upub/src/routes/activitypub/inbox.rs

use apb::{server::Inbox, Activity, ActivityType};
use axum::{extract::{Query, State}, http::StatusCode, Json};
use sea_orm::{QueryFilter, QuerySelect};

use crate::{errors::UpubError, model::{self, addressing::WrappedObject}, server::{auth::{AuthIdentity, Identity}, Context}, url};

use super::{jsonld::LD, JsonLD, Pagination};


pub async fn get(
	State(ctx): State<Context>,
) -> Result<JsonLD<serde_json::Value>, StatusCode> {
	Ok(JsonLD(ctx.ap_collection(&url!(ctx, "/inbox"), None).ld_context()))
}

pub async fn page(
	State(ctx): State<Context>,
	AuthIdentity(auth): AuthIdentity,
	Query(page): Query<Pagination>,
) -> crate::Result<JsonLD<serde_json::Value>> {
	let limit = page.batch.unwrap_or(20).min(50);
	let offset = page.offset.unwrap_or(0);
	let objects = model::addressing::Entity::find_objects()
		.filter(auth.filter_condition())
		.limit(limit)
		.offset(offset)
		.into_model::<WrappedObject>()
		.all(ctx.db())
		.await?;
	let mut out = Vec::new();
	for object in objects {
		out.push(object.ap_filled(ctx.db()).await?);
	}
	Ok(JsonLD(
		ctx.ap_collection_page(
			&url!(ctx, "/inbox/page"),
			offset, limit, out,
		).ld_context()
	))
}

macro_rules! pretty_json {
	($json:ident) => {
		serde_json::to_string_pretty(&$json).expect("failed serializing to string serde_json::Value")
	}
}


pub async fn post(
	State(ctx): State<Context>,
	AuthIdentity(auth): AuthIdentity,
	Json(activity): Json<serde_json::Value>
) -> crate::Result<()> {
	let Identity::Remote(server) = auth else {
		if activity.activity_type() != Some(ActivityType::Delete) { // this is spammy af, ignore them!
			tracing::warn!("refusing unauthorized activity: {}", pretty_json!(activity));
		}
		if matches!(auth, Identity::Anonymous) {
			return Err(UpubError::unauthorized());
		} else {
			return Err(UpubError::forbidden());
		}
	};

	let Some(actor) = activity.actor().id() else {
		return Err(UpubError::bad_request());
	};

	// TODO add whitelist of relays
	if !server.ends_with(&Context::server(&actor)) {
		return Err(UpubError::unauthorized());
	}

	// TODO we could process Links and bare Objects maybe, but probably out of AP spec?
	match activity.activity_type().ok_or_else(UpubError::bad_request)? {
		ActivityType::Activity => {
			tracing::warn!("skipping unprocessable base activity: {}", pretty_json!(activity));
			Err(StatusCode::UNPROCESSABLE_ENTITY.into()) // won't ingest useless stuff
		},

		ActivityType::Create => Ok(ctx.create(server, activity).await?),
		ActivityType::Like => Ok(ctx.like(server, activity).await?),
		ActivityType::Follow => Ok(ctx.follow(server, activity).await?),
		ActivityType::Announce => Ok(ctx.announce(server, activity).await?),
		ActivityType::Accept(_) => Ok(ctx.accept(server, activity).await?),
		ActivityType::Reject(_) => Ok(ctx.reject(server, activity).await?),
		ActivityType::Undo => Ok(ctx.undo(server, activity).await?),
		ActivityType::Delete => Ok(ctx.delete(server, activity).await?),
		ActivityType::Update => Ok(ctx.update(server, activity).await?),

