From 6d143e74cfd4f1201cc7438758fff9956f08f15f Mon Sep 17 00:00:00 2001 From: erik Date: Wed, 6 Dec 2023 13:36:26 +0100 Subject: [PATCH] More clear distinction between sender and receiver of star --- routers/api/v1/activitypub/repository.go | 55 ++++++++++++++++-------- 1 file changed, 36 insertions(+), 19 deletions(-) diff --git a/routers/api/v1/activitypub/repository.go b/routers/api/v1/activitypub/repository.go index 5bf861db11..67ce509851 100644 --- a/routers/api/v1/activitypub/repository.go +++ b/routers/api/v1/activitypub/repository.go @@ -92,6 +92,8 @@ func searchUsersByPerson(actorId string) ([]*user_model.User, error) { } +// func getPersonByRest() + // Repository function returns the Repository actor for a repo func Repository(ctx *context.APIContext) { // swagger:operation GET /activitypub/repository-id/{repository-id} activitypub activitypubRepository @@ -154,44 +156,58 @@ func RepositoryInbox(ctx *context.APIContext) { // "https://codeberg.org/api/v1/activitypub/../activitypub/user-id/12345" // "https://user:password@codeberg.org/api/v1/activitypub/user-id/12345" // "https://codeberg.org/api/v1/activitypub//user-id/12345" - // parse actor - actor, err := activitypub.ParseActorIDFromStarActivity(activity) - // Is the actor IRI well formed? + + // parse senderActorId + // senderActorId holds the data to construct the sender of the star + log.Info("activity.Actor.GetID().String(): %v", activity.Actor.GetID().String()) + senderActorId, err := activitypub.ParseActorID(activity.Actor.GetID().String(), string(activity.Source)) if err != nil { panic(err) } - // Is the ActorData Struct valid? - actor.PanicIfInvalid() - log.Info("RepositoryInbox: Actor parsed. %v", actor) + + receivedRepoId, err := activitypub.ParseActorID(activity.Activity.Object.GetID().String(), string(activity.Source)) + if err != nil { + panic(err) + } + + // validate receiverActorId against repo owner + repositoryID := ctx.Repo.Repository.ID + if repositoryID != int64(receivedRepoId.GetUserId()) { + panic( + fmt.Errorf("received repo id and repo id were not identical:\nreceived id: %v\nrepo id:%v", receivedRepoId, repositoryID)) + } + + // Is the ActorID Struct valid? + senderActorId.PanicIfInvalid() + receivedRepoId.PanicIfInvalid() + log.Info("RepositoryInbox: Actor parsed. %v", senderActorId) + log.Info("RepositoryInbox: Actor parsed. %v", receivedRepoId) + + remoteStargazer := senderActorId.GetNormailzedUri() // used as LoginName in newly created user + starReceiver := receivedRepoId.GetNormailzedUri() + log.Info("remotStargazer: %v", remoteStargazer) + log.Info("starReceiver: %v", starReceiver) // Check if user already exists // TODO: If we where able to search for federated id there would be no need to get the remote person. // N.B. We need the username as a display name from the remote host. This requires us to make another request // We might extend the Star Activity by the username, then this request would become redundant - users, err := searchUsersByPerson(actor.GetNormailzedUri()) + users, err := searchUsersByPerson(remoteStargazer) if err != nil { panic(fmt.Errorf("searching for user failed: %v", err)) } + if len(users) == 0 { - - /* - Make http client, this should make a get request on given url - We then need to parse the answer and put it into a person-struct - fill the person struct using some kind of unmarshall function given in - activitypub package/actor.go - */ - // make http client // TODO: Never use unvalidated input for actions - we have a validated actor already! - actorId := activity.To.GetID().String() - client, err := api.NewClient(ctx, actionsUser, actorId) // ToDo: This is hacky, we need a hostname from somewhere + + client, err := api.NewClient(ctx, actionsUser, starReceiver) // The star receiver signs the http get request if err != nil { panic(err) } // get_person_by_rest - bytes := []byte{0} // no body needed for getting user actor - remoteStargazer := activity.Actor.GetID().String() // used as LoginName in newly created user + bytes := []byte{0} // no body needed for getting user actor response, err := client.Get(bytes, remoteStargazer) if err != nil { panic(err) @@ -209,6 +225,7 @@ func RepositoryInbox(ctx *context.APIContext) { panic(err) } + log.Info("activity.Actor.GetID().String(): %v", activity.Actor.GetID().String()) log.Info("remoteStargazer: %v", remoteStargazer) log.Info("http client. %v", client) log.Info("response: %v\n error: ", response, err)