mastodon/app/services/resolve_url_service.rb

# frozen_string_literal: true

class ResolveURLService < BaseService
  include JsonLdHelper
  include Authorization

  def call(url, on_behalf_of: nil)
    @url          = url
    @on_behalf_of = on_behalf_of

    if local_url?
      process_local_url
    elsif !fetched_resource.nil?
      process_url
    else
      process_url_from_db
    end
  end

  private

  def process_url
    if equals_or_includes_any?(type, ActivityPub::FetchRemoteAccountService::SUPPORTED_TYPES)
      ActivityPub::FetchRemoteAccountService.new.call(resource_url, prefetched_body: body)
    elsif equals_or_includes_any?(type, ActivityPub::Activity::Create::SUPPORTED_TYPES + ActivityPub::Activity::Create::CONVERTED_TYPES)
      status = FetchRemoteStatusService.new.call(resource_url, body)
      authorize_with @on_behalf_of, status, :show? unless status.nil?
      status
    end
  end

  def process_url_from_db
    return unless @on_behalf_of.present? && [401, 403, 404].include?(fetch_resource_service.response_code)

    # It may happen that the resource is a private toot, and thus not fetchable,
    # but we can return the toot if we already know about it.
    scope = Status.where(uri: @url)

    # We don't have an index on `url`, so try guessing the `uri` from `url`
    parsed_url = Addressable::URI.parse(@url)
    parsed_url.path.match(%r{/@(?<username>#{Account::USERNAME_RE})/(?<status_id>[0-9]+)\Z}) do |matched|
      parsed_url.path = "/users/#{matched[:username]}/statuses/#{matched[:status_id]}"
      scope = scope.or(Status.where(uri: parsed_url.to_s, url: @url))
    end

    status = scope.first

    authorize_with @on_behalf_of, status, :show? unless status.nil?
    status
  rescue Mastodon::NotPermittedError
    nil
  end

  def fetched_resource
    @fetched_resource ||= fetch_resource_service.call(@url)
  end

  def fetch_resource_service
    @_fetch_resource_service ||= FetchResourceService.new
  end

  def resource_url
    fetched_resource.first
  end

  def body
    fetched_resource.second[:prefetched_body]
  end

  def type
    json_data['type']
  end

  def json_data
    @json_data ||= body_to_json(body)
  end

  def local_url?
    TagManager.instance.local_url?(@url)
  end

  def process_local_url
    recognized_params = Rails.application.routes.recognize_path(@url)

    return unless recognized_params[:action] == 'show'

    if recognized_params[:controller] == 'statuses'
      status = Status.find_by(id: recognized_params[:id])
      check_local_status(status)
    elsif recognized_params[:controller] == 'accounts'
      Account.find_local(recognized_params[:username])
    end
  end

  def check_local_status(status)
    return if status.nil?

    authorize_with @on_behalf_of, status, :show?
    status
  rescue Mastodon::NotPermittedError
    nil
  end
end
New API method: /api/v1/search Returns accounts, statuses, hashtags arrays 2017-03-22 02:32:27 +01:00			`# frozen_string_literal: true`

