diff --git a/PROGRESS.md b/PROGRESS.md index 653f2df23..94354472b 100644 --- a/PROGRESS.md +++ b/PROGRESS.md @@ -100,7 +100,7 @@ * [ ] Timelines * [ ] /api/v1/timelines/public GET (See the public/federated timeline) * [ ] /api/v1/timelines/tag/:hashtag GET (Get public statuses that use hashtag) - * [ ] /api/v1/timelines/home GET (View statuses from followed users) + * [x] /api/v1/timelines/home GET (View statuses from followed users) * [ ] /api/v1/timelines/list/:list_id GET (Get statuses in given list) * [ ] Conversations * [ ] /api/v1/conversations GET (Get a list of direct message convos) @@ -121,8 +121,8 @@ * [ ] Streaming * [ ] /api/v1/streaming WEBSOCKETS (Stream live events to user via websockets) * [ ] Notifications - * [ ] /api/v1/notifications GET (Get list of notifications) - * [ ] /api/v1/notifications/:id GET (Get a single notification) + * [x] /api/v1/notifications GET (Get list of notifications) + * [x] /api/v1/notifications/:id GET (Get a single notification) * [ ] /api/v1/notifications/clear POST (Clear all notifications) * [ ] /api/v1/notifications/:id POST (Clear a single notification) * [ ] Push @@ -130,8 +130,8 @@ * [ ] /api/v1/push/subscription GET (Get current subscription) * [ ] /api/v1/push/subscription PUT (Change notification types) * [ ] /api/v1/push/subscription DELETE (Delete current subscription) - * [ ] Search - * [ ] /api/v2/search GET (Get search query results) + * [x] Search + * [x] /api/v2/search GET (Get search query results) * [ ] Instance * [x] /api/v1/instance GET (Get instance information) * [ ] /api/v1/instance PATCH (Update instance information) @@ -174,7 +174,7 @@ * [ ] Federation modes * [ ] 'Slow' federation * [ ] Reputation scoring system for instances - * [ ] 'Greedy' federation + * [x] 'Greedy' federation * [ ] No federation (insulate this instance from the Fediverse) * [ ] Allowlist * [x] Secure HTTP signatures (creation and validation) diff --git a/internal/api/client/search/search.go b/internal/api/client/search/search.go new file mode 100644 index 000000000..b89ae1a74 --- /dev/null +++ b/internal/api/client/search/search.go @@ -0,0 +1,88 @@ +/* + GoToSocial + Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +package search + +import ( + "net/http" + + "github.com/sirupsen/logrus" + "github.com/superseriousbusiness/gotosocial/internal/api" + "github.com/superseriousbusiness/gotosocial/internal/config" + "github.com/superseriousbusiness/gotosocial/internal/message" + "github.com/superseriousbusiness/gotosocial/internal/router" +) + +const ( + // BasePath is the base path for serving v1 of the search API + BasePathV1 = "/api/v1/search" + + // BasePathV2 is the base path for serving v2 of the search API + BasePathV2 = "/api/v2/search" + + // AccountIDKey -- If provided, statuses returned will be authored only by this account + AccountIDKey = "account_id" + // MaxIDKey -- Return results older than this id + MaxIDKey = "max_id" + // MinIDKey -- Return results immediately newer than this id + MinIDKey = "min_id" + // TypeKey -- Enum(accounts, hashtags, statuses) + TypeKey = "type" + // ExcludeUnreviewedKey -- Filter out unreviewed tags? Defaults to false. Use true when trying to find trending tags. + ExcludeUnreviewedKey = "exclude_unreviewed" + // QueryKey -- The search query + QueryKey = "q" + // ResolveKey -- Attempt WebFinger lookup. Defaults to false. + ResolveKey = "resolve" + // LimitKey -- Maximum number of results to load, per type. Defaults to 20. Max 40. + LimitKey = "limit" + // OffsetKey -- Offset in search results. Used for pagination. Defaults to 0. + OffsetKey = "offset" + // FollowingKey -- Only include accounts that the user is following. Defaults to false. + FollowingKey = "following" + + // TypeAccounts -- + TypeAccounts = "accounts" + // TypeHashtags -- + TypeHashtags = "hashtags" + // TypeStatuses -- + TypeStatuses = "statuses" +) + +// Module implements the ClientAPIModule interface for everything related to searching +type Module struct { + config *config.Config + processor message.Processor + log *logrus.Logger +} + +// New returns a new search module +func New(config *config.Config, processor message.Processor, log *logrus.Logger) api.ClientModule { + return &Module{ + config: config, + processor: processor, + log: log, + } +} + +// Route attaches all routes from this module to the given router +func (m *Module) Route(r router.Router) error { + r.AttachHandler(http.MethodGet, BasePathV1, m.SearchGETHandler) + r.AttachHandler(http.MethodGet, BasePathV2, m.SearchGETHandler) + return nil +} diff --git a/internal/api/client/search/searchget.go b/internal/api/client/search/searchget.go new file