upub/src/server/dispatcher.rs

use base64::Engine;
use openssl::{hash::MessageDigest, pkey::{PKey, Private}, sign::Signer};
use reqwest::header::{CONTENT_TYPE, USER_AGENT};
use sea_orm::{ColumnTrait, Condition, DatabaseConnection, EntityTrait, Order, QueryFilter, QueryOrder};
use tokio::{sync::broadcast, task::JoinHandle};

use apb::{ActivityMut, Node};
use crate::{routes::activitypub::{activity::ap_activity, object::ap_object}, errors::UpubError, model, server::Context, VERSION};

pub struct Dispatcher {
	waker: broadcast::Sender<()>,
}

impl Default for Dispatcher {
	fn default() -> Self {
		let (waker, _) = broadcast::channel(1);
		Dispatcher { waker }
	}
}

impl Dispatcher {
	pub fn new() -> Self { Dispatcher::default() }

	pub fn spawn(&self, db: DatabaseConnection, domain: String, poll_interval: u64) -> JoinHandle<()> {
		let waker = self.waker.subscribe();
		tokio::spawn(async move {
			if let Err(e) = worker(db, domain, poll_interval, waker).await {
				tracing::error!("delivery worker exited with error: {e}");
			}
		})
	}

	pub fn wakeup(&self) {
		match self.waker.send(()) {
			Err(_) => tracing::error!("no worker to wakeup"), 
			Ok(n) => tracing::debug!("woken {n} workers"),
		}
	}
}

async fn worker(db: DatabaseConnection, domain: String, poll_interval: u64, mut waker: broadcast::Receiver<()>) -> Result<(), UpubError> {
	loop {
		let Some(delivery) = model::delivery::Entity::find()
			.filter(Condition::all().add(model::delivery::Column::NotBefore.lte(chrono::Utc::now())))
			.order_by(model::delivery::Column::NotBefore, Order::Asc)
			.one(&db)
			.await?
		else {
			tokio::select! {
				biased;
				_ = waker.recv() => {},
				_ = tokio::time::sleep(std::time::Duration::from_secs(poll_interval)) => {},
			}
			continue
		};

		let del_row = model::delivery::ActiveModel {
			id: sea_orm::ActiveValue::Set(delivery.id),
			..Default::default()
		};
		let del = model::delivery::Entity::delete(del_row)
			.exec(&db)
			.await?;

		if del.rows_affected == 0 {
			// another worker claimed this delivery
			continue; // go back to the top
		}
		if delivery.expired() {
			// try polling for another one
			continue; // go back to top
		}

		tracing::info!("delivering {} to {}", delivery.activity, delivery.target);

		let payload = match model::activity::Entity::find_by_id(&delivery.activity)
			.find_also_related(model::object::Entity)
			.one(&db)
			.await? // TODO probably should not fail here and at least re-insert the delivery
		{
			Some((activity, Some(object))) => ap_activity(activity).set_object(Node::object(ap_object(object))),
			Some((activity, None)) => ap_activity(activity),
			None => {
				tracing::warn!("skipping dispatch for deleted object {}", delivery.activity);
				continue;
			},
		};

		let Some(model::user::Model{ private_key: Some(key), .. }) = model::user::Entity::find_by_id(&delivery.actor)
			.one(&db).await?
		else { 
			tracing::error!("can not dispatch activity for user without private key: {}", delivery.actor);
			continue;
		};

		let Ok(key) = PKey::private_key_from_pem(key.as_bytes())
		else {
			tracing::error!("failed parsing private key for user {}", delivery.actor);
			continue;
		};

		if let Err(e) = deliver(&key, &delivery.target, &delivery.actor, payload, &domain).await {
			tracing::warn!("failed delivery of {} to {} : {e}", delivery.activity, delivery.target);
			let new_delivery = model::delivery::ActiveModel {
				id: sea_orm::ActiveValue::NotSet,
				not_before: sea_orm::ActiveValue::Set(delivery.next_delivery()),
				actor: sea_orm::ActiveValue::Set(delivery.actor),
				target: sea_orm::ActiveValue::Set(delivery.target),
				activity: sea_orm::ActiveValue::Set(delivery.activity),
				created: sea_orm::ActiveValue::Set(delivery.created),
				attempt: sea_orm::ActiveValue::Set(delivery.attempt + 1),
			};
			model::delivery::Entity::insert(new_delivery).exec(&db).await?;
		}
	}
}

