Compare commits
16 commits
forgejo
...
federation
Author | SHA1 | Date | |
---|---|---|---|
14895ceafe | |||
199ded37de | |||
50228f4a73 | |||
cdd30b376f | |||
19887dea19 | |||
5d5c7af983 | |||
96316a8f31 | |||
7feb8481ac | |||
1d875a5e0f | |||
e568c5b9c8 | |||
9110bce12a | |||
6da9e15102 | |||
d630513dc6 | |||
5f142647ef | |||
9a120d9306 | |||
f42c458782 |
12 changed files with 756 additions and 65 deletions
32
CODEOWNERS
32
CODEOWNERS
|
@ -1,32 +0,0 @@
|
|||
# This file describes the expected reviewers for a PR based on the changed
|
||||
# files. Unlike what the name of the file suggests they don't own the code, but
|
||||
# merely have a good understanding of that area of the codebase and therefore
|
||||
# are usually suited as a reviewer.
|
||||
|
||||
|
||||
# Please mind the alphabetic order of reviewers.
|
||||
|
||||
# Files related to the CI of the Forgejo project.
|
||||
.forgejo/.* @dachary @earl-warren
|
||||
|
||||
# Files related to frontend development.
|
||||
|
||||
# Javascript and CSS code.
|
||||
web_src/.* @caesar @crystal @gusted
|
||||
|
||||
# HTML templates used by the backend.
|
||||
templates/.* @caesar @crystal @gusted
|
||||
|
||||
# Files related to Go development.
|
||||
|
||||
# The modules usually don't require much knowledge about Forgejo and could
|
||||
# be reviewed by Go developers.
|
||||
modules/.* @dachary @earl-warren @gusted
|
||||
|
||||
# Models has code related to SQL queries, general database knowledge and XORM.
|
||||
models/.* @dachary @earl-warren @gusted
|
||||
|
||||
# The routers directory contains the most amount code that requires a good grasp
|
||||
# of how Forgejo comes together. It's tedious to write good integration testing
|
||||
# for code that lives in here.
|
||||
routers/.* @dachary @earl-warren @gusted
|
259
models/federation/federation.go
Normal file
259
models/federation/federation.go
Normal file
|
@ -0,0 +1,259 @@
|
|||
package federation
|
||||
|
||||
import (
|
||||
"context"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
"xorm.io/builder"
|
||||
)
|
||||
|
||||
// HookTask represents a hook task.
|
||||
// exact copy of models/webhook/hooktask.go when this migration was created
|
||||
// - xorm:"-" fields deleted
|
||||
type FederatedHost struct {
|
||||
ID int64 `xorm:"pk autoincr"`
|
||||
isBlocked bool
|
||||
HostFqdn string `xorm:"UNIQUE(s) INDEX"`
|
||||
}
|
||||
|
||||
func GetFederatdHost(ctx context.Context, hostFqdn string) (*FederatedHost, error) {
|
||||
rec := new(FederatedHost)
|
||||
_, err := db.GetEngine(ctx).
|
||||
Table("federated_host").Where("host_fqdn = ?", hostFqdn).Get(rec)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return rec, nil
|
||||
}
|
||||
|
||||
func FederatedHostExists(ctx context.Context, hostFqdn string) (bool, error) {
|
||||
rec := new(FederatedHost)
|
||||
exists, err := db.GetEngine(ctx).
|
||||
Table("federated_host").Where("host_fqdn = ?", hostFqdn).Get(rec)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
return exists, nil
|
||||
}
|
||||
|
||||
func (host *FederatedHost) Save(ctx context.Context) error {
|
||||
_, err := db.GetEngine(ctx).
