feat: add axum compat (#12)

* feat: add actix feature flag

* (WIP)feat: add axum feature

* WIP: axum veridy digest + example

Note: this does not compile yet

* WIP

* chore: clippy lints

* Use actix rt for axum example

* ci: run example in CI for both actix and axum

* feat: add json wrapper type for axum

* docs: update readme with actix and axum feature flags

* fix: fix ci

* chore: more clippy lints

* refactor: update according to PR comment and factorize 'verify_digest'
This commit is contained in:
Paul Delafosse 2022-11-28 22:19:56 +01:00 committed by GitHub
parent 229e225dce
commit 9332c81458
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
42 changed files with 1465 additions and 190 deletions

View file

@ -42,10 +42,17 @@ steps:
commands: commands:
- cargo test --workspace --no-fail-fast - cargo test --workspace --no-fail-fast
- name: cargo run - name: cargo run actix
image: rust:1.61-bullseye image: rust:1.61-bullseye
environment: environment:
CARGO_HOME: .cargo CARGO_HOME: .cargo
RUST_BACKTRACE: 1 RUST_BACKTRACE: 1
commands: commands:
- cargo run -p activitypub_federation --example federation - cargo run --example simple_federation_actix
- name: cargo run axum
image: rust:1.61-bullseye
environment:
CARGO_HOME: .cargo
RUST_BACKTRACE: 1
commands:
- cargo run --example simple_federation_axum --features axum

267
Cargo.lock generated
View file

@ -11,6 +11,7 @@ dependencies = [
"actix-web", "actix-web",
"anyhow", "anyhow",
"async-trait", "async-trait",
"axum",
"background-jobs", "background-jobs",
"base64", "base64",
"chrono", "chrono",
@ -19,9 +20,10 @@ dependencies = [
"enum_delegate", "enum_delegate",
"env_logger", "env_logger",
"http", "http",
"http-signature-normalization-actix", "http-signature-normalization",
"http-signature-normalization-reqwest", "http-signature-normalization-reqwest",
"httpdate", "httpdate",
"hyper",
"itertools", "itertools",
"once_cell", "once_cell",
"openssl", "openssl",
@ -33,7 +35,10 @@ dependencies = [
"sha2", "sha2",
"thiserror", "thiserror",
"tokio", "tokio",
"tower",
"tower-http",
"tracing", "tracing",
"tracing-subscriber",
"url", "url",
] ]
@ -270,6 +275,70 @@ version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
[[package]]
name = "axum"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "744864363a200a5e724a7e61bc8c11b6628cf2e3ec519c8a1a48e609a8156b40"
dependencies = [
"async-trait",
"axum-core",
"axum-macros",
"bitflags",
"bytes",
"futures-util",
"headers",
"http",
"http-body",
"hyper",
"itoa",
"matchit",
"memchr",
"mime",
"percent-encoding",
"pin-project-lite",
"rustversion",
"serde",
"serde_json",
"serde_path_to_error",
"serde_urlencoded",
"sync_wrapper",
"tokio",
"tower",
"tower-http",
"tower-layer",
"tower-service",
]
[[package]]
name = "axum-core"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "79b8558f5a0581152dc94dcd289132a1d377494bdeafcd41869b3258e3e2ad92"
dependencies = [
"async-trait",
"bytes",
"futures-util",
"http",
"http-body",
"mime",
"rustversion",
"tower-layer",
"tower-service",
]
[[package]]
name = "axum-macros"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e4df0fc33ada14a338b799002f7e8657711422b25d4e16afb032708d6b185621"
dependencies = [
"heck",
"proc-macro2",
"quote",
"syn",
]
[[package]] [[package]]
name = "background-jobs" name = "background-jobs"
version = "0.13.0" version = "0.13.0"
@ -753,6 +822,37 @@ version = "0.12.3"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
[[package]]
name = "headers"
version = "0.3.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f3e372db8e5c0d213e0cd0b9be18be2aca3d44cf2fe30a9d46a65581cd454584"
dependencies = [
"base64",
"bitflags",
"bytes",
"headers-core",
"http",
"httpdate",
"mime",
"sha1",
]
[[package]]
name = "headers-core"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e7f66481bfee273957b1f20485a4ff3362987f85b2c236580d81b4eb7a326429"
dependencies = [
"http",
]
[[package]]
name = "heck"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2540771e65fc8cb83cd6e8a237f70c319bd5c29f78ed1084ba5d50eeac86f7f9"
[[package]] [[package]]
name = "hermit-abi" name = "hermit-abi"
version = "0.1.19" version = "0.1.19"
@ -784,6 +884,12 @@ dependencies = [
"pin-project-lite", "pin-project-lite",
] ]
[[package]]
name = "http-range-header"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0bfe8eed0a9285ef776bb792479ea3834e8b94e13d615c2f66d03dd50a435a29"
[[package]] [[package]]
name = "http-signature-normalization" name = "http-signature-normalization"
version = "0.6.0" version = "0.6.0"
@ -793,26 +899,6 @@ dependencies = [
"httpdate", "httpdate",
] ]
[[package]]
name = "http-signature-normalization-actix"
version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "86dfd54a1764ad79376b8dbf29e5bf918a463eb5ec66c90cd0388508289af6f0"
dependencies = [
"actix-http",
"actix-rt",
"actix-web",
"base64",
"futures-util",
"http-signature-normalization",
"sha2",
"thiserror",
"tokio",
"tracing",
"tracing-error",
"tracing-futures",
]
[[package]] [[package]]
name = "http-signature-normalization-reqwest" name = "http-signature-normalization-reqwest"
version = "0.7.1" version = "0.7.1"
@ -1031,6 +1117,21 @@ dependencies = [
"cfg-if", "cfg-if",
] ]
[[package]]
name = "matchers"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8263075bb86c5a1b1427b5ae862e8889656f126e9f77c484496e8b47cf5c5558"
dependencies = [
"regex-automata",
]
[[package]]
name = "matchit"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3dfc802da7b1cf80aefffa0c7b2f77247c8b32206cc83c270b61264f5b360a80"
[[package]] [[package]]
name = "memchr" name = "memchr"
version = "2.5.0" version = "2.5.0"
@ -1083,6 +1184,16 @@ dependencies = [
"tempfile", "tempfile",
] ]
[[package]]
name = "nu-ansi-term"
version = "0.46.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "77a8165726e8236064dbb45459242600304b42a5ea24ee2948e18e023bf7ba84"
dependencies = [
"overload",
"winapi",
]
[[package]] [[package]]
name = "num-integer" name = "num-integer"
version = "0.1.45" version = "0.1.45"
@ -1163,6 +1274,12 @@ dependencies = [
"vcpkg", "vcpkg",
] ]
[[package]]
name = "overload"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"
[[package]] [[package]]
name = "parking_lot" name = "parking_lot"
version = "0.12.1" version = "0.12.1"
@ -1310,6 +1427,15 @@ dependencies = [
"regex-syntax", "regex-syntax",
] ]
[[package]]
name = "regex-automata"
version = "0.1.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132"
dependencies = [
"regex-syntax",
]
[[package]] [[package]]
name = "regex-syntax" name = "regex-syntax"
version = "0.6.28" version = "0.6.28"
@ -1387,6 +1513,12 @@ dependencies = [
"semver", "semver",
] ]
[[package]]
name = "rustversion"
version = "1.0.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "97477e48b4cf8603ad5f7aaf897467cf42ab4218a38ef76fb14c2d6773a6d6a8"
[[package]] [[package]]
name = "ryu" name = "ryu"
version = "1.0.11" version = "1.0.11"
@ -1476,6 +1608,15 @@ dependencies = [
"serde", "serde",
] ]
[[package]]
name = "serde_path_to_error"
version = "0.1.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "184c643044780f7ceb59104cef98a5a6f12cb2288a7bc701ab93a362b49fd47d"
dependencies = [
"serde",
]
[[package]] [[package]]
name = "serde_urlencoded" name = "serde_urlencoded"
version = "0.7.1" version = "0.7.1"
@ -1570,6 +1711,12 @@ dependencies = [
"unicode-ident", "unicode-ident",
] ]
[[package]]
name = "sync_wrapper"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "20518fe4a4c9acf048008599e464deb21beeae3d3578418951a189c235a7a9a8"
[[package]] [[package]]
name = "task-local-extensions" name = "task-local-extensions"
version = "0.1.3" version = "0.1.3"
@ -1684,6 +1831,7 @@ dependencies = [
"libc", "libc",
"memchr", "memchr",
"mio", "mio",
"num_cpus",
"parking_lot", "parking_lot",
"pin-project-lite", "pin-project-lite",
"signal-hook-registry", "signal-hook-registry",
@ -1727,6 +1875,48 @@ dependencies = [
"tracing", "tracing",
] ]
[[package]]
name = "tower"
version = "0.4.13"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b8fa9be0de6cf49e536ce1851f987bd21a43b771b09473c3549a6c853db37c1c"
dependencies = [
"futures-core",
"futures-util",
"pin-project",
"pin-project-lite",
"tokio",
"tower-layer",
"tower-service",
"tracing",
]
[[package]]
name = "tower-http"
version = "0.3.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3c530c8675c1dbf98facee631536fa116b5fb6382d7dd6dc1b118d970eafe3ba"
dependencies = [
"bitflags",
"bytes",
"futures-core",
"futures-util",
"http",
"http-body",
"http-range-header",
"pin-project-lite",
"tower",
"tower-layer",
"tower-service",
"tracing",
]
[[package]]
name = "tower-layer"
version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c20c8dbed6283a09604c3e69b4b7eeb54e298b8a600d4d5ecb5ad39de609f1d0"
[[package]] [[package]]
name = "tower-service" name = "tower-service"
version = "0.3.2" version = "0.3.2"
@ -1764,16 +1954,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "24eb03ba0eab1fd845050058ce5e616558e8f8d8fca633e6b163fe25c797213a" checksum = "24eb03ba0eab1fd845050058ce5e616558e8f8d8fca633e6b163fe25c797213a"
dependencies = [ dependencies = [
"once_cell", "once_cell",
] "valuable",
[[package]]
name = "tracing-error"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d686ec1c0f384b1277f097b2f279a2ecc11afe8c133c1aabf036a27cb4cd206e"
dependencies = [
"tracing",
"tracing-subscriber",
] ]
[[package]] [[package]]
@ -1786,15 +1967,33 @@ dependencies = [
"tracing", "tracing",
] ]
[[package]]
name = "tracing-log"
version = "0.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "78ddad33d2d10b1ed7eb9d1f518a5674713876e97e5bb9b7345a7984fbb4f922"
dependencies = [
"lazy_static",
"log",
"tracing-core",
]
[[package]] [[package]]
name = "tracing-subscriber" name = "tracing-subscriber"
version = "0.3.16" version = "0.3.16"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a6176eae26dd70d0c919749377897b54a9276bd7061339665dd68777926b5a70" checksum = "a6176eae26dd70d0c919749377897b54a9276bd7061339665dd68777926b5a70"
dependencies = [ dependencies = [
"matchers",
"nu-ansi-term",
"once_cell",
"regex",
"sharded-slab", "sharded-slab",
"smallvec",
"thread_local", "thread_local",
"tracing",
"tracing-core", "tracing-core",
"tracing-log",
] ]
[[package]] [[package]]
@ -1867,6 +2066,12 @@ dependencies = [
"serde", "serde",
] ]
[[package]]
name = "valuable"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"
[[package]] [[package]]
name = "vcpkg" name = "vcpkg"
version = "0.2.15" version = "0.2.15"

