upub/src/routes/activitypub/inbox.rs

use apb::{server::Inbox, Activity, ActivityType};
use axum::{extract::{Query, State}, http::StatusCode, Json};
use sea_orm::{Order, QueryFilter, QueryOrder, QuerySelect};

use crate::{errors::UpubError, model::{self, addressing::EmbeddedActivity}, server::{auth::{AuthIdentity, Identity}, Context}, url};

use super::{jsonld::LD, JsonLD, Pagination};


pub async fn get(
	State(ctx): State<Context>,
) -> Result<JsonLD<serde_json::Value>, StatusCode> {
	Ok(JsonLD(ctx.ap_collection(&url!(ctx, "/inbox"), None).ld_context()))
}

pub async fn page(
	State(ctx): State<Context>,
	AuthIdentity(auth): AuthIdentity,
	Query(page): Query<Pagination>,
) -> crate::Result<JsonLD<serde_json::Value>> {
	let limit = page.batch.unwrap_or(20).min(50);
	let offset = page.offset.unwrap_or(0);
	let activities = model::addressing::Entity::find_activities()
		.filter(auth.filter_condition())
		.limit(limit)
		.offset(offset)
		.into_model::<EmbeddedActivity>()
		.all(ctx.db())
		.await?;
	let mut out = Vec::new();
	for activity in activities {
		out.push(activity.ap_filled(ctx.db()).await?);
	}
	Ok(JsonLD(
		ctx.ap_collection_page(
			&url!(ctx, "/inbox/page"),
			offset, limit, out,
		).ld_context()
	))
}

macro_rules! pretty_json {
	($json:ident) => {
		serde_json::to_string_pretty(&$json).expect("failed serializing to string serde_json::Value")
	}
}


pub async fn post(
	State(ctx): State<Context>,
	AuthIdentity(auth): AuthIdentity,
	Json(activity): Json<serde_json::Value>
) -> crate::Result<()> {
	if !matches!(auth, Identity::Remote(_)) {
		if activity.activity_type() != Some(ActivityType::Delete) { // this is spammy af, ignore them!
			tracing::warn!("refusing unauthorized activity: {}", pretty_json!(activity));
		}
		match auth {
			Identity::Local(_user) => return Err(UpubError::forbidden()),
			Identity::Anonymous => return Err(UpubError::unauthorized()),
			_ => {},
		}
	}

	// TODO we could process Links and bare Objects maybe, but probably out of AP spec?
	match activity.activity_type().ok_or_else(UpubError::bad_request)? {
		ActivityType::Activity => {
			tracing::warn!("skipping unprocessable base activity: {}", pretty_json!(activity));
			Err(StatusCode::UNPROCESSABLE_ENTITY.into()) // won't ingest useless stuff
		},

		ActivityType::Delete => Ok(ctx.delete(activity).await?),
		ActivityType::Follow => Ok(ctx.follow(activity).await?),
		ActivityType::Accept(_) => Ok(ctx.accept(activity).await?),
		ActivityType::Reject(_) => Ok(ctx.reject(activity).await?),
		ActivityType::Like => Ok(ctx.like(activity).await?),
		ActivityType::Create => Ok(ctx.create(activity).await?),
		ActivityType::Update => Ok(ctx.update(activity).await?),
		ActivityType::Undo => Ok(ctx.undo(activity).await?),
		ActivityType::Announce => Ok(ctx.announce(activity).await?),

		_x => {
			tracing::info!("received unimplemented activity on inbox: {}", pretty_json!(activity));
			Err(StatusCode::NOT_IMPLEMENTED.into())
		},
	}
}
chore: unused imports 2024-04-14 16:57:36 +02:00			`use apb::{server::Inbox, Activity, ActivityType};`
feat: added all inboxes and outboxes base POST to /outbox still returns NOT IMPLEMENTED tho 2024-04-12 20:01:47 +02:00			`use axum::{extract::{Query, State}, http::StatusCode, Json};`
feat: inbox/outbox security and obj embedding 2024-04-12 19:36:00 +02:00			`use sea_orm::{Order, QueryFilter, QueryOrder, QuerySelect};`
chore: split inbox/outbox, added forgotten mods 2024-03-24 04:05:09 +01:00
feat: inbox requests remote server auth 2024-04-13 01:49:04 +02:00			`use crate::{errors::UpubError, model::{self, addressing::EmbeddedActivity}, server::{auth::{AuthIdentity, Identity}, Context}, url};`
chore: split inbox/outbox, added forgotten mods 2024-03-24 04:05:09 +01:00
feat: added all inboxes and outboxes base POST to /outbox still returns NOT IMPLEMENTED tho 2024-04-12 20:01:47 +02:00			`use super::{jsonld::LD, JsonLD, Pagination};`
chore: split inbox/outbox, added forgotten mods 2024-03-24 04:05:09 +01:00

chore: refactor collections with utils, moved stuff 2024-03-28 04:52:17 +01:00			`pub async fn get(`
			`State(ctx): State<Context>,`
			`) -> Result<JsonLD<serde_json::Value>, StatusCode> {`
			`Ok(JsonLD(ctx.ap_collection(&url!(ctx, "/inbox"), None).ld_context()))`
			`}`

			`pub async fn page(`
			`State(ctx): State<Context>,`
			`AuthIdentity(auth): AuthIdentity,`
			`Query(page): Query<Pagination>,`
chore: refactored a little 2024-04-12 22:56:29 +02:00			`) -> crate::Result<JsonLD<serde_json::Value>> {`
chore: refactor collections with utils, moved stuff 2024-03-28 04:52:17 +01:00			`let limit = page.batch.unwrap_or(20).min(50);`
feat: add global inbox get, which respects privacy 2024-03-24 04:58:49 +01:00			`let offset = page.offset.unwrap_or(0);`
feat: inbox/outbox security and obj embedding 2024-04-12 19:36:00 +02:00			`let activities = model::addressing::Entity::find_activities()`
			`.filter(auth.filter_condition())`
chore: refactor collections with utils, moved stuff 2024-03-28 04:52:17 +01:00			`.limit(limit)`
			`.offset(offset)`
feat: added all inboxes and outboxes base POST to /outbox still returns NOT IMPLEMENTED tho 2024-04-12 20:01:47 +02:00			`.into_model::<EmbeddedActivity>()`
chore: refactor collections with utils, moved stuff 2024-03-28 04:52:17 +01:00			`.all(ctx.db())`
			`.await?;`
feat: show attachments in inbox, outbox and /object attachments are lazy loaded, so it may be efficient if not all posts have media, but it should probably be eager loaded anyway eventually 2024-04-21 23:19:26 +02:00			`let mut out = Vec::new();`
			`for activity in activities {`
			`out.push(activity.ap_filled(ctx.db()).await?);`
			`}`
chore: refactor collections with utils, moved stuff 2024-03-28 04:52:17 +01:00			`Ok(JsonLD(`
			`ctx.ap_collection_page(`
			`&url!(ctx, "/inbox/page"),`
feat: show attachments in inbox, outbox and /object attachments are lazy loaded, so it may be efficient if not all posts have media, but it should probably be eager loaded anyway eventually 2024-04-21 23:19:26 +02:00			`offset, limit, out,`
chore: refactor collections with utils, moved stuff 2024-03-28 04:52:17 +01:00			`).ld_context()`
			`))`
chore: split inbox/outbox, added forgotten mods 2024-03-24 04:05:09 +01:00			`}`
feat: added all inboxes and outboxes base POST to /outbox still returns NOT IMPLEMENTED tho 2024-04-12 20:01:47 +02:00
fix: track deletions and rejected activities 2024-04-18 14:01:55 +02:00			`macro_rules! pretty_json {`
			`($json:ident) => {`
			`serde_json::to_string_pretty(&$json).expect("failed serializing to string serde_json::Value")`
			`}`
			`}`
feat: inbox requests remote server auth 2024-04-13 01:49:04 +02:00