mode 100644 index 000000000..10c1d6193 --- /dev/null +++ b/internal/api/client/search/searchget.go @@ -0,0 +1,151 @@ +/* + GoToSocial + Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +package search + +import ( + "fmt" + "net/http" + "strconv" + + "github.com/gin-gonic/gin" + "github.com/sirupsen/logrus" + "github.com/superseriousbusiness/gotosocial/internal/api/model" + "github.com/superseriousbusiness/gotosocial/internal/oauth" +) + +// SearchGETHandler handles searches for local and remote accounts, statuses, and hashtags. +// It corresponds to the mastodon endpoint described here: https://docs.joinmastodon.org/methods/search/ +func (m *Module) SearchGETHandler(c *gin.Context) { + l := m.log.WithFields(logrus.Fields{ + "func": "SearchGETHandler", + "request_uri": c.Request.RequestURI, + "user_agent": c.Request.UserAgent(), + "origin_ip": c.ClientIP(), + }) + l.Debugf("entering function") + + authed, err := oauth.Authed(c, true, true, true, true) // we don't really need an app here but we want everything else + if err != nil { + l.Errorf("error authing search request: %s", err) + c.JSON(http.StatusBadRequest, gin.H{"error": "not authed"}) + return + } + + accountID := c.Query(AccountIDKey) + maxID := c.Query(MaxIDKey) + minID := c.Query(MinIDKey) + searchType := c.Query(TypeKey) + + excludeUnreviewed := false + excludeUnreviewedString := c.Query(ExcludeUnreviewedKey) + if excludeUnreviewedString != "" { + var err error + excludeUnreviewed, err = strconv.ParseBool(excludeUnreviewedString) + if err != nil { + c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("couldn't parse param %s: %s", excludeUnreviewedString, err)}) + return + } + } + + query := c.Query(QueryKey) + if query == "" { + c.JSON(http.StatusBadRequest, gin.H{"error": "query parameter q was empty"}) + return + } + + resolve := false + resolveString := c.Query(ResolveKey) + if resolveString != "" { + var err error + resolve, err = strconv.ParseBool(resolveString) + if err != nil { + c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("couldn't parse param %s: %s", resolveString, err)}) + return + } + } + + limit := 20 + limitString := c.Query(LimitKey) + if limitString != "" { + i, err := strconv.ParseInt(limitString, 10, 64) + if err != nil { + l.Debugf("error parsing limit string: %s", err) + c.JSON(http.StatusBadRequest, gin.H{"error": "couldn't parse limit query param"}) + return + } + limit = int(i) + } + if limit > 40 { + limit = 40 + } + if limit < 1 { + limit = 1 + } + + offset := 0 + offsetString := c.Query(OffsetKey) + if offsetString != "" { + i, err := strconv.ParseInt(offsetString, 10, 64) + if err != nil { + l.Debugf("error parsing offset string: %s", err) + c.JSON(http.StatusBadRequest, gin.H{"error": "couldn't parse offset query param"}) + return + } + offset = int(i) + } + if limit > 40 { + limit = 40 + } + if limit < 1 { + limit = 1 + } + + following := false + followingString := c.Query(FollowingKey) + if followingString != "" { + var err error + following, err = strconv.ParseBool(followingString) + if err != nil { + c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("couldn't parse param %s: %s", followingString, err)}) + return + } + } + + searchQuery := &model.SearchQuery{ + AccountID: accountID, + MaxID: maxID, + MinID: minID, + Type: searchType, + ExcludeUnreviewed: excludeUnreviewed, + Query: query, + Resolve: resolve, + Limit: limit, + Offset: offset, + Following: following, + } + + results, errWithCode := m.processor.SearchGet(authed, searchQuery) + if errWithCode != nil { + l.Debugf("error searching: %s", errWithCode.Error()) + c.JSON(errWithCode.Code(), gin.H{"error": errWithCode.Safe()}) + return + } + + c.JSON(http.StatusOK, results) +} diff --git a/internal/api/model/search.go b/internal/api/model/search.go new file mode 100644 index 000000000..ba282f6f1 --- /dev/null +++ b/internal/api/model/search.go @@ -0,0 +1,52 @@ +/* + GoToSocial + Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +package model + +// SearchQuery corresponds to search parameters as submitted through the client API. +// See https://docs.joinmastodon.org/methods/search/ +type SearchQuery struct { + // If provided, statuses returned will be authored only by this account + AccountID string + // Return results older than this id + MaxID string + // Return results immediately newer than this id + MinID string + // Enum(accounts, hashtags, statuses) + Type string + // Filter out unreviewed tags? Defaults to false. Use true when trying to find trending tags. + ExcludeUnreviewed bool + // The search query + Query string + // Attempt WebFinger lookup. Defaults to false. + Resolve bool + // Maximum number of results to load, per type. Defaults to 20. Max 40. + Limit int + // Offset in search results. Used for pagination. Defaults to 0. + Offset int + // Only include accounts that the user is following. Defaults to false. + Following bool +} + +// SearchResult corresponds to a search result, containing accounts, statuses, and hashtags. +// See https://docs.joinmastodon.org/methods/search/ +type SearchResult struct { + Accounts []Account `json:"accounts"` + Statuses []Status `json:"statuses"` + Hashtags []Tag `json:"hashtags"` +} diff --git a/internal/db/db.go b/internal/db/db.go index e71484a6d..ea6f808cf 100644 --- a/internal/db/db.go +++ b/internal/db/db.go @@ -45,8 +45,9 @@ func (e ErrAlreadyExists) Error() string { } type Where struct { - Key string - Value interface{} + Key string + Value interface{} + CaseInsensitive bool } // DB provides methods for interacting with an underlying database or other storage mechanism (for now, just postgres). diff --git a/internal/db/pg/pg.go b/internal/db/pg/pg.go index 64d6fb636..92aa2849a 100644 --- a/internal/db/pg/pg.go +++ b/internal/db/pg/pg.go @@ -223,7 +223,12 @@ func (ps *postgresService) GetWhere(where []db.Where, i interface{}) error { q := ps.conn.Model(i) for _, w := range where { - q = q.Where("? = ?", pg.Safe(w.Key), w.Value) + if w.CaseInsensitive { + q = q.Where("LOWER(?) = LOWER(?)", pg.Safe(w.Key), w.Value) + } else { + q = q.Where("? = ?", pg.Safe(w.Key), w.Value) + } + } if err := q.Select(); err != nil { diff --git a/internal/federation/commonbehavior.go b/internal/federation/commonbehavior.go index 8ed6fd2cb..fab9ce112 100644 --- a/internal/federation/commonbehavior.go +++ b/internal/federation/commonbehavior.go @@ -25,6 +25,7 @@ "net/url" "github.com/go-fed/activity/pub" + "github.com/go-fed/activity/streams" "github.com/go-fed/activity/streams/vocab" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" "github.com/superseriousbusiness/gotosocial/internal/util" @@ -59,7 +60,7 @@ func (f *federator) AuthenticateGetInbox(ctx context.Context, w http.ResponseWriter, r *http.Request) (context.Context, bool, error) { // IMPLEMENTATION NOTE: For GoToSocial, we serve GETS to outboxes and inboxes through // the CLIENT API, not through the federation API, so we just do nothing here. - return nil, false, nil + return ctx, false, nil } // AuthenticateGetOutbox delegates the authentication of a GET to an @@ -84,7 +85,7 @@ func (f *federator) AuthenticateGetInbox(ctx context.Context, w http.ResponseWri func (f *federator) AuthenticateGetOutbox(ctx context.Context, w http.ResponseWriter, r *http.Request) (context.Context, bool, error) { // IMPLEMENTATION NOTE: For GoToSocial, we serve GETS to outboxes and inboxes through // the CLIENT API, not through the federation API, so we just do nothing here. - return nil, false, nil + return ctx, false, nil } // GetOutbox returns the OrderedCollection inbox of the actor for this @@ -98,7 +99,7 @@ func (f *federator) AuthenticateGetOutbox(ctx context.Context, w http.ResponseWr func (f *federator) GetOutbox(ctx context.Context, r *http.Request) (vocab.ActivityStreamsOrderedCollectionPage, error) { // IMPLEMENTATION NOTE: For GoToSocial, we serve GETS to outboxes and inboxes through // the CLIENT API, not through the federation API, so we just do nothing here. - return nil, nil + return streams.NewActivityStreamsOrderedCollectionPage(), nil } // NewTransport returns a new Transport on behalf of a specific actor. diff --git a/internal/federation/federatingdb/followers.go b/internal/federation/federatingdb/followers.go index 28f3bb6d1..7cba101dd 100644 --- a/internal/federation/federatingdb/followers.go +++ b/internal/federation/federatingdb/followers.go @@ -10,6 +10,7 @@ "github.com/sirupsen/logrus" "github.com/superseriousbusiness/gotosocial/internal/db" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" + "github.com/superseriousbusiness/gotosocial/internal/util" ) // Followers obtains the Followers Collection for an actor with the @@ -28,8 +29,17 @@ func (f *federatingDB) Followers(c context.Context, actorIRI *url.URL) (follower l.Debugf("entering FOLLOWERS function with actorIRI %s", actorIRI.String()) acct := >smodel.Account{} - if err := f.db.GetWhere([]db.Where{{Key: "uri", Value: actorIRI.String()}}, acct); err != nil { - return nil, fmt.Errorf("db error getting account with uri %s: %s", actorIRI.String(), err) + + if util.IsUserPath(actorIRI) { + if err := f.db.GetWhere([]db.Where{{Key: "uri", Value: actorIRI.String()}}, acct); err != nil { + return nil, fmt.Errorf("db error getting account with uri %s: %s", actorIRI.String(), err) + } + } else if