actor.py 10.5 KB
Newer Older
kaniini's avatar
kaniini committed
1
import aiohttp
kaniini's avatar
kaniini committed
2
import aiohttp.web
3
import asyncio
kaniini's avatar
kaniini committed
4
import logging
kaniini's avatar
kaniini committed
5
import uuid
6
import re
kaniini's avatar
kaniini committed
7
8
import simplejson as json
import cgi
9
10
import datetime

11
from urllib.parse import urlsplit
kaniini's avatar
kaniini committed
12
from Crypto.PublicKey import RSA
13
14
15
from cachetools import LFUCache

from . import app, CONFIG
kaniini's avatar
kaniini committed
16
from .database import DATABASE
kaniini's avatar
kaniini committed
17
from .http_debug import http_debug
18
19
from .remote_actor import fetch_actor
from .http_signatures import sign_headers, generate_body_digest
kaniini's avatar
kaniini committed
20

kaniini's avatar
kaniini committed
21
22
23
24
25
26
27
28
29

# generate actor keys if not present
if "actorKeys" not in DATABASE:
    logging.info("No actor keys present, generating 4096-bit RSA keypair.")

    privkey = RSA.generate(4096)
    pubkey = privkey.publickey()

    DATABASE["actorKeys"] = {
Jeong Arm's avatar
Jeong Arm committed
30
31
        "publicKey": pubkey.exportKey('PEM').decode('utf-8'),
        "privateKey": privkey.exportKey('PEM').decode('utf-8')
kaniini's avatar
kaniini committed
32
33
34
    }


kaniini's avatar
kaniini committed
35
36
PRIVKEY = RSA.importKey(DATABASE["actorKeys"]["privateKey"])
PUBKEY = PRIVKEY.publickey()
37
AP_CONFIG = CONFIG['ap']
kaniini's avatar
kaniini committed
38
39
CACHE_SIZE = CONFIG.get('cache-size', 16384)
CACHE = LFUCache(CACHE_SIZE)
kaniini's avatar
kaniini committed
40

41
42
sem = asyncio.Semaphore(500)

kaniini's avatar
kaniini committed
43
44
45
46
47
48
49
50

async def actor(request):
    data = {
        "@context": "https://www.w3.org/ns/activitystreams",
        "endpoints": {
            "sharedInbox": "https://{}/inbox".format(request.host)
        },
        "followers": "https://{}/followers".format(request.host),
kaniini's avatar
kaniini committed
51
        "following": "https://{}/following".format(request.host),
kaniini's avatar
kaniini committed
52
        "inbox": "https://{}/inbox".format(request.host),
kaniini's avatar
kaniini committed
53
        "name": "ActivityRelay",
kaniini's avatar
kaniini committed
54
        "type": "Application",
kaniini's avatar
kaniini committed
55
        "id": "https://{}/actor".format(request.host),
kaniini's avatar
kaniini committed
56
57
58
59
60
        "publicKey": {
            "id": "https://{}/actor#main-key".format(request.host),
            "owner": "https://{}/actor".format(request.host),
            "publicKeyPem": DATABASE["actorKeys"]["publicKey"]
        },
kaniini's avatar
kaniini committed
61
62
        "summary": "ActivityRelay bot",
        "preferredUsername": "relay",
63
        "url": "https://{}/actor".format(request.host)
kaniini's avatar
kaniini committed
64
    }
65
    return aiohttp.web.json_response(data, content_type='application/activity+json')
kaniini's avatar
kaniini committed
66
67
68


app.router.add_get('/actor', actor)
69
70
71
get_actor_inbox = lambda actor: actor.get('endpoints', {}).get('sharedInbox', actor['inbox'])


kaniini's avatar
kaniini committed
72
async def push_message_to_actor(actor, message, our_key_id):
73
    inbox = get_actor_inbox(actor)
74
    url = urlsplit(inbox)
kaniini's avatar
kaniini committed
75
76
77
78
79
80
81

    # XXX: Digest
    data = json.dumps(message)
    headers = {
        '(request-target)': 'post {}'.format(url.path),
        'Content-Length': str(len(data)),
        'Content-Type': 'application/activity+json',
82
83
84
85
        'User-Agent': 'ActivityRelay',
        'Host': url.netloc,
        'Digest': 'SHA-256={}'.format(generate_body_digest(data)),
        'Date': datetime.datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT')
kaniini's avatar
kaniini committed
86
87
    }
    headers['signature'] = sign_headers(headers, PRIVKEY, our_key_id)
88
    headers.pop('(request-target)')
89
    headers.pop('Host')
kaniini's avatar
kaniini committed
90

91
    logging.debug('%r >> %r', inbox, message)
kaniini's avatar
kaniini committed
92

93
94
95
96
97
98
99
100
101
102
103
    global sem
    async with sem:
        try:
            async with aiohttp.ClientSession(trace_configs=[http_debug()]) as session:
                async with session.post(inbox, data=data, headers=headers) as resp:
                    if resp.status == 202:
                        return
                    resp_payload = await resp.text()
                    logging.debug('%r >> resp %r', inbox, resp_payload)
        except Exception as e:
            logging.info('Caught %r while pushing to %r.', e, inbox)
kaniini's avatar
kaniini committed
104
105