async fn deliver(key: &PKey<Private>, to: &str, from: &str, payload: serde_json::Value, domain: &str) -> Result<(), UpubError> {
	let payload = serde_json::to_string(&payload).unwrap();
	let digest = format!("sha-256={}", base64::prelude::BASE64_STANDARD.encode(openssl::sha::sha256(payload.as_bytes())));
	let host = Context::server(to);
	let date = chrono::Utc::now().format("%a, %d %b %Y %H:%M:%S GMT").to_string(); // lmao @ "GMT"
	let path = to.replace("https://", "").replace("http://", "").replace(&host, "");

	// let headers : BTreeMap<String, String> = [
	// 	("Host".to_string(), host.clone()),
	// 	("Date".to_string(), date.clone()),
	// 	("Digest".to_string(), digest.clone()),
	// ].into();

	// let signature_header = Config::new()
	// 	.dont_use_created_field()
	// 	.require_header("host")
	// 	.require_header("date")
	// 	.require_header("digest")
	// 	.begin_sign("POST", &path, headers)
	// 	.unwrap()
	// 	.sign(format!("{from}#main-key"), |to_sign| {
	// 		tracing::info!("signing '{to_sign}'");
	// 		let mut signer = Signer::new(MessageDigest::sha256(), key)?;
	// 		signer.update(to_sign.as_bytes())?;
	// 		let signature = base64::prelude::BASE64_URL_SAFE.encode(signer.sign_to_vec()?);
	// 		Ok(signature) as Result<_, UpubError>
	// 	})
	// 	.unwrap()
	// 	.signature_header();
	
	let signature_header = {
		let to_sign = format!("(request-target): post {path}\nhost: {host}\ndate: {date}\ndigest: {digest}");
		let mut signer = Signer::new(MessageDigest::sha256(), key)?;
		signer.update(to_sign.as_bytes())?;
		let signature = base64::prelude::BASE64_STANDARD.encode(signer.sign_to_vec()?);
		format!("keyId=\"{from}#main-key\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date digest\",signature=\"{signature}\"")
	};

	reqwest::Client::new()
		.post(to)
		.header("Host", host)
		.header("Date", date)
		.header("Digest", digest)
		.header("Signature", signature_header)
		.header(CONTENT_TYPE, "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"")
		.header(USER_AGENT, format!("upub+{VERSION} ({domain})")) // TODO put instance admin email
		.body(payload)
		.send()
		.await?
		.error_for_status()?;

	Ok(())
}
feat: simple delivery system + http signatures 2024-03-25 05:07:58 +01:00			`use base64::Engine;`
fix: use a reasonable crate for http signing http_signatures is abandoned, http_sig is weird??? 2024-03-26 19:27:35 +01:00			`use openssl::{hash::MessageDigest, pkey::{PKey, Private}, sign::Signer};`
fix: header and LD context... 2024-03-26 03:41:17 +01:00			`use reqwest::header::{CONTENT_TYPE, USER_AGENT};`
fix: use a reasonable crate for http signing http_signatures is abandoned, http_sig is weird??? 2024-03-26 19:27:35 +01:00			`use sea_orm::{ColumnTrait, Condition, DatabaseConnection, EntityTrait, Order, QueryFilter, QueryOrder};`
feat: immediately wakeup dispatcher when sending 2024-03-27 05:09:20 +01:00			`use tokio::{sync::broadcast, task::JoinHandle};`
feat: simple delivery system + http signatures 2024-03-25 05:07:58 +01:00
feat: separated apb types into crate, reworked no more "impl ..." hell, each trait has associated types so that we know it's a "Self::Link" or a "Self::Actor", but in practice they can both be a "serde_json::Value" and thus we can change its type. also Node::Array is now a Vec<T> rather than Vec<Node<T>> because it makes more sense. Node is Iterable and will yield zero (Empty\|Link), one (Object) or many (Array) Ts 2024-04-06 16:56:13 +02:00			`use apb::{ActivityMut, Node};`
chore: restructured completely kinda MVC: Model -> model View -> routes Controller -> server 2024-04-09 01:14:48 +02:00			`use crate::{routes::activitypub::{activity::ap_activity, object::ap_object}, errors::UpubError, model, server::Context, VERSION};`
feat: simple delivery system + http signatures 2024-03-25 05:07:58 +01:00
feat: immediately wakeup dispatcher when sending 2024-03-27 05:09:20 +01:00			`pub struct Dispatcher {`
			`waker: broadcast::Sender<()>,`
			`}`
feat: simple delivery system + http signatures 2024-03-25 05:07:58 +01:00
chore: restructured completely kinda MVC: Model -> model View -> routes Controller -> server 2024-04-09 01:14:48 +02:00			`impl Default for Dispatcher {`
			`fn default() -> Self {`
feat: immediately wakeup dispatcher when sending 2024-03-27 05:09:20 +01:00			`let (waker, _) = broadcast::channel(1);`
			`Dispatcher { waker }`
			`}`
chore: restructured completely kinda MVC: Model -> model View -> routes Controller -> server 2024-04-09 01:14:48 +02:00			`}`