|
||||
Insert(host)
|
||||
return err
|
||||
}
|
||||
|
||||
type FederatedUser struct {
|
||||
ID int64 `xorm:"pk autoincr"`
|
||||
UserID int64 `xorm:"INDEX"`
|
||||
ExternalID string `xorm:"UNIQUE(s) INDEX"`
|
||||
FederationHostID int64 `xorm:"INDEX"`
|
||||
}
|
||||
|
||||
func CreateFederatedUser(ctx context.Context, alias string, website string, hostname string) (*user.User, error) {
|
||||
engine := db.GetEngine(ctx)
|
||||
|
||||
// create FederatedHost
|
||||
exists, err := FederatedHostExists(ctx, hostname)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var federatedHost FederatedHost
|
||||
if exists {
|
||||
x, err := GetFederatdHost(ctx, hostname)
|
||||
federatedHost = *x
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
} else {
|
||||
federatedHost := new(FederatedHost)
|
||||
federatedHost.HostFqdn = hostname
|
||||
if err = federatedHost.Save(ctx); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
// create user.User
|
||||
u := new(user.User)
|
||||
u.Name = "@" + alias + "@" + hostname
|
||||
//panic(u.Name)
|
||||
u.Email = alias + "@" + hostname
|
||||
u.Website = website
|
||||
u.KeepEmailPrivate = true
|
||||
|
||||
exist, err := user.GetUser(ctx, u)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if exist {
|
||||
return u, nil // TODO: must also check for federatedUser existence
|
||||
}
|
||||
|
||||
if err = createUser(ctx, u); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
federatedUser := new(FederatedUser)
|
||||
federatedUser.ExternalID = u.Name
|
||||
federatedUser.UserID = u.ID
|
||||
federatedUser.FederationHostID = federatedHost.ID
|
||||
exist, err = engine.Get(federatedUser)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if !exist {
|
||||
_, err = engine.Insert(federatedUser)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
return u, nil
|
||||
}
|
||||
|
||||
func createUser(ctx context.Context, u *user.User) error {
|
||||
// set system defaults
|
||||
u.Visibility = setting.Service.DefaultUserVisibilityMode
|
||||
u.AllowCreateOrganization = setting.Service.DefaultAllowCreateOrganization && !setting.Admin.DisableRegularOrgCreation
|
||||
u.EmailNotificationsPreference = setting.Admin.DefaultEmailNotification
|
||||
u.MaxRepoCreation = -1
|
||||
u.Theme = setting.UI.DefaultTheme
|
||||
u.IsRestricted = setting.Service.DefaultUserIsRestricted
|
||||
u.IsActive = !(setting.Service.RegisterEmailConfirm || setting.Service.RegisterManualConfirm)
|
||||
|
||||
// Ensure consistency of the dates.
|
||||
if u.UpdatedUnix < u.CreatedUnix {
|
||||
u.UpdatedUnix = u.CreatedUnix
|
||||
}
|
||||
|
||||
// validate data
|
||||
if err := user.ValidateUser(u); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := user.ValidateEmail(u.Email); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
ctx, committer, err := db.TxContext(ctx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer committer.Close()
|
||||
|
||||
isExist, err := user.IsUserExist(ctx, 0, u.Name)
|
||||
if err != nil {
|
||||
return err
|
||||
} else if isExist {
|
||||
return user.ErrUserAlreadyExist{u.Name}
|
||||
}
|
||||
|
||||
isExist, err = user.IsEmailUsed(ctx, u.Email)
|
||||
if err != nil {
|
||||
return err
|
||||
} else if isExist {
|
||||
return user.ErrEmailAlreadyUsed{
|
||||
Email: u.Email,
|
||||
}
|
||||
}
|
||||
|
||||
// prepare for database
|
||||
|
||||
u.LowerName = strings.ToLower(u.Name)
|
||||
u.AvatarEmail = u.Email
|
||||
if u.Rands, err = user.GetUserSalt(); err != nil {
|
||||
return err
|
||||
}
|
||||
if u.Passwd != "" {
|
||||
if err = u.SetPassword(u.Passwd); err != nil {
|
||||
return err
|
||||
}
|
||||
} else {
|
||||
u.Salt = ""
|
||||
u.PasswdHashAlgo = ""
|
||||
}
|
||||
|
||||
// save changes to database
|
||||
|
||||
if err = user.DeleteUserRedirect(ctx, u.Name); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if u.CreatedUnix == 0 {
|
||||
// Caller expects auto-time for creation & update timestamps.
|
||||
err = db.Insert(ctx, u)
|
||||
} else {
|
||||
// Caller sets the timestamps themselves. They are responsible for ensuring
|
||||
// both `CreatedUnix` and `UpdatedUnix` are set appropriately.
|
||||
_, err = db.GetEngine(ctx).NoAutoTime().Insert(u)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// insert email address
|
||||
if err := db.Insert(ctx, &user.EmailAddress{
|
||||
UID: u.ID,
|
||||
Email: u.Email,
|
||||
LowerEmail: strings.ToLower(u.Email),
|
||||
IsActivated: u.IsActive,
|
||||
IsPrimary: true,
|
||||
}); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return committer.Commit()
|
||||
|
||||
}
|
||||
|
||||
func GetRemoteUsersWithNoLocalFollowers(ctx context.Context, olderThan time.Duration, page int) ([]user.User, error) {
|
||||
limit := 40
|
||||
offset := page * limit
|
||||
var users []user.User
|
||||
|
||||
err := db.GetEngine(ctx).
