1
0

fetch_resource_service.rb 3.1 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091
  1. # frozen_string_literal: true
  2. class FetchResourceService < BaseService
  3. include JsonLdHelper
  4. ACCEPT_HEADER = 'application/activity+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams", text/html;q=0.1'
  5. ACTIVITY_STREAM_LINK_TYPES = ['application/activity+json', 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'].freeze
  6. attr_reader :response_code
  7. def call(url)
  8. return if url.blank?
  9. process(url)
  10. rescue *Mastodon::HTTP_CONNECTION_ERRORS, Addressable::URI::InvalidURIError, Mastodon::HostValidationError, Mastodon::LengthValidationError => e
  11. Rails.logger.debug { "Error fetching resource #{@url}: #{e}" }
  12. nil
  13. end
  14. private
  15. def process(url, terminal: false)
  16. @url = url
  17. perform_request { |response| process_response(response, terminal) }
  18. end
  19. def perform_request(&block)
  20. Request.new(:get, @url).tap do |request|
  21. request.add_headers('Accept' => ACCEPT_HEADER)
  22. # In a real setting we want to sign all outgoing requests,
  23. # in case the remote server has secure mode enabled and requires
  24. # authentication on all resources. However, during development,
  25. # sending request signatures with an inaccessible host is useless
  26. # and prevents even public resources from being fetched, so
  27. # don't do it
  28. request.on_behalf_of(Account.representative) unless Rails.env.development?
  29. end.perform(&block)
  30. end
  31. def process_response(response, terminal = false)
  32. @response_code = response.code
  33. return nil if response.code != 200
  34. if valid_activitypub_content_type?(response)
  35. body = response.body_with_limit
  36. json = body_to_json(body)
  37. return unless supported_context?(json) && (equals_or_includes_any?(json['type'], ActivityPub::FetchRemoteActorService::SUPPORTED_TYPES) || expected_type?(json))
  38. if json['id'] != @url
  39. return if terminal
  40. return process(json['id'], terminal: true)
  41. end
  42. [@url, { prefetched_body: body }]
  43. elsif !terminal
  44. link_header = response['Link'] && parse_link_header(response)
  45. if link_header&.find_link(%w(rel alternate))
  46. process_link_headers(link_header)
  47. elsif response.mime_type == 'text/html'
  48. process_html(response)
  49. end
  50. end
  51. end
  52. def expected_type?(json)
  53. equals_or_includes_any?(json['type'], ActivityPub::Activity::Create::SUPPORTED_TYPES + ActivityPub::Activity::Create::CONVERTED_TYPES)
  54. end
  55. def process_html(response)
  56. page = Nokogiri::HTML5(response.body_with_limit)
  57. json_link = page.xpath('//link[@rel="alternate"]').find { |link| ACTIVITY_STREAM_LINK_TYPES.include?(link['type']) }
  58. process(json_link['href'], terminal: true) unless json_link.nil?
  59. end
  60. def process_link_headers(link_header)
  61. json_link = link_header.find_link(%w(rel alternate), %w(type application/activity+json)) || link_header.find_link(%w(rel alternate), ['type', 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'])
  62. process(json_link.href, terminal: true) unless json_link.nil?
  63. end
  64. def parse_link_header(response)
  65. LinkHeader.parse(response['Link'].is_a?(Array) ? response['Link'].first : response['Link'])
  66. end
  67. end