forked from indymedia/epicyon
395 lines
16 KiB
Python
395 lines
16 KiB
Python
__filename__ = "outbox.py"
|
|
__author__ = "Bob Mottram"
|
|
__license__ = "AGPL3+"
|
|
__version__ = "1.1.0"
|
|
__maintainer__ = "Bob Mottram"
|
|
__email__ = "bob@freedombone.net"
|
|
__status__ = "Production"
|
|
|
|
import os
|
|
from shutil import copyfile
|
|
from session import createSession
|
|
from auth import createPassword
|
|
from posts import outboxMessageCreateWrap
|
|
from posts import savePostToBox
|
|
from posts import sendToFollowersThread
|
|
from posts import sendToNamedAddresses
|
|
from utils import getFullDomain
|
|
from utils import removeIdEnding
|
|
from utils import getDomainFromActor
|
|
from blocking import isBlockedDomain
|
|
from blocking import outboxBlock
|
|
from blocking import outboxUndoBlock
|
|
from media import replaceYouTube
|
|
from media import getMediaPath
|
|
from media import createMediaDirs
|
|
from inbox import inboxUpdateIndex
|
|
from announce import outboxAnnounce
|
|
from follow import outboxUndoFollow
|
|
from roles import outboxDelegate
|
|
from skills import outboxSkills
|
|
from availability import outboxAvailability
|
|
from like import outboxLike
|
|
from like import outboxUndoLike
|
|
from bookmarks import outboxBookmark
|
|
from bookmarks import outboxUndoBookmark
|
|
from delete import outboxDelete
|
|
from shares import outboxShareUpload
|
|
from shares import outboxUndoShareUpload
|
|
from content import dangerousMarkup
|
|
|
|
|
|
def postMessageToOutbox(messageJson: {}, postToNickname: str,
|
|
server, baseDir: str, httpPrefix: str,
|
|
domain: str, domainFull: str,
|
|
onionDomain: str, i2pDomain: str, port: int,
|
|
recentPostsCache: {}, followersThreads: [],
|
|
federationList: [], sendThreads: [],
|
|
postLog: [], cachedWebfingers: {},
|
|
personCache: {}, allowDeletion: bool,
|
|
proxyType: str, version: str, debug: bool,
|
|
YTReplacementDomain: str,
|
|
showPublishedDateOnly: bool,
|
|
allowLocalNetworkAccess: bool) -> bool:
|
|
"""post is received by the outbox
|
|
Client to server message post
|
|
https://www.w3.org/TR/activitypub/#client-to-server-outbox-delivery
|
|
"""
|
|
if not messageJson.get('type'):
|
|
if debug:
|
|
print('DEBUG: POST to outbox has no "type" parameter')
|
|
return False
|
|
if not messageJson.get('object') and messageJson.get('content'):
|
|
if messageJson['type'] != 'Create':
|
|
# https://www.w3.org/TR/activitypub/#object-without-create
|
|
if debug:
|
|
print('DEBUG: POST to outbox - adding Create wrapper')
|
|
messageJson = \
|
|
outboxMessageCreateWrap(httpPrefix,
|
|
postToNickname,
|
|
domain, port,
|
|
messageJson)
|
|
|
|
# check that the outgoing post doesn't contain any markup
|
|
# which can be used to implement exploits
|
|
if messageJson.get('object'):
|
|
if isinstance(messageJson['object'], dict):
|
|
if messageJson['object'].get('content'):
|
|
if dangerousMarkup(messageJson['object']['content'],
|
|
allowLocalNetworkAccess):
|
|
print('POST to outbox contains dangerous markup: ' +
|
|
str(messageJson))
|
|
return False
|
|
|
|
if messageJson['type'] == 'Create':
|
|
if not (messageJson.get('id') and
|
|
messageJson.get('type') and
|
|
messageJson.get('actor') and
|
|
messageJson.get('object') and
