Compare commits

..

2 commits

Author SHA1 Message Date
Sebastian Jambor
a54c0993c1 sign json ld fetches 2023-12-17 23:06:57 +01:00
Sebastian Jambor
fa829953a9 allow jrd+json in json_ld_controller to support strict webfinger endpoints 2023-08-08 19:51:30 +02:00
5 changed files with 70 additions and 20 deletions

View file

@ -1,6 +1,7 @@
# frozen_string_literal: true
require "faraday"
require "uri"
class Api::V1::JsonLdController < Api::BaseController
include ActionController::Live
@ -9,6 +10,40 @@ class Api::V1::JsonLdController < Api::BaseController
render json: { error: e.to_s }, status: 422
end
before_action :require_user!
REQUEST_TARGET = '(request-target)'
def signature(headers)
account = Account.representative
key_id = ActivityPub::TagManager.instance.key_uri_for(account)
algorithm = 'rsa-sha256'
signed_string = headers.map { |key, value| "#{key.downcase}: #{value}" }.join("\n")
signature = Base64.strict_encode64(account.keypair.sign(OpenSSL::Digest.new('SHA256'), signed_string))
"keyId=\"#{key_id}\",algorithm=\"#{algorithm}\",headers=\"#{headers.keys.join(' ').downcase}\",signature=\"#{signature}\""
end
def signed_headers(url_string)
if url_string.include?(".well-known")
return {'Accept': 'application/jrd+json'}
end
url = URI.parse(url_string)
tmp_headers = {
'Date': Time.now.utc.httpdate,
'Host': url.host,
'Accept': 'application/activity+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
}
tmp_headers[REQUEST_TARGET] = "get #{url_string.delete_prefix("#{url.scheme}://#{url.host}")}"
additional_headers = {
'Signature': signature(tmp_headers),
'User-Agent': Mastodon::Version.user_agent,
}
tmp_headers.merge(additional_headers).except(REQUEST_TARGET)
end
def show
url = params[:url]
@ -17,13 +52,12 @@ class Api::V1::JsonLdController < Api::BaseController
Thread.new {
begin
conn = Faraday::Connection.new
conn.options.timeout = 5
api_response = conn.get(url, nil, {'Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'})
api_response = conn.get(url, nil, signed_headers(url))
max_redirects = 5
while api_response.status == 301 || api_response.status == 302 and max_redirects > 0 do
api_response = conn.get(api_response.headers['Location'], nil, {'Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'})
api_response = conn.get(api_response.headers['Location'], nil, signed_headers(api_response.headers['Location']))
max_redirects -= 1
end

View file

@ -1,14 +1,14 @@
- thumbnail = @instance_presenter.thumbnail
- description ||= @instance_presenter.description.presence || strip_tags(t('about.about_mastodon_html'))
- description = 'Learn ActivityPub interactively, by seeing protocol interactions visualized in real time'
%meta{ name: 'description', content: description }/
= opengraph 'og:site_name', t('about.hosted_on', domain: site_hostname)
= opengraph 'og:site_name', 'ActivityPub Academy - A learning resource for ActivityPub'
= opengraph 'og:url', url_for(only_path: false)
= opengraph 'og:type', 'website'
= opengraph 'og:title', @instance_presenter.title
= opengraph 'og:title', 'ActivityPub Academy'
= opengraph 'og:description', description
= opengraph 'og:image', full_asset_url(thumbnail&.file&.url(:'@1x') || asset_pack_path('media/images/preview.png', protocol: :request))
= opengraph 'og:image:width', thumbnail ? thumbnail.meta['width'] : '1200'
= opengraph 'og:image:height', thumbnail ? thumbnail.meta['height'] : '630'
= opengraph 'og:image', full_asset_url(thumbnail&.file&.url(:'@1x') || asset_pack_path('media/images/academy-mascot.webp', protocol: :request))
= opengraph 'og:image:width', thumbnail ? thumbnail.meta['width'] : '500'
= opengraph 'og:image:height', thumbnail ? thumbnail.meta['height'] : '573'
= opengraph 'twitter:card', 'summary_large_image'

21
dist/nginx.conf vendored
View file

@ -114,6 +114,27 @@ server {
tcp_nodelay on;
}
location ^~ /api/v1/json_ld {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_pass http://backend;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection '';
proxy_cache off;
proxy_buffering off;
chunked_transfer_encoding off;
tcp_nodelay on;
}
location ^~ /api/v1/activity_log {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;

