process_account_service.rb 9.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320
  1. # frozen_string_literal: true
  2. class ActivityPub::ProcessAccountService < BaseService
  3. include JsonLdHelper
  4. include DomainControlHelper
  5. # Should be called with confirmed valid JSON
  6. # and WebFinger-resolved username and domain
  7. def call(username, domain, json, options = {})
  8. return if json['inbox'].blank? || unsupported_uri_scheme?(json['id']) || domain_not_allowed?(domain)
  9. @options = options
  10. @json = json
  11. @uri = @json['id']
  12. @username = username
  13. @domain = domain
  14. @collections = {}
  15. RedisLock.acquire(lock_options) do |lock|
  16. if lock.acquired?
  17. @account = Account.remote.find_by(uri: @uri) if @options[:only_key]
  18. @account ||= Account.find_remote(@username, @domain)
  19. @old_public_key = @account&.public_key
  20. @old_protocol = @account&.protocol
  21. @suspension_changed = false
  22. create_account if @account.nil?
  23. update_account
  24. process_tags
  25. process_attachments
  26. else
  27. raise Mastodon::RaceConditionError
  28. end
  29. end
  30. return if @account.nil?
  31. after_protocol_change! if protocol_changed?
  32. after_key_change! if key_changed? && !@options[:signed_with_known_key]
  33. clear_tombstones! if key_changed?
  34. after_suspension_change! if suspension_changed?
  35. unless @options[:only_key] || @account.suspended?
  36. check_featured_collection! if @account.featured_collection_url.present?
  37. check_links! unless @account.fields.empty?
  38. end
  39. @account
  40. rescue Oj::ParseError
  41. nil
  42. end
  43. private
  44. def create_account
  45. @account = Account.new
  46. @account.protocol = :activitypub
  47. @account.username = @username
  48. @account.domain = @domain
  49. @account.private_key = nil
  50. @account.suspended_at = domain_block.created_at if auto_suspend?
  51. @account.suspension_origin = :local if auto_suspend?
  52. @account.silenced_at = domain_block.created_at if auto_silence?
  53. @account.save
  54. end
  55. def update_account
  56. @account.last_webfingered_at = Time.now.utc unless @options[:only_key]
  57. @account.protocol = :activitypub
  58. set_suspension!
  59. set_immediate_attributes! unless @account.suspended?
  60. set_fetchable_attributes! unless @options[:only_keys] || @account.suspended?
  61. @account.save_with_optional_media!
  62. end
  63. def set_immediate_attributes!
  64. @account.inbox_url = @json['inbox'] || ''
  65. @account.outbox_url = @json['outbox'] || ''
  66. @account.shared_inbox_url = (@json['endpoints'].is_a?(Hash) ? @json['endpoints']['sharedInbox'] : @json['sharedInbox']) || ''
  67. @account.followers_url = @json['followers'] || ''
  68. @account.featured_collection_url = @json['featured'] || ''
  69. @account.devices_url = @json['devices'] || ''
  70. @account.url = url || @uri
  71. @account.uri = @uri
  72. @account.display_name = @json['name'] || ''
  73. @account.note = @json['summary'] || ''
  74. @account.locked = @json['manuallyApprovesFollowers'] || false
  75. @account.fields = property_values || {}
  76. @account.also_known_as = as_array(@json['alsoKnownAs'] || []).map { |item| value_or_id(item) }
  77. @account.actor_type = actor_type
  78. @account.discoverable = @json['discoverable'] || false
  79. end
  80. def set_fetchable_attributes!
  81. @account.avatar_remote_url = image_url('icon') || '' unless skip_download?
  82. @account.header_remote_url = image_url('image') || '' unless skip_download?
  83. @account.public_key = public_key || ''
  84. @account.statuses_count = outbox_total_items if outbox_total_items.present?
  85. @account.following_count = following_total_items if following_total_items.present?
  86. @account.followers_count = followers_total_items if followers_total_items.present?
  87. @account.hide_collections = following_private? || followers_private?
  88. @account.moved_to_account = @json['movedTo'].present? ? moved_account : nil
  89. end
  90. def set_suspension!
  91. return if @account.suspended? && @account.suspension_origin_local?
  92. if @account.suspended? && !@json['suspended']
  93. @account.unsuspend!
  94. @suspension_changed = true
  95. elsif !@account.suspended? && @json['suspended']
  96. @account.suspend!(origin: :remote)
  97. @suspension_changed = true
  98. end
  99. end
  100. def after_protocol_change!
  101. ActivityPub::PostUpgradeWorker.perform_async(@account.domain)
  102. end
  103. def after_key_change!
  104. RefollowWorker.perform_async(@account.id)
  105. end
  106. def after_suspension_change!
  107. if @account.suspended?
  108. Admin::SuspensionWorker.perform_async(@account.id)
  109. else
  110. Admin::UnsuspensionWorker.perform_async(@account.id)
  111. end
  112. end
  113. def check_featured_collection!
  114. ActivityPub::SynchronizeFeaturedCollectionWorker.perform_async(@account.id)
  115. end
  116. def check_links!
  117. VerifyAccountLinksWorker.perform_async(@account.id)
  118. end
  119. def actor_type
  120. if @json['type'].is_a?(Array)
  121. @json['type'].find { |type| ActivityPub::FetchRemoteAccountService::SUPPORTED_TYPES.include?(type) }
  122. else
  123. @json['type']
  124. end
  125. end
  126. def image_url(key)
  127. value = first_of_value(@json[key])
  128. return if value.nil?