Rename FetchRemoteResourceService to ResolveURLService (#6328) The service used to be named FetchRemoteResourceService resolves local URL as well. 2018-01-22 14:24:22 +01:00			`class ResolveURLService < BaseService`
Add support for searching AP users (#4599) * Add support for searching AP users * use JsonLdHelper 2017-08-14 14:08:34 +02:00			`include JsonLdHelper`
Allow accessing local private/DM messages by URL (#8196) * Allow accessing local private/DM messages by URL (Provided the user pasting the URL is authorized to see the toot, obviously) * Fix SearchServiceSpec tests 2018-08-15 19:33:36 +02:00			`include Authorization`
Add support for searching AP users (#4599) * Add support for searching AP users * use JsonLdHelper 2017-08-14 14:08:34 +02:00
Allow accessing local private/DM messages by URL (#8196) * Allow accessing local private/DM messages by URL (Provided the user pasting the URL is authorized to see the toot, obviously) * Fix SearchServiceSpec tests 2018-08-15 19:33:36 +02:00			`def call(url, on_behalf_of: nil)`
Refactor fetching of remote resources (#11251) 2019-07-10 18:59:28 +02:00			`@url = url`
Allow accessing local private/DM messages by URL (#8196) * Allow accessing local private/DM messages by URL (Provided the user pasting the URL is authorized to see the toot, obviously) * Fix SearchServiceSpec tests 2018-08-15 19:33:36 +02:00			`@on_behalf_of = on_behalf_of`
Fix #4067 - Do not make HTTP round-trip when resolving local URL (#4160) 2017-07-12 00:39:15 +02:00
Refactor fetching of remote resources (#11251) 2019-07-10 18:59:28 +02:00			`if local_url?`
			`process_local_url`
			`elsif !fetched_resource.nil?`
			`process_url`
Fix some timeouts when searching URLs by limiting some database queries (#13253) Only look up private toots from database if the request failed because of 401, 403 or 404 errors, as those may indicate a private toot, rather than something that isn't a toot or cannot be processed. 2020-03-12 23:06:43 +01:00			`else`
Fix URL search not returning private toots user has access to (#12742) 2020-01-03 05:01:45 +01:00			`process_url_from_db`
Refactor fetching of remote resources (#11251) 2019-07-10 18:59:28 +02:00			`end`
Add specs (and refactor) of FetchRemoteResourceService and SearchService (#2812) * Coverage for fetch remote resource service * Refactor fetch remote resource service * Coverage for search service * Refactor search service 2017-05-05 17:26:04 +02:00			`end`
New API method: /api/v1/search Returns accounts, statuses, hashtags arrays 2017-03-22 02:32:27 +01:00
Add specs (and refactor) of FetchRemoteResourceService and SearchService (#2812) * Coverage for fetch remote resource service * Refactor fetch remote resource service * Coverage for search service * Refactor search service 2017-05-05 17:26:04 +02:00			`private`
New API method: /api/v1/search Returns accounts, statuses, hashtags arrays 2017-03-22 02:32:27 +01:00
Add specs (and refactor) of FetchRemoteResourceService and SearchService (#2812) * Coverage for fetch remote resource service * Refactor fetch remote resource service * Coverage for search service * Refactor search service 2017-05-05 17:26:04 +02:00			`def process_url`
Add support for Audio activities (#11189) Fixes #11127 2019-06-26 19:32:36 +02:00			`if equals_or_includes_any?(type, ActivityPub::FetchRemoteAccountService::SUPPORTED_TYPES)`
Clean up OStatus-related codepaths (#12173) * Remove “protocol” argument and return value, as only ActivityPub is supported * Remove FetchRemoteAccountService, only use ActivityPub::FetchRemoteAccountService * Fix tests 2019-12-17 13:32:57 +01:00			`ActivityPub::FetchRemoteAccountService.new.call(resource_url, prefetched_body: body)`
Add support for Audio activities (#11189) Fixes #11127 2019-06-26 19:32:36 +02:00			`elsif equals_or_includes_any?(type, ActivityPub::Activity::Create::SUPPORTED_TYPES + ActivityPub::Activity::Create::CONVERTED_TYPES)`
Clean up OStatus-related codepaths (#12173) * Remove “protocol” argument and return value, as only ActivityPub is supported * Remove FetchRemoteAccountService, only use ActivityPub::FetchRemoteAccountService * Fix tests 2019-12-17 13:32:57 +01:00			`status = FetchRemoteStatusService.new.call(resource_url, body)`
Fix leaking private statuses the admin account follows (#11300) Now that the request is signed, it can return private toots. Do not leak them. 2019-07-15 02:29:04 +02:00			`authorize_with @on_behalf_of, status, :show? unless status.nil?`
			`status`
New API method: /api/v1/search Returns accounts, statuses, hashtags arrays 2017-03-22 02:32:27 +01:00			`end`
			`end`
Add specs (and refactor) of FetchRemoteResourceService and SearchService (#2812) * Coverage for fetch remote resource service * Refactor fetch remote resource service * Coverage for search service * Refactor search service 2017-05-05 17:26:04 +02:00
Fix URL search not returning private toots user has access to (#12742) 2020-01-03 05:01:45 +01:00			`def process_url_from_db`
Fix some timeouts when searching URLs by limiting some database queries (#13253) Only look up private toots from database if the request failed because of 401, 403 or 404 errors, as those may indicate a private toot, rather than something that isn't a toot or cannot be processed. 2020-03-12 23:06:43 +01:00			`return unless @on_behalf_of.present? && [401, 403, 404].include?(fetch_resource_service.response_code)`

Fix URL search not returning private toots user has access to (#12742) 2020-01-03 05:01:45 +01:00			`# It may happen that the resource is a private toot, and thus not fetchable,`
			`# but we can return the toot if we already know about it.`
Improve searching for private toots from URL (#14856) * Improve searching for private toots from URL Most of the time, when sharing toots, people use the toot URL rather than the toot URI, which makes sense since it is the user-facing URL. In Mastodon's case, the URL and URI are different, and Mastodon does not have an index on URL, which means searching a private toot by URL is done with a slow query that will only succeed for very recent toots. This change gets rid of the slow query, and attempts to guess the URI from URL instead, as Mastodon's are predictable. * Add tests * Only return status with guessed uri if url matches Co-authored-by: Claire <claire.github-309c@sitedethib.com> 2020-12-17 06:51:49 +01:00			`scope = Status.where(uri: @url)`

