distributed-press-api-client 0.3.1 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1f9ade4eb6d66abaf9b33a5781a0a3ec1ced7849c59d2c5e23b871b59cd206f2
-  data.tar.gz: 57c7f2e5e72e49fa7418e850800a4ad420b29e6be1d62cf4bfb25272234c3424
+  metadata.gz: 1a027ef2456449498ff03679402ac4a0f3689656cd5990e0aa9498b07e86beea
+  data.tar.gz: 1117e426318b07a0bbb833713b6e15fd5c614490d4ff05d1c29cac4cbbb8fc1a
 SHA512:
-  metadata.gz: 5e6d5be220822e44d1397aa1bf034be6141892a847b99cb1dedb8830d56d0064e955f15b95aba51c1f4aba460d0c04195c1d8b45a651f2c328de5571a75f6215
-  data.tar.gz: b16c1082df61f87468e54ddf0cfd6336f995b45b7c05f6b30e94cff127daa4ea904fbf6188c519efc98c8116a90e9bef424d2985f5641989f2f42ee8b342e387
+  metadata.gz: c462c24bd87a73557218beefe37b3194016ee1462fbd061155018b09c068fba019027512c17eee71c8096f83bd10a14a81aaca06d6597efa9218e615341f24de
+  data.tar.gz: b9424cca5bf2d55085298e5205df63bfe6813b1a3874f3854c85a1cd9019a4207284468b5337081e2e73b7fbe7b9e8f6ceccc1e289d7a7a28fd856674ca5acb1

data/lib/distributed_press/v1/schemas/bittorrent_protocol.rb

@@ -20,4 +20,4 @@ class DistributedPress
       end
     end
   end
-end
+end

data/lib/distributed_press/v1/social/allowlist.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require_relative 'blocklist'
+
+class DistributedPress
+  module V1
+    module Social
+      # Manages Social Inbox allowlist
+      #
+      # @example
+      #   DistributedPress::V1::Social::Allowlist.new(client: client)
+      #   DistributedPress::V1::Social::Allowlist.new(client: client, actor: '@sutty@sutty.nl')
+      class Allowlist < Blocklist
+        ENDPOINT = '/allowlist'
+      end
+    end
+  end
+end

data/lib/distributed_press/v1/social/blocklist.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+require_relative 'client'
+
+class DistributedPress
+  module V1
+    module Social
+      # Manages Social Inbox blocklist
+      #
+      # @example
+      #   DistributedPress::V1::Social::Blocklist.new(client: client)
+      #   DistributedPress::V1::Social::Blocklist.new(client: client, actor: '@sutty@sutty.nl')
+      class Blocklist
+        ACCEPT = %w[text/plain].freeze
+        CONTENT_TYPE = 'text/plain'
+        ENDPOINT = '/blocklist'
+
+        # @return [DistributedPress::V1::Social::Client]
+        attr_reader :client
+
+        # @return [String,nil]
+        attr_reader :actor
+
+        # @param :client [DistributedPress::V1::Social::Client]
+        # @param :actor [String]
+        def initialize(client:, actor: nil)
+          @client = client
+          @actor = actor
+
+          @serializer = proc do |body|
+            body.join("\n")
+          end
+
+          # @param :body [String,nil]
+          # @return [Array<String>]
+          @parser =
+            proc do |body, _|
+              next [] if body.nil?
+
+              body.split("\n").map(&:strip).reject(&:empty?)
+            end
+        end
+
+        # Obtains the current blocklist
+        #
+        # @return [Array<String>]
+        def get
+          client.get(endpoint: endpoint, parser: @parser, content_type: CONTENT_TYPE, accept: ACCEPT)
+        end
+
+        # Sends an array of instances and accounts to be blocked
+        #
+        # @param :list [Array<String>]
+        # @return [HTTParty::Response]
+        def post(list:)
+          client.post(endpoint: endpoint, body: list, serializer: @serializer, parser: @parser,
+                      content_type: CONTENT_TYPE, accept: ACCEPT)
+        end
+
+        # Removes instances and accounts from the blocklist
+        #
+        # @param :list [Array<String>]
+        # @return [HTTParty::Response]
+        def delete(list:)
+          client.delete(endpoint: endpoint, body: list, serializer: @serializer, parser: @parser,
+                        content_type: CONTENT_TYPE, accept: ACCEPT)
+        end
+
+        def endpoint
+          @endpoint ||= "/v1/#{actor}#{self.class::ENDPOINT}".squeeze('/')
+        end
+      end
+    end
+  end
+end

data/lib/distributed_press/v1/social/client.rb

@@ -1,10 +1,13 @@
 # frozen_string_literal: true
 
 require 'httparty'
+require 'httparty/cache'
 require 'openssl'
 require 'time'
 require 'digest/sha2'
 require 'uri'
+require_relative '../../version'
+require_relative 'signed_headers'
 
 class DistributedPress
   module V1
@@ -17,22 +20,33 @@ class DistributedPress
       # @see {https://github.com/mastodon/mastodon/blob/main/app/lib/request.rb}
       class Client
         include ::HTTParty
+        include ::HTTParty::Cache
 