|
||||
Table("user").
|
||||
Where("num_followers = 0").
|
||||
And(builder.Lt{"user.created_unix": time.Now().Add(-olderThan).Unix()}).
|
||||
Join("inner", "federated_user", "federated_user.user_id = user.id").
|
||||
Limit(limit, offset).
|
||||
Find(&users)
|
||||
|
||||
if err != nil {
|
||||
log.Trace("Error: GetRemoteUserWithNoLocalFollowers: %w", err)
|
||||
return nil, err
|
||||
}
|
||||
return users, nil
|
||||
|
||||
}
|
||||
|
||||
func GetRemotePersons(ctx context.Context, page int) ([]FederatedUser, error) {
|
||||
limit := 1
|
||||
offset := page * limit
|
||||
var federatedUsers []FederatedUser
|
||||
|
||||
err := db.GetEngine(ctx).
|
||||
Table("federated_user").
|
||||
Limit(limit, offset).
|
||||
Find(&federatedUsers)
|
||||
|
||||
// TODO: this doesn't work, so fetching federated_user and then getting user. How to make this work?
|
||||
// var users []user.User
|
||||
// err := db.GetEngine(ctx).
|
||||
// Table("user").
|
||||
// Join("inner", "federated_user", "federated_user.user_id = user.id").
|
||||
// Limit(limit, offset).
|
||||
// Find(&users)
|
||||
|
||||
if err != nil {
|
||||
log.Trace("Error: GetRemotePersons: %w", err)
|
||||
return nil, err
|
||||
}
|
||||
return federatedUsers, nil
|
||||
}
|
|
@ -50,6 +50,10 @@ var migrations = []*Migration{
|
|||
NewMigration("create the forgejo_repo_flag table", forgejo_v1_22.CreateRepoFlagTable),
|
||||
// v5 -> v6
|
||||
NewMigration("Add wiki_branch to repository", forgejo_v1_22.AddWikiBranchToRepository),
|
||||
// v6 -> v7
|
||||
NewMigration("create federated_host table", forgejo_v1_22.AddFederatedHost),
|
||||
// v7 -> v8
|
||||
NewMigration("create federated_user table", forgejo_v1_22.AddFederatedUser),
|
||||
}
|
||||
|
||||
// GetCurrentDBVersion returns the current Forgejo database version.
|
||||
|
@ -118,6 +122,7 @@ func Migrate(x *xorm.Engine) error {
|
|||
}
|
||||
|
||||
v := currentVersion.Version
|
||||
log.Info("Current version: %d", v)
|
||||
|
||||
// Downgrading Forgejo's database version not supported
|
||||
if v > ExpectedVersion() {
|
||||
|
@ -156,5 +161,6 @@ func Migrate(x *xorm.Engine) error {
|
|||
return fmt.Errorf("sync: %w", err)
|
||||
}
|
||||
|
||||
// panic("fn end")
|
||||
return semver.SetVersionStringWithEngine(x, setting.ForgejoVersion)
|
||||
}
|
||||
|
|
26
models/forgejo_migrations/v1_22/v7.go
Normal file
26
models/forgejo_migrations/v1_22/v7.go
Normal file
|
@ -0,0 +1,26 @@
|
|||
// Copyright 2024 The Forgejo Authors
|
||||
// SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
package v1_22 //nolint
|
||||
|
||||
import (
|
||||
"code.gitea.io/gitea/models/federation"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"xorm.io/xorm"
|
||||
)
|
||||
|
||||
//// HookTask represents a hook task.
|
||||
//// exact copy of models/webhook/hooktask.go when this migration was created
|
||||
//// - xorm:"-" fields deleted
|
||||
//type FederatedHost struct {
|
||||
// ID int64 `xorm:"pk autoincr"`
|
||||
// isBlocked bool
|
||||
// HostFqdn string `xorm:"UNIQUE(s) INDEX"`
|
||||
//}
|
||||
|
||||
func AddFederatedHost(x *xorm.Engine) error {
|
||||
|
||||
// panic("add host")
|
||||
log.Info("Running Add host migration")
|
||||
return x.Sync(new(federation.FederatedHost))
|
||||
}
|
25
models/forgejo_migrations/v1_22/v8.go
Normal file
25
models/forgejo_migrations/v1_22/v8.go
Normal file
|
@ -0,0 +1,25 @@
|
|||
// Copyright 2024 The Forgejo Authors
|
||||
// SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
package v1_22 //nolint
|
||||
|
||||
import (
|
||||
"code.gitea.io/gitea/models/federation"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"xorm.io/xorm"
|
||||
)
|
||||
|
||||
// HookTask represents a hook task.
