Merge branch '1560-non-federating-instances-routes-restrictions' into 'develop'

[#1560] Restricted AP- & OStatus-related routes for non-federating instances Closes #1560 See merge request pleroma/pleroma!2235
2020-03-15 19:15:20 +00:00 · 2020-03-15 19:15:20 +00:00 · fa4ec17c84
commit fa4ec17c84
parent d84670b9e1 ecb7809e92
22 changed files with 644 additions and 472 deletions
--- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
@ -9,6 +9,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
  alias Pleroma.Delivery
  alias Pleroma.Object
  alias Pleroma.Object.Fetcher
+  alias Pleroma.Plugs.EnsureAuthenticatedPlug
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub
  alias Pleroma.Web.ActivityPub.InternalFetchActor
@ -18,23 +19,37 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
  alias Pleroma.Web.ActivityPub.UserView
  alias Pleroma.Web.ActivityPub.Utils
  alias Pleroma.Web.ActivityPub.Visibility
+  alias Pleroma.Web.FederatingPlug
  alias Pleroma.Web.Federator

  require Logger

  action_fallback(:errors)

+  @federating_only_actions [:internal_fetch, :relay, :relay_following, :relay_followers]
+
+  plug(FederatingPlug when action in @federating_only_actions)
+
+  plug(
+    EnsureAuthenticatedPlug,
+    [unless_func: &FederatingPlug.federating?/0] when action not in @federating_only_actions
+  )
+
+  plug(
+    EnsureAuthenticatedPlug
+    when action in [:read_inbox, :update_outbox, :whoami, :upload_media, :following, :followers]
+  )
+
  plug(
    Pleroma.Plugs.Cache,
    [query_params: false, tracking_fun: &__MODULE__.track_object_fetch/2]
    when action in [:activity, :object]
  )

-  plug(Pleroma.Web.FederatingPlug when action in [:inbox, :relay])
  plug(:set_requester_reachable when action in [:inbox])
  plug(:relay_active? when action in [:relay])

-  def relay_active?(conn, _) do
+  defp relay_active?(conn, _) do
    if Pleroma.Config.get([:instance, :allow_relay]) do
      conn
    else
@ -127,11 +142,13 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
  end

  # GET /relay/following
-  def following(%{assigns: %{relay: true}} = conn, _params) do
-    conn
-    |> put_resp_content_type("application/activity+json")
-    |> put_view(UserView)
-    |> render("following.json", %{user: Relay.get_actor()})
+  def relay_following(conn, _params) do
+    with %{halted: false} = conn <- FederatingPlug.call(conn, []) do
+      conn
+      |> put_resp_content_type("application/activity+json")
+      |> put_view(UserView)
+      |> render("following.json", %{user: Relay.get_actor()})
+    end
  end

  def following(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname, "page" => page}) do
@ -164,11 +181,13 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
  end

  # GET /relay/followers
-  def followers(%{assigns: %{relay: true}} = conn, _params) do
-    conn
-    |> put_resp_content_type("application/activity+json")
-    |> put_view(UserView)
-    |> render("followers.json", %{user: Relay.get_actor()})
+  def relay_followers(conn, _params) do
+    with %{halted: false} = conn <- FederatingPlug.call(conn, []) do
+      conn
+      |> put_resp_content_type("application/activity+json")
+      |> put_view(UserView)
+      |> render("followers.json", %{user: Relay.get_actor()})
+    end
  end

  def followers(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname, "page" => page}) do
@ -200,13 +219,16 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
    end
  end

-  def outbox(conn, %{"nickname" => nickname, "page" => page?} = params)
+  def outbox(
+        %{assigns: %{user: for_user}} = conn,
+        %{"nickname" => nickname, "page" => page?} = params
+      )
      when page? in [true, "true"] do
    with %User{} = user <- User.get_cached_by_nickname(nickname),
         {:ok, user} <- User.ensure_keys_present(user) do
      activities =
        if params["max_id"] do
-          ActivityPub.fetch_user_activities(user, nil, %{
+          ActivityPub.fetch_user_activities(user, for_user, %{
            "max_id" => params["max_id"],
            # This is a hack because postgres generates inefficient queries when filtering by
            # 'Answer', poll votes will be hidden by the visibility filter in this case anyway
@ -214,7 +236,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
            "limit" => 10
          })
        else
-          ActivityPub.fetch_user_activities(user, nil, %{
+          ActivityPub.fetch_user_activities(user, for_user, %{
            "limit" => 10,
            "include_poll_votes" => true
          })
@ -255,8 +277,16 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
    json(conn, "ok")
  end