util.IsFollowersPath(actorIRI) { + if err := f.db.GetWhere([]db.Where{{Key: "followers_uri", Value: actorIRI.String()}}, acct); err != nil { + return nil, fmt.Errorf("db error getting account with followers uri %s: %s", actorIRI.String(), err) + } + } else { + return nil, fmt.Errorf("could not parse actor IRI %s as users or followers path", actorIRI.String()) } acctFollowers := []gtsmodel.Follow{} diff --git a/internal/federation/federatingdb/following.go b/internal/federation/federatingdb/following.go index 342250880..f34f252a5 100644 --- a/internal/federation/federatingdb/following.go +++ b/internal/federation/federatingdb/following.go @@ -10,6 +10,7 @@ "github.com/sirupsen/logrus" "github.com/superseriousbusiness/gotosocial/internal/db" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" + "github.com/superseriousbusiness/gotosocial/internal/util" ) // Following obtains the Following Collection for an actor with the @@ -28,8 +29,16 @@ func (f *federatingDB) Following(c context.Context, actorIRI *url.URL) (followin l.Debugf("entering FOLLOWING function with actorIRI %s", actorIRI.String()) acct := >smodel.Account{} - if err := f.db.GetWhere([]db.Where{{Key: "uri", Value: actorIRI.String()}}, acct); err != nil { - return nil, fmt.Errorf("db error getting account with uri %s: %s", actorIRI.String(), err) + if util.IsUserPath(actorIRI) { + if err := f.db.GetWhere([]db.Where{{Key: "uri", Value: actorIRI.String()}}, acct); err != nil { + return nil, fmt.Errorf("db error getting account with uri %s: %s", actorIRI.String(), err) + } + } else if util.IsFollowingPath(actorIRI) { + if err := f.db.GetWhere([]db.Where{{Key: "following_uri", Value: actorIRI.String()}}, acct); err != nil { + return nil, fmt.Errorf("db error getting account with following uri %s: %s", actorIRI.String(), err) + } + } else { + return nil, fmt.Errorf("could not parse actor IRI %s as users or following path", actorIRI.String()) } acctFollowing := []gtsmodel.Follow{} diff --git a/internal/federation/federatingdb/lock.go b/internal/federation/federatingdb/lock.go index 417fd79b2..c9062da89 100644 --- a/internal/federation/federatingdb/lock.go +++ b/internal/federation/federatingdb/lock.go @@ -42,6 +42,10 @@ func (f *federatingDB) Lock(c context.Context, id *url.URL) error { // Strategy: create a new lock, if stored, continue. Otherwise, lock the // existing mutex. + if id == nil { + return errors.New("Lock: id was nil") + } + mu := &sync.Mutex{} mu.Lock() // Optimistically lock if we do store it. i, loaded := f.locks.LoadOrStore(id.String(), mu) @@ -59,6 +63,9 @@ func (f *federatingDB) Lock(c context.Context, id *url.URL) error { func (f *federatingDB) Unlock(c context.Context, id *url.URL) error { // Once Go-Fed is done calling Database methods, the relevant `id` // entries are unlocked. + if id == nil { + return errors.New("Unlock: id was nil") + } i, ok := f.locks.Load(id.String()) if !ok { diff --git a/internal/federation/federatingprotocol.go b/internal/federation/federatingprotocol.go index e1c1ab184..e05bdb7b9 100644 --- a/internal/federation/federatingprotocol.go +++ b/internal/federation/federatingprotocol.go @@ -26,6 +26,7 @@ "net/url" "github.com/go-fed/activity/pub" + "github.com/go-fed/activity/streams" "github.com/go-fed/activity/streams/vocab" "github.com/sirupsen/logrus" "github.com/superseriousbusiness/gotosocial/internal/db" @@ -310,7 +311,7 @@ func (f *federator) MaxDeliveryRecursionDepth(ctx context.Context) int { // logic to be used, but the implementation must not modify it. func (f *federator) FilterForwarding(ctx context.Context, potentialRecipients []*url.URL, a pub.Activity) ([]*url.URL, error) { // TODO - return nil, nil + return []*url.URL{}, nil } // GetInbox returns the OrderedCollection inbox of the actor for this @@ -324,5 +325,5 @@ func (f *federator) FilterForwarding(ctx context.Context, potentialRecipients [] func (f *federator) GetInbox(ctx context.Context, r *http.Request) (vocab.ActivityStreamsOrderedCollectionPage, error) { // IMPLEMENTATION NOTE: For GoToSocial, we serve GETS to outboxes and inboxes through // the CLIENT API, not through the federation API, so we just do nothing here. - return nil, nil + return streams.NewActivityStreamsOrderedCollectionPage(), nil } diff --git a/internal/federation/federator.go b/internal/federation/federator.go index 149f68426..016a6fb68 100644 --- a/internal/federation/federator.go +++ b/internal/federation/federator.go @@ -40,6 +40,9 @@ type Federator interface { // AuthenticateFederatedRequest can be used to check the authenticity of incoming http-signed requests for federating resources. // The given username will