|
||||
// exact copy of models/webhook/hooktask.go when this migration was created
|
||||
// - xorm:"-" fields deleted
|
||||
//type FederatedUser struct {
|
||||
// ID int64 `xorm:"pk autoincr"`
|
||||
// UserID int64 `xorm:"INDEX"`
|
||||
// ExternalID string `xorm:"UNIQUE(s) INDEX"`
|
||||
// FederationHostID int64 `xorm:"INDEX"`
|
||||
//}
|
||||
|
||||
func AddFederatedUser(x *xorm.Engine) error {
|
||||
log.Info("Running Add user migration")
|
||||
return x.Sync(new(federation.FederatedUser))
|
||||
}
|
|
@ -2921,6 +2921,8 @@ dashboard.start_schedule_tasks = Start schedule tasks
|
|||
dashboard.sync_branch.started = Branches Sync started
|
||||
dashboard.sync_tag.started = Tags Sync started
|
||||
dashboard.rebuild_issue_indexer = Rebuild issue indexer
|
||||
dashboard.remote_actor_cleanup = Clean remote actors with no local followers
|
||||
dashboard.remote_actor_update = Update remote actors' data
|
||||
|
||||
users.user_manage_panel = Manage user accounts
|
||||
users.new_account = Create User Account
|
||||
|
|
|
@ -17,6 +17,7 @@ import (
|
|||
"code.gitea.io/gitea/modules/sitemap"
|
||||
"code.gitea.io/gitea/modules/structs"
|
||||
"code.gitea.io/gitea/services/context"
|
||||
"code.gitea.io/gitea/services/forgefed"
|
||||
)
|
||||
|
||||
const (
|
||||
|
@ -92,6 +93,31 @@ func RenderUserSearch(ctx *context.Context, opts *user_model.SearchUserOptions,
|
|||
|
||||
opts.Keyword = ctx.FormTrim("q")
|
||||
opts.OrderBy = orderBy
|
||||
|
||||
if len(opts.Keyword) > 0 && forgefed.IsFingerable(opts.Keyword) {
|
||||
webfingerRes, err := forgefed.WebFingerLookup(opts.Keyword)
|
||||
if err != nil {
|
||||
ctx.ServerError("SearchUsers", err)
|
||||
return
|
||||
}
|
||||
person, err := forgefed.GetActor(webfingerRes.GetActorLink().Href)
|
||||
if err != nil {
|
||||
ctx.ServerError("SearchUsers", err)
|
||||
return
|
||||
}
|
||||
|
||||
_, err = forgefed.SavePerson(ctx, person)
|
||||
if err != nil {
|
||||
ctx.ServerError("SearchUsers", err)
|
||||
return
|
||||
}
|
||||
// users, count, err = user_model.SearchUsers(ctx, opts)
|
||||
// if err != nil {
|
||||
// ctx.ServerError("SearchUsers", err)
|
||||
// return
|
||||
// }
|
||||
}
|
||||
|
||||
if len(opts.Keyword) == 0 || isKeywordValid(opts.Keyword) {
|
||||
users, count, err = user_model.SearchUsers(ctx, opts)
|
||||
if err != nil {
|
||||
|
@ -99,6 +125,7 @@ func RenderUserSearch(ctx *context.Context, opts *user_model.SearchUserOptions,
|
|||
return
|
||||
}
|
||||
}
|
||||
|
||||
if isSitemap {
|
||||
m := sitemap.NewSitemap()
|
||||
for _, item := range users {
|
||||
|
|
|
@ -13,25 +13,11 @@ import (
|
|||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
"code.gitea.io/gitea/services/context"
|
||||
"code.gitea.io/gitea/services/forgefed"
|
||||
)
|
||||
|
||||
// https://datatracker.ietf.org/doc/html/draft-ietf-appsawg-webfinger-14#section-4.4
|
||||
|
||||
type webfingerJRD struct {
|
||||
Subject string `json:"subject,omitempty"`
|
||||
Aliases []string `json:"aliases,omitempty"`
|
||||
Properties map[string]any `json:"properties,omitempty"`
|
||||
Links []*webfingerLink `json:"links,omitempty"`
|
||||
}
|
||||
|
||||
type webfingerLink struct {
|
||||
Rel string `json:"rel,omitempty"`
|
||||
Type string `json:"type,omitempty"`
|
||||
Href string `json:"href,omitempty"`
|
||||
Titles map[string]string `json:"titles,omitempty"`
|
||||
Properties map[string]any `json:"properties,omitempty"`
|
||||
}
|
||||
|
||||
