aiden
/
pixelfed
mirror of https://github.com/pixelfed/pixelfed
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
shleeable-patch-18
shleeable-patch-16
shleeable-patch-15
shleeable-patch-14
shleeable-patch-13
shleeable-patch-12
shleeable-patch-11
shleeable-patch-10
shleeable-patch-9
shleeable-patch-8
shleeable-patch-3
shleeable-patch-2
dev
staging
l10n_staging
shleeable-patch-1
shleeable-patch-4
shleeable-patch-7
shleeable-patch-6
shleeable-patch-5
groups
vue3
v0.1.9
v0.10.0
v0.10.1
v0.10.10
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.10.6
v0.10.7
v0.10.8
v0.10.9
v0.11.0
v0.11.1
v0.11.10
v0.11.11
v0.11.12
v0.11.13
v0.11.2
v0.11.3
v0.11.4
v0.11.5
v0.11.6
v0.11.7
v0.11.8
v0.11.9
v0.12.0
v0.12.1
v0.12.2
v0.12.3
v0.12.4
v0.12.5
v0.12.6
v0.5.9
v0.6.0
v0.6.1
v0.7.6
v0.8.0
v0.8.5
v0.8.6
v0.9.0
v0.9.4
v0.9.5
v0.9.6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'dev'
${ noResults }
pixelfed/app/Jobs/InboxPipeline/DeleteWorker.php

257 lines
7.9 KiB
PHP
Raw Permalink Blame History

<?php
namespace App\Jobs\InboxPipeline;
use App\Jobs\DeletePipeline\DeleteRemoteProfilePipeline;
use App\Profile;
use App\Util\ActivityPub\Helpers;
use App\Util\ActivityPub\HttpSignature;
use Cache;
use Illuminate\Bus\Queueable;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Foundation\Bus\Dispatchable;
use Illuminate\Http\Client\ConnectionException;
use Illuminate\Queue\InteractsWithQueue;
use Illuminate\Queue\SerializesModels;
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Facades\Log;
class DeleteWorker implements ShouldQueue
{
use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
protected $headers;
protected $payload;
public $timeout = 300;
public $tries = 1;
public $maxExceptions = 1;
/**
* Create a new job instance.
*
* @return void
*/
public function __construct($headers, $payload)
{
$this->headers = $headers;
$this->payload = $payload;
}
/**
* Execute the job.
*
* @return void
*/
public function handle()
{
$profile = null;
$headers = $this->headers;
$payload = $this->payload;
// Verify headers exist
if (! $headers) {
Log::info('DeleteWorker: Headers not provided, skipping job');
return;
}
// Verify payload exists
if (! $payload) {
Log::info('DeleteWorker: Payload not provided, skipping job');
return;
}
$payload = json_decode($payload, true, 8);
if (! isset($headers['signature']) || ! isset($headers['date'])) {
Log::info('DeleteWorker: Missing signature or date in headers, skipping job');
return;
}
if (! $headers || ! $payload) {
Log::info('DeleteWorker: Empty headers or payload, skipping job');
return;
}
if ($payload['type'] === 'Delete' &&
((is_string($payload['object']) &&
$payload['object'] === $payload['actor']) ||
(is_array($payload['object']) &&
isset($payload['object']['id'], $payload['object']['type']) &&
$payload['object']['type'] === 'Person' &&
$payload['actor'] === $payload['object']['id']
))
) {
$actor = $payload['actor'];
if ($this->verifySignature($headers, $payload) == true) {
$actorDelete = Profile::whereRemoteUrl($actor)->exists();
if ($actorDelete) {
if ($this->verifySignature($headers, $payload) == true) {
Cache::set($key, false);
$profile = Profile::whereNotNull('domain')
->whereNull('status')
->whereRemoteUrl($actor)
->first();
if ($profile) {
DeleteRemoteProfilePipeline::dispatch($profile)->onQueue('inbox');
}
return 1;
} else {
// Signature verification failed, exit.
return 1;
}
} else {
// Remote user doesn't exist, exit early.
return 1;
}
return 1;
} else {
return 1;
}
} else {
$profile = null;
if ($this->verifySignature($headers, $payload) == true) {
ActivityHandler::dispatch($headers, $profile, $payload)->onQueue('delete');
return 1;
} else {
return 1;
}
}
}
protected function verifySignature($headers, $payload)
{
$body = $this->payload;
$bodyDecoded = $payload;
$signature = is_array($headers['signature']) ? $headers['signature'][0] : $headers['signature'];
$date = is_array($headers['date']) ? $headers['date'][0] : $headers['date'];
if (! $signature) {
return false;
}
if (! $date) {
return false;
}
if (! now()->parse($date)->gt(now()->subDays(1)) ||
! now()->parse($date)->lt(now()->addDays(1))
) {
return false;
}
$signatureData = HttpSignature::parseSignatureHeader($signature);
if (! isset($signatureData['keyId'], $signatureData['signature'], $signatureData['headers']) || isset($signatureData['error'])) {
return false;
}
$keyId = Helpers::validateUrl($signatureData['keyId']);
$id = Helpers::validateUrl($bodyDecoded['id']);
$keyDomain = parse_url($keyId, PHP_URL_HOST);
$idDomain = parse_url($id, PHP_URL_HOST);
if (isset($bodyDecoded['object'])
&& is_array($bodyDecoded['object'])
&& isset($bodyDecoded['object']['attributedTo'])
) {
$attr = Helpers::pluckval($bodyDecoded['object']['attributedTo']);
if (is_array($attr)) {
if (isset($attr['id'])) {
$attr = $attr['id'];
} else {
$attr = '';
}
}
if (parse_url($attr, PHP_URL_HOST) !== $keyDomain) {
return false;
}
}
if (! $keyDomain || ! $idDomain || $keyDomain !== $idDomain) {
return false;
}
$actor = Profile::whereKeyId($keyId)->first();
if (! $actor) {
$actorUrl = is_array($bodyDecoded['actor']) ? $bodyDecoded['actor'][0] : $bodyDecoded['actor'];
$actor = Helpers::profileFirstOrNew($actorUrl);
}
if (! $actor) {
return false;
}
$pkey = openssl_pkey_get_public($actor->public_key);
if (! $pkey) {
return false;
}
$inboxPath = '/f/inbox';
[$verified, $headers] = HttpSignature::verify($pkey, $signatureData, $headers, $inboxPath, $body);
if ($verified == 1) {
return true;
} else {
return false;
}
}
protected function blindKeyRotation($headers, $payload)
{
$signature = is_array($headers['signature']) ? $headers['signature'][0] : $headers['signature'];
$date = is_array($headers['date']) ? $headers['date'][0] : $headers['date'];
if (! $signature) {
return;
}
if (! $date) {
return;
}
if (! now()->parse($date)->gt(now()->subDays(1)) ||
! now()->parse($date)->lt(now()->addDays(1))
) {
return;
}
$signatureData = HttpSignature::parseSignatureHeader($signature);
if (! isset($signatureData['keyId'], $signatureData['signature'], $signatureData['headers']) || isset($signatureData['error'])) {
return;
}
$keyId = Helpers::validateUrl($signatureData['keyId']);
$actor = Profile::whereKeyId($keyId)->whereNotNull('remote_url')->first();
if (! $actor) {
return;
}
if (Helpers::validateUrl($actor->remote_url) == false) {
return;
}
try {
$res = Http::timeout(20)->withHeaders([
'Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
'User-Agent' => 'PixelfedBot v0.1 - https://pixelfed.org',
])->get($actor->remote_url);
} catch (ConnectionException $e) {
return false;
}
if (! $res->ok()) {
return false;
}
$res = json_decode($res->body(), true, 8);
if (! isset($res['publicKey'], $res['publicKey']['id'])) {
return;
}
if ($res['publicKey']['id'] !== $actor->key_id) {
return;
}
$actor->public_key = $res['publicKey']['publicKeyPem'];
$actor->save();
return $this->verifySignature($headers, $payload);
}
}
Reference in New Issue View Git Blame Copy Permalink