		_x => {
			tracing::info!("received unimplemented activity on inbox: {}", pretty_json!(activity));
			Err(StatusCode::NOT_IMPLEMENTED.into())
		},
	}
}
chore: unused imports 2024-04-14 16:57:36 +02:00			`use apb::{server::Inbox, Activity, ActivityType};`
feat: added all inboxes and outboxes base POST to /outbox still returns NOT IMPLEMENTED tho 2024-04-12 20:01:47 +02:00			`use axum::{extract::{Query, State}, http::StatusCode, Json};`
chore: imports 2024-04-22 02:52:18 +02:00			`use sea_orm::{QueryFilter, QuerySelect};`
chore: split inbox/outbox, added forgotten mods 2024-03-24 04:05:09 +01:00
fix: oops i meant server inbox GET, now it is 2024-04-23 06:29:52 +02:00			`use crate::{errors::UpubError, model::{self, addressing::WrappedObject}, server::{auth::{AuthIdentity, Identity}, Context}, url};`
chore: split inbox/outbox, added forgotten mods 2024-03-24 04:05:09 +01:00
feat: added all inboxes and outboxes base POST to /outbox still returns NOT IMPLEMENTED tho 2024-04-12 20:01:47 +02:00			`use super::{jsonld::LD, JsonLD, Pagination};`
chore: split inbox/outbox, added forgotten mods 2024-03-24 04:05:09 +01:00

chore: refactor collections with utils, moved stuff 2024-03-28 04:52:17 +01:00			`pub async fn get(`
			`State(ctx): State<Context>,`
			`) -> Result<JsonLD<serde_json::Value>, StatusCode> {`
			`Ok(JsonLD(ctx.ap_collection(&url!(ctx, "/inbox"), None).ld_context()))`
			`}`

			`pub async fn page(`
			`State(ctx): State<Context>,`
			`AuthIdentity(auth): AuthIdentity,`
			`Query(page): Query<Pagination>,`
chore: refactored a little 2024-04-12 22:56:29 +02:00			`) -> crate::Result<JsonLD<serde_json::Value>> {`
chore: refactor collections with utils, moved stuff 2024-03-28 04:52:17 +01:00			`let limit = page.batch.unwrap_or(20).min(50);`
feat: add global inbox get, which respects privacy 2024-03-24 04:58:49 +01:00			`let offset = page.offset.unwrap_or(0);`
fix: oops i meant server inbox GET, now it is 2024-04-23 06:29:52 +02:00			`let objects = model::addressing::Entity::find_objects()`
feat: inbox/outbox security and obj embedding 2024-04-12 19:36:00 +02:00			`.filter(auth.filter_condition())`
chore: refactor collections with utils, moved stuff 2024-03-28 04:52:17 +01:00			`.limit(limit)`
			`.offset(offset)`
fix: oops i meant server inbox GET, now it is 2024-04-23 06:29:52 +02:00			`.into_model::<WrappedObject>()`
chore: refactor collections with utils, moved stuff 2024-03-28 04:52:17 +01:00			`.all(ctx.db())`
			`.await?;`
feat: show attachments in inbox, outbox and /object attachments are lazy loaded, so it may be efficient if not all posts have media, but it should probably be eager loaded anyway eventually 2024-04-21 23:19:26 +02:00			`let mut out = Vec::new();`
fix: oops i meant server inbox GET, now it is 2024-04-23 06:29:52 +02:00			`for object in objects {`
			`out.push(object.ap_filled(ctx.db()).await?);`
feat: show attachments in inbox, outbox and /object attachments are lazy loaded, so it may be efficient if not all posts have media, but it should probably be eager loaded anyway eventually 2024-04-21 23:19:26 +02:00			`}`
chore: refactor collections with utils, moved stuff 2024-03-28 04:52:17 +01:00			`Ok(JsonLD(`
			`ctx.ap_collection_page(`
			`&url!(ctx, "/inbox/page"),`
feat: show attachments in inbox, outbox and /object attachments are lazy loaded, so it may be efficient if not all posts have media, but it should probably be eager loaded anyway eventually 2024-04-21 23:19:26 +02:00			`offset, limit, out,`
chore: refactor collections with utils, moved stuff 2024-03-28 04:52:17 +01:00			`).ld_context()`
			`))`
chore: split inbox/outbox, added forgotten mods 2024-03-24 04:05:09 +01:00			`}`
feat: added all inboxes and outboxes base POST to /outbox still returns NOT IMPLEMENTED tho 2024-04-12 20:01:47 +02:00
fix: track deletions and rejected activities 2024-04-18 14:01:55 +02:00			`macro_rules! pretty_json {`
			`($json:ident) => {`
			`serde_json::to_string_pretty(&$json).expect("failed serializing to string serde_json::Value")`
			`}`
			`}`
feat: inbox requests remote server auth 2024-04-13 01:49:04 +02:00