			`impl Dispatcher {`
			`pub fn new() -> Self { Dispatcher::default() }`
feat: immediately wakeup dispatcher when sending 2024-03-27 05:09:20 +01:00
			`pub fn spawn(&self, db: DatabaseConnection, domain: String, poll_interval: u64) -> JoinHandle<()> {`
			`let waker = self.waker.subscribe();`
feat: simple delivery system + http signatures 2024-03-25 05:07:58 +01:00			`tokio::spawn(async move {`
feat: immediately wakeup dispatcher when sending 2024-03-27 05:09:20 +01:00			`if let Err(e) = worker(db, domain, poll_interval, waker).await {`
feat: catch dispatcher errors 2024-03-26 03:11:59 +01:00			`tracing::error!("delivery worker exited with error: {e}");`
			`}`
			`})`
			`}`
feat: immediately wakeup dispatcher when sending 2024-03-27 05:09:20 +01:00
			`pub fn wakeup(&self) {`
			`match self.waker.send(()) {`
			`Err(_) => tracing::error!("no worker to wakeup"),`
			`Ok(n) => tracing::debug!("woken {n} workers"),`
			`}`
			`}`
feat: catch dispatcher errors 2024-03-26 03:11:59 +01:00			`}`
feat: simple delivery system + http signatures 2024-03-25 05:07:58 +01:00
feat: immediately wakeup dispatcher when sending 2024-03-27 05:09:20 +01:00			`async fn worker(db: DatabaseConnection, domain: String, poll_interval: u64, mut waker: broadcast::Receiver<()>) -> Result<(), UpubError> {`
feat: catch dispatcher errors 2024-03-26 03:11:59 +01:00			`loop {`
			`let Some(delivery) = model::delivery::Entity::find()`
			`.filter(Condition::all().add(model::delivery::Column::NotBefore.lte(chrono::Utc::now())))`
			`.order_by(model::delivery::Column::NotBefore, Order::Asc)`
			`.one(&db)`
			`.await?`
feat: improved dispatcher sleep logic 2024-03-26 23:53:44 +01:00			`else {`
feat: immediately wakeup dispatcher when sending 2024-03-27 05:09:20 +01:00			`tokio::select! {`
			`biased;`
			`_ = waker.recv() => {},`
			`_ = tokio::time::sleep(std::time::Duration::from_secs(poll_interval)) => {},`
			`}`
feat: improved dispatcher sleep logic 2024-03-26 23:53:44 +01:00			`continue`
			`};`
feat: simple delivery system + http signatures 2024-03-25 05:07:58 +01:00
feat: catch dispatcher errors 2024-03-26 03:11:59 +01:00			`let del_row = model::delivery::ActiveModel {`
			`id: sea_orm::ActiveValue::Set(delivery.id),`
			`..Default::default()`
			`};`
			`let del = model::delivery::Entity::delete(del_row)`
			`.exec(&db)`
			`.await?;`
feat: simple delivery system + http signatures 2024-03-25 05:07:58 +01:00
feat: catch dispatcher errors 2024-03-26 03:11:59 +01:00			`if del.rows_affected == 0 {`
			`// another worker claimed this delivery`
			`continue; // go back to the top`
			`}`
			`if delivery.expired() {`
			`// try polling for another one`
			`continue; // go back to top`
			`}`
fix: some logging on fetcher and dispatcher 2024-03-26 01:14:43 +01:00
feat: catch dispatcher errors 2024-03-26 03:11:59 +01:00			`tracing::info!("delivering {} to {}", delivery.activity, delivery.target);`
feat: simple delivery system + http signatures 2024-03-25 05:07:58 +01:00
fix: use a reasonable crate for http signing http_signatures is abandoned, http_sig is weird??? 2024-03-26 19:27:35 +01:00			`let payload = match model::activity::Entity::find_by_id(&delivery.activity)`
feat: catch dispatcher errors 2024-03-26 03:11:59 +01:00			`.find_also_related(model::object::Entity)`
			`.one(&db)`
			`.await? // TODO probably should not fail here and at least re-insert the delivery`
			`{`
			`Some((activity, Some(object))) => ap_activity(activity).set_object(Node::object(ap_object(object))),`
			`Some((activity, None)) => ap_activity(activity),`
			`None => {`
			`tracing::warn!("skipping dispatch for deleted object {}", delivery.activity);`
			`continue;`
			`},`
			`};`
feat: simple delivery system + http signatures 2024-03-25 05:07:58 +01:00
fix: more resilient priv key selection 2024-03-26 03:21:00 +01:00			`let Some(model::user::Model{ private_key: Some(key), .. }) = model::user::Entity::find_by_id(&delivery.actor)`
			`.one(&db).await?`
feat: catch dispatcher errors 2024-03-26 03:11:59 +01:00			`else {`
			`tracing::error!("can not dispatch activity for user without private key: {}", delivery.actor);`
			`continue;`
			`};`
feat: simple delivery system + http signatures 2024-03-25 05:07:58 +01:00
fix: more resilient priv key selection 2024-03-26 03:21:00 +01:00			`let Ok(key) = PKey::private_key_from_pem(key.as_bytes())`
feat: catch dispatcher errors 2024-03-26 03:11:59 +01:00			`else {`
			`tracing::error!("failed parsing private key for user {}", delivery.actor);`
			`continue;`
			`};`
feat: simple delivery system + http signatures 2024-03-25 05:07:58 +01:00
fix: use a reasonable crate for http signing http_signatures is abandoned, http_sig is weird??? 2024-03-26 19:27:35 +01:00			`if let Err(e) = deliver(&key, &delivery.target, &delivery.actor, payload, &domain).await {`
feat: catch dispatcher errors 2024-03-26 03:11:59 +01:00			`tracing::warn!("failed delivery of {} to {} : {e}", delivery.activity, delivery.target);`
			`let new_delivery = model::delivery::ActiveModel {`
			`id: sea_orm::ActiveValue::NotSet,`
			`not_before: sea_orm::ActiveValue::Set(delivery.next_delivery()),`
			`actor: sea_orm::ActiveValue::Set(delivery.actor),`
			`target: sea_orm::ActiveValue::Set(delivery.target),`
			`activity: sea_orm::ActiveValue::Set(delivery.activity),`
			`created: sea_orm::ActiveValue::Set(delivery.created),`
			`attempt: sea_orm::ActiveValue::Set(delivery.attempt + 1),`
			`};`
			`model::delivery::Entity::insert(new_delivery).exec(&db).await?;`
			`}`
feat: simple delivery system + http signatures 2024-03-25 05:07:58 +01:00			`}`
			`}`