be used to create a transport for making outgoing requests. See the implementation for more detailed comments. AuthenticateFederatedRequest(username string, r *http.Request) (*url.URL, error) + // FingerRemoteAccount performs a webfinger lookup for a remote account, using the .well-known path. It will return the ActivityPub URI for that + // account, or an error if it doesn't exist or can't be retrieved. + FingerRemoteAccount(requestingUsername string, targetUsername string, targetDomain string) (*url.URL, error) // DereferenceRemoteAccount can be used to get the representation of a remote account, based on the account ID (which is a URI). // The given username will be used to create a transport for making outgoing requests. See the implementation for more detailed comments. DereferenceRemoteAccount(username string, remoteAccountID *url.URL) (typeutils.Accountable, error) diff --git a/internal/federation/finger.go b/internal/federation/finger.go new file mode 100644 index 000000000..9afe83edf --- /dev/null +++ b/internal/federation/finger.go @@ -0,0 +1,69 @@ +/* + GoToSocial + Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +package federation + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "net/url" + "strings" + + apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" +) + +func (f *federator) FingerRemoteAccount(requestingUsername string, targetUsername string, targetDomain string) (*url.URL, error) { + + t, err := f.GetTransportForUser(requestingUsername) + if err != nil { + return nil, fmt.Errorf("FingerRemoteAccount: error getting transport for username %s while dereferencing @%s@%s: %s", requestingUsername, targetUsername, targetDomain, err) + } + + b, err := t.Finger(context.Background(), targetUsername, targetDomain) + if err != nil { + return nil, fmt.Errorf("FingerRemoteAccount: error doing request on behalf of username %s while dereferencing @%s@%s: %s", requestingUsername, targetUsername, targetDomain, err) + } + + resp := &apimodel.WebfingerAccountResponse{} + if err := json.Unmarshal(b, resp); err != nil { + return nil, fmt.Errorf("FingerRemoteAccount: could not unmarshal server response as WebfingerAccountResponse on behalf of username %s while dereferencing @%s@%s: %s", requestingUsername, targetUsername, targetDomain, err) + } + + if len(resp.Links) == 0 { + return nil, fmt.Errorf("FingerRemoteAccount: no links found in webfinger response %s", string(b)) + } + + // look through the links for the first one that matches "application/activity+json", this is what we need + for _, l := range resp.Links { + if strings.EqualFold(l.Type, "application/activity+json") { + if l.Href == "" || l.Rel != "self" { + continue + } + accountURI, err := url.Parse(l.Href) + if err != nil { + return nil, fmt.Errorf("FingerRemoteAccount: couldn't parse url %s: %s", l.Href, err) + } + // found it! + return accountURI, nil + } + } + + return nil, errors.New("FingerRemoteAccount: no match found in webfinger response") +} diff --git a/internal/gotosocial/actions.go b/internal/gotosocial/actions.go index 824754049..b8f888a76 100644 --- a/internal/gotosocial/actions.go +++ b/internal/gotosocial/actions.go @@ -38,6 +38,7 @@ "github.com/superseriousbusiness/gotosocial/internal/api/client/instance" mediaModule "github.com/superseriousbusiness/gotosocial/internal/api/client/media" "github.com/superseriousbusiness/gotosocial/internal/api/client/notification" + "github.com/superseriousbusiness/gotosocial/internal/api/client/search" "github.com/superseriousbusiness/gotosocial/internal/api/client/status" "github.com/superseriousbusiness/gotosocial/internal/api/client/timeline" "github.com/superseriousbusiness/gotosocial/internal/api/s2s/user" @@ -122,6 +123,7 @@ usersModule := user.New(c, processor, log) timelineModule := timeline.New(c, processor, log) notificationModule := notification.New(c, processor, log) + searchModule := search.New(c, processor, log) mm := mediaModule.New(c, processor, log) fileServerModule := fileserver.New(c, processor, log) adminModule := admin.New(c, processor, log) @@ -146,6 +148,7 @@ usersModule, timelineModule, notificationModule, + searchModule, } for _, m := range apis { diff --git a/internal/message/fromfederatorprocess.go b/internal/message/fromfederatorprocess.go index 7fbdacbf9..28ba4430b 100644 --- a/internal/message/fromfederatorprocess.go +++ b/internal/message/fromfederatorprocess.go @@ -105,7 +105,9 @@ func (p *processor) processFromFederator(federatorMsg gtsmodel.FromFederator) er } if err := p.db.Put(incomingAnnounce); err != nil { - return fmt.Errorf("error adding dereferenced announce to the db: %s", err) + if _, ok := err.