Izalia Mae's avatar
Izalia Mae committed
106
async def fetch_nodeinfo(domain):
Izalia Mae's avatar
Izalia Mae committed
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
    headers = {'Accept': 'application/activity+json'}
    nodeinfo_url = None

    wk_nodeinfo = await fetch_actor(f'https://{domain}/.well-known/nodeinfo', headers=headers)

    if not wk_nodeinfo:
        return

    for link in wk_nodeinfo.get('links', ''):
        if link['rel'] == 'http://nodeinfo.diaspora.software/ns/schema/2.0':
            nodeinfo_url = link['href']
            break

    if not nodeinfo_url:
        return

    nodeinfo_data = await fetch_actor(nodeinfo_url)
Izalia Mae's avatar
Izalia Mae committed
124
    software = nodeinfo_data.get('software')
Izalia Mae's avatar
Izalia Mae committed
125

Izalia Mae's avatar
Izalia Mae committed
126
127
128
    return software.get('name') if software else None


kaniini's avatar
kaniini committed
129
130
async def follow_remote_actor(actor_uri):
    actor = await fetch_actor(actor_uri)
Izalia Mae's avatar
Izalia Mae committed
131
    
132
133
134
135
    if not actor:
        logging.info('failed to fetch actor at: %r', actor_uri)
        return

Izalia Mae's avatar
Izalia Mae committed
136
137
138
139
    if AP_CONFIG['whitelist_enabled'] is True and urlsplit(actor_uri).hostname not in AP_CONFIG['whitelist']:
        logging.info('refusing to follow non-whitelisted actor: %r', actor_uri)
        return

140
    logging.info('following: %r', actor_uri)
kaniini's avatar
kaniini committed
141
142
143
144
145

    message = {
        "@context": "https://www.w3.org/ns/activitystreams",
        "type": "Follow",
        "to": [actor['id']],
kaniini's avatar
kaniini committed
146
        "object": actor['id'],
kaniini's avatar
kaniini committed
147
148
149
150
151
152
        "id": "https://{}/activities/{}".format(AP_CONFIG['host'], uuid.uuid4()),
        "actor": "https://{}/actor".format(AP_CONFIG['host'])
    }
    await push_message_to_actor(actor, message, "https://{}/actor#main-key".format(AP_CONFIG['host']))


kaniini's avatar
kaniini committed
153
154
async def unfollow_remote_actor(actor_uri):
    actor = await fetch_actor(actor_uri)
155
156
157
158
159
    if not actor:
        logging.info('failed to fetch actor at: %r', actor_uri)
        return

    logging.info('unfollowing: %r', actor_uri)
kaniini's avatar
kaniini committed
160
161
162
163
164
165
166
167
168

    message = {
        "@context": "https://www.w3.org/ns/activitystreams",
        "type": "Undo",
        "to": [actor['id']],
        "object": {
             "type": "Follow",
             "object": actor_uri,
             "actor": actor['id'],
kaniini's avatar
kaniini committed
169
170
             "id": "https://{}/activities/{}".format(AP_CONFIG['host'], uuid.uuid4())
        },
kaniini's avatar
kaniini committed
171
172
173
174
175
176
        "id": "https://{}/activities/{}".format(AP_CONFIG['host'], uuid.uuid4()),
        "actor": "https://{}/actor".format(AP_CONFIG['host'])
    }
    await push_message_to_actor(actor, message, "https://{}/actor#main-key".format(AP_CONFIG['host']))


kaniini's avatar
kaniini committed
177
178
179
180
181
182
tag_re = re.compile(r'(<!--.*?-->|<[^>]*>)')
def strip_html(data):
    no_tags = tag_re.sub('', data)
    return cgi.escape(no_tags)


183
def distill_inboxes(actor, object_id):
184
185
    global DATABASE

186
187
    origin_hostname = urlsplit(object_id).hostname

188
189
    inbox = get_actor_inbox(actor)
    targets = [target for target in DATABASE.get('relay-list', []) if target != inbox]
190
    targets = [target for target in targets if urlsplit(target).hostname != origin_hostname]
191
    hostnames = [urlsplit(target).hostname for target in targets]
192
193

    assert inbox not in targets
194
    assert origin_hostname not in hostnames
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209

    return targets


def distill_object_id(activity):
    logging.debug('>> determining object ID for %r', activity['object'])
    obj = activity['object']

    if isinstance(obj, str):
        return obj

    return obj['id']


async def handle_relay(actor, data, request):
kaniini's avatar
kaniini committed
210
211
    global CACHE

212
213
    object_id = distill_object_id(data)

kaniini's avatar
kaniini committed
214
215
216
217
218
219
    if object_id in CACHE:
        logging.debug('>> already relayed %r as %r', object_id, CACHE[object_id])
        return

    activity_id = "https://{}/activities/{}".format(request.host, uuid.uuid4())

