federails 0.1.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bc485556cd2ae749668f8f6a6ffec973361bdef6970e421845b9c2de64e8cecf
-  data.tar.gz: 34630a4b116e47b3d4c3ec4fd7599ba0264f4dd76fdff5db795d2be90c50c2cc
+  metadata.gz: e489a0088b05ef80d9cc112164f054a030f0cb007406cb14789372a5a52c490f
+  data.tar.gz: b6832c622e5c33bf85f520839604a9e6e516821097d70bb6c6acb7df92f0d4b3
 SHA512:
-  metadata.gz: b296b6db88b1077326722a187f6074fc8f9bbeb4f43d0f90a2c7811fb7bfd14b0e247f64149ce41c0e53128ce45d3e7e61ecfb0da8d47e64b6b7f188dfa33c8c
-  data.tar.gz: 948085a88295cf6c6699ed1dbea2a64a30d8695bb1a9d596cb83d66753eb4e26b5129d0d00574d21f230544b75a3f859411e64c785878abc2ce85021ef41a2b5
+  metadata.gz: 59e24e51b83545daabfa7dc0c878183d8b0bc14276b559b529fb5ee48183739c49b1a1987eb4a5e8d0d795dcfbe6970d6a3478691f9a13cd12c399903df61695
+  data.tar.gz: 01f6e7bef60bd2d15e142b7b55fecf25dd76ab67571c994c3c8aae1eba23fbcc75d02fb03775131a070b3cc6c18021d33ce91bb8645e937d94c1425a0a7433a3

data/README.md

@@ -92,7 +92,7 @@ With `routes_path = 'federation'`, routes will be:
 
 Some routes can be disabled in configuration if you don't want to expose particular features:
 
-```
+```rb
 Federails.configure do |config|
   # Disable routing for .well-known and nodeinfo
   config.enable_discovery = false
@@ -102,6 +102,17 @@ Federails.configure do |config|
 end
 ```
 
+#### Remote following
+
+By default, remote follow requests (where you press a follow button on another server and get redirected home to complete the follow)
+will use the built-in client paths. If you're not using the client, or want to provide your own user interface, you can set the path like this, assuming that `new_follow_url` is a valid route in your app. A `uri` query parameter template will be automatically appended, you don't need to specify that.
+
+```rb
+Federails.configure do |config|
+  config.remote_follow_url_method = :new_follow_url
+end
+```
+
 ### Migrations
 
 Copy the migrations:
@@ -143,6 +154,32 @@ actor.following
 #...
 ```
 
+### Using the Federails client
+
+Federails comes with a client, enabled by default, that provides basic views to display and interact with Federails data,
+accessible on `/app` by default (changeable with the configuration option `client_routes_path`)
+
+If it's a good starting point, it might be disabled once you made your own integration by setting `client_routes_path`
+to a `nil` value.
+
+If you want to override the client's views, copy them in your application:
+
+```sh
+rails generate federails:copy_client_views
+```
+
+## Common questions
+
+- **I override the base controller and the links breaks in my layout**
+
+  Use `main_app.<url_helper>` for links to your application; `federails.<federails_url_helper>` for links to the Federails client.
+- **I specified a custom layout and the links breaks in it**
+
+  Use `main_app.<url_helper>` for links to your application; `federails.<federails_url_helper>` for links to the Federails client.
+- **I specified a custom layout and my helpers are not available**
+
+  You will have better results if you specify a `base_controller` from your application as Federails base controller is isolated from the main app and does not have access to its helpers.
+
 ## Contributing
 
 Contributions are welcome, may it be issues, ideas, code or whatever you want to share. Please note:

data/app/controllers/federails/client/activities_controller.rb

@@ -1,14 +1,14 @@
 module Federails
   module Client
-    class ActivitiesController < Federails::ApplicationController
+    class ActivitiesController < Federails::ClientController
       before_action :authenticate_user!, only: [:feed]
-      # layout 'layouts/application'
+      before_action :authorize_action!
 