-        # Signing algorithm
-        #
-        # @todo is it possible to use other algorithms?
-        ALGORITHM = 'rsa-sha256'
-        # Required by HTTP Signatures
-        REQUEST_TARGET = '(request-target)'
-        # Headers included in the signature
-        SIGNABLE_HEADERS = [REQUEST_TARGET, 'Host', 'Date', 'Digest']
-        # Content types
-        CONTENT_TYPES = %w[application/ld+json application/activity+json]
+        class Error < StandardError; end
+        class ContentTooLargeError < Error; end
+        class BrotliUnsupportedError < Error; end
+
+        # Always cache
+        caching true
+
+        # Content types sent and accepted
+        ACCEPT = %w[application/activity+json application/ld+json application/json].freeze
+        CONTENT_TYPE = 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'
+
+        ACCEPT.each do |accept|
+          HTTParty::Parser::SupportedFormats[accept] = :json
+        end
 
         # API URL
+        #
         # @return [String]
         attr_reader :url
 
+        # API URI
+        #
+        # @return [URI]
+        attr_reader :uri
+
         # RSA key size
         #
         # @return [Integer]
@@ -43,36 +57,57 @@ class DistributedPress
         # @return [String]
         attr_reader :public_key_url
 
+        # Logger
+        #
+        # @return [Logger]
+        attr_reader :logger
+
         # @param :url [String] Social Distributed Press URL
         # @param :public_key [String] URL where public key is available
         # @param :private_key_pem [String] RSA Private key, PEM encoded
         # @param :key_size [Integer]
         # @param :logger [Logger]
-        def initialize(url: 'https://social.distributed.press', public_key_url:, private_key_pem: nil, key_size: 2048, logger: nil)
-          self.class.default_options[:base_uri] = @url = HTTParty.normalize_base_uri(url)
-          self.class.default_options[:logger] = logger
+        # @param :cache_store [HTTParty::Cache::Store::Abstract,Symbol]
+        def initialize(public_key_url:, url: 'https://social.distributed.press', private_key_pem: nil, key_size: 2048,
+                       logger: nil, cache_store: :memory)
+          self.class.default_options[:logger] = @logger = logger
           self.class.default_options[:log_level] = :debug
+          self.class.cache_store cache_store
 
+          @url = HTTParty.normalize_base_uri(url)
           @public_key_url = public_key_url
           @key_size = key_size
           @private_key_pem = private_key_pem
-
-          CONTENT_TYPES.each do |content_type|
-            HTTParty::Parser::SupportedFormats[content_type] = :json
+          @uri = URI.parse(url)
+          @serializer ||= proc do |body|
+            body.to_json
           end
         end
 
+        def _dump(_)
+          Marshal.dump({
+            public_key_url: public_key_url,
+            url: url,
+            private_key_pem: @private_key_pem,
+            key_size: key_size,
+            cache_store: self.class.cache_store
+          })
+        end
+
+        def self._load(hash)
+          new(**Marshal.load(hash))
+        end
+
         # GET request
         #
         # @param endpoint [String]
-        # @return [Hash]
-        def get(endpoint:)
-          headers = default_headers
-
-          add_request_specific_headers! headers, 'get', endpoint
-          sign_headers! headers
-
-          self.class.get(endpoint, headers: headers)
+        # @param parser [HTTParty::Parser,Proc]
+        # @param content_type [String]
+        # @param accept [Array<String>]
+        # @return [HTTParty::Response]
+        def get(endpoint:, parser: HTTParty::Parser, content_type: CONTENT_TYPE, accept: ACCEPT)
+          perform_signed_request method: Net::HTTP::Get, endpoint: endpoint, parser: parser, content_type: content_type,
+                                 accept: accept
         end
 
         # POST request
@@ -80,16 +115,45 @@ class DistributedPress
         # @todo Use DRY-schemas
         # @param endpoint [String]
         # @param body [Hash]
-        # @return [Hash]
-        def post(endpoint:, body:)
-          body = body.to_json
-          headers = default_headers
+        # @param serializer [Proc]
+        # @param parser [HTTParty::Parser,Proc]
+        # @param content_type [String]
+        # @param accept [Array<String>]
+        # @return [HTTParty::Response]
+        def post(endpoint:, body: nil, serializer: @serializer, parser: HTTParty::Parser, content_type: CONTENT_TYPE,
+                 accept: ACCEPT)
+          perform_signed_request method: Net::HTTP::Post, endpoint: endpoint, body: body, serializer: serializer,
+                                 parser: parser, content_type: content_type, accept: accept
+        end
 