View file

@ -22,9 +22,6 @@ openssl = "0.10.42"
once_cell = "1.16.0" once_cell = "1.16.0"
http = "0.2.8" http = "0.2.8"
sha2 = "0.10.6" sha2 = "0.10.6"
actix-web = { version = "4.2.1", default-features = false }
http-signature-normalization-actix = { version = "0.6.1", default-features = false, features = ["server", "sha-2"] }
http-signature-normalization-reqwest = { version = "0.7.1", default-features = false, features = ["sha-2", "middleware"] }
background-jobs = "0.13.0" background-jobs = "0.13.0"
thiserror = "1.0.37" thiserror = "1.0.37"
derive_builder = "0.11.2" derive_builder = "0.11.2"
@ -32,10 +29,44 @@ itertools = "0.10.5"
dyn-clone = "1.0.9" dyn-clone = "1.0.9"
enum_delegate = "0.2.0" enum_delegate = "0.2.0"
httpdate = "1.0.2" httpdate = "1.0.2"
http-signature-normalization-reqwest = { version = "0.7.1", default-features = false, features = ["sha-2", "middleware"] }
http-signature-normalization = "0.6.0"
actix-rt = { version = "2.7.0" }
actix-web = { version = "4.2.1", default-features = false, optional = true }
axum = { version = "0.6.0", features = ["json", "headers", "macros", "original-uri"], optional = true }
# Axum
tower-http = { version = "0.3", features = ["map-request-body", "util", "trace"], optional = true }
tower = { version = "0.4.13", optional = true }
hyper = { version = "0.14", optional = true }
tracing-subscriber = { version = "0.3", features = ["env-filter"], optional = true }
[features]
default = ["actix"]
actix = ["dep:actix-web"]
axum = [
"dep:axum",
"dep:tower-http",
"dep:tower",
"dep:hyper",
"dep:tracing-subscriber",
]
[dev-dependencies] [dev-dependencies]
activitystreams-kinds = "0.2.1" activitystreams-kinds = "0.2.1"
rand = "0.8.5" rand = "0.8.5"
actix-rt = "2.7.0" actix-rt = "2.7.0"
tokio = "1.21.2" tokio = { version = "1.21.2", features = ["full"] }
env_logger = { version = "0.9.3", default-features = false } env_logger = { version = "0.9.3", default-features = false }
[[example]]
name = "simple_federation_actix"
path = "examples/federation-actix/main.rs"
required-features = ["actix"]
[[example]]
name = "simple_federation_axum"
path = "examples/federation-axum/main.rs"
required-features = ["axum"]

View file

@ -18,7 +18,25 @@ You can join the Matrix channel [#activitystreams:asonix.dog](https://matrix.to/
## How to use ## How to use
To get started, have a look at the [API documentation](https://docs.rs/activitypub_federation/0.2.0/activitypub_federation/) and example code. You can also find some [ActivityPub resources in the Lemmy documentation](https://join-lemmy.org/docs/en/contributing/resources.html#activitypub-resources). If anything is unclear, please open an issue for clarification. For a more advanced implementation, take a look at the [Lemmy federation code](https://github.com/LemmyNet/lemmy/tree/main/crates/apub).
To get started, have a look at the [API documentation](https://docs.rs/activitypub_federation/0.2.0/activitypub_federation/)
and [example code](https://github.com/LemmyNet/lemmy/tree/main/example/). You can also find some [ActivityPub resources in the Lemmy documentation](https://join-lemmy.org/docs/en/contributing/resources.html#activitypub-resources).
If anything is unclear, please open an issue for clarification. For a more advanced implementation,
take a look at the [Lemmy federation code](https://github.com/LemmyNet/lemmy/tree/main/crates/apub).
Currently supported frameworks include [actix](https://actix.rs/) and [axum](https://github.com/tokio-rs/axum):
**actix:**
```toml
activitypub_federation = { version = "*", features = ["actix"] }
```
**axum:**
```toml
activitypub_federation = { version = "*", features = ["axum"] }
```
## Roadmap ## Roadmap

View file

@ -25,7 +25,7 @@ impl Accept {
} }
} }
#[async_trait::async_trait(?Send)] #[async_trait::async_trait]
impl ActivityHandler for Accept { impl ActivityHandler for Accept {
type DataType = InstanceHandle; type DataType = InstanceHandle;
type Error = crate::error::Error; type Error = crate::error::Error;

View file

@ -37,7 +37,7 @@ impl CreateNote {
} }
} }
#[async_trait::async_trait(?Send)] #[async_trait::async_trait]
impl ActivityHandler for CreateNote { impl ActivityHandler for CreateNote {
type DataType = InstanceHandle; type DataType = InstanceHandle;
type Error = crate::error::Error; type Error = crate::error::Error;