View file

@ -30,7 +30,7 @@
"@babel/plugin-transform-runtime": "^7.19.6",
"@babel/preset-env": "^7.20.2",
"@babel/preset-react": "^7.18.6",
"@babel/runtime": "^7.22.10",
"@babel/runtime": "^7.20.13",
"@gamestdio/websocket": "^0.3.2",
"@github/webauthn-json": "^0.5.7",
"@rails/ujs": "^6.1.7",

View file

@ -1030,12 +1030,12 @@
dependencies:
regenerator-runtime "^0.12.0"
"@babel/runtime@^7.0.0", "@babel/runtime@^7.1.2", "@babel/runtime@^7.10.2", "@babel/runtime@^7.11.2", "@babel/runtime@^7.12.0", "@babel/runtime@^7.12.5", "@babel/runtime@^7.13.10", "@babel/runtime@^7.13.8", "@babel/runtime@^7.15.4", "@babel/runtime@^7.2.0", "@babel/runtime@^7.20.7", "@babel/runtime@^7.22.10", "@babel/runtime@^7.3.1", "@babel/runtime@^7.5.5", "@babel/runtime@^7.6.3", "@babel/runtime@^7.7.2", "@babel/runtime@^7.8.4", "@babel/runtime@^7.8.7", "@babel/runtime@^7.9.2":
version "7.22.10"
resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.22.10.tgz#ae3e9631fd947cb7e3610d3e9d8fef5f76696682"
integrity sha512-21t/fkKLMZI4pqP2wlmsQAWnYW1PDyKyyUV4vCi+B25ydmdaYTKXPwCj0BzSUnZf4seIiYvSA3jcZ3gdsMFkLQ==
"@babel/runtime@^7.0.0", "@babel/runtime@^7.1.2", "@babel/runtime@^7.10.2", "@babel/runtime@^7.11.2", "@babel/runtime@^7.12.0", "@babel/runtime@^7.12.5", "@babel/runtime@^7.13.10", "@babel/runtime@^7.13.8", "@babel/runtime@^7.15.4", "@babel/runtime@^7.2.0", "@babel/runtime@^7.20.13", "@babel/runtime@^7.20.7", "@babel/runtime@^7.3.1", "@babel/runtime@^7.5.5", "@babel/runtime@^7.6.3", "@babel/runtime@^7.7.2", "@babel/runtime@^7.8.4", "@babel/runtime@^7.8.7", "@babel/runtime@^7.9.2":
version "7.20.13"
resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.20.13.tgz#7055ab8a7cff2b8f6058bf6ae45ff84ad2aded4b"
integrity sha512-gt3PKXs0DBoL9xCvOIIZ2NEqAGZqHjAnmVbfQtB620V0uReIQutpel14KcneZuer7UioY8ALKZ7iocavvzTNFA==
dependencies:
regenerator-runtime "^0.14.0"
regenerator-runtime "^0.13.11"
"@babel/template@^7.18.10", "@babel/template@^7.20.7", "@babel/template@^7.3.3":
version "7.20.7"
@ -9410,11 +9410,6 @@ regenerator-runtime@^0.13.11, regenerator-runtime@^0.13.3, regenerator-runtime@^
resolved "https://registry.yarnpkg.com/regenerator-runtime/-/regenerator-runtime-0.13.11.tgz#f6dca3e7ceec20590d07ada785636a90cdca17f9"
integrity sha512-kY1AZVr2Ra+t+piVaJ4gxaFaReZVH40AKNo7UCX6W+dEwBo/2oZJzqfuN1qLq1oL45o56cPaTXELwrTh8Fpggg==
regenerator-runtime@^0.14.0:
version "0.14.0"
resolved "https://registry.yarnpkg.com/regenerator-runtime/-/regenerator-runtime-0.14.0.tgz#5e19d68eb12d486f797e15a3c6a918f7cec5eb45"
integrity sha512-srw17NI0TUWHuGa5CFGGmhfNIeja30WMBfbslPNhf6JrqQlLN5gcrvig1oqPxiVaXb0oW0XRKtH6Nngs5lKCIA==
regenerator-transform@^0.15.0:
version "0.15.0"
resolved "https://registry.yarnpkg.com/regenerator-transform/-/regenerator-transform-0.15.0.tgz#cbd9ead5d77fae1a48d957cf889ad0586adb6537"