-          add_request_specific_headers! headers, 'post', endpoint
-          checksum_body! body, headers
-          sign_headers! headers
+        # PUT request
+        #
+        # @param endpoint [String]
+        # @param body [Hash]
+        # @param serializer [Proc]
+        # @param parser [HTTParty::Parser,Proc]
+        # @param content_type [String]
+        # @param accept [Array<String>]
+        # @return [HTTParty::Response]
+        def put(endpoint:, body: nil, serializer: @serializer, parser: HTTParty::Parser, content_type: CONTENT_TYPE,
+                accept: ACCEPT)
+          perform_signed_request method: Net::HTTP::Put, endpoint: endpoint, body: body, serializer: serializer,
+                                 parser: parser, content_type: content_type, accept: accept
+        end
 
-          self.class.post(endpoint, body: body, headers: headers)
+        # DELETE request with optional body
+        #
+        # @param endpoint [String]
+        # @param body [Hash]
+        # @param serializer [Proc]
+        # @param parser [HTTParty::Parser,Proc]
+        # @param content_type [String]
+        # @param accept [Array<String>]
+        # @return [HTTParty::Response]
+        def delete(endpoint:, body: nil, serializer: @serializer, parser: HTTParty::Parser, content_type: CONTENT_TYPE,
+                   accept: ACCEPT)
+          perform_signed_request method: Net::HTTP::Delete, endpoint: endpoint, body: body, serializer: serializer,
+                                 parser: parser, content_type: content_type, accept: accept
         end
 
         # Loads or generates a private key
@@ -115,84 +179,154 @@ class DistributedPress
 
         private
 
-        def default_headers
-          {
+        # Perform request
+        #
+        # @param method [Net::HTTP::Get,Net::HTTP::Post,Net::HTTP::Put,Net::HTTP::Delete]
+        # @param endpoint [String]
+        # @param body [Hash]
+        # @param serializer [Proc]
+        # @param parser [HTTParty::Parser,Proc]
+        # @param content_type [String]
+        # @param accept [Array<String>]
+        # @return [HTTParty::Response]
+        def perform_signed_request(method:, endpoint:, body: nil, serializer: @default_serializer, parser: HTTParty::Parser,
+                                   content_type: CONTENT_TYPE, accept: ACCEPT)
+          headers = default_headers(content_type: content_type, accept: accept)
+
+          unless body.nil?
+            body = serializer.call(body)
+            checksum_body!(body, headers)
+          end
+
+          # Mimics HTTParty.perform_request, but processing the header
+          # after the request is instantiated. No need to process
+          # cookies for now. Uses the public key URL as a caching key so
+          # we revalidate access on shared caches.
+          options = { body: body, headers: headers, base_uri: url, parser: parser, stream_body: true }
+          options = HTTParty::ModuleInheritableAttributes.hash_deep_dup(self.class.default_options).merge(options)
+          response_body = ''.dup
+
+          HTTParty::Request.new(method, endpoint, options).tap do |request|
+            headers.request = request
+          end.perform do |fragment|
+            fragment_to_body!(fragment, response_body)
+          end.tap do |response|
+            next if response_body.empty?
+
+            fix_response!(response, response_body)
+          end
+        end
+
+        # Default headers
+        #
+        # @param :content_type [String]
+        # @param :accept [Array<String>]
+        # @return [SignedHeaders]
+        def default_headers(content_type: CONTENT_TYPE, accept: ACCEPT)
+          SignedHeaders[
             'User-Agent' => "DistributedPress/#{DistributedPress::VERSION}",
-            'Content-Type' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
-            'Host' => host
-          }
+            'Content-Type' => content_type,
+            'Accept' => accept.join(', '),
+            'Host' => host,
+            'Accept-Encoding' => "#{'br;q=1.0,' if brotli?}gzip;q=1.0,deflate;q=0.6,identity;q=0.3",
+            'Date' => Time.now.utc.httpdate
+          ].tap do |headers|
+            headers.private_key = private_key
+            headers.public_key_url = public_key_url
+          end
         end
 