feat: added all inboxes and outboxes base POST to /outbox still returns NOT IMPLEMENTED tho 2024-04-12 20:01:47 +02:00			`pub async fn post(`
			`State(ctx): State<Context>,`
feat: inbox requests remote server auth 2024-04-13 01:49:04 +02:00			`AuthIdentity(auth): AuthIdentity,`
feat: added all inboxes and outboxes base POST to /outbox still returns NOT IMPLEMENTED tho 2024-04-12 20:01:47 +02:00			`Json(activity): Json<serde_json::Value>`
feat: inbox requests remote server auth 2024-04-13 01:49:04 +02:00			`) -> crate::Result<()> {`
feat: implemented authed inbox 2024-04-22 22:52:05 +02:00			`let Identity::Remote(server) = auth else {`
fix: jfc mastodon stop sending me deletions!!!!!!! 2024-04-19 16:15:05 +02:00			`if activity.activity_type() != Some(ActivityType::Delete) { // this is spammy af, ignore them!`
			`tracing::warn!("refusing unauthorized activity: {}", pretty_json!(activity));`
			`}`
feat: implemented authed inbox 2024-04-22 22:52:05 +02:00			`if matches!(auth, Identity::Anonymous) {`
			`return Err(UpubError::unauthorized());`
			`} else {`
			`return Err(UpubError::forbidden());`
fix: track deletions and rejected activities 2024-04-18 14:01:55 +02:00			`}`
feat: implemented authed inbox 2024-04-22 22:52:05 +02:00			`};`

			`let Some(actor) = activity.actor().id() else {`
			`return Err(UpubError::bad_request());`
			`};`

			`// TODO add whitelist of relays`
			`if !server.ends_with(&Context::server(&actor)) {`
			`return Err(UpubError::unauthorized());`
feat: inbox requests remote server auth 2024-04-13 01:49:04 +02:00			`}`
feat: added all inboxes and outboxes base POST to /outbox still returns NOT IMPLEMENTED tho 2024-04-12 20:01:47 +02:00
feat: process some Undo activities, small refactor 2024-04-14 16:47:36 +02:00			`// TODO we could process Links and bare Objects maybe, but probably out of AP spec?`
			`match activity.activity_type().ok_or_else(UpubError::bad_request)? {`
			`ActivityType::Activity => {`
fix: track deletions and rejected activities 2024-04-18 14:01:55 +02:00			`tracing::warn!("skipping unprocessable base activity: {}", pretty_json!(activity));`
feat: added all inboxes and outboxes base POST to /outbox still returns NOT IMPLEMENTED tho 2024-04-12 20:01:47 +02:00			`Err(StatusCode::UNPROCESSABLE_ENTITY.into()) // won't ingest useless stuff`
			`},`

feat: implemented authed inbox 2024-04-22 22:52:05 +02:00			`ActivityType::Create => Ok(ctx.create(server, activity).await?),`
			`ActivityType::Like => Ok(ctx.like(server, activity).await?),`
			`ActivityType::Follow => Ok(ctx.follow(server, activity).await?),`
			`ActivityType::Announce => Ok(ctx.announce(server, activity).await?),`
			`ActivityType::Accept(_) => Ok(ctx.accept(server, activity).await?),`
			`ActivityType::Reject(_) => Ok(ctx.reject(server, activity).await?),`
			`ActivityType::Undo => Ok(ctx.undo(server, activity).await?),`
			`ActivityType::Delete => Ok(ctx.delete(server, activity).await?),`
			`ActivityType::Update => Ok(ctx.update(server, activity).await?),`
feat: process some Undo activities, small refactor 2024-04-14 16:47:36 +02:00
			`_x => {`
fix: track deletions and rejected activities 2024-04-18 14:01:55 +02:00			`tracing::info!("received unimplemented activity on inbox: {}", pretty_json!(activity));`
feat: added all inboxes and outboxes base POST to /outbox still returns NOT IMPLEMENTED tho 2024-04-12 20:01:47 +02:00			`Err(StatusCode::NOT_IMPLEMENTED.into())`
			`},`
			`}`
			`}`