was retrieved successfully
$object_data = self::prepareObjectData($ldactivity, $uid, $trust_source);
if (empty($object_data)) {
logger('No object data found', LOGGER_DEBUG);
return;
}
if (!$trust_source) {
logger('No trust for activity type "' . $type . '", so we quit now.', LOGGER_DEBUG);
return;
}
switch ($type) {
case 'as:Create':
case 'as:Announce':
ActivityPub\Processor::createItem($object_data, $body);
break;
case 'as:Like':
ActivityPub\Processor::likeItem($object_data, $body);
break;
case 'as:Dislike':
ActivityPub\Processor::dislikeItem($object_data, $body);
break;
case 'as:Update':
if (in_array($object_data['object_type'], self::CONTENT_TYPES)) {
/// @todo
} elseif (in_array($object_data['object_type'], self::ACCOUNT_TYPES)) {
ActivityPub\Processor::updatePerson($object_data, $body);
}
break;
case 'as:Delete':
if ($object_data['object_type'] == 'as:Tombstone') {
ActivityPub\Processor::deleteItem($object_data, $body);
} elseif (in_array($object_data['object_type'], self::ACCOUNT_TYPES)) {
ActivityPub\Processor::deletePerson($object_data, $body);
}
break;
case 'as:Follow':
ActivityPub\Processor::followUser($object_data);
break;
case 'as:Accept':
if ($object_data['object_type'] == 'as:Follow') {
ActivityPub\Processor::acceptFollowUser($object_data);
}
break;
case 'as:Reject':
if ($object_data['object_type'] == 'as:Follow') {
ActivityPub\Processor::rejectFollowUser($object_data);
}
break;
case 'as:Undo':
if ($object_data['object_type'] == 'as:Follow') {
ActivityPub\Processor::undoFollowUser($object_data);
} elseif (in_array($object_data['object_type'], self::ACTIVITY_TYPES)) {
ActivityPub\Processor::undoActivity($object_data);
}
break;
default:
logger('Unknown activity: ' . $type, LOGGER_DEBUG);
break;
}
}
/**
* Fetch the receiver list from an activity array
*
* @param array $activity
* @param string $actor
*
* @return array with receivers (user id)
*/
private static function getReceivers($activity, $actor)
{
$receivers = [];
// When it is an answer, we inherite the receivers from the parent
$replyto = JsonLD::fetchElement($activity, 'as:inReplyTo');
if (!empty($replyto)) {
$parents = Item::select(['uid'], ['uri' => $replyto]);
while ($parent = Item::fetch($parents)) {
$receivers['uid:' . $parent['uid']] = $parent['uid'];
}
}
if (!empty($actor)) {
$profile = APContact::getByURL($actor);
$followers = defaults($profile, 'followers', '');
logger('Actor: ' . $actor . ' - Followers: ' . $followers, LOGGER_DEBUG);
} else {
logger('Empty actor', LOGGER_DEBUG);
$followers = '';
}
foreach (['as:to', 'as:cc', 'as:bto', 'as:bcc'] as $element) {
$receiver_list = JsonLD::fetchElementArray($activity, $element);
if (empty($receiver_list)) {
continue;
}
foreach ($receiver_list as $receiver) {
if ($receiver == self::PUBLIC_COLLECTION) {
$receivers['uid:0'] = 0;
}
if (($receiver == self::PUBLIC_COLLECTION) && !empty($actor)) {
// This will most likely catch all OStatus connections to Mastodon
$condition = ['alias' => [$actor, normalise_link($actor)], 'rel' => [Contact::SHARING, Contact::FRIEND]
, 'archive' => false, 'pending' => false];
$contacts = DBA::select('contact', ['uid'], $condition);
while ($contact = DBA::fetch($contacts)) {
if ($contact['uid'] != 0) {
$receivers['uid:' . $contact['uid']] = $contact['uid'];
}
}
DBA::close($contacts);
}
if (in_array($receiver, [$followers, self::PUBLIC_COLLECTION]) && !empty($actor)) {
$condition = ['nurl' => normalise_link($actor), 'rel' => [Contact::SHARING, Contact::FRIEND],
'network' => Protocol::ACTIVITYPUB, 'archive' => false, 'pending' => false];
$contacts = DBA::select('contact', ['uid'], $condition);
while ($contact = DBA::fetch($contacts)) {
if ($contact['uid'] != 0) {
$receivers['uid:' . $contact['uid']] = $contact['uid'];
}
}
DBA::close($contacts);
continue;
}
$condition = ['self' => true, 'nurl' => normalise_link($receiver)];
$contact = DBA::selectFirst('contact', ['uid'], $condition);
if (!DBA::isResult($contact)) {
continue;
}
$receivers['uid:' . $contact['uid']] = $contact['uid'];
}
}
self::switchContacts($receivers, $actor);
return $receivers;
}
/**
* Switches existing contacts to ActivityPub
*
* @param integer $cid Contact ID
* @param integer $uid User ID
* @param string $url Profile URL
*/
private static function switchContact($cid, $uid, $url)
{
$profile = ActivityPub::probeProfile($url);
if (empty($profile)) {
return;
}
logger('Switch contact ' . $cid . ' (' . $profile['url'] . ') for user ' . $uid . ' to ActivityPub');
$photo = $profile['photo'];
unset($profile['photo']);
unset($profile['baseurl']);
$profile['nurl'] = normalise_link($profile['url']);
DBA::update('contact', $profile, ['id' => $cid]);
Contact::updateAvatar($photo, $uid, $cid);
// Send a new follow request to be sure that the connection still exists
if (($uid != 0) && DBA::exists('contact', ['id' => $cid, 'rel' => [Contact::SHARING, Contact::FRIEND]])) {
ActivityPub\Transmitter::sendActivity('Follow', $profile['url'], $uid);
logger('Send a new follow request to ' . $profile['url'] . ' for user ' . $uid, LOGGER_DEBUG);
}
}
/**
*
*
* @param $receivers
* @param $actor
*/
private static function switchContacts($receivers, $actor)
{
if (empty($actor)) {
return;
}
foreach ($receivers as $receiver) {
$contact = DBA::selectFirst('contact', ['id'], ['uid' => $receiver, 'network' => Protocol::OSTATUS, 'nurl' => normalise_link($actor)]);
if (DBA::isResult($contact)) {
self::switchContact($contact['id'], $receiver, $actor);
}
$contact = DBA::selectFirst('contact', ['id'], ['uid' => $receiver, 'network' => Protocol::OSTATUS, 'alias' => [normalise_link($actor), $actor]]);
if (DBA::isResult($contact)) {
self::switchContact($contact['id'], $receiver, $actor);
}
}
}
/**
*
*
* @param $object_data
* @param array $activity
*
* @return
*/
private static function addActivityFields($object_data, $activity)
{
if (!empty($activity['published']) && empty($object_data['published'])) {
$object_data['published'] = JsonLD::fetchElement($activity, 'published', '@value');
}
if (!empty($activity['updated']) && empty($object_data['updated'])) {
$object_data['updated'] = JsonLD::fetchElement($activity, 'updated', '@value');
}
if (!empty($activity['diaspora:guid']) && empty($object_data['diaspora:guid'])) {
$object_data['diaspora:guid'] = JsonLD::fetchElement($activity, 'diaspora:guid');
}
if (!empty($activity['inReplyTo']) && empty($object_data['parent-uri'])) {
$object_data['parent-uri'] = JsonLD::fetchElement($activity, 'inReplyTo');
}
if (!empty($activity['instrument'])) {
$object_data['service'] = JsonLD::fetchElement($activity, 'instrument', 'name', 'type', 'Service');
}
return $object_data;
}
/**
* Fetches the object data from external ressources if needed
*
* @param string $object_id Object ID of the the provided object
* @param array $object The provided object array
* @param boolean $trust_source Do we trust the provided object?
*
* @return array with trusted and valid object data
*/
private static function fetchObject($object_id, $object = [], $trust_source = false)
{
// By fetching the type we check if the object is complete.
$type = JsonLD::fetchElement($object, '@type');
if (!$trust_source || empty($type)) {
$data = ActivityPub::fetchContent($object_id);
if (!empty($data)) {
$object = JsonLD::compact($data);
logger('Fetched content for ' . $object_id, LOGGER_DEBUG);
} else {
logger('Empty content for ' . $object_id . ', check if content is available locally.', LOGGER_DEBUG);
$item = Item::selectFirst([], ['uri' => $object_id]);
if (!DBA::isResult($item)) {
logger('Object with url ' . $object_id . ' was not found locally.', LOGGER_DEBUG);
return false;
}
logger('Using already stored item for url ' . $object_id, LOGGER_DEBUG);
$data = ActivityPub\Transmitter::createNote($item);
$object = JsonLD::compact($data);
}
} else {
logger('Using original object for url ' . $object_id, LOGGER_DEBUG);
}
$type = JsonLD::fetchElement($object, '@type');
if (empty($type)) {
logger('Empty type', LOGGER_DEBUG);
return false;
}
if (in_array($type, self::CONTENT_TYPES)) {
return self::processObject($object);
}
if ($type == 'as:Announce') {
$object_id = JsonLD::fetchElement($object, 'object');
if (empty($object_id)) {
return false;
}
return self::fetchObject($object_id);
}
logger('Unhandled object type: ' . $type, LOGGER_DEBUG);
}
/**
* Convert tags from JSON-LD format into a simplified format
*
* @param array $tags Tags in JSON-LD format
*
* @return array with tags in a simplified format
*/
private static function processTags($tags)
{
$taglist = [];
if (empty($tags)) {