-        # HTTP Signatures
+        # Generate a checksum for the request body
         #
-        # @see {https://docs.joinmastodon.org/spec/security/}
+        # @param :body [String]
         # @param :headers [Hash]
-        def sign_headers!(headers)
-          headers['Signature'] = {
-            'keyId' => public_key_url,
-            'algorithm' => ALGORITHM,
-            'headers' => signable_headers(headers),
-            'signature' => signed_headers(headers)
-          }.map do |key, value|
-            "#{key}=\"#{value}\""
-          end.join(',')
-
-          headers.delete REQUEST_TARGET
+        def checksum_body!(body, headers)
+          headers['Digest'] = "SHA-256=#{Digest::SHA256.base64digest body}"
 
           nil
         end
 
-        # List of headers to be signed, removing headers that don't
-        # exist on the request.
+        # If the endpoint is on a subdirectory, we need the absolute
+        # path for signing
         #
+        # @param :endpoint [String]
         # @return [String]
-        def signable_headers(headers)
-          (SIGNABLE_HEADERS & headers.keys).join(' ').downcase
+        def absolute_endpoint(endpoint)
+          "#{uri.path}/#{endpoint}".squeeze('/')
         end
 
-        # Sign headers
-        #
-        # @param :headers [Hash]
-        # @return [String]
-        def signed_headers(headers)
-          Base64.strict_encode64(
-            private_key.sign(
-              OpenSSL::Digest.new('SHA256'),
-              signature_content(headers)
-            )
-          )
+        # Brotli available
+        def brotli?
+          begin
+            require 'brs'
+          rescue LoadError => e
+            if logger
+              logger.warn e.message
+            else
+              puts e
+            end
+          end
+
+          defined? ::BRS
         end
 
-        # Generates a string to be signed
+        # Inflates a Brotli compressed fragment.  A fragment could be
+        # small enough to contain a huge inflated payload.  In our
+        # tests, 2GB of zeroes were compressed to a 1.6KB fragment.
         #
-        # @param :headers [Hash]
-        # @return [String]
-        def signature_content(headers)
-          headers.slice(*SIGNABLE_HEADERS).map do |key, value|
-            "#{key.downcase}: #{value}"
-          end.join("\n")
+        # @todo Maybe each_char is too slow?
+        # @param fragment [HTTParty::ResponseFragment]
+        # @param append_to [String]
+        def inflate_fragment!(fragment, append_to)
+          fragment_io = StringIO.new(fragment)
+
+          BRS::Stream::Reader.new(fragment_io, source_buffer_length: 256,
+                                               destination_buffer_length: 1024).each_char do |char|
+            append_to << char
+
+            raise ContentTooLargeError if append_to.bytesize > 1_000_000
+          end
         end
 
-        # Generate a checksum for the request body
+        # Collect fragments into body by checking the bytesize and
+        # failing if it gets too big.
         #
-        # @param :body [String]
-        # @param :headers [Hash]
-        def checksum_body!(body, headers)
-          headers['Digest'] = "SHA-256=#{Digest::SHA256.base64digest body}"
+        # @param :fragment [HTTParty::ResponseFragment]
+        # @param :append_to [String]
+        def fragment_to_body!(fragment, append_to)
+          case fragment.http_response['content-encoding']
+          when 'br'
+            # Raise an error rather than returning an empty body
+            unless brotli?
+              raise BrotliUnsupportedError,
+                    'Server sent brotli-encoded response but ruby-brs gem is missing'
+            end
 
-          nil
+            inflate_fragment!(fragment, append_to)
+          else
+            append_to << fragment
+          end
+
+          raise ContentTooLargeError if append_to.bytesize > 1_000_000
+        rescue ContentTooLargeError
+          raise ContentTooLargeError, "Content too large #{append_to.bytesize} bytes!"
         end
 
-        # Headers specific to a single request
+        # Re-adds a streamed body to the response and caches it again so
+        # it can carry the body
         #
-        # @param :headers [Hash] Headers
-        # @param :verb [String] HTTP verb
-        # @param :endpoint [String] Path
-        def add_request_specific_headers!(headers, verb, endpoint)
-          headers['Date'] = Time.now.utc.httpdate
-          headers[REQUEST_TARGET] = "#{verb} #{endpoint}"
+        # @param response [HTTParty::Response]
+        # @param body [String]
+        def fix_response!(response, body)
+          request = response.request
+          parser = request.options[:parser]
+          format = request.format || :plain
 