220
221
222
    message = {
        "@context": "https://www.w3.org/ns/activitystreams",
        "type": "Announce",
223
        "to": ["https://{}/followers".format(request.host)],
224
225
        "actor": "https://{}/actor".format(request.host),
        "object": object_id,
kaniini's avatar
kaniini committed
226
        "id": activity_id
227
228
    }

229
    logging.debug('>> relay: %r', message)
230

231
    inboxes = distill_inboxes(actor, object_id)
232
233
234

    futures = [push_message_to_actor({'inbox': inbox}, message, 'https://{}/actor#main-key'.format(request.host)) for inbox in inboxes]
    asyncio.ensure_future(asyncio.gather(*futures))
kaniini's avatar
kaniini committed
235

kaniini's avatar
kaniini committed
236
237
    CACHE[object_id] = activity_id

kaniini's avatar
kaniini committed
238

239
async def handle_forward(actor, data, request):
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
    object_id = distill_object_id(data)

    logging.debug('>> Relay %r', data)

    inboxes = distill_inboxes(actor, object_id)

    futures = [
        push_message_to_actor(
            {'inbox': inbox},
            data,
            'https://{}/actor#main-key'.format(request.host))
        for inbox in inboxes]
    asyncio.ensure_future(asyncio.gather(*futures))


kaniini's avatar
kaniini committed
255
async def handle_follow(actor, data, request):
256
257
258
259
    global DATABASE

    following = DATABASE.get('relay-list', [])
    inbox = get_actor_inbox(actor)
gled's avatar
gled committed
260

Izalia Mae's avatar
Izalia Mae committed
261

262
    if urlsplit(inbox).hostname in AP_CONFIG['blocked_instances']:
gled's avatar
gled committed
263
        return
264
265
266
267
268

    if inbox not in following:
        following += [inbox]
        DATABASE['relay-list'] = following

269
        asyncio.ensure_future(follow_remote_actor(actor['id']))
270

kaniini's avatar
kaniini committed
271
272
273
274
    message = {
        "@context": "https://www.w3.org/ns/activitystreams",
        "type": "Accept",
        "to": [actor["id"]],
kaniini's avatar
kaniini committed
275
        "actor": "https://{}/actor".format(request.host),
kaniini's avatar
kaniini committed
276
277
278

        # this is wrong per litepub, but mastodon < 2.4 is not compliant with that profile.
        "object": {
279
280
281
282
            "type": "Follow",
            "id": data["id"],
            "object": "https://{}/actor".format(request.host),
            "actor": actor["id"]
kaniini's avatar
kaniini committed
283
284
285
286
        },

        "id": "https://{}/activities/{}".format(request.host, uuid.uuid4()),
    }
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303

    asyncio.ensure_future(push_message_to_actor(actor, message, 'https://{}/actor#main-key'.format(request.host)))


async def handle_undo(actor, data, request):
    global DATABASE

    child = data['object']
    if child['type'] == 'Follow':
        following = DATABASE.get('relay-list', [])

        inbox = get_actor_inbox(actor)

        if inbox in following:
            following.remove(inbox)
            DATABASE['relay-list'] = following

304
        await unfollow_remote_actor(actor['id'])
kaniini's avatar
kaniini committed
305
306
307


processors = {
308
309
    'Announce': handle_relay,
    'Create': handle_relay,
310
    'Delete': handle_forward,
311
    'Follow': handle_follow,
312
313
    'Undo': handle_undo,
    'Update': handle_forward,
kaniini's avatar
kaniini committed
314
315
316
317
}


async def inbox(request):
kaniini's avatar
kaniini committed
318
    data = await request.json()
319
    instance = urlsplit(data['actor']).hostname
kaniini's avatar
kaniini committed
320

Izalia Mae's avatar
Izalia Mae committed
321
322
323
324
325
326
    if AP_CONFIG['block_relays']:
        software = await fetch_nodeinfo(instance)

        if software and 'relay' in software.lower():
            raise aiohttp.web.HTTPUnauthorized(body='relays have been blocked', content_type='text/plain')

kaniini's avatar
kaniini committed
327
328
    if 'actor' not in data or not request['validated']:
        raise aiohttp.web.HTTPUnauthorized(body='access denied', content_type='text/plain')
kaniini's avatar
kaniini committed
329

Izalia Mae's avatar
Izalia Mae committed
330
331
332
333
    elif data['type'] != 'Follow' and 'https://{}/inbox'.format(instance) not in DATABASE['relay-list']:
        raise aiohttp.web.HTTPUnauthorized(body='access denied', content_type='text/plain')

    elif AP_CONFIG['whitelist_enabled'] is True and instance not in AP_CONFIG['whitelist']:
334
335
        raise aiohttp.web.HTTPUnauthorized(body='access denied', content_type='text/plain')

kaniini's avatar
kaniini committed
336
337
338
    actor = await fetch_actor(data["actor"])
    actor_uri = 'https://{}/actor'.format(request.host)

339
340
    logging.debug(">> payload %r", data)

kaniini's avatar
kaniini committed
341
342
343
344
345
346
347
    processor = processors.get(data['type'], None)
    if processor:
        await processor(actor, data, request)

    return aiohttp.web.Response(body=b'{}', content_type='application/activity+json')

app.router.add_post('/inbox', inbox)