       # GET /app/activities
       # GET /app/activities.json
       def index
         @activities = policy_scope(Federails::Activity, policy_scope_class: Federails::Client::ActivityPolicy::Scope).all
-        @activities = @activities.where actor_id: params[:actor_id] if params[:actor_id]
+        @activities = @activities.where actor: Actor.find_param(params[:actor_id]) if params[:actor_id]
       end
 
       # GET /app/feed
@@ -16,6 +16,12 @@ module Federails
       def feed
         @activities = Activity.feed_for(current_user.actor)
       end
+
+      private
+
+      def authorize_action!
+        authorize(Federails::Activity, policy_class: Federails::Client::ActivityPolicy)
+      end
     end
   end
 end

data/app/controllers/federails/client/actors_controller.rb

@@ -1,12 +1,15 @@
 module Federails
   module Client
-    class ActorsController < Federails::ApplicationController
+    class ActorsController < Federails::ClientController
       before_action :set_actor, only: [:show]
 
       # GET /app/actors
       # GET /app/actors.json
       def index
+        authorize Federails::Actor, policy_class: Federails::Client::ActorPolicy
+
         @actors = policy_scope(Federails::Actor, policy_scope_class: Federails::Client::ActorPolicy::Scope).all
+        @actors = @actors.local if params[:local_only]
       end
 
       # GET /app/actors/1
@@ -25,7 +28,7 @@ module Federails
 
       # Use callbacks to share common setup or constraints between actions.
       def set_actor
-        @actor = Federails::Actor.find(params[:id])
+        @actor = Federails::Actor.find_param(params[:id])
         authorize @actor, policy_class: Federails::Client::ActorPolicy
       end
 

data/app/controllers/federails/client/followings_controller.rb

@@ -1,9 +1,18 @@
 module Federails
   module Client
-    class FollowingsController < Federails::ApplicationController
+    class FollowingsController < Federails::ClientController
       before_action :authenticate_user!
+      before_action :skip_authorization, only: [:new, :create]
       before_action :set_following, only: [:accept, :destroy]
 
+      # GET /app/followings/new?uri={uri}
+      def new
+        # Find actor (and fetch if necessary)
+        actor = Actor.find_or_create_by_federation_url(params[:uri])
+        # Redirect to local profile page which will have a follow button on it
+        redirect_to federails.client_actor_url(actor)
+      end
+
       # PUT /app/followings/:id/accept
       # PUT /app/followings/:id/accept.json
       def accept
@@ -32,9 +41,10 @@ module Federails
       # POST /app/followings/follow
       # POST /app/followings/follow.json
       def follow
+        authorize Federails::Following, policy_class: Federails::Client::FollowingPolicy
+
         begin
           @following = Following.new_from_account following_account_params, actor: current_user.actor
-          authorize @following, policy_class: Federails::Client::FollowingPolicy
         rescue ::ActiveRecord::RecordNotFound
           # Renders a 422 instead of a 404
           respond_to do |format|
@@ -62,7 +72,7 @@ module Federails
 
       # Use callbacks to share common setup or constraints between actions.
       def set_following
-        @following = Following.find(params[:id])
+        @following = Following.find_param(params[:id])
         authorize @following, policy_class: Federails::Client::FollowingPolicy
       end
 

data/app/controllers/federails/client_controller.rb

@@ -0,0 +1,9 @@
+module Federails
+  class ClientController < Federails.configuration.base_client_controller.constantize
+    include Pundit::Authorization
+
+    after_action :verify_authorized
+
+    layout Federails.configuration.app_layout if Federails.configuration.app_layout
+  end
+end

data/app/controllers/federails/server/activities_controller.rb

@@ -2,13 +2,15 @@ require 'fediverse/inbox'
 
 module Federails
   module Server
-    class ActivitiesController < ServerController
+    class ActivitiesController < Federails::ServerController
       before_action :set_activity, only: [:show]
 