View file

@ -34,7 +34,7 @@ impl Follow {
} }
} }
#[async_trait::async_trait(?Send)] #[async_trait::async_trait]
impl ActivityHandler for Follow { impl ActivityHandler for Follow {
type DataType = InstanceHandle; type DataType = InstanceHandle;
type Error = crate::error::Error; type Error = crate::error::Error;
@ -63,11 +63,12 @@ impl ActivityHandler for Follow {
request_counter: &mut i32, request_counter: &mut i32,
) -> Result<(), Self::Error> { ) -> Result<(), Self::Error> {
// add to followers // add to followers
let local_user = {
let mut users = data.users.lock().unwrap(); let mut users = data.users.lock().unwrap();
let local_user = users.first_mut().unwrap(); let local_user = users.first_mut().unwrap();
local_user.followers.push(self.actor.inner().clone()); local_user.followers.push(self.actor.inner().clone());
let local_user = local_user.clone(); local_user.clone()
drop(users); };
// send back an accept // send back an accept
let follower = self let follower = self

View file

@ -5,8 +5,6 @@ use std::fmt::{Display, Formatter};
#[derive(Debug)] #[derive(Debug)]
pub struct Error(anyhow::Error); pub struct Error(anyhow::Error);
impl ResponseError for Error {}
impl Display for Error { impl Display for Error {
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
std::fmt::Display::fmt(&self.0, f) std::fmt::Display::fmt(&self.0, f)
@ -21,3 +19,5 @@ where
Error(t.into()) Error(t.into())
} }
} }
impl ResponseError for Error {}

View file

@ -6,8 +6,13 @@ use crate::{
person::{MyUser, PersonAcceptedActivities}, person::{MyUser, PersonAcceptedActivities},
}, },
}; };
use activitypub_federation::{ use activitypub_federation::{
core::{inbox::receive_activity, object_id::ObjectId, signatures::generate_actor_keypair}, core::{
actix::inbox::receive_activity,
object_id::ObjectId,
signatures::generate_actor_keypair,
},
data::Data, data::Data,
deser::context::WithContext, deser::context::WithContext,
traits::ApubObject, traits::ApubObject,
@ -16,11 +21,10 @@ use activitypub_federation::{
UrlVerifier, UrlVerifier,
APUB_JSON_CONTENT_TYPE, APUB_JSON_CONTENT_TYPE,
}; };
use actix_web::{web, App, HttpRequest, HttpResponse, HttpServer}; use actix_web::{web, App, HttpRequest, HttpResponse, HttpServer};
use async_trait::async_trait; use async_trait::async_trait;
use http_signature_normalization_actix::prelude::VerifyDigest;
use reqwest::Client; use reqwest::Client;
use sha2::{Digest, Sha256};
use std::{ use std::{
ops::Deref, ops::Deref,
sync::{Arc, Mutex}, sync::{Arc, Mutex},
@ -88,9 +92,6 @@ impl Instance {
.route("/objects/{user_name}", web::get().to(http_get_user)) .route("/objects/{user_name}", web::get().to(http_get_user))
.service( .service(
web::scope("") web::scope("")
// Important: this ensures that the activity json matches the hashsum in signed
// HTTP header
.wrap(VerifyDigest::new(Sha256::new()))
// Just a single, global inbox for simplicity // Just a single, global inbox for simplicity
.route("/inbox", web::post().to(http_post_user_inbox)), .route("/inbox", web::post().to(http_post_user_inbox)),
) )
@ -116,6 +117,7 @@ async fn http_get_user(
.await? .await?
.into_apub(&data) .into_apub(&data)
.await?; .await?;
Ok(HttpResponse::Ok() Ok(HttpResponse::Ok()
.content_type(APUB_JSON_CONTENT_TYPE) .content_type(APUB_JSON_CONTENT_TYPE)
.json(WithContext::new_default(user))) .json(WithContext::new_default(user)))

View file

@ -39,7 +39,7 @@ pub struct Note {
content: String, content: String,
} }
#[async_trait::async_trait(?Send)] #[async_trait::async_trait]
impl ApubObject for MyPost { impl ApubObject for MyPost {
type DataType = InstanceHandle; type DataType = InstanceHandle;
type ApubType = Note; type ApubType = Note;

View file

@ -115,7 +115,7 @@ impl MyUser {
local_instance: &LocalInstance, local_instance: &LocalInstance,
) -> Result<(), <Activity as ActivityHandler>::Error> ) -> Result<(), <Activity as ActivityHandler>::Error>
where where
Activity: ActivityHandler + Serialize, Activity: ActivityHandler + Serialize + Send + Sync,
<Activity as ActivityHandler>::Error: From<anyhow::Error> + From<serde_json::Error>, <Activity as ActivityHandler>::Error: From<anyhow::Error> + From<serde_json::Error>,
{ {
let activity = WithContext::new_default(activity); let activity = WithContext::new_default(activity);
@ -131,7 +131,7 @@ impl MyUser {
} }
} }
#[async_trait::async_trait(?Send)] #[async_trait::async_trait]
impl ApubObject for MyUser { impl ApubObject for MyUser {
type DataType = InstanceHandle; type DataType = InstanceHandle;
type ApubType = Person; type ApubType = Person;

View file

@ -0,0 +1,56 @@
use crate::{activities::follow::Follow, instance::InstanceHandle, objects::person::MyUser};
use activitypub_federation::{core::object_id::ObjectId, data::Data, traits::ActivityHandler};
use activitystreams_kinds::activity::AcceptType;
use serde::{Deserialize, Serialize};
use url::Url;
#[derive(Deserialize, Serialize, Debug)]
#[serde(rename_all = "camelCase")]
pub struct Accept {
actor: ObjectId<MyUser>,
object: Follow,
#[serde(rename = "type")]
kind: AcceptType,
id: Url,
}
impl Accept {
pub fn new(actor: ObjectId<MyUser>, object: Follow, id: Url) -> Accept {
Accept {
actor,
object,
kind: Default::default(),
id,
}
}
}
#[async_trait::async_trait]
impl ActivityHandler for Accept {
type DataType = InstanceHandle;
type Error = crate::error::Error;
fn id(&self) -> &Url {
&self.id
}
fn actor(&self) -> &Url {
self.actor.inner()
}
async fn verify(
&self,
_data: &Data<Self::DataType>,
_request_counter: &mut i32,
) -> Result<(), Self::Error> {
Ok(())
}
async fn receive(
self,
_data: &Data<Self::DataType>,
_request_counter: &mut i32,
) -> Result<(), Self::Error> {
Ok(())
}
}

View file

@ -0,0 +1,70 @@
use crate::{
instance::InstanceHandle,
objects::{note::Note, person::MyUser},
MyPost,
};
use activitypub_federation::{
core::object_id::ObjectId,
data::Data,
deser::helpers::deserialize_one_or_many,
traits::{ActivityHandler, ApubObject},
};
use activitystreams_kinds::activity::CreateType;
use serde::{Deserialize, Serialize};
use url::Url;
#[derive(Deserialize, Serialize, Debug)]
#[serde(rename_all = "camelCase")]
pub struct CreateNote {
pub(crate) actor: ObjectId<MyUser>,
#[serde(deserialize_with = "deserialize_one_or_many")]
pub(crate) to: Vec<Url>,
pub(crate) object: Note,
#[serde(rename = "type")]
pub(crate) kind: CreateType,
pub(crate) id: Url,
}
impl CreateNote {
pub fn new(note: Note, id: Url) -> CreateNote {
CreateNote {
actor: note.attributed_to.clone(),
to: note.to.clone(),
object: note,
kind: CreateType::Create,
id,
}
}
}
#[async_trait::async_trait]
impl ActivityHandler for CreateNote {
type DataType = InstanceHandle;
type Error = crate::error::Error;
fn id(&self) -> &Url {
&self.id
}
fn actor(&self) -> &Url {
self.actor.inner()
}
async fn verify(
&self,
data: &Data<Self::DataType>,
request_counter: &mut i32,
) -> Result<(), Self::Error> {
MyPost::verify(&self.object, self.id(), data, request_counter).await?;
Ok(())
}
async fn receive(
self,
data: &Data<Self::DataType>,
request_counter: &mut i32,
) -> Result<(), Self::Error> {
MyPost::from_apub(self.object, data, request_counter).await?;
Ok(())
}
}