-          nil
+          response.instance_variable_set(:@body, body)
+          response.instance_variable_set(:@parsed_block, -> { parser.call(body, format) })
+          response.instance_variable_set(:@parsed_response, nil)
+
+          self.class.cache_store.set(response.cache_key, response)
         end
       end
     end

data/lib/distributed_press/v1/social/dereferencer.rb

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+
+require 'addressable'
+require_relative 'reference'
+require_relative 'referenced_object'
+
+class DistributedPress
+  module V1
+    module Social
+      # Fetches ActivityStreams from different instances by
+      # instantiating clients.
+      class Dereferencer
+        # @return [DistributedPress::V1::Social::Client]
+        attr_reader :client
+
+        # We only need the client
+        def _dump(_)
+          Marshal.dump(client)
+        end
+ 
+        def self._load(client)
+          new(client: Marshal.load(client))
+        end
+
+        # @param :client [DistributedPress::V1::Social::Client]
+        def initialize(client:)
+          @client = client
+          @parser =
+            proc do |body, format|
+              next HTTParty::Parser.call(body, format || :plain) unless body&.starts_with? '{'
+
+              ReferencedObject.new(object: HTTParty::Parser.call(body, :json), dereferencer: self)
+            end
+        end
+
+        # Fetch a URI
+        #
+        # @param :uri [String, Addressable::URI]
+        # @return [HTTParty::Response]
+        def get(uri:)
+          uri = uris(uri)
+
+          clients(uri).get(endpoint: uri.path, parser: @parser)
+        end
+
+        # Gets a client for a URI
+        #
+        # @param :uri [Addressable::URI]
+        # @return [DistributedPress::V1::Social::Client]
+        def clients(uri)
+          @@clients ||= {}
+          @@clients[uri.origin] ||=
+            client.class.new(
+              url: uri.origin,
+              public_key_url: client.public_key_url,
+              private_key_pem: client.private_key.to_s,
+              logger: client.logger,
+              cache_store: client.class.cache_store
+            )
+        end
+
+        # Gets a reference for a URI and indexes it by the complete
+        # and normalized URI
+        #
+        # @param :uri [String, Addressable::URI]
+        # @return [DistributedPress::V1::Social::Reference]
+        def references(uri)
+          @@references ||= {}
+          @@references[uri.to_s] ||= Reference.new(uri: uri.to_s, dereferencer: self)
+        end
+
+        # Make sure we're getting a normalized Addressable::URI
+        #
+        # @param :uri [String, Addressable::URI]
+        # @return [Addressable::URI]
+        def uris(uri)
+          @@uris ||= {}
+          @@uris[uri.to_s] ||=
+            (if uri.is_a? Addressable::URI
+               uri
+             else
+               Addressable::URI.parse(uri)
+             end).normalize
+        end
+
+      end
+    end
+  end
+end

data/lib/distributed_press/v1/social/hook.rb

@@ -0,0 +1,100 @@
+# frozen_string_literal: true
+
+require_relative 'client'
+require_relative 'schemas/webhook'
+
+class DistributedPress
+  module V1
+    module Social
+      # Manages the actor's hooks on the Social Inbox
+      class Hook
+        class Error < StandardError; end
+        class ValidationError < Error; end
+        class EventNotValidError < Error; end
+
+        ACCEPT = %w[text/plain].freeze
+        CONTENT_TYPE = 'text/plain'
+        EVENTS = %w[moderationqueued onapproved onrejected].freeze
+
+        # @return [DistributedPress::V1::Social::Client]
+        attr_reader :client
+
+        # @return [String]
+        attr_reader :actor
+
+        # @param :client [DistributedPress::V1::Social::Client]
+        # @param :actor [String]
+        def initialize(client:, actor:)
+          @client = client
+          @actor = actor
+          # The serializer validates the body format and raises an
+          # exception if it contains errors.
+          @serializer = proc do |body|
+            body.tap do |b|
+              next if b.errors.empty?
+
+              raise ValidationError, body.errors.to_h.map do |key, messages|
+                messages.map do |message|
+                  "#{key} #{message}"
+                end
+              end.flatten.join(', ')
+            end.to_h.to_json
+          end
+
+          # XXX: format is nil but should be :json
+          @parser = proc do |body, format|
+            next HTTParty::Parser.call(body, format || :plain) unless body.starts_with? '{'
+
+            json = HTTParty::Parser.call(body, :json)
+
+            DistributedPress::V1::Social::Schemas::Webhook.new.call(json)
+          end
+        end
+
+        # Gets a hook and validates return, or 404 when not found
+        #
+        # @param :event [String]
+        # @return [HTTParty::Response]
+        def get(event:)
+          validate_event! event
+
+          client.get(endpoint: "#{endpoint}/#{event}", parser: @parser)
+        end
+
+        # Creates a webhook
+        #
+        # @param :event [String]
+        # @param :hook [DistributedPress::V1::Social::Schemas::Webhook]
+        # @return [HTTParty::Response]
+        def put(event:, hook:)
+          validate_event! event
+
+          client.put(endpoint: "#{endpoint}/#{event}", body: hook, serializer: @serializer, parser: @parser)
+        end
+
+        # Removes a hook for an event
+        #
+        # @param :event [String]
+        # @return [HTTParty::Response]
+        def delete(event:)
+          validate_event! event
+
+          client.delete(endpoint: "#{endpoint}/#{event}", serializer: @serializer, parser: @parser)
+        end
+
+        # Endpoint
+        #
+        # @return [String]
+        def endpoint
+          @endpoint ||= "/v1/#{actor}/hooks"
+        end
+
+        private
+
+        def validate_event!(event)
+          raise EventNotValidError, "#{event} must be one of #{EVENTS.join(', ')}" unless EVENTS.include? event
+        end
+      end
+    end
+  end
+end

