From f96d1fbd0bd29732404c6b2f76ec9a24a8bc2714 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sun, 5 Apr 2020 17:58:09 -0400 Subject: [PATCH 1/3] Add Network::checkEtagModified method --- src/Util/Network.php | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/src/Util/Network.php b/src/Util/Network.php index 6c7fd731cb..6b73369d32 100644 --- a/src/Util/Network.php +++ b/src/Util/Network.php @@ -910,4 +910,46 @@ class Network return self::unparseURL($parsed); } + + /** + * Generates ETag and Last-Modified response headers and checks them against + * If-None-Match and If-Modified-Since request headers if present. + * + * Blocking function, sends 304 headers and exits if check passes. + * + * @param string $etag The page etag + * @param string $last_modified The page last modification UTC date + * @throws \Exception + */ + public static function checkEtagModified(string $etag, string $last_modified) + { + $last_modified = DateTimeFormat::utc($last_modified, 'D, d M Y H:i:s') . ' GMT'; + + /** + * @see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.26 + */ + $if_none_match = filter_input(INPUT_SERVER, 'HTTP_IF_NONE_MATCH'); + $if_modified_since = filter_input(INPUT_SERVER, 'HTTP_IF_MODIFIED_SINCE'); + $flag_not_modified = null; + if ($if_none_match) { + $result = []; + preg_match('/^(?:W\/")?([^"]+)"?$/i', $etag, $result); + $etagTrimmed = $result[1]; + // Lazy exact ETag match, could check weak/strong ETags + $flag_not_modified = $if_none_match == '*' || strpos($if_none_match, $etagTrimmed) !== false; + } + + if ($if_modified_since && (!$if_none_match || $flag_not_modified)) { + // Lazy exact Last-Modified match, could check If-Modified-Since validity + $flag_not_modified = $if_modified_since == $last_modified; + } + + header('Etag: ' . $etag); + header('Last-Modified: ' . $last_modified); + + if ($flag_not_modified) { + header("HTTP/1.1 304 Not Modified"); + exit; + } + } } From 1e32f74b0bd51f78c7d96525781a8317df9e77d3 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sun, 5 Apr 2020 18:00:46 -0400 Subject: [PATCH 2/3] Rework Module/Objects - Merge two item queries into one - Add ETag check - Use Router parameter --- mod/display.php | 2 +- src/Module/Objects.php | 40 ++++++++++++++++++++++------------------ 2 files changed, 23 insertions(+), 19 deletions(-) diff --git a/mod/display.php b/mod/display.php index fd0079f9f6..107e666d48 100644 --- a/mod/display.php +++ b/mod/display.php @@ -42,7 +42,7 @@ use Friendica\Util\Strings; function display_init(App $a) { if (ActivityPub::isRequest()) { - Objects::rawContent(); + Objects::rawContent(['guid' => $a->argv[1] ?? null]); } if (DI::config()->get('system', 'block_public') && !Session::isAuthenticated()) { diff --git a/src/Module/Objects.php b/src/Module/Objects.php index cce2b73131..0f2536bcc9 100644 --- a/src/Module/Objects.php +++ b/src/Module/Objects.php @@ -22,10 +22,13 @@ namespace Friendica\Module; use Friendica\BaseModule; +use Friendica\Core\System; use Friendica\Database\DBA; use Friendica\DI; use Friendica\Model\Item; +use Friendica\Network\HTTPException; use Friendica\Protocol\ActivityPub; +use Friendica\Util\Network; /** * ActivityPub Objects @@ -34,10 +37,8 @@ class Objects extends BaseModule { public static function rawContent(array $parameters = []) { - $a = DI::app(); - - if (empty($a->argv[1])) { - throw new \Friendica\Network\HTTPException\NotFoundException(); + if (empty($parameters['guid'])) { + throw new HTTPException\BadRequestException(); } if (!ActivityPub::isRequest()) { @@ -47,31 +48,34 @@ class Objects extends BaseModule /// @todo Add Authentication to enable fetching of non public content // $requester = HTTPSignature::getSigner('', $_SERVER); - // At first we try the original post with that guid - // @TODO: Replace with parameter from router - $item = Item::selectFirst(['id'], ['guid' => $a->argv[1], 'origin' => true, 'private' => [item::PUBLIC, Item::UNLISTED]]); - if (!DBA::isResult($item)) { - // If no original post could be found, it could possibly be a forum post, there we remove the "origin" field. - // @TODO: Replace with parameter from router - $item = Item::selectFirst(['id', 'author-link'], ['guid' => $a->argv[1], 'private' => [item::PUBLIC, Item::UNLISTED]]); - if (!DBA::isResult($item) || !strstr($item['author-link'], DI::baseUrl()->get())) { - throw new \Friendica\Network\HTTPException\NotFoundException(); - } + $item = Item::selectFirst( + ['id', 'origin', 'author-link', 'changed'], + [ + 'guid' => $parameters['guid'], + 'private' => [Item::PUBLIC, Item::UNLISTED] + ], + ['order' => ['origin' => true]] + ); + // Valid items are original post or posted from this node (including in the case of a forum) + if (!DBA::isResult($item) || !$item['origin'] && !strstr($item['author-link'], DI::baseUrl()->get())) { + throw new HTTPException\NotFoundException(); } + $etag = md5($parameters['guid'] . '-' . $item['changed']); + $last_modified = $item['changed']; + Network::checkEtagModified($etag, $last_modified); + $activity = ActivityPub\Transmitter::createActivityFromItem($item['id'], true); $activity['type'] = $activity['type'] == 'Update' ? 'Create' : $activity['type']; // Only display "Create" activity objects here, no reshares or anything else if (empty($activity['object']) || ($activity['type'] != 'Create')) { - throw new \Friendica\Network\HTTPException\NotFoundException(); + throw new HTTPException\NotFoundException(); } $data = ['@context' => ActivityPub::CONTEXT]; $data = array_merge($data, $activity['object']); - header('Content-Type: application/activity+json'); - echo json_encode($data); - exit(); + System::jsonExit($data, 'application/activity+json'); } } From af817b2ad5412a28c740efb51a4c220db33a45cc Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sun, 5 Apr 2020 18:02:38 -0400 Subject: [PATCH 3/3] Add cache and CORS headers to ActivityPub endpoints --- src/Module/Objects.php | 2 ++ src/Module/Profile/Profile.php | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/Module/Objects.php b/src/Module/Objects.php index 0f2536bcc9..b5b5227141 100644 --- a/src/Module/Objects.php +++ b/src/Module/Objects.php @@ -76,6 +76,8 @@ class Objects extends BaseModule $data = ['@context' => ActivityPub::CONTEXT]; $data = array_merge($data, $activity['object']); + // Relaxed CORS header for public items + header('Access-Control-Allow-Origin: *'); System::jsonExit($data, 'application/activity+json'); } } diff --git a/src/Module/Profile/Profile.php b/src/Module/Profile/Profile.php index bbf0da3821..6142648803 100644 --- a/src/Module/Profile/Profile.php +++ b/src/Module/Profile/Profile.php @@ -54,6 +54,8 @@ class Profile extends BaseProfile // The function returns an empty array when the account is removed, expired or blocked $data = ActivityPub\Transmitter::getProfile($user['uid']); if (!empty($data)) { + header('Access-Control-Allow-Origin: *'); + header('Cache-Control: max-age=23200, stale-while-revalidate=23200'); System::jsonExit($data, 'application/activity+json'); } }