View file

@ -0,0 +1,89 @@
use crate::{
activities::accept::Accept,
generate_object_id,
instance::InstanceHandle,
objects::person::MyUser,
};
use activitypub_federation::{
core::object_id::ObjectId,
data::Data,
traits::{ActivityHandler, Actor},
};
use activitystreams_kinds::activity::FollowType;
use serde::{Deserialize, Serialize};
use url::Url;
#[derive(Deserialize, Serialize, Clone, Debug)]
#[serde(rename_all = "camelCase")]
pub struct Follow {
pub(crate) actor: ObjectId<MyUser>,
pub(crate) object: ObjectId<MyUser>,
#[serde(rename = "type")]
kind: FollowType,
id: Url,
}
impl Follow {
pub fn new(actor: ObjectId<MyUser>, object: ObjectId<MyUser>, id: Url) -> Follow {
Follow {
actor,
object,
kind: Default::default(),
id,
}
}
}
#[async_trait::async_trait]
impl ActivityHandler for Follow {
type DataType = InstanceHandle;
type Error = crate::error::Error;
fn id(&self) -> &Url {
&self.id
}
fn actor(&self) -> &Url {
self.actor.inner()
}
async fn verify(
&self,
_data: &Data<Self::DataType>,
_request_counter: &mut i32,
) -> Result<(), Self::Error> {
Ok(())
}
// Ignore clippy false positive: https://github.com/rust-lang/rust-clippy/issues/6446
#[allow(clippy::await_holding_lock)]
async fn receive(
self,
data: &Data<Self::DataType>,
request_counter: &mut i32,
) -> Result<(), Self::Error> {
// add to followers
let local_user = {
let mut users = data.users.lock().unwrap();
let local_user = users.first_mut().unwrap();
local_user.followers.push(self.actor.inner().clone());
local_user.clone()
};
// send back an accept
let follower = self
.actor
.dereference(data, data.local_instance(), request_counter)
.await?;
let id = generate_object_id(data.local_instance().hostname())?;
let accept = Accept::new(local_user.ap_id.clone(), self, id.clone());
local_user
.send(
accept,
vec![follower.shared_inbox_or_inbox()],
data.local_instance(),
)
.await?;
Ok(())
}
}

View file

@ -0,0 +1,3 @@
pub mod accept;
pub mod create_note;
pub mod follow;

View file

@ -0,0 +1,24 @@
/// Necessary because of this issue: https://github.com/actix/actix-web/issues/1711
#[derive(Debug)]
pub struct Error(anyhow::Error);
impl<T> From<T> for Error
where
T: Into<anyhow::Error>,
{
fn from(t: T) -> Self {
Error(t.into())
}
}
mod axum {
use super::Error;
use axum::response::{IntoResponse, Response};
use http::StatusCode;
impl IntoResponse for Error {
fn into_response(self) -> Response {
(StatusCode::INTERNAL_SERVER_ERROR, format!("{}", self.0)).into_response()
}
}
}

View file

@ -0,0 +1,160 @@
use crate::{
error::Error,
generate_object_id,
objects::{
note::MyPost,
person::{MyUser, PersonAcceptedActivities},
},
};
use activitypub_federation::{
core::{object_id::ObjectId, signatures::generate_actor_keypair},
data::Data,
deser::context::WithContext,
traits::ApubObject,
InstanceSettings,
LocalInstance,
UrlVerifier,
};
use activitypub_federation::core::axum::{verify_request_payload, DigestVerified};
use async_trait::async_trait;
use axum::{
body,
body::Body,
extract::{Json, OriginalUri, State},
middleware,
response::IntoResponse,
routing::{get, post},
Extension,
Router,
};
use http::{HeaderMap, Method, Request};
use reqwest::Client;
use std::{
net::ToSocketAddrs,
sync::{Arc, Mutex},
};
use tokio::task;
use tower::ServiceBuilder;
use tower_http::ServiceBuilderExt;
use url::Url;
pub type InstanceHandle = Arc<Instance>;
pub struct Instance {
/// This holds all library data
local_instance: LocalInstance,
/// Our "database" which contains all known users (local and federated)
pub users: Mutex<Vec<MyUser>>,
/// Same, but for posts
pub posts: Mutex<Vec<MyPost>>,
}
/// Use this to store your federation blocklist, or a database connection needed to retrieve it.
#[derive(Clone)]
struct MyUrlVerifier();
#[async_trait]
impl UrlVerifier for MyUrlVerifier {
async fn verify(&self, url: &Url) -> Result<(), &'static str> {
if url.domain() == Some("malicious.com") {
Err("malicious domain")
} else {
Ok(())
}
}
}
impl Instance {
pub fn new(hostname: String) -> Result<InstanceHandle, Error> {
let settings = InstanceSettings::builder()
.debug(true)
.url_verifier(Box::new(MyUrlVerifier()))
.build()?;
let local_instance =
LocalInstance::new(hostname.clone(), Client::default().into(), settings);
let local_user = MyUser::new(generate_object_id(&hostname)?, generate_actor_keypair()?);
let instance = Arc::new(Instance {
local_instance,
users: Mutex::new(vec![local_user]),
posts: Mutex::new(vec![]),
});
Ok(instance)
}
pub fn local_user(&self) -> MyUser {
self.users.lock().unwrap().first().cloned().unwrap()
}
pub fn local_instance(&self) -> &LocalInstance {
&self.local_instance
}
pub fn listen(instance: &InstanceHandle) -> Result<(), Error> {
let hostname = instance.local_instance.hostname();
let instance = instance.clone();
let app = Router::new()
.route("/inbox", post(http_post_user_inbox))
.layer(
ServiceBuilder::new()
.map_request_body(body::boxed)
.layer(middleware::from_fn(verify_request_payload)),
)
.route("/objects/:user_name", get(http_get_user))
.with_state(instance)
.layer(TraceLayer::new_for_http());
// run it
let addr = hostname
.to_socket_addrs()?
.next()
.expect("Failed to lookup domain name");
let server = axum::Server::bind(&addr).serve(app.into_make_service());
task::spawn(server);
Ok(())
}
}
use crate::objects::person::Person;
use activitypub_federation::core::axum::{inbox::receive_activity, json::ApubJson};
use tower_http::trace::TraceLayer;
async fn http_get_user(
State(data): State<InstanceHandle>,
request: Request<Body>,
) -> Result<ApubJson<WithContext<Person>>, Error> {
let hostname: String = data.local_instance.hostname().to_string();
let request_url = format!("http://{}{}", hostname, &request.uri());
let url = Url::parse(&request_url).expect("Failed to parse url");
let user = ObjectId::<MyUser>::new(url)
.dereference_local(&data)
.await?
.into_apub(&data)
.await?;
Ok(ApubJson(WithContext::new_default(user)))
}
async fn http_post_user_inbox(
headers: HeaderMap,
method: Method,
OriginalUri(uri): OriginalUri,
State(data): State<InstanceHandle>,
Extension(digest_verified): Extension<DigestVerified>,
Json(activity): Json<WithContext<PersonAcceptedActivities>>,
) -> impl IntoResponse {
receive_activity::<WithContext<PersonAcceptedActivities>, MyUser, InstanceHandle>(
digest_verified,
activity,
&data.clone().local_instance,
&Data::new(data),
headers,
method,
uri,
)
.await
}

View file

@ -0,0 +1,48 @@
use crate::{error::Error, instance::Instance, objects::note::MyPost, utils::generate_object_id};
use tracing_subscriber::{layer::SubscriberExt, util::SubscriberInitExt};
mod activities;
mod error;
mod instance;
mod objects;
mod utils;
#[actix_rt::main]
async fn main() -> Result<(), Error> {
tracing_subscriber::registry()
.with(tracing_subscriber::EnvFilter::new(
std::env::var("RUST_LOG").unwrap_or_else(|_| {
"activitypub_federation=debug,federation-axum=debug,tower_http=debug".into()
}),
))
.with(tracing_subscriber::fmt::layer())
.init();
let alpha = Instance::new("localhost:8001".to_string())?;
let beta = Instance::new("localhost:8002".to_string())?;
Instance::listen(&alpha)?;
Instance::listen(&beta)?;
// alpha user follows beta user
alpha
.local_user()
.follow(&beta.local_user(), &alpha)
.await?;
// assert that follow worked correctly
assert_eq!(
beta.local_user().followers(),
&vec![alpha.local_user().ap_id.inner().clone()]
);
// beta sends a post to its followers
let sent_post = MyPost::new("hello world!".to_string(), beta.local_user().ap_id);
beta.local_user().post(sent_post.clone(), &beta).await?;
let received_post = alpha.posts.lock().unwrap().first().cloned().unwrap();
// assert that alpha received the post
assert_eq!(received_post.text, sent_post.text);
assert_eq!(received_post.ap_id.inner(), sent_post.ap_id.inner());
assert_eq!(received_post.creator.inner(), sent_post.creator.inner());
Ok(())
}