// WebfingerQuery returns information about a resource
|
||||
// https://datatracker.ietf.org/doc/html/rfc7565
|
||||
func WebfingerQuery(ctx *context.Context) {
|
||||
|
@ -64,6 +50,19 @@ func WebfingerQuery(ctx *context.Context) {
|
|||
if u != nil && u.KeepEmailPrivate {
|
||||
err = user_model.ErrUserNotExist{}
|
||||
}
|
||||
case "https", "http":
|
||||
if resource.Host != appURL.Host {
|
||||
ctx.Error(http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
parts := strings.Split(resource.Path, "/")
|
||||
if len(parts) < 2 { // fragment[0] is empty space, fragment[1] may be username
|
||||
ctx.Error(http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
u, err = user_model.GetUserByName(ctx, parts[1])
|
||||
default:
|
||||
ctx.Error(http.StatusBadRequest)
|
||||
return
|
||||
|
@ -91,7 +90,7 @@ func WebfingerQuery(ctx *context.Context) {
|
|||
aliases = append(aliases, fmt.Sprintf("mailto:%s", u.Email))
|
||||
}
|
||||
|
||||
links := []*webfingerLink{
|
||||
links := []*forgefed.WebfingerLink{
|
||||
{
|
||||
Rel: "http://webfinger.net/rel/profile-page",
|
||||
Type: "text/html",
|
||||
|
@ -112,8 +111,9 @@ func WebfingerQuery(ctx *context.Context) {
|
|||
},
|
||||
}
|
||||
|
||||
ctx.Resp.Header().Add("Content-Type", "application/jrd+json")
|
||||
ctx.Resp.Header().Add("Access-Control-Allow-Origin", "*")
|
||||
ctx.JSON(http.StatusOK, &webfingerJRD{
|
||||
ctx.JSON(http.StatusOK, &forgefed.WebfingerJRD{
|
||||
Subject: fmt.Sprintf("acct:%s@%s", url.QueryEscape(u.Name), appURL.Host),
|
||||
Aliases: aliases,
|
||||
Links: links,
|
||||
|
|
|
@ -15,6 +15,7 @@ import (
|
|||
"code.gitea.io/gitea/modules/setting"
|
||||
"code.gitea.io/gitea/services/actions"
|
||||
"code.gitea.io/gitea/services/auth"
|
||||
forgefed_service "code.gitea.io/gitea/services/forgefed"
|
||||
"code.gitea.io/gitea/services/migrations"
|
||||
mirror_service "code.gitea.io/gitea/services/mirror"
|
||||
packages_cleanup_service "code.gitea.io/gitea/services/packages/cleanup"
|
||||
|
@ -187,7 +188,40 @@ func initBasicTasks() {
|
|||
if setting.Packages.Enabled {
|
||||
registerCleanupPackages()
|
||||
}
|
||||
|
||||
if setting.Actions.Enabled {
|
||||
registerActionsCleanup()
|
||||
}
|
||||
|
||||
if setting.Federation.Enabled {
|
||||
registerCleanupRemotePersonsWithNoFollowers()
|
||||
registerUpdateRemotePersons()
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
func registerCleanupRemotePersonsWithNoFollowers() {
|
||||
RegisterTaskFatal("remote_actor_cleanup", &OlderThanConfig{
|
||||
BaseConfig: BaseConfig{
|
||||
Enabled: true,
|
||||
RunAtStart: true,
|
||||
Schedule: "@midnight",
|
||||
},
|
||||
OlderThan: 24 * time.Hour,
|
||||
}, func(ctx context.Context, _ *user_model.User, config Config) error {
|
||||
acConfig := config.(*OlderThanConfig)
|
||||
return forgefed_service.CleanUpRemotePersons(ctx, acConfig.OlderThan)
|
||||
})
|
||||
}
|
||||
|
||||
func registerUpdateRemotePersons() {
|
||||
RegisterTaskFatal("remote_actor_update", &OlderThanConfig{
|
||||
BaseConfig: BaseConfig{
|
||||
Enabled: true,
|
||||
RunAtStart: true,
|
||||
Schedule: "@every 6h",
|
||||
},
|
||||
}, func(ctx context.Context, _ *user_model.User, config Config) error {
|
||||
return forgefed_service.UpdatePersonActor(ctx)
|
||||
})
|
||||
}
|
||||
|
|
178
services/forgefed/actor.go
Normal file
178
services/forgefed/actor.go
Normal file
|
@ -0,0 +1,178 @@
|
|||
package forgefed
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"code.gitea.io/gitea/models/federation"
|
||||
"code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
user_service "code.gitea.io/gitea/services/user"
|
||||
|
||||
ap "github.com/go-ap/activitypub"
|
||||
)
|
||||
|
||||
func GetActor(id string) (*ap.Actor, error) {
|
||||
client := http.Client{}
|
||||
req, err := http.NewRequest("GET", id, nil)
|
||||
if err != nil {
|
||||
//Handle Error
|
||||
}
|
||||
|
||||
req.Header = http.Header{
|
||||
"Content-Type": {"application/activity+json"},
|
||||
}
|
||||
r, err := client.Do(req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer r.Body.Close()
|
||||
body, err := io.ReadAll(r.Body)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
actorObj := new(ap.Actor)
|
||||
err = json.Unmarshal(body, &actorObj)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return actorObj, nil
|
||||
}
|
||||
|
||||
func GetPersonAvatar(ctx context.Context, person *ap.Person) ([]byte, error) {
|
||||
|
||||
avatarObj := new(ap.Image)
|
||||
ap.CopyItemProperties(avatarObj, person.Icon)
|
||||
log.Info("Getting avatar from link : %s", avatarObj.URL.GetLink().String())
|
||||
|
||||
r, err := http.Get(avatarObj.URL.GetLink().String())
|
||||
if err != nil {
|
||||
log.Error("Got error while fetching avatar fn: %w", err)
|
||||
return nil, err
|
||||
}
|
||||
defer r.Body.Close()
|
||||
return io.ReadAll(r.Body)
|
||||
}
|
||||
|
||||
func SavePerson(ctx context.Context, person *ap.Person) (*user.User, error) {
|
||||
|
||||
fmt.Println(person.ID.String())
|
||||
hostname, err := GetHostnameFromResource(person.ID.String())
|
||||
|
||||
u, err := federation.CreateFederatedUser(ctx, person.PreferredUsername.String(), person.URL.GetID().String(), hostname)
|
||||
if err != nil {
|
||||
log.Error("Got error while saving person: %w", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
avatar, err := GetPersonAvatar(ctx, person)
|
||||
if err != nil {
|
||||
log.Error("Got error while fetching avatar: %w", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if u.IsUploadAvatarChanged(avatar) {
|
||||
_ = user_service.UploadAvatar(ctx, u, avatar)
|
||||
}
|
||||
|
||||
return u, nil
|
||||
}
|
||||
|
||||
func GetActorFromUser(ctx context.Context, u *user.User) (*ap.Actor, error) {
|
||||
|
||||
alias := u.Name
|
||||
|
||||
webfingerRes, err := WebFingerLookup(alias)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
actorID := webfingerRes.GetActorLink().Href
|
||||
|
||||
return GetActor(actorID)
|
||||
}
|
||||
|
||||
// Clean up remote actors (persons) without any followers in local instance
|
||||
func CleanUpRemotePersons(ctx context.Context, olderThan time.Duration) error {
|
||||
page := 0
|
||||
for {
|
||||
users, err := federation.GetRemoteUsersWithNoLocalFollowers(ctx, olderThan, page)
|
||||
if len(users) == 0 {
|
||||
break
|
||||
}
|
||||
if err != nil {
|
||||
log.Trace("Error: CleanUpRemotePersons: %v", err)
|
||||
return err
|
||||
}
|
||||
|
||||
for _, u := range users {
|
||||
err = user_service.DeleteUser(ctx, &u, false)
|
||||
if err != nil {
|
||||
log.Trace("Error: CleanUpRemotePersons: %v", err)
|
||||
return err
|
||||
}
|
||||
}
|
||||
page += 1
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func UpdatePersonActor(ctx context.Context) error {
|
||||
// NOTE: change of any of these don't matter at this point since we are
|
||||
// ignoring actor's PreferredUsername and using their address to generate
|
||||
// username and email. Ask suggestions from other devs.
|
||||
//
|
||||
// fmt.Println(person.ID.String())
|
||||
// hostname, err := GetHostnameFromResource(person.ID.String())
|
||||
//
|
||||
//
|
||||
// u := new(user.User)
|
||||
// u.Name = "@" + person.PreferredUsername.String() + "@" + hostname
|
||||
// //panic(u.Name)
|
||||
// u.Email = person.PreferredUsername.String() + "@" + hostname
|
||||
// u.Website = person.URL.GetID().String()
|
||||
// u.KeepEmailPrivate = true
|
||||
|
||||
page := 0
|
||||
for {
|
||||
federatedUsers, err := federation.GetRemotePersons(ctx, page)
|
||||
if len(federatedUsers) == 0 {
|
||||
break
|
||||
}
|
||||
if err != nil {
|
||||
log.Trace("Error: UpdatePersonActor: %v", err)
|
||||
return err
|
||||
}
|
||||
|
||||
for _, f := range federatedUsers {
|
||||
log.Info("Updating users, got %s", f.ExternalID)
|
||||
u, err := user.GetUserByName(ctx, f.ExternalID)
|
||||
if err != nil {
|
||||
log.Error("Got error while getting user: %w", err)
|
||||
return err
|
||||
}
|
||||
|
||||
person, err := GetActorFromUser(ctx, u)
|
||||
if err != nil {
|
||||
log.Error("Got error while fetching actor: %w", err)
|
||||
return err
|
||||
}
|
||||
|
||||
avatar, err := GetPersonAvatar(ctx, person)
|
||||
if err != nil {
|
||||
log.Error("Got error while fetching avatar: %w", err)
|
||||
return err
|
||||
}
|
||||
|
||||
if u.IsUploadAvatarChanged(avatar) {
|
||||
_ = user_service.UploadAvatar(ctx, u, avatar)
|
||||
}
|
||||
}
|
||||
page += 1
|
||||
}
|
||||
return nil
|
||||
}
|
167
services/forgefed/webfinger.go
Normal file
167
services/forgefed/webfinger.go
Normal file
|
@ -0,0 +1,167 @@
|
|||
package forgefed
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strings"
|
||||
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
)
|
||||
|
||||
// https://datatracker.ietf.org/doc/html/draft-ietf-appsawg-webfinger-14#section-4.4
|
||||
|
||||
type WebfingerJRD struct {
|
||||
Subject string `json:"subject,omitempty"`
|
||||
Aliases []string `json:"aliases,omitempty"`
|
||||
Properties map[string]any `json:"properties,omitempty"`
|
||||
Links []*WebfingerLink `json:"links,omitempty"`
|
||||
}
|
||||
|
||||
func (w WebfingerJRD) GetAvatar() *WebfingerLink {
|
||||
for _, link := range w.Links {
|
||||
if link.Rel == "http://webfinger.net/rel/avatar" {
|
||||
return link
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (w WebfingerJRD) GetProfilePage() *WebfingerLink {
|
||||
for _, link := range w.Links {
|
||||
if link.Rel == "http://webfinger.net/rel/profile-page" && link.Type == "text/html" {
|
||||
return link
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (w WebfingerJRD) GetActorLink() *WebfingerLink {
|
||||
for _, link := range w.Links {
|
||||
if link.Rel == "self" && link.Type == "application/activity+json" {
|
||||
return link
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
type WebfingerLink struct {
|
||||
Rel string `json:"rel,omitempty"`
|
||||
Type string `json:"type,omitempty"`
|
||||
Href string `json:"href,omitempty"`
|
||||
Titles map[string]string `json:"titles,omitempty"`
|
||||
Properties map[string]any `json:"properties,omitempty"`
|
||||
}
|
||||
|
||||
func GetHostnameFromResource(resource string) (string, error) {
|
||||
r := resource
|
||||
if strings.HasPrefix(resource, "@") {
|
||||
resource, _ = strings.CutPrefix(resource, "@")
|
||||
}
|
||||
actor, err := url.Parse(resource)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
var hostname string
|
||||
switch actor.Scheme {
|
||||
case "":
|
||||
i := strings.Split(resource, "@")
|
||||
if len(i) != 2 {
|
||||
log.Error("Invalid webfinger query " + r)
|
||||
return "", errors.New("Invalid webfinger query " + r)
|
||||
}
|
||||
hostname = i[1]
|
||||
case "mailto":
|
||||
i := strings.Split(resource, "@")
|
||||
if len(i) != 2 {
|
||||
log.Error("Invalid webfinger query " + r)
|
||||
return "", errors.New("Invalid webfinger query " + r)
|
||||
}
|
||||
hostname = i[1]
|
||||
case "https":
|
||||
hostname = actor.Host
|
||||
default:
|
||||
log.Error("Invalid webfinger query " + r)
|
||||
return "", errors.New("Invalid webfinger query" + r)
|
||||
|
||||
}
|
||||
return hostname, nil
|
||||
}
|
||||
|
||||
// Get Actor object by performing webfinger lookup
|
||||
func WebFingerLookup(q string) (*WebfingerJRD, error) {
|
||||
if strings.HasPrefix(q, "@") {
|
||||
q, _ = strings.CutPrefix(q, "@")
|
||||
}
|
||||
actor, err := url.Parse(q)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var res string
|
||||
switch actor.Scheme {
|
||||
case "":
|
||||
res = fmt.Sprintf("acct:%s", q)
|
||||
case "mailto":
|
||||
res = q
|
||||
case "https":
|
||||
res = q
|
||||
default:
|
||||
return nil, errors.New("Invalid webfinger query")
|
||||
|
||||
}
|
||||
|
||||
hostname, err := GetHostnameFromResource(q)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
link := fmt.Sprintf("https://%s/.well-known/webfinger?resource=%s", hostname, res)
|
||||
|
||||
r, err := http.Get(link)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer r.Body.Close()
|
||||
|
||||
webfingerResponse := new(WebfingerJRD)
|
||||
err = json.NewDecoder(r.Body).Decode(webfingerResponse)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return webfingerResponse, nil
|
||||
}
|
||||
|
||||
func IsFingerable(resource string) bool {
|
||||
if strings.HasPrefix(resource, "@") {
|
||||
resource, _ = strings.CutPrefix(resource, "@")
|
||||
}
|
||||
actor, err := url.Parse(resource)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
switch actor.Scheme {
|
||||
case "":
|
||||
i := strings.Split(resource, "@")
|
||||
if len(i) == 2 {
|
||||
_ = i[1] // TODO: do len check before referencing element #2
|
||||
return true
|
||||
}
|
||||
return false
|
||||
case "mailto":
|
||||
i := strings.Split(resource, "@")
|
||||
if len(i) == 2 {
|
||||
_ = i[1]
|
||||
return true
|
||||
}
|
||||
return false
|
||||
case "https":
|
||||
return true
|
||||
default:
|
||||
return false
|
||||
}
|
||||
}
|
|
@ -12,6 +12,7 @@ import (
|
|||
"code.gitea.io/gitea/models/unittest"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
"code.gitea.io/gitea/services/forgefed"
|
||||
"code.gitea.io/gitea/tests"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
|
@ -29,27 +30,12 @@ func TestWebfinger(t *testing.T) {
|
|||
|
||||
appURL, _ := url.Parse(setting.AppURL)
|
||||
|
||||
type webfingerLink struct {
|
||||
Rel string `json:"rel,omitempty"`
|
||||
Type string `json:"type,omitempty"`
|
||||
Href string `json:"href,omitempty"`
|
||||
Titles map[string]string `json:"titles,omitempty"`
|
||||
Properties map[string]any `json:"properties,omitempty"`
|
||||
}
|
||||
|
||||
type webfingerJRD struct {
|
||||
Subject string `json:"subject,omitempty"`
|
||||
Aliases []string `json:"aliases,omitempty"`
|
||||
Properties map[string]any `json:"properties,omitempty"`
|
||||
Links []*webfingerLink `json:"links,omitempty"`
|
||||
}
|
||||
|
||||
session := loginUser(t, "user1")
|
||||
|
||||
req := NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=acct:%s@%s", user.LowerName, appURL.Host))
|
||||
resp := MakeRequest(t, req, http.StatusOK)
|
||||
|
||||
var jrd webfingerJRD
|
||||
var jrd forgefed.WebfingerJRD
|
||||
DecodeJSON(t, resp, &jrd)
|
||||
assert.Equal(t, "acct:user2@"+appURL.Host, jrd.Subject)
|
||||
assert.ElementsMatch(t, []string{user.HTMLURL(), appURL.String() + "api/v1/activitypub/user-id/" + fmt.Sprint(user.ID)}, jrd.Aliases)
|
||||
|
@ -65,4 +51,17 @@ func TestWebfinger(t *testing.T) {
|
|||
|
||||
req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=mailto:%s", user.Email))
|
||||
MakeRequest(t, req, http.StatusNotFound)
|
||||
|
||||
req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s/%s/foo", appURL.Host, user.Name))
|
||||
session.MakeRequest(t, req, http.StatusOK)
|
||||
|
||||
req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=https://%s/%s", appURL.Host, user.Name))
|
||||
session.MakeRequest(t, req, http.StatusOK)
|
||||
|
||||
req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s", appURL.Host))
|
||||
MakeRequest(t, req, http.StatusBadRequest)
|
||||
|
||||
req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s/%s/foo", "example.com", user.Name))
|
||||
MakeRequest(t, req, http.StatusBadRequest)
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue