resolve_account_service.rb 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154
  1. # frozen_string_literal: true
  2. class ResolveAccountService < BaseService
  3. include JsonLdHelper
  4. include DomainControlHelper
  5. include WebfingerHelper
  6. # Find or create an account record for a remote user. When creating,
  7. # look up the user's webfinger and fetch ActivityPub data
  8. # @param [String, Account] uri URI in the username@domain format or account record
  9. # @param [Hash] options
  10. # @option options [Boolean] :redirected Do not follow further Webfinger redirects
  11. # @option options [Boolean] :skip_webfinger Do not attempt to refresh account data
  12. # @return [Account]
  13. def call(uri, options = {})
  14. return if uri.blank?
  15. process_options!(uri, options)
  16. # First of all we want to check if we've got the account
  17. # record with the URI already, and if so, we can exit early
  18. return if domain_not_allowed?(@domain)
  19. @account ||= Account.find_remote(@username, @domain)
  20. return @account if @account&.local? || @domain.nil? || !webfinger_update_due?
  21. # At this point we are in need of a Webfinger query, which may
  22. # yield us a different username/domain through a redirect
  23. process_webfinger!(@uri)
  24. # Because the username/domain pair may be different than what
  25. # we already checked, we need to check if we've already got
  26. # the record with that URI, again
  27. return if domain_not_allowed?(@domain)
  28. @account ||= Account.find_remote(@username, @domain)
  29. if gone_from_origin? && not_yet_deleted?
  30. queue_deletion!
  31. return
  32. end
  33. return @account if @account&.local? || gone_from_origin? || !webfinger_update_due?
  34. # Now it is certain, it is definitely a remote account, and it
  35. # either needs to be created, or updated from fresh data
  36. process_account!
  37. rescue Webfinger::Error, Oj::ParseError => e
  38. Rails.logger.debug "Webfinger query for #{@uri} failed: #{e}"
  39. nil
  40. end
  41. private
  42. def process_options!(uri, options)
  43. @options = options
  44. if uri.is_a?(Account)
  45. @account = uri
  46. @username = @account.username
  47. @domain = @account.domain
  48. else
  49. @username, @domain = uri.split('@')
  50. end
  51. @domain = begin
  52. if TagManager.instance.local_domain?(@domain)
  53. nil
  54. else
  55. TagManager.instance.normalize_domain(@domain)
  56. end
  57. end
  58. @uri = [@username, @domain].compact.join('@')
  59. end
  60. def process_webfinger!(uri, redirected = false)
  61. @webfinger = webfinger!("acct:#{uri}")
  62. confirmed_username, confirmed_domain = @webfinger.subject.gsub(/\Aacct:/, '').split('@')
  63. if confirmed_username.casecmp(@username).zero? && confirmed_domain.casecmp(@domain).zero?
  64. @username = confirmed_username
  65. @domain = confirmed_domain
  66. @uri = uri
  67. elsif !redirected
  68. return process_webfinger!("#{confirmed_username}@#{confirmed_domain}", true)
  69. else
  70. raise Webfinger::RedirectError, "The URI #{uri} tries to hijack #{@username}@#{@domain}"
  71. end
  72. @domain = nil if TagManager.instance.local_domain?(@domain)
  73. rescue Webfinger::GoneError
  74. @gone = true
  75. end
  76. def process_account!
  77. return unless activitypub_ready?
  78. RedisLock.acquire(lock_options) do |lock|
  79. if lock.acquired?
  80. @account = Account.find_remote(@username, @domain)
  81. next if actor_json.nil?
  82. @account = ActivityPub::ProcessAccountService.new.call(@username, @domain, actor_json)
  83. else
  84. raise Mastodon::RaceConditionError
  85. end
  86. end
  87. @account
  88. end
  89. def webfinger_update_due?
  90. return false if @options[:check_delivery_availability] && !DeliveryFailureTracker.available?(@domain)
  91. @account.nil? || ((!@options[:skip_webfinger] || @account.ostatus?) && @account.possibly_stale?)
  92. end
  93. def activitypub_ready?
  94. ['application/activity+json', 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'].include?(@webfinger.link('self', 'type'))
  95. end
  96. def actor_url
  97. @actor_url ||= @webfinger.link('self', 'href')
  98. end
  99. def actor_json
  100. return @actor_json if defined?(@actor_json)
  101. json = fetch_resource(actor_url, false)
  102. @actor_json = supported_context?(json) && equals_or_includes_any?(json['type'], ActivityPub::FetchRemoteAccountService::SUPPORTED_TYPES) ? json : nil
  103. end
  104. def gone_from_origin?
  105. @gone
  106. end
  107. def not_yet_deleted?
  108. @account.present? && !@account.local?
  109. end
  110. def queue_deletion!
  111. AccountDeletionWorker.perform_async(@account.id, reserve_username: false)
  112. end
  113. def lock_options
  114. { redis: Redis.current, key: "resolve:#{@username}@#{@domain}" }
  115. end
  116. end