View file

@ -0,0 +1,2 @@
pub mod note;
pub mod person;

View file

@ -0,0 +1,92 @@
use crate::{generate_object_id, instance::InstanceHandle, objects::person::MyUser};
use activitypub_federation::{
core::object_id::ObjectId,
deser::helpers::deserialize_one_or_many,
traits::ApubObject,
};
use activitystreams_kinds::{object::NoteType, public};
use serde::{Deserialize, Serialize};
use url::Url;
#[derive(Clone, Debug)]
pub struct MyPost {
pub text: String,
pub ap_id: ObjectId<MyPost>,
pub creator: ObjectId<MyUser>,
pub local: bool,
}
impl MyPost {
pub fn new(text: String, creator: ObjectId<MyUser>) -> MyPost {
MyPost {
text,
ap_id: ObjectId::new(generate_object_id(creator.inner().domain().unwrap()).unwrap()),
creator,
local: true,
}
}
}
#[derive(Deserialize, Serialize, Debug)]
#[serde(rename_all = "camelCase")]
pub struct Note {
#[serde(rename = "type")]
kind: NoteType,
id: ObjectId<MyPost>,
pub(crate) attributed_to: ObjectId<MyUser>,
#[serde(deserialize_with = "deserialize_one_or_many")]
pub(crate) to: Vec<Url>,
content: String,
}
#[async_trait::async_trait]
impl ApubObject for MyPost {
type DataType = InstanceHandle;
type ApubType = Note;
type DbType = ();
type Error = crate::error::Error;
async fn read_from_apub_id(
_object_id: Url,
_data: &Self::DataType,
) -> Result<Option<Self>, Self::Error> {
todo!()
}
async fn into_apub(self, data: &Self::DataType) -> Result<Self::ApubType, Self::Error> {
let creator = self.creator.dereference_local(data).await?;
Ok(Note {
kind: Default::default(),
id: self.ap_id,
attributed_to: self.creator,
to: vec![public(), creator.followers_url()?],
content: self.text,
})
}
async fn verify(
_apub: &Self::ApubType,
_expected_domain: &Url,
_data: &Self::DataType,
_request_counter: &mut i32,
) -> Result<(), Self::Error> {
Ok(())
}
async fn from_apub(
apub: Self::ApubType,
data: &Self::DataType,
_request_counter: &mut i32,
) -> Result<Self, Self::Error> {
let post = MyPost {
text: apub.content,
ap_id: apub.id,
creator: apub.attributed_to,
local: false,
};
let mut lock = data.posts.lock().unwrap();
lock.push(post.clone());
Ok(post)
}
}

View file

@ -0,0 +1,195 @@
use crate::{
activities::{accept::Accept, create_note::CreateNote, follow::Follow},
error::Error,
instance::InstanceHandle,
objects::note::MyPost,
utils::generate_object_id,
};
use activitypub_federation::{
core::{
activity_queue::send_activity,
object_id::ObjectId,
signatures::{Keypair, PublicKey},
},
data::Data,
deser::context::WithContext,
traits::{ActivityHandler, Actor, ApubObject},
LocalInstance,
};
use activitystreams_kinds::actor::PersonType;
use serde::{Deserialize, Serialize};
use url::Url;
#[derive(Debug, Clone)]
pub struct MyUser {
pub ap_id: ObjectId<MyUser>,
pub inbox: Url,
// exists for all users (necessary to verify http signatures)
public_key: String,
// exists only for local users
private_key: Option<String>,
pub followers: Vec<Url>,
pub local: bool,
}
/// List of all activities which this actor can receive.
#[derive(Deserialize, Serialize, Debug)]
#[serde(untagged)]
#[enum_delegate::implement(ActivityHandler)]
pub enum PersonAcceptedActivities {
Follow(Follow),
Accept(Accept),
CreateNote(CreateNote),
}
impl MyUser {
pub fn new(ap_id: Url, keypair: Keypair) -> MyUser {
let mut inbox = ap_id.clone();
inbox.set_path("/inbox");
let ap_id = ObjectId::new(ap_id);
MyUser {
ap_id,
inbox,
public_key: keypair.public_key,
private_key: Some(keypair.private_key),
followers: vec![],
local: true,
}
}
}
#[derive(Clone, Debug, Deserialize, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct Person {
#[serde(rename = "type")]
kind: PersonType,
id: ObjectId<MyUser>,
inbox: Url,
public_key: PublicKey,
}
impl MyUser {
pub fn followers(&self) -> &Vec<Url> {
&self.followers
}
pub fn followers_url(&self) -> Result<Url, Error> {
Ok(Url::parse(&format!("{}/followers", self.ap_id.inner()))?)
}
fn public_key(&self) -> PublicKey {
PublicKey::new_main_key(self.ap_id.clone().into_inner(), self.public_key.clone())
}
pub async fn follow(&self, other: &MyUser, instance: &InstanceHandle) -> Result<(), Error> {
let id = generate_object_id(instance.local_instance().hostname())?;
let follow = Follow::new(self.ap_id.clone(), other.ap_id.clone(), id.clone());
self.send(
follow,
vec![other.shared_inbox_or_inbox()],
instance.local_instance(),
)
.await?;
Ok(())
}
pub async fn post(&self, post: MyPost, instance: &InstanceHandle) -> Result<(), Error> {
let id = generate_object_id(instance.local_instance().hostname())?;
let create = CreateNote::new(post.into_apub(instance).await?, id.clone());
let mut inboxes = vec![];
for f in self.followers.clone() {
let user: MyUser = ObjectId::new(f)
.dereference(instance, instance.local_instance(), &mut 0)
.await?;
inboxes.push(user.shared_inbox_or_inbox());
}
self.send(create, inboxes, instance.local_instance())
.await?;
Ok(())
}
pub(crate) async fn send<Activity>(
&self,
activity: Activity,
recipients: Vec<Url>,
local_instance: &LocalInstance,
) -> Result<(), <Activity as ActivityHandler>::Error>
where
Activity: ActivityHandler + Serialize + Send + Sync,
<Activity as ActivityHandler>::Error: From<anyhow::Error> + From<serde_json::Error>,
{
let activity = WithContext::new_default(activity);
send_activity(
activity,
self.public_key(),
self.private_key.clone().expect("has private key"),
recipients,
local_instance,
)
.await?;
Ok(())
}
}
#[async_trait::async_trait]
impl ApubObject for MyUser {
type DataType = InstanceHandle;
type ApubType = Person;
type DbType = MyUser;
type Error = crate::error::Error;
async fn read_from_apub_id(
object_id: Url,
data: &Self::DataType,
) -> Result<Option<Self>, Self::Error> {
let users = data.users.lock().unwrap();
let res = users
.clone()
.into_iter()
.find(|u| u.ap_id.inner() == &object_id);
Ok(res)
}
async fn into_apub(self, _data: &Self::DataType) -> Result<Self::ApubType, Self::Error> {
Ok(Person {
kind: Default::default(),
id: self.ap_id.clone(),
inbox: self.inbox.clone(),
public_key: self.public_key(),
})
}
async fn verify(
_apub: &Self::ApubType,
_expected_domain: &Url,
_data: &Self::DataType,
_request_counter: &mut i32,
) -> Result<(), Self::Error> {
Ok(())
}
async fn from_apub(
apub: Self::ApubType,
_data: &Self::DataType,
_request_counter: &mut i32,
) -> Result<Self, Self::Error> {
Ok(MyUser {
ap_id: apub.id,
inbox: apub.inbox,
public_key: apub.public_key.public_key_pem,
private_key: None,
followers: vec![],
local: false,
})
}
}
impl Actor for MyUser {
fn public_key(&self) -> &str {
&self.public_key
}
fn inbox(&self) -> Url {
self.inbox.clone()
}
}

View file

@ -0,0 +1,13 @@
use rand::{distributions::Alphanumeric, thread_rng, Rng};
use url::{ParseError, Url};
/// Just generate random url as object id. In a real project, you probably want to use
/// an url which contains the database id for easy retrieval (or store the random id in db).
pub fn generate_object_id(hostname: &str) -> Result<Url, ParseError> {
let id: String = thread_rng()
.sample_iter(&Alphanumeric)
.take(7)
.map(char::from)
.collect();
Url::parse(&format!("http://{}/objects/{}", hostname, id))
}

View file

@ -1,7 +1,6 @@
use crate::{ use crate::{
core::signatures::{sign_request, PublicKey}, core::signatures::{sign_request, PublicKey},
traits::ActivityHandler, traits::ActivityHandler,
utils::verify_url_valid,
Error, Error,
InstanceSettings, InstanceSettings,
LocalInstance, LocalInstance,
@ -27,7 +26,7 @@ use std::{
pin::Pin, pin::Pin,
time::{Duration, SystemTime}, time::{Duration, SystemTime},
}; };
use tracing::{info, log::debug, warn}; use tracing::{debug, info, warn};
use url::Url; use url::Url;
/// Send out the given activity to all inboxes, automatically generating the HTTP signatures. By /// Send out the given activity to all inboxes, automatically generating the HTTP signatures. By
@ -60,9 +59,10 @@ where
let activity_queue = &instance.activity_queue; let activity_queue = &instance.activity_queue;
for inbox in inboxes { for inbox in inboxes {
if verify_url_valid(&inbox, &instance.settings).await.is_err() { if instance.verify_url_valid(&inbox).await.is_err() {
continue; continue;
} }
let message = SendActivityTask { let message = SendActivityTask {
activity_id: activity_id.clone(), activity_id: activity_id.clone(),
inbox, inbox,
@ -137,7 +137,7 @@ async fn do_send(
) -> Result<(), anyhow::Error> { ) -> Result<(), anyhow::Error> {
debug!("Sending {} to {}", task.activity_id, task.inbox); debug!("Sending {} to {}", task.activity_id, task.inbox);
let request_builder = client let request_builder = client
.post(&task.inbox.to_string()) .post(task.inbox.to_string())
.timeout(timeout) .timeout(timeout)
.headers(generate_request_headers(&task.inbox)); .headers(generate_request_headers(&task.inbox));
let request = sign_request( let request = sign_request(

51
src/core/actix/inbox.rs Normal file
View file

@ -0,0 +1,51 @@
use crate::{
core::object_id::ObjectId,
data::Data,
traits::{ActivityHandler, Actor, ApubObject},
Error,
LocalInstance,
};
use crate::core::signatures::verify_signature;
use actix_web::{HttpRequest, HttpResponse};
use serde::de::DeserializeOwned;
use tracing::debug;
/// Receive an activity and perform some basic checks, including HTTP signature verification.
pub async fn receive_activity<Activity, ActorT, Datatype>(
request: HttpRequest,
activity: Activity,
local_instance: &LocalInstance,
data: &Data<Datatype>,
) -> Result<HttpResponse, <Activity as ActivityHandler>::Error>
where
Activity: ActivityHandler<DataType = Datatype> + DeserializeOwned + Send + 'static,
ActorT: ApubObject<DataType = Datatype> + Actor + Send + 'static,
for<'de2> <ActorT as ApubObject>::ApubType: serde::Deserialize<'de2>,
<Activity as ActivityHandler>::Error: From<anyhow::Error>
+ From<Error>
+ From<<ActorT as ApubObject>::Error>
+ From<serde_json::Error>,
<ActorT as ApubObject>::Error: From<Error> + From<anyhow::Error>,
{
local_instance.verify_url_and_domain(&activity).await?;
let request_counter = &mut 0;
let actor = ObjectId::<ActorT>::new(activity.actor().clone())
.dereference(data, local_instance, request_counter)
.await?;
verify_signature(
request.headers(),
request.method(),
request.uri(),
actor.public_key(),
)?;
debug!("Verifying activity {}", activity.id().to_string());
activity.verify(data, request_counter).await?;
debug!("Receiving activity {}", activity.id().to_string());
activity.receive(data, request_counter).await?;
Ok(HttpResponse::Ok().finish())
}

1
src/core/actix/mod.rs Normal file
View file

@ -0,0 +1 @@
pub mod inbox;

45
src/core/axum/digest.rs Normal file
View file

@ -0,0 +1,45 @@
use axum::http::HeaderValue;
use sha2::{Digest, Sha256};
#[derive(Clone, Debug)]
pub struct DigestPart {
pub algorithm: String,
pub digest: String,
}
impl DigestPart {
pub fn try_from_header(h: &HeaderValue) -> Option<Vec<DigestPart>> {
let h = h.to_str().ok()?.split(';').next()?;
let v: Vec<_> = h
.split(',')
.filter_map(|p| {
let mut iter = p.splitn(2, '=');
iter.next()
.and_then(|alg| iter.next().map(|value| (alg, value)))
})
.map(|(alg, value)| DigestPart {
algorithm: alg.to_owned(),
digest: value.to_owned(),
})
.collect();
if v.is_empty() {
None
} else {
Some(v)
}
}
}
pub fn verify_sha256(digests: &[DigestPart], payload: &[u8]) -> bool {
let mut hasher = Sha256::new();
for part in digests {
hasher.update(payload);
if base64::encode(hasher.finalize_reset()) != part.digest {
return false;
}
}
true
}

47
src/core/axum/inbox.rs Normal file
View file

@ -0,0 +1,47 @@
use crate::{
core::{axum::DigestVerified, object_id::ObjectId, signatures::verify_signature},
data::Data,
traits::{ActivityHandler, Actor, ApubObject},
Error,
LocalInstance,
};
use http::{HeaderMap, Method, Uri};
use serde::de::DeserializeOwned;
use tracing::debug;
/// Receive an activity and perform some basic checks, including HTTP signature verification.
pub async fn receive_activity<Activity, ActorT, Datatype>(
_digest_verified: DigestVerified,
activity: Activity,
local_instance: &LocalInstance,
data: &Data<Datatype>,
headers: HeaderMap,
method: Method,
uri: Uri,
) -> Result<(), <Activity as ActivityHandler>::Error>
where
Activity: ActivityHandler<DataType = Datatype> + DeserializeOwned + Send + 'static,
ActorT: ApubObject<DataType = Datatype> + Actor + Send + 'static,
for<'de2> <ActorT as ApubObject>::ApubType: serde::Deserialize<'de2>,
<Activity as ActivityHandler>::Error: From<anyhow::Error>
+ From<Error>
+ From<<ActorT as ApubObject>::Error>
+ From<serde_json::Error>,
<ActorT as ApubObject>::Error: From<Error> + From<anyhow::Error>,
{
local_instance.verify_url_and_domain(&activity).await?;
let request_counter = &mut 0;
let actor = ObjectId::<ActorT>::new(activity.actor().clone())
.dereference(data, local_instance, request_counter)
.await?;
verify_signature(&headers, &method, &uri, actor.public_key())?;
debug!("Verifying activity {}", activity.id().to_string());
activity.verify(data, request_counter).await?;
debug!("Receiving activity {}", activity.id().to_string());
activity.receive(data, request_counter).await?;
Ok(())
}

32
src/core/axum/json.rs Normal file
View file

@ -0,0 +1,32 @@
use crate::APUB_JSON_CONTENT_TYPE;
use axum::response::IntoResponse;
use http::header;
use serde::Serialize;
/// A wrapper struct to respond with [`APUB_JSON_CONTENT_TYPE`]
/// in axum handlers
///
/// ## Example:
/// ```rust, no_run
/// use activitypub_federation::deser::context::WithContext;
/// async fn http_get_user() -> Result<ApubJson<WithContext<Person>>, Error> {
/// let user = WithContext::new_default(M);
///
/// Ok(ApubJson(WithContext::new_default(MyUser::default())))
/// }
/// ```
#[derive(Debug, Clone, Copy, Default)]
pub struct ApubJson<Json: Serialize>(pub Json);
impl<Json: Serialize> IntoResponse for ApubJson<Json> {
fn into_response(self) -> axum::response::Response {
let mut response = axum::response::Json(self.0).into_response();
response.headers_mut().insert(
header::CONTENT_TYPE,
APUB_JSON_CONTENT_TYPE
.parse()
.expect("Parsing 'application/activity+json' should never fail"),
);
response
}
}

