2016-11-15 16:56:29 +01:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2018-01-22 14:25:09 +01:00
|
|
|
class ResolveAccountService < BaseService
|
2017-08-08 21:52:15 +02:00
|
|
|
include JsonLdHelper
|
2019-07-09 03:27:35 +02:00
|
|
|
include DomainControlHelper
|
|
|
|
|
|
|
|
class WebfingerRedirectError < StandardError; end
|
2016-10-12 21:07:00 +02:00
|
|
|
|
2019-07-09 03:27:35 +02:00
|
|
|
# Find or create an account record for a remote user. When creating,
|
|
|
|
# look up the user's webfinger and fetch ActivityPub data
|
|
|
|
# @param [String, Account] uri URI in the username@domain format or account record
|
2018-11-08 21:05:42 +01:00
|
|
|
# @param [Hash] options
|
2019-07-09 03:27:35 +02:00
|
|
|
# @option options [Boolean] :redirected Do not follow further Webfinger redirects
|
|
|
|
# @option options [Boolean] :skip_webfinger Do not attempt to refresh account data
|
2016-02-24 12:57:29 +01:00
|
|
|
# @return [Account]
|
2018-11-08 21:05:42 +01:00
|
|
|
def call(uri, options = {})
|
2019-07-09 03:27:35 +02:00
|
|
|
return if uri.blank?
|
|
|
|
|
|
|
|
process_options!(uri, options)
|
|
|
|
|
|
|
|
# First of all we want to check if we've got the account
|
|
|
|
# record with the URI already, and if so, we can exit early
|
|
|
|
|
|
|
|
return if domain_not_allowed?(@domain)
|
|
|
|
|
|
|
|
@account ||= Account.find_remote(@username, @domain)
|
|
|
|
|
|
|
|
return @account if @account&.local? || !webfinger_update_due?
|
|
|
|
|
|
|
|
# At this point we are in need of a Webfinger query, which may
|
|
|
|
# yield us a different username/domain through a redirect
|
|
|
|
|
2019-07-10 17:10:12 +02:00
|
|
|
process_webfinger!(@uri)
|
2019-07-09 03:27:35 +02:00
|
|
|
|
|
|
|
# Because the username/domain pair may be different than what
|
|
|
|
# we already checked, we need to check if we've already got
|
|
|
|
# the record with that URI, again
|
|
|
|
|
|
|
|
return if domain_not_allowed?(@domain)
|
|
|
|
|
|
|
|
@account ||= Account.find_remote(@username, @domain)
|
|
|
|
|
|
|
|
return @account if @account&.local? || !webfinger_update_due?
|
|
|
|
|
|
|
|
# Now it is certain, it is definitely a remote account, and it
|
|
|
|
# either needs to be created, or updated from fresh data
|
|
|
|
|
|
|
|
process_account!
|
|
|
|
rescue Goldfinger::Error, WebfingerRedirectError, Oj::ParseError => e
|
|
|
|
Rails.logger.debug "Webfinger query for #{@uri} failed: #{e}"
|
|
|
|
nil
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
def process_options!(uri, options)
|
2018-11-08 21:05:42 +01:00
|
|
|
@options = options
|
2016-03-21 18:26:47 +01:00
|
|
|
|
2018-11-08 21:05:42 +01:00
|
|
|
if uri.is_a?(Account)
|
|
|
|
@account = uri
|
|
|
|
@username = @account.username
|
|
|
|
@domain = @account.domain
|
2019-07-09 03:27:35 +02:00
|
|
|
@uri = [@username, @domain].compact.join('@')
|
2018-11-08 21:05:42 +01:00
|
|
|
else
|
2019-07-09 03:27:35 +02:00
|
|
|
@uri = uri
|
2018-11-08 21:05:42 +01:00
|
|
|
@username, @domain = uri.split('@')
|
|
|
|
end
|
2016-09-20 00:39:03 +02:00
|
|
|
|
2019-07-09 03:27:35 +02:00
|
|
|
@domain = nil if TagManager.instance.local_domain?(@domain)
|
|
|
|
end
|
2016-02-20 22:53:20 +01:00
|
|
|
|
2019-07-10 17:10:12 +02:00
|
|
|
def process_webfinger!(uri, redirected = false)
|
2019-07-09 03:27:35 +02:00
|
|
|
@webfinger = Goldfinger.finger("acct:#{@uri}")
|
2017-07-19 14:44:04 +02:00
|
|
|
confirmed_username, confirmed_domain = @webfinger.subject.gsub(/\Aacct:/, '').split('@')
|
2016-11-03 16:57:44 +01:00
|
|
|
|
2017-07-19 14:44:04 +02:00
|
|
|
if confirmed_username.casecmp(@username).zero? && confirmed_domain.casecmp(@domain).zero?