       # GET /federation/activities
       # GET /federation/actors/1/outbox.json
       def outbox
-        @actor            = Actor.find(params[:actor_id])
+        authorize Federails::Activity, policy_class: Federails::Server::ActivityPolicy
+
+        @actor            = Actor.find_param(params[:actor_id])
         @activities       = policy_scope(Federails::Activity, policy_scope_class: Federails::Server::ActivityPolicy::Scope).where(actor: @actor).order(created_at: :desc)
         @total_activities = @activities.count
         @activities       = @activities.page(params[:page])
@@ -19,13 +21,15 @@ module Federails
 
       # POST /federation/actors/1/inbox
       def create
+        skip_authorization
+
         payload = payload_from_params
-        return render json: {}, status: :unprocessable_entity unless payload
+        return head :unprocessable_entity unless payload
 
         if Fediverse::Inbox.dispatch_request(payload)
-          render json: {}, status: :created
+          head :created
         else
-          render json: {}, status: :unprocessable_entity
+          head :unprocessable_entity
         end
       end
 
@@ -33,7 +37,8 @@ module Federails
 
       # Use callbacks to share common setup or constraints between actions.
       def set_activity
-        @activity = Activity.find_by!(actor_id: params[:actor_id], id: params[:id])
+        @activity = Actor.find_param(params[:actor_id]).activities.find_param(params[:id])
+        authorize @activity, policy_class: Federails::Server::ActivityPolicy
       end
 
       # Only allow a list of trusted parameters through.

data/app/controllers/federails/server/actors_controller.rb

@@ -1,17 +1,21 @@
 module Federails
   module Server
-    class ActorsController < ServerController
+    class ActorsController < Federails::ServerController
       before_action :set_actor, only: [:show, :followers, :following]
 
       # GET /federation/actors/1
       # GET /federation/actors/1.json
       def show; end
 
+      # GET /federation/actors/:id/followers
+      # GET /federation/actors/:id/followers.json
       def followers
         @actors = @actor.followers.order(created_at: :desc)
         followings_queries
       end
 
+      # GET /federation/actors/:id/followers
+      # GET /federation/actors/:id/followers.json
       def following
         @actors = @actor.follows.order(created_at: :desc)
         followings_queries
@@ -21,7 +25,7 @@ module Federails
 
       # Use callbacks to share common setup or constraints between actions.
       def set_actor
-        @actor = Actor.find(params[:id])
+        @actor = Actor.find_param(params[:id])
         authorize @actor, policy_class: Federails::Server::ActorPolicy
       end
 

data/app/controllers/federails/server/followings_controller.rb

@@ -1,6 +1,6 @@
 module Federails
   module Server
-    class FollowingsController < ServerController
+    class FollowingsController < Federails::ServerController
       before_action :set_following, only: [:show]
 
       # GET /federation/actors/1/followings/1.json
@@ -10,7 +10,8 @@ module Federails
 
       # Use callbacks to share common setup or constraints between actions.
       def set_following
-        @following = Following.find_by!(actor_id: params[:actor_id], id: params[:id])
+        actor = Actor.find_param(params[:actor_id])
+        @following = Following.find_by!(actor: actor, uuid: params[:id])
         authorize @following, policy_class: Federails::Server::FollowingPolicy
       end
     end

data/app/controllers/federails/server/nodeinfo_controller.rb

@@ -1,21 +1,27 @@
 module Federails
   module Server
-    class NodeinfoController < ServerController
+    class NodeinfoController < Federails::ServerController
       def index
-        render formats: [:json]
+        skip_authorization
+
+        render formats: [:nodeinfo]
       end
 
       def show # rubocop:todo Metrics/AbcSize
+        skip_authorization
+
         @total = @active_halfyear = @active_month = 0
+        @has_user_counts = false
         Federails::Configuration.entity_types.each_value do |config|
-          next unless config[:include_in_user_count]
+          next unless (method = config[:user_count_method]&.to_sym)
 