feat: added all inboxes and outboxes base POST to /outbox still returns NOT IMPLEMENTED tho 2024-04-12 20:01:47 +02:00			`pub async fn post(`
			`State(ctx): State<Context>,`
feat: inbox requests remote server auth 2024-04-13 01:49:04 +02:00			`AuthIdentity(auth): AuthIdentity,`
feat: added all inboxes and outboxes base POST to /outbox still returns NOT IMPLEMENTED tho 2024-04-12 20:01:47 +02:00			`Json(activity): Json<serde_json::Value>`
feat: inbox requests remote server auth 2024-04-13 01:49:04 +02:00			`) -> crate::Result<()> {`
fix: track deletions and rejected activities 2024-04-18 14:01:55 +02:00			`if !matches!(auth, Identity::Remote(_)) {`
fix: jfc mastodon stop sending me deletions!!!!!!! 2024-04-19 16:15:05 +02:00			`if activity.activity_type() != Some(ActivityType::Delete) { // this is spammy af, ignore them!`
			`tracing::warn!("refusing unauthorized activity: {}", pretty_json!(activity));`
			`}`
fix: track deletions and rejected activities 2024-04-18 14:01:55 +02:00			`match auth {`
			`Identity::Local(_user) => return Err(UpubError::forbidden()),`
			`Identity::Anonymous => return Err(UpubError::unauthorized()),`
			`_ => {},`
			`}`
feat: inbox requests remote server auth 2024-04-13 01:49:04 +02:00			`}`
feat: added all inboxes and outboxes base POST to /outbox still returns NOT IMPLEMENTED tho 2024-04-12 20:01:47 +02:00
feat: process some Undo activities, small refactor 2024-04-14 16:47:36 +02:00			`// TODO we could process Links and bare Objects maybe, but probably out of AP spec?`
			`match activity.activity_type().ok_or_else(UpubError::bad_request)? {`
			`ActivityType::Activity => {`
fix: track deletions and rejected activities 2024-04-18 14:01:55 +02:00			`tracing::warn!("skipping unprocessable base activity: {}", pretty_json!(activity));`
feat: added all inboxes and outboxes base POST to /outbox still returns NOT IMPLEMENTED tho 2024-04-12 20:01:47 +02:00			`Err(StatusCode::UNPROCESSABLE_ENTITY.into()) // won't ingest useless stuff`
			`},`

feat: process some Undo activities, small refactor 2024-04-14 16:47:36 +02:00			`ActivityType::Delete => Ok(ctx.delete(activity).await?),`
			`ActivityType::Follow => Ok(ctx.follow(activity).await?),`
			`ActivityType::Accept(_) => Ok(ctx.accept(activity).await?),`
			`ActivityType::Reject(_) => Ok(ctx.reject(activity).await?),`
			`ActivityType::Like => Ok(ctx.like(activity).await?),`
			`ActivityType::Create => Ok(ctx.create(activity).await?),`
			`ActivityType::Update => Ok(ctx.update(activity).await?),`
			`ActivityType::Undo => Ok(ctx.undo(activity).await?),`
feat: handle announces 2024-04-20 04:33:23 +02:00			`ActivityType::Announce => Ok(ctx.announce(activity).await?),`
feat: process some Undo activities, small refactor 2024-04-14 16:47:36 +02:00
			`_x => {`
fix: track deletions and rejected activities 2024-04-18 14:01:55 +02:00			`tracing::info!("received unimplemented activity on inbox: {}", pretty_json!(activity));`
feat: added all inboxes and outboxes base POST to /outbox still returns NOT IMPLEMENTED tho 2024-04-12 20:01:47 +02:00			`Err(StatusCode::NOT_IMPLEMENTED.into())`
			`},`
			`}`
			`}`