|
|
messageJson.get('to')):
|
|
if not messageJson.get('id'):
|
|
if debug:
|
|
print('DEBUG: POST to outbox - ' +
|
|
'Create does not have the id parameter ' +
|
|
str(messageJson))
|
|
elif not messageJson.get('id'):
|
|
if debug:
|
|
print('DEBUG: POST to outbox - ' +
|
|
'Create does not have the type parameter ' +
|
|
str(messageJson))
|
|
elif not messageJson.get('id'):
|
|
if debug:
|
|
print('DEBUG: POST to outbox - ' +
|
|
'Create does not have the actor parameter ' +
|
|
str(messageJson))
|
|
elif not messageJson.get('id'):
|
|
if debug:
|
|
print('DEBUG: POST to outbox - ' +
|
|
'Create does not have the object parameter ' +
|
|
str(messageJson))
|
|
else:
|
|
if debug:
|
|
print('DEBUG: POST to outbox - ' +
|
|
'Create does not have the "to" parameter ' +
|
|
str(messageJson))
|
|
return False
|
|
testDomain, testPort = getDomainFromActor(messageJson['actor'])
|
|
testDomain = getFullDomain(testDomain, testPort)
|
|
if isBlockedDomain(baseDir, testDomain):
|
|
if debug:
|
|
print('DEBUG: domain is blocked: ' + messageJson['actor'])
|
|
return False
|
|
# replace youtube, so that google gets less tracking data
|
|
replaceYouTube(messageJson, YTReplacementDomain)
|
|
# https://www.w3.org/TR/activitypub/#create-activity-outbox
|
|
messageJson['object']['attributedTo'] = messageJson['actor']
|
|
if messageJson['object'].get('attachment'):
|
|
attachmentIndex = 0
|
|
attach = messageJson['object']['attachment'][attachmentIndex]
|
|
if attach.get('mediaType'):
|
|
fileExtension = 'png'
|
|
mediaTypeStr = \
|
|
attach['mediaType']
|
|
|
|
extensions = {
|
|
"jpeg": "jpg",
|
|
"gif": "gif",
|
|
"webp": "webp",
|
|
"avif": "avif",
|
|
"audio/mpeg": "mp3",
|
|
"ogg": "ogg",
|
|
"mp4": "mp4",
|
|
"webm": "webm",
|
|
"ogv": "ogv"
|
|
}
|
|
for matchExt, ext in extensions.items():
|
|
if mediaTypeStr.endswith(matchExt):
|
|
fileExtension = ext
|
|
break
|
|
|
|
mediaDir = \
|
|
baseDir + '/accounts/' + \
|
|
postToNickname + '@' + domain
|
|
uploadMediaFilename = mediaDir + '/upload.' + fileExtension
|
|
if not os.path.isfile(uploadMediaFilename):
|
|
del messageJson['object']['attachment']
|
|
else:
|
|
# generate a path for the uploaded image
|
|
mPath = getMediaPath()
|
|
mediaPath = mPath + '/' + \
|
|
createPassword(32) + '.' + fileExtension
|
|
createMediaDirs(baseDir, mPath)
|
|
mediaFilename = baseDir + '/' + mediaPath
|
|
# move the uploaded image to its new path
|
|
os.rename(uploadMediaFilename, mediaFilename)
|
|
# change the url of the attachment
|
|
attach['url'] = \
|
|
httpPrefix + '://' + domainFull + '/' + mediaPath
|
|
|
|
permittedOutboxTypes = ('Create', 'Announce', 'Like', 'Follow', 'Undo',
|
|
'Update', 'Add', 'Remove', 'Block', 'Delete',
|
|
'Delegate', 'Skill', 'Bookmark', 'Event')
|
|
if messageJson['type'] not in permittedOutboxTypes:
|
|
if debug:
|
|
print('DEBUG: POST to outbox - ' + messageJson['type'] +
|
|
' is not a permitted activity type')
|
|
return False
|
|
if messageJson.get('id'):
|
|
postId = removeIdEnding(messageJson['id'])
|
|
if debug:
|
|
print('DEBUG: id attribute exists within POST to outbox')
|
|
else:
|
|
if debug:
|
|
print('DEBUG: No id attribute within POST to outbox')
|
|
postId = None
|
|
if debug:
|
|
print('DEBUG: savePostToBox')
|
|
if messageJson['type'] != 'Upgrade':
|
|
outboxName = 'outbox'
|
|
|
|
# if this is a blog post or an event then save to its own box
|
|
if messageJson['type'] == 'Create':
|
|
if messageJson.get('object'):
|
|
if isinstance(messageJson['object'], dict):
|
|
if messageJson['object'].get('type'):
|
|
if messageJson['object']['type'] == 'Article':
|
|
outboxName = 'tlblogs'
|
|
elif messageJson['object']['type'] == 'Event':
|
|
outboxName = 'tlevents'
|
|
|
|
savedFilename = \
|
|
savePostToBox(baseDir,
|
|
httpPrefix,
|
|
postId,
|
|
postToNickname, domainFull,
|
|
messageJson, outboxName)
|
|
if not savedFilename:
|
|
print('WARN: post not saved to outbox ' + outboxName)
|
|
return False
|
|
|
|
# save all instance blogs to the news actor
|
|
if postToNickname != 'news' and outboxName == 'tlblogs':
|
|
if '/' in savedFilename:
|
|
savedPostId = savedFilename.split('/')[-1]
|
|
blogsDir = baseDir + '/accounts/news@' + domain + '/tlblogs'
|
|
if not os.path.isdir(blogsDir):
|
|
os.mkdir(blogsDir)
|
|
copyfile(savedFilename, blogsDir + '/' + savedPostId)
|
|
inboxUpdateIndex('tlblogs', baseDir,
|
|
'news@' + domain,
|
|
savedFilename, debug)
|
|
|
|
# clear the citations file if it exists
|
|
citationsFilename = \
|
|
baseDir + '/accounts/' + \
|
|
postToNickname + '@' + domain + '/.citations.txt'
|
|
if os.path.isfile(citationsFilename):
|
|
os.remove(citationsFilename)
|
|
|
|
if messageJson['type'] == 'Create' or \
|
|
messageJson['type'] == 'Question' or \
|
|
messageJson['type'] == 'Note' or \
|
|
messageJson['type'] == 'EncryptedMessage' or \
|
|
messageJson['type'] == 'Article' or \
|
|
messageJson['type'] == 'Event' or \
|
|
messageJson['type'] == 'Patch' or \
|
|
messageJson['type'] == 'Announce':
|
|
indexes = [outboxName, "inbox"]
|
|
selfActor = \
|
|
httpPrefix + '://' + domainFull + '/users/' + postToNickname
|
|
for boxNameIndex in indexes:
|
|
if not boxNameIndex:
|
|
continue
|
|
if boxNameIndex == 'inbox' and outboxName == 'tlblogs':
|
|
continue
|
|
# avoid duplicates of the message if already going
|
|
# back to the inbox of the same account
|
|
if selfActor not in messageJson['to']:
|
|
# show sent post within the inbox,
|
|
# as is the typical convention
|
|
inboxUpdateIndex(boxNameIndex, baseDir,
|
|
postToNickname + '@' + domain,
|
|
savedFilename, debug)
|
|
if outboxAnnounce(recentPostsCache,
|
|
baseDir, messageJson, debug):
|
|
if debug:
|
|
print('DEBUG: Updated announcements (shares) collection ' +
|
|
'for the post associated with the Announce activity')
|
|
if not server.session:
|
|
print('DEBUG: creating new session for c2s')
|
|
server.session = createSession(proxyType)
|
|
if not server.session:
|
|
print('ERROR: Failed to create session for postMessageToOutbox')
|
|
return False
|
|
if debug:
|
|
print('DEBUG: sending c2s post to followers')
|
|
# remove inactive threads
|
|
inactiveFollowerThreads = []
|
|
for th in followersThreads:
|
|
if not th.is_alive():
|
|
inactiveFollowerThreads.append(th)
|
|
for th in inactiveFollowerThreads:
|
|
followersThreads.remove(th)
|
|
if debug:
|
|
print('DEBUG: ' + str(len(followersThreads)) +
|
|
' followers threads active')
|
|
# retain up to 200 threads
|
|
if len(followersThreads) > 200:
|
|
# kill the thread if it is still alive
|
|
if followersThreads[0].is_alive():
|
|
followersThreads[0].kill()
|
|
# remove it from the list
|
|
followersThreads.pop(0)
|
|
# create a thread to send the post to followers
|
|
followersThread = \
|
|
sendToFollowersThread(server.session,
|
|
baseDir,
|
|
postToNickname,
|
|
domain, onionDomain, i2pDomain,
|
|
port, httpPrefix,
|
|
federationList,
|
|
sendThreads,
|
|
postLog,
|
|
cachedWebfingers,
|
|
personCache,
|
|
messageJson, debug,
|
|
version)
|
|
followersThreads.append(followersThread)
|
|
|
|
if debug:
|
|
print('DEBUG: handle any unfollow requests')
|
|
outboxUndoFollow(baseDir, messageJson, debug)
|
|
|
|
if debug:
|
|
print('DEBUG: handle delegation requests')
|
|
outboxDelegate(baseDir, postToNickname, messageJson, debug)
|
|
|
|
if debug:
|
|
print('DEBUG: handle skills changes requests')
|
|
outboxSkills(baseDir, postToNickname, messageJson, debug)
|
|
|
|
if debug:
|
|
print('DEBUG: handle availability changes requests')
|
|
outboxAvailability(baseDir, postToNickname, messageJson, debug)
|
|
|
|
if debug:
|
|
print('DEBUG: handle any like requests')
|
|
outboxLike(recentPostsCache,
|
|
baseDir, httpPrefix,
|
|
postToNickname, domain, port,
|
|
messageJson, debug)
|
|
if debug:
|
|
print('DEBUG: handle any undo like requests')
|
|
outboxUndoLike(recentPostsCache,
|
|
baseDir, httpPrefix,
|
|
postToNickname, domain, port,
|
|
messageJson, debug)
|
|
|
|
if debug:
|
|
print('DEBUG: handle any bookmark requests')
|
|
outboxBookmark(recentPostsCache,
|
|
baseDir, httpPrefix,
|
|
postToNickname, domain, port,
|
|
messageJson, debug)
|
|
if debug:
|
|
print('DEBUG: handle any undo bookmark requests')
|
|
outboxUndoBookmark(recentPostsCache,
|
|
baseDir, httpPrefix,
|
|
postToNickname, domain, port,
|
|
messageJson, debug)
|
|
|
|
if debug:
|
|
print('DEBUG: handle delete requests')
|
|
outboxDelete(baseDir, httpPrefix,
|
|
postToNickname, domain,
|
|
messageJson, debug,
|
|
allowDeletion,
|
|
recentPostsCache)
|
|
|
|
if debug:
|
|
print('DEBUG: handle block requests')
|
|
outboxBlock(baseDir, httpPrefix,
|
|
postToNickname, domain,
|
|
port,
|
|
messageJson, debug)
|
|
|
|
if debug:
|
|
print('DEBUG: handle undo block requests')
|
|
outboxUndoBlock(baseDir, httpPrefix,
|
|
postToNickname, domain,
|
|
port, messageJson, debug)
|
|
|
|
if debug:
|
|
print('DEBUG: handle share uploads')
|
|
outboxShareUpload(baseDir, httpPrefix,
|
|
postToNickname, domain,
|
|
port, messageJson, debug)
|
|
|
|
if debug:
|
|
print('DEBUG: handle undo share uploads')
|
|
outboxUndoShareUpload(baseDir, httpPrefix,
|
|
postToNickname, domain,
|
|
port, messageJson, debug)
|
|
|
|
if debug:
|
|
print('DEBUG: sending c2s post to named addresses')
|
|
if messageJson.get('to'):
|
|
print('c2s sender: ' +
|
|
postToNickname + '@' + domain + ':' + str(port) +
|
|
' recipient: ' + str(messageJson['to']))
|
|
else:
|
|
print('c2s sender: ' +
|
|
postToNickname + '@' + domain + ':' + str(port))
|
|
sendToNamedAddresses(server.session, baseDir,
|
|
postToNickname,
|
|
domain, onionDomain, i2pDomain, port,
|
|
httpPrefix,
|
|
federationList,
|
|
sendThreads,
|
|
postLog,
|
|
cachedWebfingers,
|
|
personCache,
|
|
messageJson, debug,
|
|
version)
|
|
return True
|