80
src/core/axum/mod.rs Normal file
View file

@ -0,0 +1,80 @@
use axum::{
async_trait,
body::{self, BoxBody, Bytes, Full},
extract::FromRequest,
http::{Request, StatusCode},
middleware::Next,
response::{IntoResponse, Response},
};
use digest::{verify_sha256, DigestPart};
mod digest;
pub mod inbox;
pub mod json;
/// A request guard to ensure digest has been verified request has been
/// see [`receive_activity`]
#[derive(Clone)]
pub struct DigestVerified;
pub struct BufferRequestBody(pub Bytes);
pub async fn verify_request_payload(
request: Request<BoxBody>,
next: Next<BoxBody>,
) -> Result<impl IntoResponse, Response> {
let mut request = verify_payload(request).await?;
request.extensions_mut().insert(DigestVerified);
Ok(next.run(request).await)
}
async fn verify_payload(request: Request<BoxBody>) -> Result<Request<BoxBody>, Response> {
let (parts, body) = request.into_parts();
// this wont work if the body is an long running stream
let bytes = hyper::body::to_bytes(body)
.await
.map_err(|err| (StatusCode::INTERNAL_SERVER_ERROR, err.to_string()).into_response())?;
match parts.headers.get("Digest") {
None => Err((
StatusCode::UNAUTHORIZED,
"Missing digest header".to_string(),
)
.into_response()),
Some(digest) => match DigestPart::try_from_header(digest) {
None => Err((
StatusCode::UNAUTHORIZED,
"Malformed digest header".to_string(),
)
.into_response()),
Some(digests) => {
if !verify_sha256(&digests, bytes.as_ref()) {
Err((
StatusCode::INTERNAL_SERVER_ERROR,
"Digest does not match payload".to_string(),
)
.into_response())
} else {
Ok(Request::from_parts(parts, body::boxed(Full::from(bytes))))
}
}
},
}
}
#[async_trait]
impl<S> FromRequest<S, BoxBody> for BufferRequestBody
where
S: Send + Sync,
{
type Rejection = Response;
async fn from_request(req: Request<BoxBody>, state: &S) -> Result<Self, Self::Rejection> {
let body = Bytes::from_request(req, state)
.await
.map_err(IntoResponse::into_response)?;
Ok(Self(body))
}
}

View file

@ -1,53 +0,0 @@
use crate::{
core::{object_id::ObjectId, signatures::verify_signature},
data::Data,
traits::{ActivityHandler, Actor, ApubObject},
utils::{verify_domains_match, verify_url_valid},
Error,
LocalInstance,
};
use actix_web::{dev::Payload, FromRequest, HttpRequest, HttpResponse};
use http_signature_normalization_actix::prelude::DigestVerified;
use serde::de::DeserializeOwned;
use tracing::log::debug;
/// Receive an activity and perform some basic checks, including HTTP signature verification.
pub async fn receive_activity<Activity, ActorT, Datatype>(
request: HttpRequest,
activity: Activity,
local_instance: &LocalInstance,
data: &Data<Datatype>,
) -> Result<HttpResponse, <Activity as ActivityHandler>::Error>
where
Activity: ActivityHandler<DataType = Datatype> + DeserializeOwned + Send + 'static,
ActorT: ApubObject<DataType = Datatype> + Actor + Send + 'static,
for<'de2> <ActorT as ApubObject>::ApubType: serde::Deserialize<'de2>,
<Activity as ActivityHandler>::Error: From<anyhow::Error>
+ From<Error>
+ From<<ActorT as ApubObject>::Error>
+ From<serde_json::Error>
+ From<http_signature_normalization_actix::digest::middleware::VerifyError>,
<ActorT as ApubObject>::Error: From<Error> + From<anyhow::Error>,
{
// ensure that payload hash was checked against digest header by middleware
DigestVerified::from_request(&request, &mut Payload::None).await?;
verify_domains_match(activity.id(), activity.actor())?;
verify_url_valid(activity.id(), &local_instance.settings).await?;
if local_instance.is_local_url(activity.id()) {
return Err(Error::UrlVerificationError("Activity was sent from local instance").into());
}
let request_counter = &mut 0;
let actor = ObjectId::<ActorT>::new(activity.actor().clone())
.dereference(data, local_instance, request_counter)
.await?;
verify_signature(&request, actor.public_key())?;
debug!("Verifying activity {}", activity.id().to_string());
activity.verify(data, request_counter).await?;
debug!("Receiving activity {}", activity.id().to_string());
activity.receive(data, request_counter).await?;
Ok(HttpResponse::Ok().finish())
}

View file

@ -1,4 +1,9 @@
pub mod activity_queue; pub mod activity_queue;
pub mod inbox;
pub mod object_id; pub mod object_id;
pub mod signatures; pub mod signatures;
#[cfg(feature = "axum")]
pub mod axum;
#[cfg(feature = "actix")]
pub mod actix;

View file

@ -195,7 +195,7 @@ mod tests {
#[derive(Debug)] #[derive(Debug)]
struct TestObject {} struct TestObject {}
#[async_trait::async_trait(?Send)] #[async_trait::async_trait]
impl ApubObject for TestObject { impl ApubObject for TestObject {
type DataType = TestObject; type DataType = TestObject;
type ApubType = (); type ApubType = ();

View file

@ -1,6 +1,6 @@
use actix_web::HttpRequest; use crate::utils::header_to_map;
use anyhow::anyhow; use anyhow::anyhow;
use http_signature_normalization_actix::Config as ConfigActix; use http::{header::HeaderName, uri::PathAndQuery, HeaderValue, Method, Uri};
use http_signature_normalization_reqwest::prelude::{Config, SignExt}; use http_signature_normalization_reqwest::prelude::{Config, SignExt};
use once_cell::sync::{Lazy, OnceCell}; use once_cell::sync::{Lazy, OnceCell};
use openssl::{ use openssl::{
@ -17,7 +17,6 @@ use std::io::{Error, ErrorKind};
use tracing::debug; use tracing::debug;
use url::Url; use url::Url;
static CONFIG2: Lazy<ConfigActix> = Lazy::new(ConfigActix::new);
static HTTP_SIG_CONFIG: OnceCell<Config> = OnceCell::new(); static HTTP_SIG_CONFIG: OnceCell<Config> = OnceCell::new();
/// A private/public key pair used for HTTP signatures /// A private/public key pair used for HTTP signatures
@ -80,33 +79,6 @@ pub(crate) async fn sign_request(
.await .await
} }
/// Verifies the HTTP signature on an incoming inbox request.
pub fn verify_signature(request: &HttpRequest, public_key: &str) -> Result<(), anyhow::Error> {
let verified = CONFIG2
.begin_verify(
request.method(),
request.uri().path_and_query(),
request.headers().clone(),
)?
.verify(|signature, signing_string| -> Result<bool, anyhow::Error> {
debug!(
"Verifying with key {}, message {}",
&public_key, &signing_string
);
let public_key = PKey::public_key_from_pem(public_key.as_bytes())?;
let mut verifier = Verifier::new(MessageDigest::sha256(), &public_key)?;
verifier.update(signing_string.as_bytes())?;
Ok(verifier.verify(&base64::decode(signature)?)?)
})?;
if verified {
debug!("verified signature for {}", &request.uri());
Ok(())
} else {
Err(anyhow!("Invalid signature on request: {}", &request.uri()))
}
}
#[derive(Clone, Debug, Deserialize, Serialize)] #[derive(Clone, Debug, Deserialize, Serialize)]
#[serde(rename_all = "camelCase")] #[serde(rename_all = "camelCase")]
pub struct PublicKey { pub struct PublicKey {
@ -131,3 +103,40 @@ impl PublicKey {
} }
} }
} }
static CONFIG2: Lazy<http_signature_normalization::Config> =
Lazy::new(http_signature_normalization::Config::new);
/// Verifies the HTTP signature on an incoming inbox request.
pub fn verify_signature<'a, H>(
headers: H,
method: &Method,
uri: &Uri,
public_key: &str,
) -> Result<(), anyhow::Error>
where
H: IntoIterator<Item = (&'a HeaderName, &'a HeaderValue)>,
{
let headers = header_to_map(headers);
let path_and_query = uri.path_and_query().map(PathAndQuery::as_str).unwrap_or("");
let verified = CONFIG2
.begin_verify(method.as_str(), path_and_query, headers)?
.verify(|signature, signing_string| -> anyhow::Result<bool> {
debug!(
"Verifying with key {}, message {}",
&public_key, &signing_string
);
let public_key = PKey::public_key_from_pem(public_key.as_bytes())?;
let mut verifier = Verifier::new(MessageDigest::sha256(), &public_key)?;
verifier.update(signing_string.as_bytes())?;
Ok(verifier.verify(&base64::decode(signature)?)?)
})?;
if verified {
debug!("verified signature for {}", uri);
Ok(())
} else {
Err(anyhow!("Invalid signature on request: {}", uri))
}
}