  129. return value['url'] if value.is_a?(Hash)
  130. image = fetch_resource_without_id_validation(value)
  131. image['url'] if image
  132. end
  133. def public_key
  134. value = first_of_value(@json['publicKey'])
  135. return if value.nil?
  136. return value['publicKeyPem'] if value.is_a?(Hash)
  137. key = fetch_resource_without_id_validation(value)
  138. key['publicKeyPem'] if key
  139. end
  140. def url
  141. return if @json['url'].blank?
  142. url_candidate = url_to_href(@json['url'], 'text/html')
  143. if unsupported_uri_scheme?(url_candidate) || mismatching_origin?(url_candidate)
  144. nil
  145. else
  146. url_candidate
  147. end
  148. end
  149. def property_values
  150. return unless @json['attachment'].is_a?(Array)
  151. as_array(@json['attachment']).select { |attachment| attachment['type'] == 'PropertyValue' }.map { |attachment| attachment.slice('name', 'value') }
  152. end
  153. def mismatching_origin?(url)
  154. needle = Addressable::URI.parse(url).host
  155. haystack = Addressable::URI.parse(@uri).host
  156. !haystack.casecmp(needle).zero?
  157. end
  158. def outbox_total_items
  159. collection_info('outbox').first
  160. end
  161. def following_total_items
  162. collection_info('following').first
  163. end
  164. def followers_total_items
  165. collection_info('followers').first
  166. end
  167. def following_private?
  168. !collection_info('following').last
  169. end
  170. def followers_private?
  171. !collection_info('followers').last
  172. end
  173. def collection_info(type)
  174. return [nil, nil] if @json[type].blank?
  175. return @collections[type] if @collections.key?(type)
  176. collection = fetch_resource_without_id_validation(@json[type])
  177. total_items = collection.is_a?(Hash) && collection['totalItems'].present? && collection['totalItems'].is_a?(Numeric) ? collection['totalItems'] : nil
  178. has_first_page = collection.is_a?(Hash) && collection['first'].present?
  179. @collections[type] = [total_items, has_first_page]
  180. rescue HTTP::Error, OpenSSL::SSL::SSLError, Mastodon::LengthValidationError
  181. @collections[type] = [nil, nil]
  182. end
  183. def moved_account
  184. account = ActivityPub::TagManager.instance.uri_to_resource(@json['movedTo'], Account)
  185. account ||= ActivityPub::FetchRemoteAccountService.new.call(@json['movedTo'], id: true, break_on_redirect: true)
  186. account
  187. end
  188. def skip_download?
  189. @account.suspended? || domain_block&.reject_media?
  190. end
  191. def auto_suspend?
  192. domain_block&.suspend?
  193. end
  194. def auto_silence?
  195. domain_block&.silence?
  196. end
  197. def domain_block
  198. return @domain_block if defined?(@domain_block)
  199. @domain_block = DomainBlock.rule_for(@domain)
  200. end
  201. def key_changed?
  202. !@old_public_key.nil? && @old_public_key != @account.public_key
  203. end
  204. def suspension_changed?
  205. @suspension_changed
  206. end
  207. def clear_tombstones!
  208. Tombstone.where(account_id: @account.id).delete_all
  209. end
  210. def protocol_changed?
  211. !@old_protocol.nil? && @old_protocol != @account.protocol
  212. end
  213. def lock_options
  214. { redis: Redis.current, key: "process_account:#{@uri}" }
  215. end
  216. def process_tags
  217. return if @json['tag'].blank?
  218. as_array(@json['tag']).each do |tag|
  219. process_emoji tag if equals_or_includes?(tag['type'], 'Emoji')
  220. end
  221. end
  222. def process_attachments
  223. return if @json['attachment'].blank?
  224. previous_proofs = @account.identity_proofs.to_a
  225. current_proofs = []
  226. as_array(@json['attachment']).each do |attachment|
  227. next unless equals_or_includes?(attachment['type'], 'IdentityProof')
  228. current_proofs << process_identity_proof(attachment)
  229. end
  230. previous_proofs.each do |previous_proof|
  231. next if current_proofs.any? { |current_proof| current_proof.id == previous_proof.id }
  232. previous_proof.delete
  233. end
  234. end
  235. def process_emoji(tag)
  236. return if skip_download?
  237. return if tag['name'].blank? || tag['icon'].blank? || tag['icon']['url'].blank?
  238. shortcode = tag['name'].delete(':')
  239. image_url = tag['icon']['url']
  240. uri = tag['id']
  241. updated = tag['updated']
  242. emoji = CustomEmoji.find_by(shortcode: shortcode, domain: @account.domain)
  243. return unless emoji.nil? || image_url != emoji.image_remote_url || (updated && updated >= emoji.updated_at)
  244. emoji ||= CustomEmoji.new(domain: @account.domain, shortcode: shortcode, uri: uri)
  245. emoji.image_remote_url = image_url
  246. emoji.save
  247. end
  248. def process_identity_proof(attachment)
  249. provider = attachment['signatureAlgorithm']
  250. provider_username = attachment['name']
  251. token = attachment['signatureValue']
  252. @account.identity_proofs.where(provider: provider, provider_username: provider_username).find_or_create_by(provider: provider, provider_username: provider_username, token: token)
  253. end
  254. end