resolve_account_service.rb 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146
  1. # frozen_string_literal: true
  2. class ResolveAccountService < BaseService
  3. include JsonLdHelper
  4. include DomainControlHelper
  5. include WebfingerHelper
  6. include Redisable
  7. include Lockable
  8. # Find or create an account record for a remote user. When creating,
  9. # look up the user's webfinger and fetch ActivityPub data
  10. # @param [String, Account] uri URI in the username@domain format or account record
  11. # @param [Hash] options
  12. # @option options [Boolean] :redirected Do not follow further Webfinger redirects
  13. # @option options [Boolean] :skip_webfinger Do not attempt any webfinger query or refreshing account data
  14. # @return [Account]
  15. def call(uri, options = {})
  16. return if uri.blank?
  17. process_options!(uri, options)
  18. # First of all we want to check if we've got the account
  19. # record with the URI already, and if so, we can exit early
  20. return if domain_not_allowed?(@domain)
  21. @account ||= Account.find_remote(@username, @domain)
  22. return @account if @account&.local? || @domain.nil? || !webfinger_update_due?
  23. # At this point we are in need of a Webfinger query, which may
  24. # yield us a different username/domain through a redirect
  25. process_webfinger!(@uri)
  26. @domain = nil if TagManager.instance.local_domain?(@domain)
  27. # Because the username/domain pair may be different than what
  28. # we already checked, we need to check if we've already got
  29. # the record with that URI, again
  30. return if domain_not_allowed?(@domain)
  31. @account ||= Account.find_remote(@username, @domain)
  32. if gone_from_origin? && not_yet_deleted?
  33. queue_deletion!
  34. return
  35. end
  36. return @account if @account&.local? || gone_from_origin? || !webfinger_update_due?
  37. # Now it is certain, it is definitely a remote account, and it
  38. # either needs to be created, or updated from fresh data
  39. fetch_account!
  40. rescue Webfinger::Error, Oj::ParseError => e
  41. Rails.logger.debug "Webfinger query for #{@uri} failed: #{e}"
  42. nil
  43. end
  44. private
  45. def process_options!(uri, options)
  46. @options = options
  47. if uri.is_a?(Account)
  48. @account = uri
  49. @username = @account.username
  50. @domain = @account.domain
  51. else
  52. @username, @domain = uri.strip.gsub(/\A@/, '').split('@')
  53. end
  54. @domain = begin
  55. if TagManager.instance.local_domain?(@domain)
  56. nil
  57. else
  58. TagManager.instance.normalize_domain(@domain)
  59. end
  60. end
  61. @uri = [@username, @domain].compact.join('@')
  62. end
  63. def process_webfinger!(uri)
  64. @webfinger = webfinger!("acct:#{uri}")
  65. confirmed_username, confirmed_domain = split_acct(@webfinger.subject)
  66. if confirmed_username.casecmp(@username).zero? && confirmed_domain.casecmp(@domain).zero?
  67. @username = confirmed_username
  68. @domain = confirmed_domain
  69. return
  70. end
  71. # Account doesn't match, so it may have been redirected
  72. @webfinger = webfinger!("acct:#{confirmed_username}@#{confirmed_domain}")
  73. @username, @domain = split_acct(@webfinger.subject)
  74. unless confirmed_username.casecmp(@username).zero? && confirmed_domain.casecmp(@domain).zero?
  75. raise Webfinger::RedirectError, "The URI #{uri} tries to hijack #{@username}@#{@domain}"
  76. end
  77. rescue Webfinger::GoneError
  78. @gone = true
  79. end
  80. def split_acct(acct)
  81. acct.gsub(/\Aacct:/, '').split('@')
  82. end
  83. def fetch_account!
  84. return unless activitypub_ready?
  85. with_lock("resolve:#{@username}@#{@domain}") do
  86. @account = ActivityPub::FetchRemoteAccountService.new.call(actor_url)
  87. end
  88. @account
  89. end
  90. def webfinger_update_due?
  91. return false if @options[:check_delivery_availability] && !DeliveryFailureTracker.available?(@domain)
  92. return false if @options[:skip_webfinger]
  93. @account.nil? || @account.possibly_stale?
  94. end
  95. def activitypub_ready?
  96. ['application/activity+json', 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'].include?(@webfinger.link('self', 'type'))
  97. end
  98. def actor_url
  99. @actor_url ||= @webfinger.link('self', 'href')
  100. end
  101. def gone_from_origin?
  102. @gone
  103. end
  104. def not_yet_deleted?
  105. @account.present? && !@account.local?
  106. end
  107. def queue_deletion!
  108. @account.suspend!(origin: :remote)
  109. AccountDeletionWorker.perform_async(@account.id, { 'reserve_username' => false, 'skip_activitypub' => true })
  110. end
  111. end