-  # only accept relayed Creates
-  def inbox(conn, %{"type" => "Create"} = params) do
+  # POST /relay/inbox -or- POST /internal/fetch/inbox
+  def inbox(conn, params) do
+    if params["type"] == "Create" && FederatingPlug.federating?() do
+      post_inbox_relayed_create(conn, params)
+    else
+      post_inbox_fallback(conn, params)
+    end
+  end
+
+  defp post_inbox_relayed_create(conn, params) do
    Logger.debug(
      "Signature missing or not from author, relayed Create message, fetching object from source"
    )
@ -266,10 +296,11 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
    json(conn, "ok")
  end

-  def inbox(conn, params) do
+  defp post_inbox_fallback(conn, params) do
    headers = Enum.into(conn.req_headers, %{})

-    if String.contains?(headers["signature"], params["actor"]) do
+    if headers["signature"] && params["actor"] &&
+         String.contains?(headers["signature"], params["actor"]) do
      Logger.debug(
        "Signature validation error for: #{params["actor"]}, make sure you are forwarding the HTTP Host header!"
      )
@ -277,7 +308,9 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
      Logger.debug(inspect(conn.req_headers))
    end

-    json(conn, dgettext("errors", "error"))
+    conn
+    |> put_status(:bad_request)
+    |> json(dgettext("errors", "error"))
  end

  defp represent_service_actor(%User{} = user, conn) do
@ -311,10 +344,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
    |> render("user.json", %{user: user})
  end

-  def whoami(_conn, _params), do: {:error, :not_found}
-
  def read_inbox(
-        %{assigns: %{user: %{nickname: nickname} = user}} = conn,
+        %{assigns: %{user: %User{nickname: nickname} = user}} = conn,
        %{"nickname" => nickname, "page" => page?} = params
      )
      when page? in [true, "true"] do
@ -337,7 +368,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
    })
  end

-  def read_inbox(%{assigns: %{user: %{nickname: nickname} = user}} = conn, %{
+  def read_inbox(%{assigns: %{user: %User{nickname: nickname} = user}} = conn, %{
        "nickname" => nickname
      }) do
    with {:ok, user} <- User.ensure_keys_present(user) do
@ -348,15 +379,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
    end
  end

-  def read_inbox(%{assigns: %{user: nil}} = conn, %{"nickname" => nickname}) do
-    err = dgettext("errors", "can't read inbox of %{nickname}", nickname: nickname)
-
-    conn
-    |> put_status(:forbidden)
-    |> json(err)
-  end
-
-  def read_inbox(%{assigns: %{user: %{nickname: as_nickname}}} = conn, %{
+  def read_inbox(%{assigns: %{user: %User{nickname: as_nickname}}} = conn, %{
        "nickname" => nickname
      }) do
    err =
@ -370,7 +393,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
    |> json(err)
  end

-  def handle_user_activity(user, %{"type" => "Create"} = params) do
+  defp handle_user_activity(%User{} = user, %{"type" => "Create"} = params) do
    object =
      params["object"]
      |> Map.merge(Map.take(params, ["to", "cc"]))
@ -386,7 +409,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
    })
  end

-  def handle_user_activity(user, %{"type" => "Delete"} = params) do
+  defp handle_user_activity(%User{} = user, %{"type" => "Delete"} = params) do
    with %Object{} = object <- Object.normalize(params["object"]),
         true <- user.is_moderator || user.ap_id == object.data["actor"],
         {:ok, delete} <- ActivityPub.delete(object) do
@ -396,7 +419,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
    end
  end