data/lib/distributed_press/v1/social/inbox.rb

@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+require 'uri'
+require_relative 'client'
+
+class DistributedPress
+  module V1
+    module Social
+      # Manages the actor's inbox on the Social Inbox
+      class Inbox
+        # @return [DistributedPress::V1::Social::Client]
+        attr_reader :client
+
+        # @return [String]
+        attr_reader :actor
+
+        # @param :client [DistributedPress::V1::Social::Client]
+        # @param :actor [String]
+        def initialize(client:, actor:)
+          @client = client
+          @actor = actor
+        end
+
+        # Creates a Social Inbox by uploading the keypair to it.
+        #
+        # @param actor_url [String] The URL where the Actor profile is hosted
+        # @return [HTTParty::Response]
+        def create(actor_url)
+          inbox_body = {
+            'actorUrl' => actor_url,
+            'publicKeyId' => "#{actor_url}#main-key",
+            'keypair' => {
+              'publicKeyPem' => client.public_key.public_to_pem,
+              'privateKeyPem' => client.private_key.export
+            }
+          }
+
+          client.post(endpoint: "/v1/#{actor}", body: inbox_body)
+        end
+
+        # Get the actor's inbox
+        #
+        # @return [HTTParty::Response]
+        def get
+          client.get(endpoint: endpoint)
+        end
+
+        # Send an activity to the actor's inbox. This is typically done
+        # by other actors though, not ourselves, so it could be used to
+        # send directly to another Actor's Social Inbox.
+        #
+        # @param :activity [Hash]
+        # @return [HTTParty::Response]
+        def post(activity:)
+          client.post(endpoint: endpoint, body: activity)
+        end
+
+        # Reject an activity queued on the inbox
+        #
+        # @param :id [String] Activity ID
+        # @return [HTTParty::Response]
+        def reject(id:)
+          client.delete(endpoint: "#{endpoint}/#{URI.encode_uri_component(id)}")
+        end
+
+        # Accept an activity queued on the inbox
+        #
+        # @param :id [String] Activity ID
+        # @return [HTTParty::Response]
+        def accept(id:)
+          client.post(endpoint: "#{endpoint}/#{URI.encode_uri_component(id)}", body: {})
+        end
+
+        # Inbox
+        #
+        # @return [String]
+        def endpoint
+          @endpoint ||= "/v1/#{actor}/inbox"
+        end
+      end
+    end
+  end
+end

data/lib/distributed_press/v1/social/outbox.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require 'uri'
+require_relative 'client'
+
+class DistributedPress
+  module V1
+    module Social
+      # Manages the actor's outbox on the Social Inbox
+      class Outbox
+        # @return [DistributedPress::V1::Social::Client]
+        attr_reader :client
+
+        # @return [String]
+        attr_reader :actor
+
+        # @param :client [DistributedPress::V1::Social::Client]
+        # @param :actor [String]
+        def initialize(client:, actor:)
+          @client = client
+          @actor = actor
+        end
+
+        # Send an activity to the actor's outbox.  The Social Inbox will
+        # take care of sending it to the audiences.
+        #
+        # @param :activity [Hash]
+        # @return [HTTParty::Response]
+        def post(activity:)
+          client.post(endpoint: endpoint, body: activity)
+        end
+
+        # Get an activity queued on the outbox
+        #
+        # @param :id [String] Activity ID
+        # @return [HTTParty::Response]
+        def get(id:)
+          client.get(endpoint: "#{endpoint}/#{URI.encode_uri_component(id)}")
+        end
+
+        # Outbox
+        #
+        # @return [String]
+        def endpoint
+          @endpoint ||= "/v1/#{actor}/outbox"
+        end
+      end
+    end
+  end
+end