+          @has_user_counts = true
           model = config[:class]
-          @total += model.count
-          @active_month += model.where(created_at: ((30.days.ago)...Time.current)).count
-          @active_halfyear += model.where(created_at: ((180.days.ago)...Time.current)).count
+          @total += model.send(method, nil)
+          @active_month += model.send(method, ((30.days.ago)...Time.current))
+          @active_halfyear += model.send(method, ((180.days.ago)...Time.current))
         end
-        render formats: [:json]
+        render formats: [:nodeinfo]
       end
     end
   end

data/app/controllers/federails/server/web_finger_controller.rb

@@ -2,8 +2,10 @@ require 'fediverse/webfinger'
 
 module Federails
   module Server
-    class WebFingerController < ServerController
+    class WebFingerController < Federails::ServerController
       def find
+        skip_authorization
+
         resource = params.require(:resource)
         case resource
         when %r{^https?://.+}
@@ -15,11 +17,13 @@ module Federails
         end
         raise ActiveRecord::RecordNotFound if @user.nil?
 
-        render formats: [:json]
+        render formats: [:jrd]
       end
 
       def host_meta
-        render content_type: 'application/xrd+xml', formats: [:xml]
+        skip_authorization
+
+        render formats: [:xrd]
       end
 
       # TODO: complete missing endpoints

data/app/controllers/federails/{application_controller.rb → server_controller.rb}

@@ -1,16 +1,23 @@
 module Federails
-  class ApplicationController < ActionController::Base
+  class ServerController < ::ActionController::Base # rubocop:disable Rails/ApplicationController
     include Pundit::Authorization
 
-    rescue_from ActiveRecord::RecordNotFound, with: :error_not_found
+    after_action :verify_authorized
+
+    protect_from_forgery with: :null_session
+    helper Federails::ServerHelper
 
-    layout Federails.configuration.app_layout if Federails.configuration.app_layout
+    rescue_from ActiveRecord::RecordNotFound, with: :error_not_found
 
     private
 
     def error_fallback(exception, fallback_message, status)
       message = exception&.message || fallback_message
       respond_to do |format|
+        format.jrd { head status }
+        format.xrd { head status }
+        format.activitypub { head status }
+        format.nodeinfo { head status }
         format.json { render json: { error: message }, status: status }
         format.html { raise exception }
       end

data/app/helpers/federails/server_helper.rb

@@ -0,0 +1,12 @@
+module Federails
+  module ServerHelper
+    def remote_follow_url
+      method_name = Federails.configuration.remote_follow_url_method.to_s
+      if method_name.starts_with? 'federails.'
+        send(method_name.gsub('federails.', ''))
+      else
+        Rails.application.routes.url_helpers.send(method_name)
+      end
+    end
+  end
+end

data/app/models/concerns/federails/entity.rb

@@ -2,39 +2,91 @@ module Federails
   module Entity
     extend ActiveSupport::Concern
 
-    included do
+    included do # rubocop:todo Metrics/BlockLength
+      include ActiveSupport::Callbacks
+      define_callbacks :followed
+
+      # Define a method that will be called after the entity receives a follow request
+      # @param method [Symbol] The name of the method to call, or a block that will be called directly
+      # @example
+      #   after_followed :accept_follow
+      def self.after_followed(method)
+        set_callback :followed, :after, method
+      end
+
+      # Define a method that will be called after an activity has been received
+      # @param activity_type [String] The activity action to handle, e.g. 'Create'. If you specify '*', the handler will be called for any activity type.
+      # @param object_type [String] The object type to handle, e.g. 'Note'. If you specify '*', the handler will be called for any object type.
+      # @param method [Symbol] The name of the class method to call. The method will receive the complete activity payload as a parameter.
+      # @example
+      #   after_activity_received 'Create', 'Note', :create_note
+      def self.after_activity_received(activity_type, object_type, method)
+        Fediverse::Inbox.register_handler(activity_type, object_type, self, method)
+      end
+
       has_one :actor, class_name: 'Federails::Actor', as: :entity, dependent: :destroy
 
-      after_create :create_actor
+      after_create :create_actor, if: lambda {
+        raise("Entity not configured for #{self.class.name}. Did you use \"acts_as_federails_actor\"?") unless Federails::Configuration.entity_types.key? self.class.name
+
+        Federails::Configuration.entity_types[self.class.name][:auto_create_actors]
+      }
 
       # Configures the mapping between entity and actor
       # @param username_field [Symbol] The method or attribute name that returns the preferred username for ActivityPub
       # @param name_field [Symbol] The method or attribute name that returns the preferred name for ActivityPub
       # @param profile_url_method [Symbol] The route method name that will generate the profile URL for ActivityPub
       # @param actor_type [String] The ActivityStreams Actor type for this entity; defaults to 'Person'
-      # @param include_in_user_count [boolean] Should this entity be included in the nodeinfo user count? Defaults to true
+      # @param user_count_method [Symbol] A class method to call to count active users. Leave unspecified to leave this
+      #  entity out of user counts. Method signature should accept a single parameter which will specify a date range
+      #  If parameter is nil, the total user count should be returned. If the parameter is specified, the number of users
+      #  active during the time period should be returned.
+      # @param auto_create_actors [Boolean] Whether to automatically create an actor when the entity is created
       # @example
       #   acts_as_federails_actor username_field: :username, name_field: :display_name, profile_url_method: :url_for, actor_type: 'Person'
+      # rubocop:disable Metrics/ParameterLists
       def self.acts_as_federails_actor(
-        username_field: Federails::Configuration.user_username_field,
-        name_field: Federails::Configuration.user_name_field,
-        profile_url_method: Federails.configuration.user_profile_url_method,
+        name_field:,
+        username_field:,
+        profile_url_method: nil,
         actor_type: 'Person',
-        include_in_user_count: true
+        user_count_method: nil,
+        auto_create_actors: true
       )
         Federails::Configuration.register_entity(
           self,
-          username_field:        username_field,
-          name_field:            name_field,
-          profile_url_method:    profile_url_method,
-          actor_type:            actor_type,
-          include_in_user_count: include_in_user_count
+          username_field:     username_field,
+          name_field:         name_field,
+          profile_url_method: profile_url_method,
+          actor_type:         actor_type,
+          user_count_method:  user_count_method,
+          auto_create_actors: auto_create_actors
         )
       end
+      # rubocop:enable Metrics/ParameterLists
 
-      # Automatically run default acts_as_federails_actor
-      # this can be optionally called again with different configuration in the entity
-      acts_as_federails_actor
+      # Add custom data to actor responses.
+      # Override in your own model to add extra data, which will be merged into the actor response
+      # generated by Federails. You can include extra `@context` for activitypub extensions and it will
+      # be merged with the main response context.
+      # @example
+      #   def to_activitypub_object
+      #     {
+      #       "@context": {
+      #         toot: "http://joinmastodon.org/ns#",
+      #         attributionDomains: {
+      #           "@id": "toot:attributionDomains",
+      #           "@type": "@id"
+      #         }
+      #       },
+      #       attributionDomains: [
+      #         "example.com"
+      #       ]
+      #     }
+      #   end
+      def to_activitypub_object
+        {}
+      end
 
       private
 

data/app/models/concerns/federails/has_uuid.rb

@@ -0,0 +1,35 @@
+module Federails
+  module HasUuid
+    extend ActiveSupport::Concern
+
+    included do
+      before_validation :generate_uuid
+      validates :uuid, presence: true, uniqueness: true
+
+      def self.find_param(param)
+        find_by!(uuid: param)
+      end
+    end
+
+    def to_param
+      uuid
+    end
+
+    # Override UUID accessor to provide lazy initialization of UUIDs for old data
+    def uuid
+      if self[:uuid].blank?
+        generate_uuid
+        save!
+      end
+      self[:uuid]
+    end
+
+    private
+
+    def generate_uuid
+      return if self[:uuid].present?
+
+      (self.uuid = SecureRandom.uuid) while self[:uuid].blank? || self.class.exists?(uuid: self[:uuid])
+    end
+  end
+end

data/app/models/federails/activity.rb

@@ -1,5 +1,7 @@
 module Federails
   class Activity < ApplicationRecord
+    include Federails::HasUuid
+
     belongs_to :entity, polymorphic: true
     belongs_to :actor
 
@@ -13,22 +15,15 @@ module Federails
 
     after_create_commit :post_to_inboxes
 
-    def recipients # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity
+    def recipients
       return [] unless actor.local?
 
-      actors = []
-      case action
-      when 'Create'
-        actors.push(entity.target_actor) if entity_type == 'Federails::Following'
-        # FIXME: Move this to dummy, somehow
-        actors.push(*actor.followers) if entity_type == 'Note'
-      when 'Accept'
-        actors.push(entity.actor) if entity_type == 'Federails::Following'
-      when 'Undo'
-        actors.push(entity.target_actor) if entity_type == 'Federails::Following'
+      case entity_type
+      when 'Federails::Following'
+        [(action == 'Accept' ? entity.actor : entity.target_actor)]
+      else
+        actor.followers
       end
-
-      actors
     end
 
     private

data/app/models/federails/actor.rb

@@ -3,6 +3,8 @@ require 'fediverse/webfinger'
 
 module Federails
   class Actor < ApplicationRecord # rubocop:disable Metrics/ClassLength
+    include Federails::HasUuid
+
     validates :federated_url, presence: { unless: :entity }, uniqueness: { unless: :entity }
     validates :username, presence: { unless: :entity }
     validates :server, presence: { unless: :entity }
@@ -89,7 +91,9 @@ module Federails
     end
 
     def entity_configuration
-      Federails::Configuration.entity_types[entity.class.name]
+      raise("Entity not configured for #{entity_type}. Did you use \"acts_as_federails_actor\"?") unless Federails::Configuration.entity_types.key? entity_type
+
+      Federails::Configuration.entity_types[entity_type]
     end
 
     class << self
@@ -112,7 +116,7 @@ module Federails
 
       def find_by_federation_url(federated_url)
         local_route = Utils::Host.local_route federated_url
-        return find local_route[:id] if local_route && local_route[:controller] == 'federails/server/actors' && local_route[:action] == 'show'
+        return find_param(local_route[:id]) if local_route && local_route[:controller] == 'federails/server/actors' && local_route[:action] == 'show'
 
         actor = find_by federated_url: federated_url
         return actor if actor
@@ -148,5 +152,40 @@ module Federails
         end
       end
     end
+
+    def public_key
+      ensure_key_pair_exists!
+      self[:public_key]
+    end
+
+    def private_key
+      ensure_key_pair_exists!
+      self[:private_key]
+    end
+
+    def key_id
+      "#{federated_url}#main-key"
+    end
+
+    private
+
+    def ensure_key_pair_exists!
+      return if self[:private_key].present? || !local?
+
+      update!(generate_key_pair)
+    end
+
+    def generate_key_pair
+      rsa_key = OpenSSL::PKey::RSA.new 2048
+      cipher  = OpenSSL::Cipher.new('AES-128-CBC')
+      {
+        private_key: if Rails.application.credentials.secret_key_base
+                       rsa_key.to_pem(cipher, Rails.application.credentials.secret_key_base)
+                     else
+                       rsa_key.to_pem
+                     end,
+        public_key:  rsa_key.public_key.to_pem,
+      }
+    end
   end
 end

data/app/models/federails/following.rb

@@ -1,5 +1,7 @@
 module Federails
   class Following < ApplicationRecord
+    include Federails::HasUuid
+
     enum status: { pending: 0, accepted: 1 }
 
     validates :target_actor_id, uniqueness: { scope: [:actor_id, :target_actor_id] }
@@ -9,6 +11,7 @@ module Federails
     # FIXME: Handle this with something like undelete
     has_many :activities, as: :entity, dependent: :destroy
 
+    after_create :after_follow
     after_create :create_activity
     after_destroy :destroy_activity
 
@@ -32,6 +35,12 @@ module Federails
 
     private
 
+    def after_follow
+      target_actor&.entity&.run_callbacks :followed, :after do
+        self
+      end
+    end
+
     def create_activity
       Activity.create! actor: actor, action: 'Create', entity: self
     end