			# We don't have an index on `url`, so try guessing the `uri` from `url`
			`parsed_url = Addressable::URI.parse(@url)`
			`parsed_url.path.match(%r{/@(?<username>#{Account::USERNAME_RE})/(?<status_id>[0-9]+)\Z}) do \|matched\|`
			`parsed_url.path = "/users/#{matched[:username]}/statuses/#{matched[:status_id]}"`
			`scope = scope.or(Status.where(uri: parsed_url.to_s, url: @url))`
			`end`

			`status = scope.first`

Fix URL search not returning private toots user has access to (#12742) 2020-01-03 05:01:45 +01:00			`authorize_with @on_behalf_of, status, :show? unless status.nil?`
			`status`
			`rescue Mastodon::NotPermittedError`
			`nil`
			`end`

Refactor fetching of remote resources (#11251) 2019-07-10 18:59:28 +02:00			`def fetched_resource`
Fix some timeouts when searching URLs by limiting some database queries (#13253) Only look up private toots from database if the request failed because of 401, 403 or 404 errors, as those may indicate a private toot, rather than something that isn't a toot or cannot be processed. 2020-03-12 23:06:43 +01:00			`@fetched_resource \|\|= fetch_resource_service.call(@url)`
			`end`

			`def fetch_resource_service`
			`@_fetch_resource_service \|\|= FetchResourceService.new`
Add specs (and refactor) of FetchRemoteResourceService and SearchService (#2812) * Coverage for fetch remote resource service * Refactor fetch remote resource service * Coverage for search service * Refactor search service 2017-05-05 17:26:04 +02:00			`end`

Refactor fetching of remote resources (#11251) 2019-07-10 18:59:28 +02:00			`def resource_url`
			`fetched_resource.first`
Add specs (and refactor) of FetchRemoteResourceService and SearchService (#2812) * Coverage for fetch remote resource service * Refactor fetch remote resource service * Coverage for search service * Refactor search service 2017-05-05 17:26:04 +02:00			`end`

			`def body`
Refactor fetching of remote resources (#11251) 2019-07-10 18:59:28 +02:00			`fetched_resource.second[:prefetched_body]`
Add specs (and refactor) of FetchRemoteResourceService and SearchService (#2812) * Coverage for fetch remote resource service * Refactor fetch remote resource service * Coverage for search service * Refactor search service 2017-05-05 17:26:04 +02:00			`end`

Add support for searching AP users (#4599) * Add support for searching AP users * use JsonLdHelper 2017-08-14 14:08:34 +02:00			`def type`
Clean up OStatus-related codepaths (#12173) * Remove “protocol” argument and return value, as only ActivityPub is supported * Remove FetchRemoteAccountService, only use ActivityPub::FetchRemoteAccountService * Fix tests 2019-12-17 13:32:57 +01:00			`json_data['type']`
Add support for searching AP users (#4599) * Add support for searching AP users * use JsonLdHelper 2017-08-14 14:08:34 +02:00			`end`

			`def json_data`
Refactor fetching of remote resources (#11251) 2019-07-10 18:59:28 +02:00			`@json_data \|\|= body_to_json(body)`
Add specs (and refactor) of FetchRemoteResourceService and SearchService (#2812) * Coverage for fetch remote resource service * Refactor fetch remote resource service * Coverage for search service * Refactor search service 2017-05-05 17:26:04 +02:00			`end`
Fix #4067 - Do not make HTTP round-trip when resolving local URL (#4160) 2017-07-12 00:39:15 +02:00
			`def local_url?`
			`TagManager.instance.local_url?(@url)`
			`end`

			`def process_local_url`
			`recognized_params = Rails.application.routes.recognize_path(@url)`

			`return unless recognized_params[:action] == 'show'`

Remove Atom feeds and old URLs in the form of `GET /:username/updates/:id` (#11247) 2019-07-07 16:16:51 +02:00			`if recognized_params[:controller] == 'statuses'`
Fix #4067 - Do not make HTTP round-trip when resolving local URL (#4160) 2017-07-12 00:39:15 +02:00			`status = Status.find_by(id: recognized_params[:id])`
			`check_local_status(status)`
			`elsif recognized_params[:controller] == 'accounts'`
			`Account.find_local(recognized_params[:username])`
			`end`
			`end`

			`def check_local_status(status)`
			`return if status.nil?`
Refactor fetching of remote resources (#11251) 2019-07-10 18:59:28 +02:00
Allow accessing local private/DM messages by URL (#8196) * Allow accessing local private/DM messages by URL (Provided the user pasting the URL is authorized to see the toot, obviously) * Fix SearchServiceSpec tests 2018-08-15 19:33:36 +02:00			`authorize_with @on_behalf_of, status, :show?`
			`status`
			`rescue Mastodon::NotPermittedError`
			`nil`
Fix #4067 - Do not make HTTP round-trip when resolving local URL (#4160) 2017-07-12 00:39:15 +02:00			`end`
New API method: /api/v1/search Returns accounts, statuses, hashtags arrays 2017-03-22 02:32:27 +01:00			`end`