mirror of
https://github.com/mastodon/mastodon
synced 2024-11-25 07:36:31 +09:00
5bf67ca913
* Add HTTP signature requirement for served ActivityPub resources * Change `SECURE_MODE` to `AUTHORIZED_FETCH` * Add 'Signature' to 'Vary' header and improve code style * Improve code style by adding `public_fetch_mode?` method
58 lines
1.4 KiB
Ruby
58 lines
1.4 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class ActivityPub::InboxesController < Api::BaseController
|
|
include SignatureVerification
|
|
include JsonLdHelper
|
|
include AccountOwnedConcern
|
|
|
|
before_action :skip_unknown_actor_delete
|
|
before_action :require_signature!
|
|
|
|
def create
|
|
upgrade_account
|
|
process_payload
|
|
head 202
|
|
end
|
|
|
|
private
|
|
|
|
def skip_unknown_actor_delete
|
|
head 202 if unknown_deleted_account?
|
|
end
|
|
|
|
def unknown_deleted_account?
|
|
json = Oj.load(body, mode: :strict)
|
|
json.is_a?(Hash) && json['type'] == 'Delete' && json['actor'].present? && json['actor'] == value_or_id(json['object']) && !Account.where(uri: json['actor']).exists?
|
|
rescue Oj::ParseError
|
|
false
|
|
end
|
|
|
|
def account_required?
|
|
params[:account_username].present?
|
|
end
|
|
|
|
def body
|
|
return @body if defined?(@body)
|
|
|
|
@body = request.body.read
|
|
@body.force_encoding('UTF-8') if @body.present?
|
|
|
|
request.body.rewind if request.body.respond_to?(:rewind)
|
|
|
|
@body
|
|
end
|
|
|
|
def upgrade_account
|
|
if signed_request_account.ostatus?
|
|
signed_request_account.update(last_webfingered_at: nil)
|
|
ResolveAccountWorker.perform_async(signed_request_account.acct)
|
|
end
|
|
|
|
DeliveryFailureTracker.track_inverse_success!(signed_request_account)
|
|
end
|
|
|
|
def process_payload
|
|
ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body, @account&.id)
|
|
end
|
|
end
|