|
|
|
|
@username = confirmed_username
|
|
|
|
@domain = confirmed_domain
|
2019-07-10 17:10:12 +02:00
|
|
|
@uri = uri
|
|
|
|
elsif !redirected
|
|
|
|
return process_webfinger!("#{confirmed_username}@#{confirmed_domain}", true)
|
2017-07-19 14:44:04 +02:00
|
|
|
else
|
2019-07-09 03:27:35 +02:00
|
|
|
raise WebfingerRedirectError, "The URI #{uri} tries to hijack #{@username}@#{@domain}"
|
2017-04-19 17:28:35 +02:00
|
|
|
end
|
|
|
|
|
2019-07-09 03:27:35 +02:00
|
|
|
@domain = nil if TagManager.instance.local_domain?(@domain)
|
|
|
|
end
|
|
|
|
|
|
|
|
def process_account!
|
2019-07-06 23:26:16 +02:00
|
|
|
return unless activitypub_ready?
|
2016-11-03 16:57:44 +01:00
|
|
|
|
2017-07-19 14:44:04 +02:00
|
|
|
RedisLock.acquire(lock_options) do |lock|
|
|
|
|
if lock.acquired?
|
|
|
|
@account = Account.find_remote(@username, @domain)
|
2016-11-03 16:57:44 +01:00
|
|
|
|
2019-07-09 03:27:35 +02:00
|
|
|
next if (@account.present? && !@account.activitypub?) || actor_json.nil?
|
2019-07-06 23:26:16 +02:00
|
|
|
|
2019-07-09 03:27:35 +02:00
|
|
|
@account = ActivityPub::ProcessAccountService.new.call(@username, @domain, actor_json)
|
2018-05-16 12:29:45 +02:00
|
|
|
else
|
|
|
|
raise Mastodon::RaceConditionError
|
2017-07-19 14:44:04 +02:00
|
|
|
end
|
2017-04-15 03:16:05 +02:00
|
|
|
end
|
2016-11-03 16:57:44 +01:00
|
|
|
|
2017-07-19 14:44:04 +02:00
|
|
|
@account
|
|
|
|
end
|
2017-01-23 17:38:38 +01:00
|
|
|
|
2017-07-19 14:44:04 +02:00
|
|
|
def webfinger_update_due?
|
2018-11-08 21:05:42 +01:00
|
|
|
@account.nil? || ((!@options[:skip_webfinger] || @account.ostatus?) && @account.possibly_stale?)
|
2017-07-19 14:44:04 +02:00
|
|
|
end
|
2016-02-22 18:10:30 +01:00
|
|
|
|
2017-08-08 21:52:15 +02:00
|
|
|
def activitypub_ready?
|
2019-07-06 23:26:16 +02:00
|
|
|
!@webfinger.link('self').nil? && ['application/activity+json', 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'].include?(@webfinger.link('self').type)
|
2017-08-08 21:52:15 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
def actor_url
|
|
|
|
@actor_url ||= @webfinger.link('self').href
|
|
|
|
end
|
|
|
|
|
2017-08-14 11:27:25 +02:00
|
|
|
def actor_json
|
|
|
|
return @actor_json if defined?(@actor_json)
|
|
|
|
|
2017-10-04 01:13:48 +02:00
|
|
|
json = fetch_resource(actor_url, false)
|
2018-05-02 12:40:24 +02:00
|
|
|
@actor_json = supported_context?(json) && equals_or_includes_any?(json['type'], ActivityPub::FetchRemoteAccountService::SUPPORTED_TYPES) ? json : nil
|
2017-08-14 11:27:25 +02:00
|
|
|
end
|
|
|
|
|
2017-07-19 14:44:04 +02:00
|
|
|
def lock_options
|
|
|
|
{ redis: Redis.current, key: "resolve:#{@username}@#{@domain}" }
|
2016-02-28 14:26:26 +01:00
|
|
|
end
|
2016-02-20 22:53:20 +01:00
|
|
|
end
|