data/lib/distributed_press/v1/social/reference.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+class DistributedPress
+  module V1
+    module Social
+      # A lazy loaded reference to a remote object that can access its
+      # attributes directly.
+      class Reference
+        extend Forwardable
+
+        # @return [String]
+        attr_reader :uri
+
+        # @return [DistributedPress::V1::Social::Dereferencer]
+        attr_reader :dereferencer
+
+        # @param :uri [String]
+        # @param :dereferencer [DistributedPress::V1::Social::Dereferencer]
+        def initialize(uri:, dereferencer:)
+          @uri = uri
+          @dereferencer = dereferencer
+        end
+
+        # Fetches the remote object once
+        #
+        # @return [HTTParty::Response]
+        def object
+          @object ||= dereferencer.get(uri: uri)
+        end
+
+        def inspect
+          "#{self.class.name}(#{uri})"
+        end
+
+        def_delegators :object, :[], :dig, :to_h, :to_json
+      end
+    end
+  end
+end

data/lib/distributed_press/v1/social/referenced_object.rb

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+
+class DistributedPress
+  module V1
+    module Social
+      # An object with external references
+      class ReferencedObject
+        extend Forwardable
+
+        REFERENTIABLE_ATTRIBUTES =
+          %w[
+            actor
+            owner
+            attributedTo
+            cc
+            inReplyTo
+            object
+            replies
+            to
+            publicKey
+
+            alsoKnownAs
+            devices
+            featured
+            featuredTags
+            followers
+            following
+            inbox
+            movedTo
+            outbox
+
+            first
+            items
+            next
+            orderedItems
+            partOf
+            prev
+          ].freeze
+
+        attr_reader :object
+        attr_reader :dereferencer
+        attr_reader :referenced
+
+        def_delegators :referenced, :[], :dig, :to_h, :to_json
+
+        def initialize(object:, dereferencer:)
+          @object = object
+          @dereferencer = dereferencer
+          @referenced = HTTParty::ModuleInheritableAttributes.hash_deep_dup(object)
+          reference_object! referenced
+        end
+
+        def _dump(_)
+          Marshal.dump([object, dereferencer])
+        end
+
+        def self._load(array)
+          object, dereferencer = Marshal.load(array)
+
+          new(object: object, dereferencer: dereferencer)
+        end
+
+        private
+
+        def reference_object!(object)
+          REFERENTIABLE_ATTRIBUTES.each do |attribute|
+            next unless object.key? attribute
+
+            case object[attribute]
+            when Array
+              object[attribute].map! do |o|
+                case o
+                when Hash
+                  reference_object!(o)
+                  o
+                when String then dereferencer.references(dereferencer.uris(o))
+                end
+              end
+            when Hash
+              reference_object!(object[attribute])
+            when String
+              object[attribute] = dereferencer.references(dereferencer.uris(object[attribute]))
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/distributed_press/v1/social/schemas/webhook.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require 'dry-schema'
+require_relative '../../../../dry/schema/processor_decorator'
+require_relative '../../../../dry/schema/result_decorator'
+
+class DistributedPress
+  module V1
+    module Social
+      # WebhookSchema
+      module Schemas
+        class Webhook < Dry::Schema::JSON
+          METHODS = %w[GET POST PUT DELETE].freeze
+
+          define do
+            required(:url).value(:uri_rfc3986?)
+            required(:method).value(included_in?: METHODS)
+            required(:headers).hash
+          end
+        end
+      end
+    end
+  end
+end