-  def handle_user_activity(user, %{"type" => "Like"} = params) do
+  defp handle_user_activity(%User{} = user, %{"type" => "Like"} = params) do
    with %Object{} = object <- Object.normalize(params["object"]),
         {:ok, activity, _object} <- ActivityPub.like(user, object) do
      {:ok, activity}
@ -405,7 +428,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
    end
  end

-  def handle_user_activity(_, _) do
+  defp handle_user_activity(_, _) do
    {:error, dgettext("errors", "Unhandled activity type")}
  end

@ -434,7 +457,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
    end
  end

-  def update_outbox(%{assigns: %{user: user}} = conn, %{"nickname" => nickname} = _) do
+  def update_outbox(%{assigns: %{user: %User{} = user}} = conn, %{"nickname" => nickname}) do
    err =
      dgettext("errors", "can't update outbox of %{nickname} as %{as_nickname}",
        nickname: nickname,
@ -446,13 +469,13 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
    |> json(err)
  end

-  def errors(conn, {:error, :not_found}) do
+  defp errors(conn, {:error, :not_found}) do
    conn
    |> put_status(:not_found)
    |> json(dgettext("errors", "Not found"))
  end

-  def errors(conn, _e) do
+  defp errors(conn, _e) do
    conn
    |> put_status(:internal_server_error)
    |> json(dgettext("errors", "error"))
@ -492,7 +515,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
  - HTTP Code: 201 Created
  - HTTP Body: ActivityPub object to be inserted into another's `attachment` field
  """
-  def upload_media(%{assigns: %{user: user}} = conn, %{"file" => file} = data) do
+  def upload_media(%{assigns: %{user: %User{} = user}} = conn, %{"file" => file} = data) do
    with {:ok, object} <-
           ActivityPub.upload(
             file,
--- a/lib/pleroma/web/feed/user_controller.ex
+++ b/lib/pleroma/web/feed/user_controller.ex
@ -25,7 +25,12 @@ defmodule Pleroma.Web.Feed.UserController do

  def feed_redirect(%{assigns: %{format: format}} = conn, _params)
      when format in ["json", "activity+json"] do
-    ActivityPubController.call(conn, :user)
+    with %{halted: false} = conn <-
+           Pleroma.Plugs.EnsureAuthenticatedPlug.call(conn,
+             unless_func: &Pleroma.Web.FederatingPlug.federating?/0
+           ) do
+      ActivityPubController.call(conn, :user)
+    end
  end

  def feed_redirect(conn, %{"nickname" => nickname}) do
--- a/lib/pleroma/web/ostatus/ostatus_controller.ex
+++ b/lib/pleroma/web/ostatus/ostatus_controller.ex
@ -16,6 +16,10 @@ defmodule Pleroma.Web.OStatus.OStatusController do
  alias Pleroma.Web.Metadata.PlayerView
  alias Pleroma.Web.Router

+  plug(Pleroma.Plugs.EnsureAuthenticatedPlug,
+    unless_func: &Pleroma.Web.FederatingPlug.federating?/0
+  )
+
  plug(
    RateLimiter,
    [name: :ap_routes, params: ["uuid"]] when action in [:object, :activity]
@ -135,13 +139,13 @@ defmodule Pleroma.Web.OStatus.OStatusController do
    end
  end

-  def errors(conn, {:error, :not_found}) do
+  defp errors(conn, {:error, :not_found}) do
    render_error(conn, :not_found, "Not found")
  end

-  def errors(conn, {:fetch_user, nil}), do: errors(conn, {:error, :not_found})
+  defp errors(conn, {:fetch_user, nil}), do: errors(conn, {:error, :not_found})

-  def errors(conn, _) do
+  defp errors(conn, _) do
    render_error(conn, :internal_server_error, "Something went wrong")
  end
 end
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@ -541,6 +541,7 @@ defmodule Pleroma.Web.Router do
    get("/mailer/unsubscribe/:token", Mailer.SubscriptionController, :unsubscribe)
  end

