Merge pull request #8504 from MrPetovan/task/8489-ap-cache-cors-headers
Add cache, ETag and CORS headers to AP endpoints
This commit is contained in:
commit
b5637b8cfc
4 changed files with 69 additions and 19 deletions
|
@ -42,7 +42,7 @@ use Friendica\Util\Strings;
|
||||||
function display_init(App $a)
|
function display_init(App $a)
|
||||||
{
|
{
|
||||||
if (ActivityPub::isRequest()) {
|
if (ActivityPub::isRequest()) {
|
||||||
Objects::rawContent();
|
Objects::rawContent(['guid' => $a->argv[1] ?? null]);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (DI::config()->get('system', 'block_public') && !Session::isAuthenticated()) {
|
if (DI::config()->get('system', 'block_public') && !Session::isAuthenticated()) {
|
||||||
|
|
|
@ -22,10 +22,13 @@
|
||||||
namespace Friendica\Module;
|
namespace Friendica\Module;
|
||||||
|
|
||||||
use Friendica\BaseModule;
|
use Friendica\BaseModule;
|
||||||
|
use Friendica\Core\System;
|
||||||
use Friendica\Database\DBA;
|
use Friendica\Database\DBA;
|
||||||
use Friendica\DI;
|
use Friendica\DI;
|
||||||
use Friendica\Model\Item;
|
use Friendica\Model\Item;
|
||||||
|
use Friendica\Network\HTTPException;
|
||||||
use Friendica\Protocol\ActivityPub;
|
use Friendica\Protocol\ActivityPub;
|
||||||
|
use Friendica\Util\Network;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* ActivityPub Objects
|
* ActivityPub Objects
|
||||||
|
@ -34,10 +37,8 @@ class Objects extends BaseModule
|
||||||
{
|
{
|
||||||
public static function rawContent(array $parameters = [])
|
public static function rawContent(array $parameters = [])
|
||||||
{
|
{
|
||||||
$a = DI::app();
|
if (empty($parameters['guid'])) {
|
||||||
|
throw new HTTPException\BadRequestException();
|
||||||
if (empty($a->argv[1])) {
|
|
||||||
throw new \Friendica\Network\HTTPException\NotFoundException();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!ActivityPub::isRequest()) {
|
if (!ActivityPub::isRequest()) {
|
||||||
|
@ -47,31 +48,36 @@ class Objects extends BaseModule
|
||||||
/// @todo Add Authentication to enable fetching of non public content
|
/// @todo Add Authentication to enable fetching of non public content
|
||||||
// $requester = HTTPSignature::getSigner('', $_SERVER);
|
// $requester = HTTPSignature::getSigner('', $_SERVER);
|
||||||
|
|
||||||
// At first we try the original post with that guid
|
$item = Item::selectFirst(
|
||||||
// @TODO: Replace with parameter from router
|
['id', 'origin', 'author-link', 'changed'],
|
||||||
$item = Item::selectFirst(['id'], ['guid' => $a->argv[1], 'origin' => true, 'private' => [item::PUBLIC, Item::UNLISTED]]);
|
[
|
||||||
if (!DBA::isResult($item)) {
|
'guid' => $parameters['guid'],
|
||||||
// If no original post could be found, it could possibly be a forum post, there we remove the "origin" field.
