mirror of
https://github.com/mastodon/mastodon.git
synced 2024-11-23 13:05:12 +01:00
8cf7006d4e
* Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService ActivityPub::FetchRemoteAccountService is kept as a wrapper for when the actor is specifically required to be an Account * Refactor SignatureVerification to allow non-Account actors * fixup! Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService * Refactor ActivityPub::FetchRemoteKeyService to potentially return non-Account actors * Refactor inbound ActivityPub payload processing to accept non-Account actors * Refactor inbound ActivityPub processing to accept activities relayed through non-Account * Refactor how Account key URIs are built * Refactor Request and drop unused key_id_format parameter * Rename ActivityPub::Dereferencer `signature_account` to `signature_actor`
80 lines
2.3 KiB
Ruby
80 lines
2.3 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class Keys::ClaimService < BaseService
|
|
HEADERS = { 'Content-Type' => 'application/activity+json' }.freeze
|
|
|
|
class Result < ActiveModelSerializers::Model
|
|
attributes :account, :device_id, :key_id,
|
|
:key, :signature
|
|
|
|
def initialize(account, device_id, key_attributes = {})
|
|
super(
|
|
account: account,
|
|
device_id: device_id,
|
|
key_id: key_attributes[:key_id],
|
|
key: key_attributes[:key],
|
|
signature: key_attributes[:signature],
|
|
)
|
|
end
|
|
end
|
|
|
|
def call(source_account, target_account_id, device_id)
|
|
@source_account = source_account
|
|
@target_account = Account.find(target_account_id)
|
|
@device_id = device_id
|
|
|
|
if @target_account.local?
|
|
claim_local_key!
|
|
else
|
|
claim_remote_key!
|
|
end
|
|
rescue ActiveRecord::RecordNotFound
|
|
nil
|
|
end
|
|
|
|
private
|
|
|
|
def claim_local_key!
|
|
device = @target_account.devices.find_by(device_id: @device_id)
|
|
key = nil
|
|
|
|
ApplicationRecord.transaction do
|
|
key = device.one_time_keys.order(Arel.sql('random()')).first!
|
|
key.destroy!
|
|
end
|
|
|
|
@result = Result.new(@target_account, @device_id, key)
|
|
end
|
|
|
|
def claim_remote_key!
|
|
query_result = QueryService.new.call(@target_account)
|
|
device = query_result.find(@device_id)
|
|
|
|
return unless device.present? && device.valid_claim_url?
|
|
|
|
json = fetch_resource_with_post(device.claim_url)
|
|
|
|
return unless json.present? && json['publicKeyBase64'].present?
|
|
|
|
@result = Result.new(@target_account, @device_id, key_id: json['id'], key: json['publicKeyBase64'], signature: json.dig('signature', 'signatureValue'))
|
|
rescue HTTP::Error, OpenSSL::SSL::SSLError, Mastodon::Error => e
|
|
Rails.logger.debug "Claiming one-time key for #{@target_account.acct}:#{@device_id} failed: #{e}"
|
|
nil
|
|
end
|
|
|
|
def fetch_resource_with_post(uri)
|
|
build_post_request(uri).perform do |response|
|
|
raise Mastodon::UnexpectedResponseError, response unless response_successful?(response) || response_error_unsalvageable?(response)
|
|
|
|
body_to_json(response.body_with_limit) if response.code == 200
|
|
end
|
|
end
|
|
|
|
def build_post_request(uri)
|
|
Request.new(:post, uri).tap do |request|
|
|
request.on_behalf_of(@source_account)
|
|
request.add_headers(HEADERS)
|
|
end
|
|
end
|
|
end
|