(db.ErrAlreadyExists); !ok { + return fmt.Errorf("error adding dereferenced announce to the db: %s", err) + } } if err := p.notifyAnnounce(incomingAnnounce); err != nil { diff --git a/internal/message/processor.go b/internal/message/processor.go index 49a4f6f05..e22ed33d6 100644 --- a/internal/message/processor.go +++ b/internal/message/processor.go @@ -109,6 +109,9 @@ type Processor interface { // NotificationsGet NotificationsGet(authed *oauth.Auth, limit int, maxID string) ([]*apimodel.Notification, ErrorWithCode) + // SearchGet performs a search with the given params, resolving/dereferencing remotely as desired + SearchGet(authed *oauth.Auth, searchQuery *apimodel.SearchQuery) (*apimodel.SearchResult, ErrorWithCode) + // StatusCreate processes the given form to create a new status, returning the api model representation of that status if it's OK. StatusCreate(authed *oauth.Auth, form *apimodel.AdvancedStatusCreateForm) (*apimodel.Status, error) // StatusDelete processes the delete of a given status, returning the deleted status if the delete goes through. diff --git a/internal/message/searchprocess.go b/internal/message/searchprocess.go new file mode 100644 index 000000000..e4e96637b --- /dev/null +++ b/internal/message/searchprocess.go @@ -0,0 +1,292 @@ +/* + GoToSocial + Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +package message + +import ( + "errors" + "net/url" + "strings" + + apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" + "github.com/superseriousbusiness/gotosocial/internal/db" + "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" + "github.com/superseriousbusiness/gotosocial/internal/oauth" + "github.com/superseriousbusiness/gotosocial/internal/util" +) + +func (p *processor) SearchGet(authed *oauth.Auth, searchQuery *apimodel.SearchQuery) (*apimodel.SearchResult, ErrorWithCode) { + results := &apimodel.SearchResult{ + Accounts: []apimodel.Account{}, + Statuses: []apimodel.Status{}, + Hashtags: []apimodel.Tag{}, + } + foundAccounts := []*gtsmodel.Account{} + foundStatuses := []*gtsmodel.Status{} + // foundHashtags := []*gtsmodel.Tag{} + + // convert the query to lowercase and trim leading/trailing spaces + query := strings.ToLower(strings.TrimSpace(searchQuery.Query)) + + // check if the query is a URI and just do a lookup for that, straight up + if uri, err := url.Parse(query); err == nil { + // 1. check if it's a status + foundStatus, err := p.searchStatusByURI(authed, uri, searchQuery.Resolve) + if err != nil { + return nil, NewErrorInternalError(err) + } + if foundStatus != nil { + foundStatuses = append(foundStatuses, foundStatus) + } + + // 2. check if it's an account + foundAccount, err := p.searchAccountByURI(authed, uri, searchQuery.Resolve) + if err != nil { + return nil, NewErrorInternalError(err) + } + if foundAccount != nil { + foundAccounts = append(foundAccounts, foundAccount) + } + } + + // check if the query is something like @whatever_username@example.org -- this means it's a remote account + if util.IsMention(searchQuery.Query) { + foundAccount, err := p.searchAccountByMention(authed, searchQuery.Query, searchQuery.Resolve) + if err != nil { + return nil, NewErrorInternalError(err) + } + if foundAccount != nil { + foundAccounts = append(foundAccounts, foundAccount) + } + } + + /* + FROM HERE ON we have our search results, it's just a matter of filtering them according to what this user is allowed to see, + and then converting them into our frontend format. + */ + for _, foundAccount := range foundAccounts { + // make sure there's no block in either direction between the account and the requester + if blocked, err := p.db.Blocked(authed.Account.ID, foundAccount.ID); err == nil && !blocked { + // all good, convert it and add it to the results + acctMasto, err := p.tc.AccountToMastoPublic(foundAccount) + if err != nil { + return nil, NewErrorInternalError(err) + } + results.Accounts = append(results.Accounts, *acctMasto) + } + } + + for _, foundStatus := range foundStatuses { + statusOwner := >smodel.Account{} + if err := p.db.GetByID(foundStatus.AccountID, statusOwner); err != nil { + continue + } + + relevantAccounts, err := p.db.PullRelevantAccountsFromStatus(foundStatus) + if err != nil { + continue + } + if visible, err := p.db.StatusVisible(foundStatus, statusOwner, authed.Account, relevantAccounts); !visible || err != nil { + continue + } + + statusMasto, err := p.tc.StatusToMasto(foundStatus, statusOwner, authed.Account, relevantAccounts.BoostedAccount, relevantAccounts.ReplyToAccount, nil) + if err != nil { + continue + } + + results.Statuses = append(results.Statuses, *statusMasto) + } + + return