View file

@ -28,10 +28,10 @@ impl<T> WithContext<T> {
} }
} }
#[async_trait::async_trait(?Send)] #[async_trait::async_trait]
impl<T> ActivityHandler for WithContext<T> impl<T> ActivityHandler for WithContext<T>
where where
T: ActivityHandler, T: ActivityHandler + Send + Sync,
{ {
type DataType = <T as ActivityHandler>::DataType; type DataType = <T as ActivityHandler>::DataType;
type Error = <T as ActivityHandler>::Error; type Error = <T as ActivityHandler>::Error;

View file

@ -1,9 +1,14 @@
use crate::core::activity_queue::create_activity_queue; use crate::{
core::activity_queue::create_activity_queue,
traits::ActivityHandler,
utils::verify_domains_match,
};
use async_trait::async_trait; use async_trait::async_trait;
use background_jobs::Manager; use background_jobs::Manager;
use derive_builder::Builder; use derive_builder::Builder;
use dyn_clone::{clone_trait_object, DynClone}; use dyn_clone::{clone_trait_object, DynClone};
use reqwest_middleware::ClientWithMiddleware; use reqwest_middleware::ClientWithMiddleware;
use serde::de::DeserializeOwned;
use std::time::Duration; use std::time::Duration;
use url::Url; use url::Url;
@ -25,6 +30,62 @@ pub struct LocalInstance {
settings: InstanceSettings, settings: InstanceSettings,
} }
impl LocalInstance {
async fn verify_url_and_domain<Activity, Datatype>(
&self,
activity: &Activity,
) -> Result<(), Error>
where
Activity: ActivityHandler<DataType = Datatype> + DeserializeOwned + Send + 'static,
{
verify_domains_match(activity.id(), activity.actor())?;
self.verify_url_valid(activity.id()).await?;
if self.is_local_url(activity.id()) {
return Err(Error::UrlVerificationError(
"Activity was sent from local instance",
));
}
Ok(())
}
/// Perform some security checks on URLs as mentioned in activitypub spec, and call user-supplied
/// [`InstanceSettings.verify_url_function`].
///
/// https://www.w3.org/TR/activitypub/#security-considerations
async fn verify_url_valid(&self, url: &Url) -> Result<(), Error> {
match url.scheme() {
"https" => {}
"http" => {
if !self.settings.debug {
return Err(Error::UrlVerificationError(
"Http urls are only allowed in debug mode",
));
}
}
_ => return Err(Error::UrlVerificationError("Invalid url scheme")),
};
if url.domain().is_none() {
return Err(Error::UrlVerificationError("Url must have a domain"));
}
if url.domain() == Some("localhost") && !self.settings.debug {
return Err(Error::UrlVerificationError(
"Localhost is only allowed in debug mode",
));
}
self.settings
.url_verifier
.verify(url)
.await
.map_err(Error::UrlVerificationError)?;
Ok(())
}
}
#[async_trait] #[async_trait]
pub trait UrlVerifier: DynClone + Send { pub trait UrlVerifier: DynClone + Send {
async fn verify(&self, url: &Url) -> Result<(), &'static str>; async fn verify(&self, url: &Url) -> Result<(), &'static str>;

0
src/signature.rs Normal file
View file

View file

@ -4,10 +4,10 @@ use std::ops::Deref;
use url::Url; use url::Url;
/// Trait which allows verification and reception of incoming activities. /// Trait which allows verification and reception of incoming activities.
#[async_trait::async_trait(?Send)] #[async_trait::async_trait]
#[enum_delegate::register] #[enum_delegate::register]
pub trait ActivityHandler { pub trait ActivityHandler {
type DataType; type DataType: Send + Sync;
type Error; type Error;
/// `id` field of the activity /// `id` field of the activity
@ -34,10 +34,10 @@ pub trait ActivityHandler {
} }
/// Allow for boxing of enum variants /// Allow for boxing of enum variants
#[async_trait::async_trait(?Send)] #[async_trait::async_trait]
impl<T> ActivityHandler for Box<T> impl<T> ActivityHandler for Box<T>
where where
T: ActivityHandler, T: ActivityHandler + Send + Sync,
{ {
type DataType = T::DataType; type DataType = T::DataType;
type Error = T::Error; type Error = T::Error;
@ -67,9 +67,9 @@ where
} }
} }
#[async_trait::async_trait(?Send)] #[async_trait::async_trait]
pub trait ApubObject { pub trait ApubObject {
type DataType; type DataType: Send + Sync;
type ApubType; type ApubType;
type DbType; type DbType;
type Error; type Error;

View file

@ -1,7 +1,8 @@
use crate::{Error, InstanceSettings, LocalInstance, APUB_JSON_CONTENT_TYPE}; use crate::{Error, LocalInstance, APUB_JSON_CONTENT_TYPE};
use http::StatusCode; use http::{header::HeaderName, HeaderValue, StatusCode};
use serde::de::DeserializeOwned; use serde::de::DeserializeOwned;
use tracing::log::info; use std::collections::BTreeMap;
use tracing::info;
use url::Url; use url::Url;
pub async fn fetch_object_http<Kind: DeserializeOwned>( pub async fn fetch_object_http<Kind: DeserializeOwned>(
@ -11,7 +12,7 @@ pub async fn fetch_object_http<Kind: DeserializeOwned>(
) -> Result<Kind, Error> { ) -> Result<Kind, Error> {
// dont fetch local objects this way // dont fetch local objects this way
debug_assert!(url.domain() != Some(&instance.hostname)); debug_assert!(url.domain() != Some(&instance.hostname));
verify_url_valid(url, &instance.settings).await?; instance.verify_url_valid(url).await?;
info!("Fetching remote object {}", url.to_string()); info!("Fetching remote object {}", url.to_string());
*request_counter += 1; *request_counter += 1;
@ -51,38 +52,18 @@ pub fn verify_urls_match(a: &Url, b: &Url) -> Result<(), Error> {
Ok(()) Ok(())
} }
/// Perform some security checks on URLs as mentioned in activitypub spec, and call user-supplied /// Utility to converts either actix or axum headermap to a BTreeMap
/// [`InstanceSettings.verify_url_function`]. pub fn header_to_map<'a, H>(headers: H) -> BTreeMap<String, String>
/// where
/// https://www.w3.org/TR/activitypub/#security-considerations H: IntoIterator<Item = (&'a HeaderName, &'a HeaderValue)>,
pub async fn verify_url_valid(url: &Url, settings: &InstanceSettings) -> Result<(), Error> { {
match url.scheme() { let mut header_map = BTreeMap::new();
"https" => {}
"http" => { for (name, value) in headers {
if !settings.debug { if let Ok(value) = value.to_str() {
return Err(Error::UrlVerificationError( header_map.insert(name.to_string(), value.to_string());
"Http urls are only allowed in debug mode",
));
} }
} }
_ => return Err(Error::UrlVerificationError("Invalid url scheme")),
};
if url.domain().is_none() { header_map
return Err(Error::UrlVerificationError("Url must have a domain"));
}
if url.domain() == Some("localhost") && !settings.debug {
return Err(Error::UrlVerificationError(
"Localhost is only allowed in debug mode",
));
}
settings
.url_verifier
.verify(url)
.await
.map_err(Error::UrlVerificationError)?;
Ok(())
} }