return [];
}
foreach ($tags as $tag) {
if (empty($tag)) {
continue;
}
$taglist[] = ['type' => str_replace('as:', '', JsonLD::fetchElement($tag, '@type')),
'href' => JsonLD::fetchElement($tag, 'as:href'),
'name' => JsonLD::fetchElement($tag, 'as:name')];
}
return $taglist;
}
/**
* Convert attachments from JSON-LD format into a simplified format
*
* @param array $attachments Attachments in JSON-LD format
*
* @return array with attachmants in a simplified format
*/
private static function processAttachments($attachments)
{
$attachlist = [];
if (empty($attachments)) {
return [];
}
foreach ($attachments as $attachment) {
if (empty($attachment)) {
continue;
}
$attachlist[] = ['type' => str_replace('as:', '', JsonLD::fetchElement($attachment, '@type')),
'mediaType' => JsonLD::fetchElement($attachment, 'as:mediaType'),
'name' => JsonLD::fetchElement($attachment, 'as:name'),
'url' => JsonLD::fetchElement($attachment, 'as:url')];
}
return $attachlist;
}
/**
* Fetches data from the object part of an activity
*
* @param array $object
*
* @return array
*/
private static function processObject($object)
{
if (!JsonLD::fetchElement($object, '@id')) {
return false;
}
$object_data = [];
$object_data['object_type'] = JsonLD::fetchElement($object, '@type');
$object_data['id'] = JsonLD::fetchElement($object, '@id');
$object_data['reply-to-id'] = JsonLD::fetchElement($object, 'as:inReplyTo');
if (empty($object_data['reply-to-id'])) {
$object_data['reply-to-id'] = $object_data['id'];
}
$object_data['published'] = JsonLD::fetchElement($object, 'as:published', '@value');
$object_data['updated'] = JsonLD::fetchElement($object, 'as:updated', '@value');
if (empty($object_data['updated'])) {
$object_data['updated'] = $object_data['published'];
}
if (empty($object_data['published']) && !empty($object_data['updated'])) {
$object_data['published'] = $object_data['updated'];
}
$actor = JsonLD::fetchElement($object, 'as:attributedTo');
if (empty($actor)) {
$actor = JsonLD::fetchElement($object, 'as:actor');
}
$object_data['diaspora:guid'] = JsonLD::fetchElement($object, 'diaspora:guid');
$object_data['diaspora:comment'] = JsonLD::fetchElement($object, 'diaspora:comment');
$object_data['owner'] = $object_data['author'] = $actor;
$object_data['context'] = JsonLD::fetchElement($object, 'as:context');
$object_data['conversation'] = JsonLD::fetchElement($object, 'ostatus:conversation');
$object_data['sensitive'] = JsonLD::fetchElement($object, 'as:sensitive');
$object_data['name'] = JsonLD::fetchElement($object, 'as:name');
$object_data['summary'] = JsonLD::fetchElement($object, 'as:summary');
$object_data['content'] = JsonLD::fetchElement($object, 'as:content');
$object_data['source'] = JsonLD::fetchElement($object, 'as:source', 'as:content', 'as:mediaType', 'text/bbcode');
$object_data['location'] = JsonLD::fetchElement($object, 'as:location', 'as:name', '@type', 'as:Place');
$object_data['attachments'] = self::processAttachments(JsonLD::fetchElementArray($object, 'as:attachment'));
$object_data['tags'] = self::processTags(JsonLD::fetchElementArray($object, 'as:tag'));
// $object_data['service'] = JsonLD::fetchElement($object, 'instrument', 'name', 'type', 'Service'); // todo
$object_data['service'] = null;
$object_data['alternate-url'] = JsonLD::fetchElement($object, 'as:url');
// Special treatment for Hubzilla links
if (is_array($object_data['alternate-url'])) {
if (!empty($object['as:url'])) {
$object_data['alternate-url'] = JsonLD::fetchElement($object['as:url'], 'as:href');
} else {
$object_data['alternate-url'] = null;
}
}
$object_data['receiver'] = self::getReceivers($object, $object_data['owner']);
// Common object data:
// Unhandled
// @context, type, actor, signature, mediaType, duration, replies, icon
// Also missing: (Defined in the standard, but currently unused)
// audience, preview, endTime, startTime, generator, image
// Data in Notes:
// Unhandled
// contentMap, announcement_count, announcements, context_id, likes, like_count
// inReplyToStatusId, shares, quoteUrl, statusnetConversationId
// Data in video:
// To-Do?
// category, licence, language, commentsEnabled
// Unhandled
// views, waitTranscoding, state, support, subtitleLanguage
// likes, dislikes, shares, comments
return $object_data;
}
}