results, nil +} + +func (p *processor) searchStatusByURI(authed *oauth.Auth, uri *url.URL, resolve bool) (foundStatus *gtsmodel.Status, err error) { + // 1. check if it's a status + maybeStatus := >smodel.Status{} + if err = p.db.GetWhere([]db.Where{{Key: "uri", Value: uri.String(), CaseInsensitive: true}}, maybeStatus); err == nil { + // we have it and it's a status + foundStatus = maybeStatus + return + } else if err = p.db.GetWhere([]db.Where{{Key: "url", Value: uri.String(), CaseInsensitive: true}}, maybeStatus); err == nil { + // we have it and it's a status + foundStatus = maybeStatus + return + } + + // we don't have it locally so dereference it if we're allowed to + if resolve { + statusable, err := p.federator.DereferenceRemoteStatus(authed.Account.Username, uri) + if err == nil { + // it IS a status! + + // extract the status owner's IRI from the statusable + var statusOwnerURI *url.URL + statusAttributedTo := statusable.GetActivityStreamsAttributedTo() + for i := statusAttributedTo.Begin(); i != statusAttributedTo.End(); i = i.Next() { + if i.IsIRI() { + statusOwnerURI = i.GetIRI() + break + } + } + if statusOwnerURI == nil { + return nil, NewErrorInternalError(errors.New("couldn't extract ownerAccountURI from statusable")) + } + + // make sure the status owner exists in the db by searching for it + _, err := p.searchAccountByURI(authed, statusOwnerURI, resolve) + if err != nil { + return nil, err + } + + // we have the status owner, we have the dereferenced status, so now we should finish dereferencing the status properly + + // first turn it into a gtsmodel.Status + status, err := p.tc.ASStatusToStatus(statusable) + if err != nil { + return nil, NewErrorInternalError(err) + } + + // put it in the DB so it gets a UUID + if err := p.db.Put(status); err != nil { + return nil, NewErrorInternalError(err) + } + + // properly dereference everything in the status (media attachments etc) + if err := p.dereferenceStatusFields(status, authed.Account.Username); err != nil { + return nil, NewErrorInternalError(err) + } + + // update with the nicely dereferenced status + if err := p.db.UpdateByID(status.ID, status); err != nil { + return nil, NewErrorInternalError(err) + } + + foundStatus = status + } + } + return +} + +func (p *processor) searchAccountByURI(authed *oauth.Auth, uri *url.URL, resolve bool) (foundAccount *gtsmodel.Account, err error) { + maybeAccount := >smodel.Account{} + if err = p.db.GetWhere([]db.Where{{Key: "uri", Value: uri.String(), CaseInsensitive: true}}, maybeAccount); err == nil { + // we have it and it's an account + foundAccount = maybeAccount + return + } else if err = p.db.GetWhere([]db.Where{{Key: "url", Value: uri.String(), CaseInsensitive: true}}, maybeAccount); err == nil { + // we have it and it's an account + foundAccount = maybeAccount + return + } + if resolve { + // we don't have it locally so try and dereference it + accountable, err := p.federator.DereferenceRemoteAccount(authed.Account.Username, uri) + if err == nil { + // it IS an account! + account, err := p.tc.ASRepresentationToAccount(accountable, false) + if err != nil { + return nil, NewErrorInternalError(err) + } + + if err := p.db.Put(account); err != nil { + return nil, NewErrorInternalError(err) + } + + if err := p.dereferenceAccountFields(account, authed.Account.Username, false); err != nil { + return nil, NewErrorInternalError(err) + } + + foundAccount = account + } + } + return +} + +func (p *processor) searchAccountByMention(authed *oauth.Auth, mention string, resolve bool) (foundAccount *gtsmodel.Account, err error) { + // query is for a remote account + username, domain, err := util.ExtractMentionParts(mention) + if err != nil { + return nil, NewErrorBadRequest(err) + } + + // if it's a local account we can skip a whole bunch of stuff + maybeAcct := >smodel.Account{} + if domain == p.config.Host { + if p.db.GetLocalAccountByUsername(username, maybeAcct); err != nil { + return + } + foundAccount = maybeAcct + return + } + + // it's not a local account so first we'll check if it's in the database already... + where := []db.Where{ + {Key: "username", Value: username, CaseInsensitive: true}, + {Key: "domain", Value: domain, CaseInsensitive: true}, + } + err = p.db.GetWhere(where, maybeAcct) + if err == nil { + // we've got it stored locally already! + foundAccount = maybeAcct + return + } + + if _, ok := err.