|
'private' => [Item::PUBLIC, Item::UNLISTED]
|
||||||
// @TODO: Replace with parameter from router
|
],
|
||||||
$item = Item::selectFirst(['id', 'author-link'], ['guid' => $a->argv[1], 'private' => [item::PUBLIC, Item::UNLISTED]]);
|
['order' => ['origin' => true]]
|
||||||
if (!DBA::isResult($item) || !strstr($item['author-link'], DI::baseUrl()->get())) {
|
);
|
||||||
throw new \Friendica\Network\HTTPException\NotFoundException();
|
// Valid items are original post or posted from this node (including in the case of a forum)
|
||||||
}
|
if (!DBA::isResult($item) || !$item['origin'] && !strstr($item['author-link'], DI::baseUrl()->get())) {
|
||||||
|
throw new HTTPException\NotFoundException();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$etag = md5($parameters['guid'] . '-' . $item['changed']);
|
||||||
|
$last_modified = $item['changed'];
|
||||||
|
Network::checkEtagModified($etag, $last_modified);
|
||||||
|
|
||||||
$activity = ActivityPub\Transmitter::createActivityFromItem($item['id'], true);
|
$activity = ActivityPub\Transmitter::createActivityFromItem($item['id'], true);
|
||||||
$activity['type'] = $activity['type'] == 'Update' ? 'Create' : $activity['type'];
|
$activity['type'] = $activity['type'] == 'Update' ? 'Create' : $activity['type'];
|
||||||
|
|
||||||
// Only display "Create" activity objects here, no reshares or anything else
|
// Only display "Create" activity objects here, no reshares or anything else
|
||||||
if (empty($activity['object']) || ($activity['type'] != 'Create')) {
|
if (empty($activity['object']) || ($activity['type'] != 'Create')) {
|
||||||
throw new \Friendica\Network\HTTPException\NotFoundException();
|
throw new HTTPException\NotFoundException();
|
||||||
}
|
}
|
||||||
|
|
||||||
$data = ['@context' => ActivityPub::CONTEXT];
|
$data = ['@context' => ActivityPub::CONTEXT];
|
||||||
$data = array_merge($data, $activity['object']);
|
$data = array_merge($data, $activity['object']);
|
||||||
|
|
||||||
header('Content-Type: application/activity+json');
|
// Relaxed CORS header for public items
|
||||||
echo json_encode($data);
|
header('Access-Control-Allow-Origin: *');
|
||||||
exit();
|
System::jsonExit($data, 'application/activity+json');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -54,6 +54,8 @@ class Profile extends BaseProfile
|
||||||
// The function returns an empty array when the account is removed, expired or blocked
|
// The function returns an empty array when the account is removed, expired or blocked
|
||||||
$data = ActivityPub\Transmitter::getProfile($user['uid']);
|
$data = ActivityPub\Transmitter::getProfile($user['uid']);
|
||||||
if (!empty($data)) {
|
if (!empty($data)) {
|
||||||
|
header('Access-Control-Allow-Origin: *');
|
||||||
|
header('Cache-Control: max-age=23200, stale-while-revalidate=23200');
|
||||||
System::jsonExit($data, 'application/activity+json');
|
System::jsonExit($data, 'application/activity+json');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -910,4 +910,46 @@ class Network
|
||||||
|
|
||||||
return self::unparseURL($parsed);
|
return self::unparseURL($parsed);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Generates ETag and Last-Modified response headers and checks them against
|
||||||
|
* If-None-Match and If-Modified-Since request headers if present.
|
||||||
|
*
|
||||||
|
* Blocking function, sends 304 headers and exits if check passes.
|
||||||
|
*
|
||||||
|
* @param string $etag The page etag
|
||||||
|
* @param string $last_modified The page last modification UTC date
|
||||||
|
* @throws \Exception
|
||||||
|
*/
|
||||||
|
public static function checkEtagModified(string $etag, string $last_modified)
|
||||||
|
{
|
||||||
|
$last_modified = DateTimeFormat::utc($last_modified, 'D, d M Y H:i:s') . ' GMT';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.26
|
||||||
|
*/
|
||||||
|
$if_none_match = filter_input(INPUT_SERVER, 'HTTP_IF_NONE_MATCH');
|
||||||
|
$if_modified_since = filter_input(INPUT_SERVER, 'HTTP_IF_MODIFIED_SINCE');
|
||||||
|
$flag_not_modified = null;
|
||||||
|
if ($if_none_match) {
|
||||||
|
$result = [];
|
||||||
|
preg_match('/^(?:W\/")?([^"]+)"?$/i', $etag, $result);
|
||||||
|
$etagTrimmed = $result[1];
|
||||||
|
// Lazy exact ETag match, could check weak/strong ETags
|
||||||
|
$flag_not_modified = $if_none_match == '*' || strpos($if_none_match, $etagTrimmed) !== false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($if_modified_since && (!$if_none_match || $flag_not_modified)) {
|
||||||
|
// Lazy exact Last-Modified match, could check If-Modified-Since validity
|
||||||
|
$flag_not_modified = $if_modified_since == $last_modified;
|
||||||
|
}
|
||||||
|
|
||||||
|
header('Etag: ' . $etag);
|
||||||
|
header('Last-Modified: ' . $last_modified);
|
||||||
|
|
||||||
|
if ($flag_not_modified) {
|
||||||
|
header("HTTP/1.1 304 Not Modified");
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue