Merge pull request #8504 from MrPetovan/task/8489-ap-cache-cors-headers

Add cache, ETag and CORS headers to AP endpoints
2020-04-06 06:37:21 +02:00 · 2020-04-06 06:37:21 +02:00 · b5637b8cfc
parent e631c17c26 af817b2ad5
commit b5637b8cfc
4 changed files with 69 additions and 19 deletions
--- a/mod/display.php
+++ b/mod/display.php
@ -42,7 +42,7 @@ use Friendica\Util\Strings;
 function display_init(App $a)
 {
 	if (ActivityPub::isRequest()) {
-		Objects::rawContent();
+		Objects::rawContent(['guid' => $a->argv[1] ?? null]);
 	}

 	if (DI::config()->get('system', 'block_public') && !Session::isAuthenticated()) {
--- a/src/Module/Objects.php
+++ b/src/Module/Objects.php
@ -22,10 +22,13 @@
 namespace Friendica\Module;

 use Friendica\BaseModule;
+use Friendica\Core\System;
 use Friendica\Database\DBA;
 use Friendica\DI;
 use Friendica\Model\Item;
+use Friendica\Network\HTTPException;
 use Friendica\Protocol\ActivityPub;
+use Friendica\Util\Network;

 /**
 * ActivityPub Objects
@ -34,10 +37,8 @@ class Objects extends BaseModule
 {
 	public static function rawContent(array $parameters = [])
 	{
-		$a = DI::app();
-
-		if (empty($a->argv[1])) {
-			throw new \Friendica\Network\HTTPException\NotFoundException();
+		if (empty($parameters['guid'])) {
+			throw new HTTPException\BadRequestException();
 		}

 		if (!ActivityPub::isRequest()) {
@ -47,31 +48,36 @@ class Objects extends BaseModule
 		/// @todo Add Authentication to enable fetching of non public content
 		// $requester = HTTPSignature::getSigner('', $_SERVER);

-		// At first we try the original post with that guid
-		// @TODO: Replace with parameter from router
-		$item = Item::selectFirst(['id'], ['guid' => $a->argv[1], 'origin' => true, 'private' => [item::PUBLIC, Item::UNLISTED]]);
-		if (!DBA::isResult($item)) {
-			// If no original post could be found, it could possibly be a forum post, there we remove the "origin" field.
-			// @TODO: Replace with parameter from router
-			$item = Item::selectFirst(['id', 'author-link'], ['guid' => $a->argv[1], 'private' => [item::PUBLIC, Item::UNLISTED]]);
-			if (!DBA::isResult($item) || !strstr($item['author-link'], DI::baseUrl()->get())) {
-				throw new \Friendica\Network\HTTPException\NotFoundException();
-			}
+		$item = Item::selectFirst(
+			['id', 'origin', 'author-link', 'changed'],
+			[
+				'guid' => $parameters['guid'],
+				'private' => [Item::PUBLIC, Item::UNLISTED]
+			],
+			['order' => ['origin' => true]]
+		);
+		// Valid items are original post or posted from this node (including in the case of a forum)
+		if (!DBA::isResult($item) || !$item['origin'] && !strstr($item['author-link'], DI::baseUrl()->get())) {
+			throw new HTTPException\NotFoundException();
 		}

+		$etag          = md5($parameters['guid'] . '-' . $item['changed']);
+		$last_modified = $item['changed'];
+		Network::checkEtagModified($etag, $last_modified);
+
 		$activity = ActivityPub\Transmitter::createActivityFromItem($item['id'], true);
 		$activity['type'] = $activity['type'] == 'Update' ? 'Create' : $activity['type'];

 		// Only display "Create" activity objects here, no reshares or anything else
 		if (empty($activity['object']) || ($activity['type'] != 'Create')) {
-			throw new \Friendica\Network\HTTPException\NotFoundException();
+			throw new HTTPException\NotFoundException();
 		}

 		$data = ['@context' => ActivityPub::CONTEXT];
 		$data = array_merge($data, $activity['object']);

-		header('Content-Type: application/activity+json');
-		echo json_encode($data);
-		exit();
+		// Relaxed CORS header for public items
+		header('Access-Control-Allow-Origin: *');
+		System::jsonExit($data, 'application/activity+json');
 	}
 }
--- a/src/Module/Profile/Profile.php
+++ b/src/Module/Profile/Profile.php
@ -54,6 +54,8 @@ class Profile extends BaseProfile
 				// The function returns an empty array when the account is removed, expired or blocked
 				$data = ActivityPub\Transmitter::getProfile($user['uid']);
 				if (!empty($data)) {
+					header('Access-Control-Allow-Origin: *');
+					header('Cache-Control: max-age=23200, stale-while-revalidate=23200');
 					System::jsonExit($data, 'application/activity+json');
 				}
 			}
--- a/src/Util/Network.php
+++ b/src/Util/Network.php
@ -910,4 +910,46 @@ class Network

 		return self::unparseURL($parsed);
 	}
+
+	/**
+	 * Generates ETag and Last-Modified response headers and checks them against
+	 * If-None-Match and If-Modified-Since request headers if present.
+	 *
+	 * Blocking function, sends 304 headers and exits if check passes.
+	 *
+	 * @param string $etag          The page etag
+	 * @param string $last_modified The page last modification UTC date
+	 * @throws \Exception
+	 */
+	public static function checkEtagModified(string $etag, string $last_modified)
+	{
+		$last_modified = DateTimeFormat::utc($last_modified, 'D, d M Y H:i:s') . ' GMT';
+
+		/**
+		 * @see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.26
+		 */
+		$if_none_match     = filter_input(INPUT_SERVER, 'HTTP_IF_NONE_MATCH');
+		$if_modified_since = filter_input(INPUT_SERVER, 'HTTP_IF_MODIFIED_SINCE');
+		$flag_not_modified = null;
+		if ($if_none_match) {
+			$result = [];
+			preg_match('/^(?:W\/")?([^"]+)"?$/i', $etag, $result);
+			$etagTrimmed = $result[1];
+			// Lazy exact ETag match, could check weak/strong ETags
+			$flag_not_modified = $if_none_match == '*' || strpos($if_none_match, $etagTrimmed) !== false;
+		}
+
+		if ($if_modified_since && (!$if_none_match || $flag_not_modified)) {
+			// Lazy exact Last-Modified match, could check If-Modified-Since validity
+			$flag_not_modified = $if_modified_since == $last_modified;
+		}
+
+		header('Etag: ' . $etag);
+		header('Last-Modified: ' . $last_modified);
+
+		if ($flag_not_modified) {
+			header("HTTP/1.1 304 Not Modified");
+			exit;
+		}
+	}
 }