(db.ErrNoEntries); !ok { + // if it's not errNoEntries there's been a real database error so bail at this point + return nil, NewErrorInternalError(err) + } + + // we got a db.ErrNoEntries, so we just don't have the account locally stored -- check if we can dereference it + if resolve { + // we're allowed to resolve it so let's try + + // first we need to webfinger the remote account to convert the username and domain into the activitypub URI for the account + acctURI, err := p.federator.FingerRemoteAccount(authed.Account.Username, username, domain) + if err != nil { + // something went wrong doing the webfinger lookup so we can't process the request + return nil, NewErrorInternalError(err) + } + + // dereference the account based on the URI we retrieved from the webfinger lookup + accountable, err := p.federator.DereferenceRemoteAccount(authed.Account.Username, acctURI) + if err != nil { + // something went wrong doing the dereferencing so we can't process the request + return nil, NewErrorInternalError(err) + } + + // convert the dereferenced account to the gts model of that account + foundAccount, err = p.tc.ASRepresentationToAccount(accountable, false) + if err != nil { + // something went wrong doing the conversion to a gtsmodel.Account so we can't process the request + return nil, NewErrorInternalError(err) + } + + // put this new account in our database + if err := p.db.Put(foundAccount); err != nil { + return nil, NewErrorInternalError(err) + } + + // properly dereference all the fields on the account immediately + if err := p.dereferenceAccountFields(foundAccount, authed.Account.Username, true); err != nil { + return nil, NewErrorInternalError(err) + } + } + + return +} diff --git a/internal/transport/transport.go b/internal/transport/transport.go index 4fba484cd..8df74f575 100644 --- a/internal/transport/transport.go +++ b/internal/transport/transport.go @@ -19,6 +19,8 @@ type Transport interface { pub.Transport DereferenceMedia(c context.Context, iri *url.URL, expectedContentType string) ([]byte, error) + // Finger performs a webfinger request with the given username and domain, and returns the bytes from the response body. + Finger(c context.Context, targetUsername string, targetDomains string) ([]byte, error) } // transport implements the Transport interface @@ -83,3 +85,42 @@ func (t *transport) DereferenceMedia(c context.Context, iri *url.URL, expectedCo } return ioutil.ReadAll(resp.Body) } + +func (t *transport) Finger(c context.Context, targetUsername string, targetDomain string) ([]byte, error) { + l := t.log.WithField("func", "Finger") + urlString := fmt.Sprintf("https://%s/.well-known/webfinger?resource=acct:%s@%s", targetDomain, targetUsername, targetDomain) + l.Debugf("performing GET to %s", urlString) + + iri, err := url.Parse(urlString) + if err != nil { + return nil, fmt.Errorf("Finger: error parsing url %s: %s", urlString, err) + } + + l.Debugf("performing GET to %s", iri.String()) + + req, err := http.NewRequest("GET", iri.String(), nil) + if err != nil { + return nil, err + } + req = req.WithContext(c) + req.Header.Add("Accept", "application/json") + req.Header.Add("Accept", "application/jrd+json") + req.Header.Add("Date", t.clock.Now().UTC().Format("Mon, 02 Jan 2006 15:04:05")+" GMT") + req.Header.Add("User-Agent", fmt.Sprintf("%s %s", t.appAgent, t.gofedAgent)) + req.Header.Set("Host", iri.Host) + t.getSignerMu.Lock() + err = t.getSigner.SignRequest(t.privkey, t.pubKeyID, req, nil) + t.getSignerMu.Unlock() + if err != nil { + return nil, err + } + resp, err := t.client.Do(req) + if err != nil { + return nil, err + } + defer resp.Body.Close() + if resp.StatusCode != http.StatusOK { + return nil, fmt.Errorf("GET request to %s failed (%d): %s", iri.String(), resp.StatusCode, resp.Status) + } + return ioutil.ReadAll(resp.Body) +} diff --git a/internal/typeutils/internaltoas.go b/internal/typeutils/internaltoas.go index cceb1b11b..296d0a182 100644 --- a/internal/typeutils/internaltoas.go +++ b/internal/typeutils/internaltoas.go @@ -252,6 +252,7 @@ func (c *converter) AccountToAS(a *gtsmodel.Account) (vocab.ActivityStreamsPerso headerImage.SetActivityStreamsUrl(headerURLProperty) headerProperty.AppendActivityStreamsImage(headerImage) + person.SetActivityStreamsImage(headerProperty) } return person, nil diff --git a/internal/util/statustools.go b/internal/util/statustools.go index 2c74749e5..8f9cb795c 100644 --- a/internal/util/statustools.go +++ b/internal/util/statustools.go @@ -77,6 +77,11 @@ func ExtractMentionParts(mention string) (username, domain string, err error) { return } +// IsMention returns true if the passed string looks like @whatever@example.org +func IsMention(mention string) bool { + return mentionNameRegex.MatchString(strings.ToLower(mention)) +} + // unique returns a deduplicated version of a given string slice. func unique(s []string) []string { keys := make(map[string]bool)