fix: use a reasonable crate for http signing http_signatures is abandoned, http_sig is weird??? 2024-03-26 19:27:35 +01:00			`async fn deliver(key: &PKey<Private>, to: &str, from: &str, payload: serde_json::Value, domain: &str) -> Result<(), UpubError> {`
			`let payload = serde_json::to_string(&payload).unwrap();`
fix: oh yes that was it! now digest 2024-03-27 02:11:14 +01:00			`let digest = format!("sha-256={}", base64::prelude::BASE64_STANDARD.encode(openssl::sha::sha256(payload.as_bytes())));`
fix: use date format mastodon shows in docs can't be this, or can it? 2024-03-26 20:17:41 +01:00			`let host = Context::server(to);`
fix: omg is it the day of the week? 2024-03-27 02:08:50 +01:00			`let date = chrono::Utc::now().format("%a, %d %b %Y %H:%M:%S GMT").to_string(); // lmao @ "GMT"`
fix: ops must include digest and compose header 2024-03-26 21:30:41 +01:00			`let path = to.replace("https://", "").replace("http://", "").replace(&host, "");`
fix: use a reasonable crate for http signing http_signatures is abandoned, http_sig is weird??? 2024-03-26 19:27:35 +01:00
fix: ops must include digest and compose header 2024-03-26 21:30:41 +01:00			`// let headers : BTreeMap<String, String> = [`
			`// ("Host".to_string(), host.clone()),`
			`// ("Date".to_string(), date.clone()),`
			`// ("Digest".to_string(), digest.clone()),`
			`// ].into();`
fix: use a reasonable crate for http signing http_signatures is abandoned, http_sig is weird??? 2024-03-26 19:27:35 +01:00
fix: maybe if i do it the old way?? 2024-03-26 21:24:10 +01:00			`// let signature_header = Config::new()`
			`// .dont_use_created_field()`
			`// .require_header("host")`
			`// .require_header("date")`
			`// .require_header("digest")`
			`// .begin_sign("POST", &path, headers)`
			`// .unwrap()`
			`// .sign(format!("{from}#main-key"), \|to_sign\| {`
			`// tracing::info!("signing '{to_sign}'");`
			`// let mut signer = Signer::new(MessageDigest::sha256(), key)?;`
			`// signer.update(to_sign.as_bytes())?;`
			`// let signature = base64::prelude::BASE64_URL_SAFE.encode(signer.sign_to_vec()?);`
			`// Ok(signature) as Result<_, UpubError>`
			`// })`
			`// .unwrap()`
			`// .signature_header();`

			`let signature_header = {`
fix: ops must include digest and compose header 2024-03-26 21:30:41 +01:00			`let to_sign = format!("(request-target): post {path}\nhost: {host}\ndate: {date}\ndigest: {digest}");`
fix: maybe if i do it the old way?? 2024-03-26 21:24:10 +01:00			`let mut signer = Signer::new(MessageDigest::sha256(), key)?;`
			`signer.update(to_sign.as_bytes())?;`
fix: oh yes that was it! now digest 2024-03-27 02:11:14 +01:00			`let signature = base64::prelude::BASE64_STANDARD.encode(signer.sign_to_vec()?);`
fix: include request-target 2024-03-26 23:42:22 +01:00			`format!("keyId=\"{from}#main-key\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date digest\",signature=\"{signature}\"")`
fix: maybe if i do it the old way?? 2024-03-26 21:24:10 +01:00			`};`
fix: use a reasonable crate for http signing http_signatures is abandoned, http_sig is weird??? 2024-03-26 19:27:35 +01:00
fix: less extreme logging for deliveries 2024-03-27 04:38:14 +01:00			`reqwest::Client::new()`
fix: use a reasonable crate for http signing http_signatures is abandoned, http_sig is weird??? 2024-03-26 19:27:35 +01:00			`.post(to)`
fix: use date format mastodon shows in docs can't be this, or can it? 2024-03-26 20:17:41 +01:00			`.header("Host", host)`
fix: check status code when delivering 2024-03-26 02:50:58 +01:00			`.header("Date", date)`
fix: calculate digest, remove algo field https://docs.joinmastodon.org/spec/security/#http 2024-03-26 05:25:35 +01:00			`.header("Digest", digest)`
fix: check status code when delivering 2024-03-26 02:50:58 +01:00			`.header("Signature", signature_header)`
fix: also full AP header 2024-03-26 21:02:07 +01:00			`.header(CONTENT_TYPE, "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"")`
fix: check status code when delivering 2024-03-26 02:50:58 +01:00			`.header(USER_AGENT, format!("upub+{VERSION} ({domain})")) // TODO put instance admin email`
fix: use a reasonable crate for http signing http_signatures is abandoned, http_sig is weird??? 2024-03-26 19:27:35 +01:00			`.body(payload)`
fix: check status code when delivering 2024-03-26 02:50:58 +01:00			`.send()`
fix: less extreme logging for deliveries 2024-03-27 04:38:14 +01:00			`.await?`
			`.error_for_status()?;`

			`Ok(())`
fix: check status code when delivering 2024-03-26 02:50:58 +01:00			`}`