Handling of unlisted posts, better uid detection

2018-09-16 09:06:09 +00:00 · 2018-09-16 09:06:09 +00:00 · 6f3b2b6586
parent 1f98414bdd
commit 6f3b2b6586
4 changed files with 73 additions and 76 deletions
--- a/mod/follow.php
+++ b/mod/follow.php
@ -31,8 +31,8 @@ function follow_post(App $a)
 	// This is just a precaution if maybe this page is called somewhere directly via POST
 	$_SESSION['fastlane'] = $url;

-	$result = Contact::createFromProbe($uid, $url, true, Protocol::ACTIVITYPUB);
-//	$result = Contact::createFromProbe($uid, $url, true);
+//	$result = Contact::createFromProbe($uid, $url, true, Protocol::ACTIVITYPUB);
+	$result = Contact::createFromProbe($uid, $url, true);

 	if ($result['success'] == false) {
 		if ($result['message']) {
--- a/src/Model/Contact.php
+++ b/src/Model/Contact.php
@ -1322,33 +1322,27 @@ class Contact extends BaseObject

 		require_once 'include/conversation.php';

-		// There are no posts with "uid = 0" with connector networks
-		// This speeds up the query a lot
-		$r = q("SELECT `network`, `id` AS `author-id`, `contact-type` FROM `contact`
-			WHERE `contact`.`nurl` = '%s' AND `contact`.`uid` = 0",
-			DBA::escape(normalise_link($contact_url))
-		);
+		$cid = Self::getIdForURL($contact_url);

-		if (!DBA::isResult($r)) {
+		$contact = DBA::selectFirst('contact', ['contact-type', 'network'], ['id' => $cid]);
+		if (!DBA::isResult($contact)) {
 			return '';
 		}

-		if (in_array($r[0]["network"], [Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::DIASPORA, Protocol::OSTATUS, ""])) {
+		if (in_array($contact["network"], [Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::DIASPORA, Protocol::OSTATUS, ""])) {
 			$sql = "(`item`.`uid` = 0 OR (`item`.`uid` = ? AND NOT `item`.`global`))";
 		} else {
 			$sql = "`item`.`uid` = ?";
 		}

-		$author_id = intval($r[0]["author-id"]);
-
-		$contact = ($r[0]["contact-type"] == self::ACCOUNT_TYPE_COMMUNITY ? 'owner-id' : 'author-id');
+		$contact_field = ($contact["contact-type"] == self::ACCOUNT_TYPE_COMMUNITY ? 'owner-id' : 'author-id');

 		if ($thread_mode) {
-			$condition = ["`$contact` = ? AND `gravity` = ? AND " . $sql,
-				$author_id, GRAVITY_PARENT, local_user()];
+			$condition = ["`$contact_field` = ? AND `gravity` = ? AND " . $sql,
+				$cid, GRAVITY_PARENT, local_user()];
 		} else {
-			$condition = ["`$contact` = ? AND `gravity` IN (?, ?) AND " . $sql,
-				$author_id, GRAVITY_PARENT, GRAVITY_COMMENT, local_user()];
+			$condition = ["`$contact_field` = ? AND `gravity` IN (?, ?) AND " . $sql,
+				$cid, GRAVITY_PARENT, GRAVITY_COMMENT, local_user()];
 		}

 		$params = ['order' => ['created' => true],
--- a/src/Model/Item.php
+++ b/src/Model/Item.php
@ -2071,6 +2071,7 @@ class Item extends BaseObject

 		$users = [];

+		/// @todo add a field "pcid" in the contact table that referrs to the public contact id.
 		$owner = DBA::selectFirst('contact', ['url', 'nurl', 'alias'], ['id' => $parent['owner-id']]);
 		if (!DBA::isResult($owner)) {
 			return;
@ -2110,43 +2111,7 @@ class Item extends BaseObject
 			}
 			DBA::close($contacts);
 		}
-/*

-		$condition = ["`nurl` IN (SELECT `nurl` FROM `contact` WHERE `id` = ?) AND `uid` != 0 AND NOT `blocked` AND `rel` IN (?, ?)",
-			$parent['owner-id'], Contact::SHARING,  Contact::FRIEND];
-
-		$contacts = DBA::select('contact', ['uid'], $condition);
-
-		while ($contact = DBA::fetch($contacts)) {
-			$users[$contact['uid']] = $contact['uid'];
-		}
-
-		DBA::close($contacts);
-
-		// And the same with the alias in the user contacts
-		$condition = ["`alias` IN (SELECT `url` FROM `contact` WHERE `id` = ?) AND `uid` != 0 AND NOT `blocked` AND `rel` IN (?, ?)",
-			$parent['owner-id'], Contact::SHARING,  Contact::FRIEND];
-
-		$contacts = DBA::select('contact', ['uid'], $condition);
-
-		while ($contact = DBA::fetch($contacts)) {
-			$users[$contact['uid']] = $contact['uid'];
-		}
-
-		DBA::close($contacts);
-
-		// And vice versa
-		$condition = ["`url` IN (SELECT `alias` FROM `contact` WHERE `id` = ?) AND `uid` != 0 AND NOT `blocked` AND `rel` IN (?, ?)",
-			$parent['owner-id'], Contact::SHARING,  Contact::FRIEND];
-
-		$contacts = DBA::select('contact', ['uid'], $condition);
-
-		while ($contact = DBA::fetch($contacts)) {
-			$users[$contact['uid']] = $contact['uid'];
-		}
-
-		DBA::close($contacts);
-*/
 		$origin_uid = 0;

 		if ($item['uri'] != $item['parent-uri']) {
--- a/src/Protocol/ActivityPub.php
+++ b/src/Protocol/ActivityPub.php
@ -65,17 +65,20 @@ class ActivityPub

 		$content = json_encode($data);

+		// Header data that is about to be signed.
+		/// @todo Add "digest"
 		$host = parse_url($target, PHP_URL_HOST);
 		$path = parse_url($target, PHP_URL_PATH);
 		$date = date('r');
+		$content_length = strlen($content);

-		$headers = ['Host: ' . $host, 'Date: ' . $date];
+		$headers = ['Host: ' . $host, 'Date: ' . $date, 'Content-Length: ' . $content_length];

-		$signed_data = "(request-target): post " . $path . "\nhost: " . $host . "\ndate: " . $date;
+		$signed_data = "(request-target): post " . $path . "\nhost: " . $host . "\ndate: " . $date . "\ncontent-length: " . $content_length;

 		$signature = base64_encode(Crypto::rsaSign($signed_data, $owner['uprvkey'], 'sha256'));

-		$headers[] = 'Signature: keyId="' . $owner['url'] . '#main-key' . '",headers="(request-target) host date",signature="' . $signature . '"';
+		$headers[] = 'Signature: keyId="' . $owner['url'] . '#main-key' . '",headers="(request-target) host date content-length",signature="' . $signature . '"';
 		$headers[] = 'Content-Type: application/activity+json';

 		Network::post($target, $content, $headers);
@ -102,7 +105,7 @@ class ActivityPub
 			return [];
 		}

-		$fields = ['locality', 'region', 'country-name'];
+		$fields = ['locality', 'region', 'country-name', 'page-flags'];
 		$profile = DBA::selectFirst('profile', $fields, ['uid' => $uid, 'is-default' => true]);
 		if (!DBA::isResult($profile)) {
 			return [];
@ -131,7 +134,7 @@ class ActivityPub
 			'vcard:region' => $profile['region'], 'vcard:locality' => $profile['locality']];
 		$data['summary'] = $contact['about'];
 		$data['url'] = $contact['url'];
-		$data['manuallyApprovesFollowers'] = false; /// @todo
+		$data['manuallyApprovesFollowers'] = in_array($profile['page-flags'], [Contact::PAGE_NORMAL, Contact::PAGE_PRVGROUP]);
 		$data['publicKey'] = ['id' => $contact['url'] . '#main-key',
 			'owner' => $contact['url'],
 			'publicKeyPem' => $user['pubkey']];
@ -392,7 +395,7 @@ class ActivityPub
 			return false;
 		}

-		// Check the digest if it was part of the signed data
+		// Check the digest when it is part of the signed data
 		if (in_array('digest', $sig_block['headers'])) {
 			$digest = explode('=', $headers['digest'], 2);
 			if ($digest[0] === 'SHA-256') {
@ -409,7 +412,7 @@ class ActivityPub
 			}
 		}

-		// Check the content-length if it was part of the signed data
+		// Check the content-length when it is part of the signed data
 		if (in_array('content-length', $sig_block['headers'])) {
 			if (strlen($content) != $headers['content-length']) {
 				return false;
@ -599,7 +602,7 @@ class ActivityPub
 		}

 		// Fetch all receivers from to, cc, bto and bcc
-		$receivers = self::getReceivers($activity);
+		$receivers = self::getReceivers($activity, $actor);

 		// When it is a delivery to a personal inbox we add that user to the receivers
 		if (!empty($uid)) {
@ -728,10 +731,13 @@ class ActivityPub
 		}
 	}

-	private static function getReceivers($activity)
+	private static function getReceivers($activity, $actor)
 	{
 		$receivers = [];

+		$data = self::fetchContent($actor);
+		$followers = defaults($data, 'followers', '');
+
 		$elements = ['to', 'cc', 'bto', 'bcc'];
 		foreach ($elements as $element) {
 			if (empty($activity[$element])) {
@ -744,8 +750,25 @@ class ActivityPub
 			}

 			foreach ($activity[$element] as $receiver) {
-				if ($receiver == self::PUBLIC) {
-					$receivers[$receiver] = 0;
+				// Mastodon puts public only in "cc" not in "to" when the post should not be listed
+				if (($receiver == self::PUBLIC) && ($element == 'to')) {
+					$receivers['uid:0'] = 0;
+				}
+
+				if (($receiver == self::PUBLIC)) {
+					$receivers['uid:-1'] = -1;
+				}
+
+				if (in_array($receiver, [$followers, self::PUBLIC])) {
+					$condition = ['nurl' => normalise_link($actor), 'rel' => [Contact::SHARING, Contact::FRIEND]];
+					$contacts = DBA::select('contact', ['uid'], $condition);
+					while ($contact = DBA::fetch($contacts)) {
+						if ($contact['uid'] != 0) {
+							$receivers['uid:' . $contact['uid']] = $contact['uid'];
+						}
+					}
+					DBA::close($contacts);
+					continue;
 				}

 				$condition = ['self' => true, 'nurl' => normalise_link($receiver)];
@ -753,7 +776,7 @@ class ActivityPub
 				if (!DBA::isResult($contact)) {
 					continue;
 				}
-				$receivers[$receiver] = $contact['uid'];
+				$receivers['cid:' . $contact['uid']] = $contact['uid'];
 			}
 		}
 		return $receivers;
@ -875,7 +898,7 @@ class ActivityPub
 		$object_data['tags'] = defaults($object, 'tag', null);
 		$object_data['service'] = self::processElement($object, 'instrument', 'name', 'type', 'Service');
 		$object_data['alternate-url'] = self::processElement($object, 'url', 'href');
-		$object_data['receiver'] = self::getReceivers($object);
+		$object_data['receiver'] = self::getReceivers($object, $object_data['owner']);

 		// Unhandled
 		// @context, type, actor, signature, mediaType, duration, replies, icon
@ -1045,7 +1068,11 @@ class ActivityPub
 		/// @todo What to do with $activity['context']?

 		$item['network'] = Protocol::ACTIVITYPUB;
-		$item['private'] = !in_array(0, $activity['receiver']);
+		$item['private'] = !in_array(-1, $activity['receiver']);
+		if (in_array(-1, $activity['receiver'])) {
+			$item['private'] = 2;
+		}
+
 		$item['author-id'] = Contact::getIdForURL($activity['author'], 0, true);
 		$item['owner-id'] = Contact::getIdForURL($activity['owner'], 0, true);
 		$item['uri'] = $activity['uri'];
@ -1072,6 +1099,10 @@ class ActivityPub
 		$item['conversation-uri'] = $activity['conversation'];

 		foreach ($activity['receiver'] as $receiver) {
+			if ($receiver < 0) {
+				continue;
+			}
+
 			$item['uid'] = $receiver;
 			$item['contact-id'] = Contact::getIdForURL($activity['author'], $receiver, true);

@ -1081,19 +1112,26 @@ class ActivityPub

 			$item_id = Item::insert($item);
 			logger('Storing for user ' . $item['uid'] . ': ' . $item_id);
-			if (!empty($item_id) && ($item['uid'] == 0)) {
-				Item::distribute($item_id);
-			}
+		}
+	}
+
+	private static function getUserOfObject($object)
+	{
+		$self = DBA::selectFirst('contact', ['uid'], ['nurl' => normalise_link($object), 'self' => true]);
+		if (!DBA::isResult(§self)) {
+			return false;
+		} else {
+			return $self['uid'];
 		}
 	}

 	private static function followUser($activity)
 	{
-		if (empty($activity['receiver'][$activity['object']])) {
+		$uid = self::getUserOfObject[$activity['object']];
+		if (empty($uid)) {
 			return;
 		}

-		$uid = $activity['receiver'][$activity['object']];
 		$owner = User::getOwnerDataById($uid);

 		$cid = Contact::getIdForURL($activity['owner'], $uid);
@ -1123,11 +1161,11 @@ class ActivityPub

 	private static function acceptFollowUser($activity)
 	{
-		if (empty($activity['receiver'][$activity['object']])) {
+		$uid = self::getUserOfObject[$activity['object']];
+		if (empty($uid)) {
 			return;
 		}

-		$uid = $activity['receiver'][$activity['object']];
 		$owner = User::getOwnerDataById($uid);

 		$cid = Contact::getIdForURL($activity['owner'], $uid);
@ -1150,11 +1188,11 @@ class ActivityPub

 	private static function undoFollowUser($activity)
 	{
-		if (empty($activity['receiver'][$activity['object']])) {
+		$uid = self::getUserOfObject[$activity['object']];
+		if (empty($uid)) {
 			return;
 		}

-		$uid = $activity['receiver'][$activity['object']];
 		$owner = User::getOwnerDataById($uid);

 		$cid = Contact::getIdForURL($activity['owner'], $uid);