data/lib/distributed_press/v1/social/signed_headers.rb

@@ -0,0 +1,106 @@
+# frozen_string_literal: true
+
+class DistributedPress
+  module V1
+    module Social
+      # Headers need to be signed by knowing the HTTP method (verb) and
+      # path.  Since we're using caching, we need to change the
+      # signature after it's changed.
+      class SignedHeaders < Hash
+        # Signing algorithm
+        #
+        # @todo is it possible to use other algorithms?
+        ALGORITHM = 'rsa-sha256'
+
+        # Required by HTTP Signatures
+        REQUEST_TARGET = '(request-target)'
+
+        # Headers included in the signature
+        # rubocop:disable Style/MutableConstant
+        SIGNABLE_HEADERS = [REQUEST_TARGET, 'Host', 'Date', 'Digest']
+        # rubocop:enable Style/MutableConstant
+
+        # @return [HTTParty::Request]
+        attr_accessor :request
+
+        # @return [OpenSSL::PKey::RSA]
+        attr_accessor :private_key
+
+        # @return [String]
+        attr_accessor :public_key_url
+
+        # Takes advantage of HTTParty::Request.setup_raw_request running
+        # to_hash on the headers, so we sign as soon as we're ready to
+        # send the request.
+        #
+        # @return [Hash]
+        def to_hash
+          request_target!
+          sign_headers!
+
+          # xxx: converts to an actual Hash to facilitate marshaling
+          super.to_h
+        end
+
+        private
+
+        # @return [String]
+        def verb
+          request.http_method.name.split('::').last.downcase
+        end
+
+        def request_target!
+          self[REQUEST_TARGET] = "#{verb} #{request.path}"
+        end
+
+        # HTTP Signatures
+        #
+        # @see {https://docs.joinmastodon.org/spec/security/}
+        # @param :headers [Hash]
+        def sign_headers!
+          self['Signature'] = {
+            'keyId' => public_key_url,
+            'algorithm' => ALGORITHM,
+            'headers' => signable_headers,
+            'signature' => signed_headers
+          }.map do |key, value|
+            "#{key}=\"#{value}\""
+          end.join(',')
+
+          delete REQUEST_TARGET
+
+          nil
+        end
+
+        # List of headers to be signed, removing headers that don't
+        # exist on the request.
+        #
+        # @return [String]
+        def signable_headers
+          (SIGNABLE_HEADERS & keys).join(' ').downcase
+        end
+
+        # Sign headers
+        #
+        # @return [String]
+        def signed_headers
+          Base64.strict_encode64(
+            private_key.sign(
+              OpenSSL::Digest.new('SHA256'),
+              signature_content
+            )
+          )
+        end
+
+        # Generates a string to be signed
+        #
+        # @return [String]
+        def signature_content
+          slice(*SIGNABLE_HEADERS).map do |key, value|
+            "#{key.downcase}: #{value}"
+          end.join("\n")
+        end
+      end
+    end
+  end
+end

data/lib/distributed_press/version.rb

@@ -3,5 +3,5 @@
 # API client
 class DistributedPress
   # Version
-  VERSION = '0.3.1'
+  VERSION = '0.4.0'
 end

data/lib/dry/schema/processor_decorator.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require 'dry/schema/processor'
+
+module Dry
+  module Schema
+    # Include the processor as Result option so we can deserialize
+    # later.
+    module ProcessorDecorator
+      def self.included(base)
+        base.class_eval do
+          # Add the processor to the result so we can deserialize it
+          # later
+          def call(input)
+            Result.new(input.dup, message_compiler: message_compiler, processor: self) do |result|
+              steps.call(result)
+            end
+          end
+        end
+      end
+    end
+  end
+end
+
+Dry::Schema::Processor.include Dry::Schema::ProcessorDecorator

data/lib/dry/schema/result_decorator.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require 'dry/schema/processor'
+
+module Dry
+  module Schema
+    # This decorator allows to serialize Dry::Schema::Result objects
+    # by storing the data and processor so they can be run again during
+    # deserialization.
+    module ResultDecorator
+      def self.included(base)
+        base.class_eval do
+          option :processor
+
+          def _dump(_)
+            Marshal.dump(
+              {
+                processor: processor.class,
+                data: to_h
+              }
+            )
+          end
+
+          def self._load(data)
+            data = Marshal.load(data)
+
+            data[:processor].new.call(data[:data])
+          end
+        end
+      end
+    end
+  end
+end
+
+Dry::Schema::Result.include Dry::Schema::ResultDecorator

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: distributed-press-api-client
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.4.0
 platform: ruby
 authors:
 - f
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-12-01 00:00:00.000000000 Z
+date: 2024-03-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -72,6 +72,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.18'
+- !ruby/object:Gem::Dependency
+  name: httparty-cache
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.6
 - !ruby/object:Gem::Dependency
   name: json
   requirement: !ruby/object:Gem::Requirement
@@ -224,6 +238,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: ruby-brs
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -279,9 +307,21 @@ files:
 - lib/distributed_press/v1/schemas/token_payload.rb
 - lib/distributed_press/v1/schemas/update_site.rb
 - lib/distributed_press/v1/social.rb
+- lib/distributed_press/v1/social/allowlist.rb
+- lib/distributed_press/v1/social/blocklist.rb
 - lib/distributed_press/v1/social/client.rb
+- lib/distributed_press/v1/social/dereferencer.rb
+- lib/distributed_press/v1/social/hook.rb
+- lib/distributed_press/v1/social/inbox.rb
+- lib/distributed_press/v1/social/outbox.rb
+- lib/distributed_press/v1/social/reference.rb
+- lib/distributed_press/v1/social/referenced_object.rb
+- lib/distributed_press/v1/social/schemas/webhook.rb
+- lib/distributed_press/v1/social/signed_headers.rb
 - lib/distributed_press/v1/token.rb
 - lib/distributed_press/version.rb
+- lib/dry/schema/processor_decorator.rb
+- lib/dry/schema/result_decorator.rb
 - lib/jekyll-distributed-press-v0.rb
 homepage: https://0xacab.org/sutty/distributed-press-api-client
 licenses: