Wire up stub routes for client calls of activitypub inbox/outbox
Code style: remove wrapping function of outbox
This commit is contained in:
parent
f5d7b0003e
commit
aa082ca7b6
@ -93,19 +93,15 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
|
||||
end
|
||||
end
|
||||
|
||||
def outbox(conn, %{"nickname" => nickname, "max_id" => max_id}) do
|
||||
def outbox(conn, %{"nickname" => nickname} = params) do
|
||||
with %User{} = user <- User.get_cached_by_nickname(nickname),
|
||||
{:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
|
||||
conn
|
||||
|> put_resp_header("content-type", "application/activity+json")
|
||||
|> json(UserView.render("outbox.json", %{user: user, max_id: max_id}))
|
||||
|> json(UserView.render("outbox.json", %{user: user, max_id: params["max_id"]}))
|
||||
end
|
||||
end
|
||||
|
||||
def outbox(conn, %{"nickname" => nickname}) do
|
||||
outbox(conn, %{"nickname" => nickname, "max_id" => nil})
|
||||
end
|
||||
|
||||
def inbox(%{assigns: %{valid_signature: true}} = conn, %{"nickname" => nickname} = params) do
|
||||
with %User{} = user <- User.get_cached_by_nickname(nickname),
|
||||
true <- Utils.recipient_in_message(user.ap_id, params),
|
||||
@ -156,6 +152,34 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
|
||||
end
|
||||
end
|
||||
|
||||
def read_inbox(%{assigns: %{user: user}} = conn, %{"nickname" => nickname} = params) do
|
||||
if nickname == user.nickname do
|
||||
Logger.info("read inbox #{inspect(params)}")
|
||||
|
||||
conn
|
||||
|> put_resp_header("content-type", "application/activity+json")
|
||||
|> json("ok!")
|
||||
else
|
||||
conn
|
||||
|> put_status(:forbidden)
|
||||
|> json("can't read inbox of #{nickname} as #{user.nickname}")
|
||||
end
|
||||
end
|
||||
|
||||
def update_outbox(%{assigns: %{user: user}} = conn, %{"nickname" => nickname} = params) do
|
||||
if nickname == user.nickname do
|
||||
Logger.info("update outbox #{inspect(params)}")
|
||||
|
||||
conn
|
||||
|> put_status(:created)
|
||||
|> json("ok!")
|
||||
else
|
||||
conn
|
||||
|> put_status(:forbidden)
|
||||
|> json("can't update outbox of #{nickname} as #{user.nickname}")
|
||||
end
|
||||
end
|
||||
|
||||
def errors(conn, {:error, :not_found}) do
|
||||
conn
|
||||
|> put_status(404)
|
||||
|
@ -412,6 +412,27 @@ defmodule Pleroma.Web.Router do
|
||||
get("/users/:nickname/outbox", ActivityPubController, :outbox)
|
||||
end
|
||||
|
||||
pipeline :activitypub_client do
|
||||
plug(:accepts, ["activity+json"])
|
||||
plug(:fetch_session)
|
||||
plug(Pleroma.Plugs.OAuthPlug)
|
||||
plug(Pleroma.Plugs.BasicAuthDecoderPlug)
|
||||
plug(Pleroma.Plugs.UserFetcherPlug)
|
||||
plug(Pleroma.Plugs.SessionAuthenticationPlug)
|
||||
plug(Pleroma.Plugs.LegacyAuthenticationPlug)
|
||||
plug(Pleroma.Plugs.AuthenticationPlug)
|
||||
plug(Pleroma.Plugs.UserEnabledPlug)
|
||||
plug(Pleroma.Plugs.SetUserSessionIdPlug)
|
||||
plug(Pleroma.Plugs.EnsureUserKeyPlug)
|
||||
end
|
||||
|
||||
scope "/", Pleroma.Web.ActivityPub do
|
||||
pipe_through([:activitypub_client])
|
||||
|
||||
get("/users/:nickname/inbox", ActivityPubController, :read_inbox)
|
||||
post("/users/:nickname/outbox", ActivityPubController, :update_outbox)
|
||||
end
|
||||
|
||||
scope "/relay", Pleroma.Web.ActivityPub do
|
||||
pipe_through(:ap_relay)
|
||||
get("/", ActivityPubController, :relay)
|
||||
|
9
test/fixtures/activitypub-client-post-activity.json
vendored
Normal file
9
test/fixtures/activitypub-client-post-activity.json
vendored
Normal file
@ -0,0 +1,9 @@
|
||||
{
|
||||
"@context": ["https://www.w3.org/ns/activitystreams", {"@language": "en-GB"}],
|
||||
"type": "Create",
|
||||
"object": {
|
||||
"type": "Note",
|
||||
"content": "It's a note"
|
||||
},
|
||||
"to": ["https://www.w3.org/ns/activitystreams#Public"]
|
||||
}
|
@ -112,6 +112,19 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
|
||||
:timer.sleep(500)
|
||||
assert Activity.get_by_ap_id(data["id"])
|
||||
end
|
||||
|
||||
test "it rejects reads from other users", %{conn: conn} do
|
||||
user = insert(:user)
|
||||
otheruser = insert(:user)
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> assign(:user, otheruser)
|
||||
|> put_req_header("accept", "application/activity+json")
|
||||
|> get("/users/#{user.nickname}/inbox")
|
||||
|
||||
assert json_response(conn, 403)
|
||||
end
|
||||
end
|
||||
|
||||
describe "/users/:nickname/outbox" do
|
||||
@ -138,6 +151,20 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
|
||||
|
||||
assert response(conn, 200) =~ announce_activity.data["object"]
|
||||
end
|
||||
|
||||
test "it rejects posts from other users", %{conn: conn} do
|
||||
data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
|
||||
user = insert(:user)
|
||||
otheruser = insert(:user)
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> assign(:user, otheruser)
|
||||
|> put_req_header("content-type", "application/activity+json")
|
||||
|> post("/users/#{user.nickname}/outbox", data)
|
||||
|
||||
assert json_response(conn, 403)
|
||||
end
|
||||
end
|
||||
|
||||
describe "/users/:nickname/followers" do
|
||||
|
Loading…
Reference in New Issue
Block a user