+  # Server to Server (S2S) AP interactions
  pipeline :activitypub do
    plug(:accepts, ["activity+json", "json"])
    plug(Pleroma.Web.Plugs.HTTPSignaturePlug)
@ -554,6 +555,7 @@ defmodule Pleroma.Web.Router do
    get("/users/:nickname/outbox", ActivityPubController, :outbox)
  end

+  # Client to Server (C2S) AP interactions
  pipeline :activitypub_client do
    plug(:accepts, ["activity+json", "json"])
    plug(:fetch_session)
@ -597,8 +599,8 @@ defmodule Pleroma.Web.Router do
      post("/inbox", ActivityPubController, :inbox)
    end

-    get("/following", ActivityPubController, :following, assigns: %{relay: true})
-    get("/followers", ActivityPubController, :followers, assigns: %{relay: true})
+    get("/following", ActivityPubController, :relay_following)
+    get("/followers", ActivityPubController, :relay_followers)
  end

  scope "/internal/fetch", Pleroma.Web.ActivityPub do
--- a/lib/pleroma/web/static_fe/static_fe_controller.ex
+++ b/lib/pleroma/web/static_fe/static_fe_controller.ex
@ -17,6 +17,10 @@ defmodule Pleroma.Web.StaticFE.StaticFEController do
  plug(:put_view, Pleroma.Web.StaticFE.StaticFEView)
  plug(:assign_id)

+  plug(Pleroma.Plugs.EnsureAuthenticatedPlug,
+    unless_func: &Pleroma.Web.FederatingPlug.federating?/0
+  )
+
  @page_keys ["max_id", "min_id", "limit", "since_id", "order"]

  defp get_title(%Object{data: %{"name" => name}}) when is_binary(name),
@ -33,7 +37,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEController do
    |> render("error.html", %{message: message, meta: ""})
  end

-  def get_counts(%Activity{} = activity) do
+  defp get_counts(%Activity{} = activity) do
    %Object{data: data} = Object.normalize(activity)

    %{
@ -43,9 +47,9 @@ defmodule Pleroma.Web.StaticFE.StaticFEController do
    }
  end

-  def represent(%Activity{} = activity), do: represent(activity, false)
+  defp represent(%Activity{} = activity), do: represent(activity, false)

-  def represent(%Activity{object: %Object{data: data}} = activity, selected) do
+  defp represent(%Activity{object: %Object{data: data}} = activity, selected) do
    {:ok, user} = User.get_or_fetch(activity.object.data["actor"])

    link =
@ -147,17 +151,17 @@ defmodule Pleroma.Web.StaticFE.StaticFEController do
    end
  end

-  def assign_id(%{path_info: ["notice", notice_id]} = conn, _opts),
+  defp assign_id(%{path_info: ["notice", notice_id]} = conn, _opts),
    do: assign(conn, :notice_id, notice_id)

-  def assign_id(%{path_info: ["users", user_id]} = conn, _opts),
+  defp assign_id(%{path_info: ["users", user_id]} = conn, _opts),
    do: assign(conn, :username_or_id, user_id)

-  def assign_id(%{path_info: ["objects", object_id]} = conn, _opts),
+  defp assign_id(%{path_info: ["objects", object_id]} = conn, _opts),
    do: assign(conn, :object_id, object_id)

-  def assign_id(%{path_info: ["activities", activity_id]} = conn, _opts),
+  defp assign_id(%{path_info: ["activities", activity_id]} = conn, _opts),
    do: assign(conn, :activity_id, activity_id)

-  def assign_id(conn, _opts), do: conn
+  defp assign_id(conn, _opts), do: conn
 end
--- a/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex
@ -16,6 +16,8 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowController do

  @status_types ["Article", "Event", "Note", "Video", "Page", "Question"]

+  plug(Pleroma.Web.FederatingPlug)
+
  # Note: follower can submit the form (with password auth) not being signed in (having no token)
  plug(
    OAuthScopesPlug,
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@ -17,6 +17,8 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
  alias Pleroma.Web.CommonAPI
  alias Pleroma.Web.WebFinger

+  plug(Pleroma.Web.FederatingPlug when action == :remote_subscribe)
+
  plug(
    OAuthScopesPlug,
    %{scopes: ["follow", "write:follows"]}