federails 0.0.1 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b172418ad3d12834c3c724244a83fe3f30115923c3182608d670d164af0f23c3
-  data.tar.gz: 3e401d421423152b900733c0ad2729b0f2087532e20e416ee69c58393e378ad9
+  metadata.gz: bc485556cd2ae749668f8f6a6ffec973361bdef6970e421845b9c2de64e8cecf
+  data.tar.gz: 34630a4b116e47b3d4c3ec4fd7599ba0264f4dd76fdff5db795d2be90c50c2cc
 SHA512:
-  metadata.gz: e32dfc49219c5719c2ccdb56db44c6bbbcc026374cbf8b3bb9e0545e0f925397988b242407e2b57c4e597a7aca2796d88ce3573c3ba66c85933da9dc6ddb319c
-  data.tar.gz: f98b93107cbf37b63ebd26d128fc4a1f9b9b929f12054406fc4c2e9ea416ce72f2edb273c59e2ac58241cf36782872b81b83311939b054b64ec79c24d4919c1d
+  metadata.gz: b296b6db88b1077326722a187f6074fc8f9bbeb4f43d0f90a2c7811fb7bfd14b0e247f64149ce41c0e53128ce45d3e7e61ecfb0da8d47e64b6b7f188dfa33c8c
+  data.tar.gz: 948085a88295cf6c6699ed1dbea2a64a30d8695bb1a9d596cb83d66753eb4e26b5129d0d00574d21f230544b75a3f859411e64c785878abc2ce85021ef41a2b5

data/README.md

@@ -1,10 +1,30 @@
 # Federails
-Short description and motivation.
 
-## Usage
-How to use my plugin.
+Federails is an engine that brings ActivityPub to Ruby on Rails application.
+
+## Community
+
+You can join the [matrix chat room](https://matrix.to/#/#federails:matrix.org) to chat with humans.
+
+Open issues or feature requests on the [issue tracker](https://gitlab.com/experimentslabs/federails/-/issues)
+
+## Features
+
+This engine is meant to be used in Rails applications to add the ability to act as an ActivityPub server.
+
+As the project is in an early stage of development we're unable to provide a clean list of what works and what is missing.
+
+The general direction is to be able to:
+
+- publish and subscribe to any type of content
+- have a discovery endpoint (`webfinger`)
+- have a following/followers system
+- implement all the parts of the (RFC) labelled with **MUST** and **MUST NOT**
+- implement some or all the parts of the RFC labelled with **SHOULD** and **SHOULD NOT**
+- maybe implement the parts of the RFC labelled with **MAY**
 
 ## Installation
+
 Add this line to your application's Gemfile:
 
 ```ruby
@@ -12,17 +32,161 @@ gem "federails"
 ```
 
 And then execute:
+
 ```bash
 $ bundle
 ```
 
-Or install it yourself as:
-```bash
-$ gem install federails
+### Configuration
+
+Generate configuration files:
+
+```sh
+bundle exec rails generate federails:install
+```
+
+It creates an initializer and a configuration file:
+- `config/initializers/federails.rb`
+- `config/federails.yml`
+
+By default, Federails is configured using `config_from` method, that loads the appropriate YAML file, but you may want
+to configure it differently:
+
+```rb
+# config/initializers/federails.rb
+Federails.configure do |config|
+  config.host = 'localhost'
+  # ...
+end
+```
+
+For now, refer to [the source code](lib/federails/configuration.rb) for the full list of options.
+
+### Routes
+
+Mount the engine on `/`: routes to `/.well-known/*` and `/nodeinfo/*` must be at the root of the site.
+Federails routes are then available under the configured path (`routes_path`):
+
+```rb
+# config/routes.rb
+mount Federails::Engine => '/'
+```
+
+With `routes_path = 'federation'`, routes will be:
+
+```txt
+/.well-known/webfinger(.:format)
+/.well-known/host-meta(.:format)
+/.well-known/nodeinfo(.:format)
+/nodeinfo/2.0(.:format)
+/federation/actors/:id/followers(.:format)
+/federation/actors/:id/following(.:format)
+/federation/actors/:actor_id/outbox(.:format)
+/federation/actors/:actor_id/inbox(.:format)
+/federation/actors/:actor_id/activities/:id(.:format)
+/federation/actors/:actor_id/followings/:id(.:format)
+/federation/actors/:actor_id/notes/:id(.:format)
+/federation/actors/:id(.:format)
+...
+```
+
+Some routes can be disabled in configuration if you don't want to expose particular features:
+
+```
+Federails.configure do |config|
+  # Disable routing for .well-known and nodeinfo
+  config.enable_discovery = false
+
+  # Disable web client UI routes
+  config.client_routes_path = nil
+end
+```
+
+### Migrations
+
+Copy the migrations:
+
+```sh
+bundle exec rails federails:install:migrations
+```
+
+### User model
+
+In the ActivityPub world, we refer to _actors_ to represent the thing that publishes or subscribe to _other actors_.
+
+Federails provides a concern to include in your "user" model or whatever will publish data:
+
+```rb
+# app/models/user.rb
+
+class User < ApplicationRecord
+  # Include the concern here:
+  include Federails::Entity
+
+  # Configure field names
+  acts_as_federails_actor username_field: :username, name_field: :name, profile_url_method: :user_url
+end
+```
+
+This concern automatically create a `Federails::Actor` after a user creation, as well as the `actor` reference. When adding it to
+an existing model with existing data, you will need to generate the corresponding actors yourself in a migration.
+
+Usage example:
+
+```rb
+actor = User.find(1).actor
+
+actor.inbox
+actor.outbox
+actor.followers
+actor.following
+#...
 ```
 
 ## Contributing
-Contribution directions go here.
+
+Contributions are welcome, may it be issues, ideas, code or whatever you want to share. Please note:
+
+- This project is _fast forward_ only: we don't do merge commits
+- We adhere to [semantic versioning](). Please update the changelog in your commits
+- We try to adhere to [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/) principles
+- We _may_ rename your commits before merging them
+- We _may_ split your commits before merging them
+
+To contribute:
+
+1. Fork this repository
+2. Create small commits
+3. Ideally create small pull requests. Don't hesitate to open them early so we all can follow how it's going
+4. Get congratulated
+
+### Tooling
+
+#### RSpec
+
+RSpec is the test suite. Start it with
+
+```sh
+bundle exec rspec
+```
+
+#### Rubocop
+
+Rubocop is a linter. Start it with
+
+```sh
+bundle exec rubocop
+```
+
+#### FactoryBot
+
+FactoryBot is a factory generator used in tests and development.
+A rake task checks the replayability of the factories and traits:
+
+```sh
+bundle exec app:factory_bot:lint
+```
 
 ## License
+
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -1,8 +1,8 @@
-require "bundler/setup"
+require 'bundler/setup'
 
-APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
-load "rails/tasks/engine.rake"
+APP_RAKEFILE = File.expand_path('spec/dummy/Rakefile', __dir__)
+load 'rails/tasks/engine.rake'
 
-load "rails/tasks/statistics.rake"
+load 'rails/tasks/statistics.rake'
 
-require "bundler/gem_tasks"
+require 'bundler/gem_tasks'

data/app/controllers/federails/application_controller.rb

@@ -1,4 +1,23 @@
 module Federails
   class ApplicationController < ActionController::Base
+    include Pundit::Authorization
+
+    rescue_from ActiveRecord::RecordNotFound, with: :error_not_found
+
+    layout Federails.configuration.app_layout if Federails.configuration.app_layout
+
+    private
+
+    def error_fallback(exception, fallback_message, status)
+      message = exception&.message || fallback_message
+      respond_to do |format|
+        format.json { render json: { error: message }, status: status }
+        format.html { raise exception }
+      end
+    end
+
+    def error_not_found(exception = nil)
+      error_fallback(exception, 'Resource not found', :not_found)
+    end
   end
 end

data/app/controllers/federails/client/activities_controller.rb

@@ -0,0 +1,21 @@
+module Federails
+  module Client
+    class ActivitiesController < Federails::ApplicationController
+      before_action :authenticate_user!, only: [:feed]
+      # layout 'layouts/application'
+
+      # GET /app/activities
+      # GET /app/activities.json
+      def index
+        @activities = policy_scope(Federails::Activity, policy_scope_class: Federails::Client::ActivityPolicy::Scope).all
+        @activities = @activities.where actor_id: params[:actor_id] if params[:actor_id]
+      end
+
+      # GET /app/feed
+      # GET /app/feed.json
+      def feed
+        @activities = Activity.feed_for(current_user.actor)
+      end
+    end
+  end
+end

data/app/controllers/federails/client/actors_controller.rb

@@ -0,0 +1,37 @@
+module Federails
+  module Client
+    class ActorsController < Federails::ApplicationController
+      before_action :set_actor, only: [:show]
+
+      # GET /app/actors
+      # GET /app/actors.json
+      def index
+        @actors = policy_scope(Federails::Actor, policy_scope_class: Federails::Client::ActorPolicy::Scope).all
+      end
+
+      # GET /app/actors/1
+      # GET /app/actors/1.json
+      def show; end
+
+      # GET /app/explorer/lookup
+      # GET /app/explorer/lookup.json
+      def lookup
+        @actor = Federails::Actor.find_by_account account_param
+        authorize @actor, policy_class: Federails::Client::ActorPolicy
+        render :show
+      end
+
+      private
+
+      # Use callbacks to share common setup or constraints between actions.
+      def set_actor
+        @actor = Federails::Actor.find(params[:id])
+        authorize @actor, policy_class: Federails::Client::ActorPolicy
+      end
+
+      def account_param
+        params.require('account')
+      end
+    end
+  end
+end

data/app/controllers/federails/client/followings_controller.rb

@@ -0,0 +1,93 @@
+module Federails
+  module Client
+    class FollowingsController < Federails::ApplicationController
+      before_action :authenticate_user!
+      before_action :set_following, only: [:accept, :destroy]
+
+      # PUT /app/followings/:id/accept
+      # PUT /app/followings/:id/accept.json
+      def accept
+        respond_to do |format|
+          url = federails.client_actor_url @following.actor
+          if @following.accept!
+            format.html { redirect_to url, notice: I18n.t('controller.followings.accept.success') }
+            format.json { render :show, status: :ok, location: @following }
+          else
+            format.html { redirect_to url, alert: I18n.t('controller.followings.accept.error') }
+            format.json { render json: @following.errors, status: :unprocessable_entity }
+          end
+        end
+      end
+
+      # POST /app/followings
+      # POST /app/followings.json
+      def create
+        @following = Following.new(following_params)
+        @following.actor = current_user.actor
+        authorize @following, policy_class: Federails::Client::FollowingPolicy
+
+        save_and_render
+      end
+
+      # POST /app/followings/follow
+      # POST /app/followings/follow.json
+      def follow
+        begin
+          @following = Following.new_from_account following_account_params, actor: current_user.actor
+          authorize @following, policy_class: Federails::Client::FollowingPolicy
+        rescue ::ActiveRecord::RecordNotFound
+          # Renders a 422 instead of a 404
+          respond_to do |format|
+            format.html { redirect_to federails.client_actors_url, alert: I18n.t('controller.followings.follow.error') }
+            format.json { render json: { target_actor: ['does not exist'] }, status: :unprocessable_entity }
+          end
+
+          return
+        end
+
+        save_and_render
+      end
+
+      # DELETE /app/followings/1
+      # DELETE /app/followings/1.json
+      def destroy
+        @following.destroy
+        respond_to do |format|
+          format.html { redirect_to federails.client_actor_url(@following.actor), notice: I18n.t('controller.followings.destroy.success') }
+          format.json { head :no_content }
+        end
+      end
+
+      private
+
+      # Use callbacks to share common setup or constraints between actions.
+      def set_following
+        @following = Following.find(params[:id])
+        authorize @following, policy_class: Federails::Client::FollowingPolicy
+      end
+
+      # Only allow a list of trusted parameters through.
+      def following_params
+        params.require(:following).permit(:target_actor_id)
+      end
+
+      def following_account_params
+        params.require(:account)
+      end
+
+      def save_and_render # rubocop:disable Metrics/AbcSize
+        url = federails.client_actor_url current_user.actor
+
+        respond_to do |format|
+          if @following.save
+            format.html { redirect_to url, notice: I18n.t('controller.followings.save_and_render.success') }
+            format.json { render :show, status: :created, location: @following }
+          else
+            format.html { redirect_to url, alert: I18n.t('controller.followings.save_and_render.error') }
+            format.json { render json: @following.errors, status: :unprocessable_entity }
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/federails/server/activities_controller.rb

@@ -0,0 +1,65 @@
+require 'fediverse/inbox'
+
+module Federails
+  module Server
+    class ActivitiesController < ServerController
+      before_action :set_activity, only: [:show]
+
+      # GET /federation/activities
+      # GET /federation/actors/1/outbox.json
+      def outbox
+        @actor            = Actor.find(params[:actor_id])
+        @activities       = policy_scope(Federails::Activity, policy_scope_class: Federails::Server::ActivityPolicy::Scope).where(actor: @actor).order(created_at: :desc)
+        @total_activities = @activities.count
+        @activities       = @activities.page(params[:page])
+      end
+
+      # GET /federation/actors/1/activities/1.json
+      def show; end
+
+      # POST /federation/actors/1/inbox
+      def create
+        payload = payload_from_params
+        return render json: {}, status: :unprocessable_entity unless payload
+
+        if Fediverse::Inbox.dispatch_request(payload)
+          render json: {}, status: :created
+        else
+          render json: {}, status: :unprocessable_entity
+        end
+      end
+
+      private
+
+      # Use callbacks to share common setup or constraints between actions.
+      def set_activity
+        @activity = Activity.find_by!(actor_id: params[:actor_id], id: params[:id])
+      end
+
+      # Only allow a list of trusted parameters through.
+      def activity_params
+        params.fetch(:activity, {})
+      end
+
+      def payload_from_params
+        payload_string = request.body.read
+        request.body.rewind if request.body.respond_to? :rewind
+
+        begin
+          payload = JSON.parse(payload_string)
+        rescue JSON::ParserError
+          return
+        end
+
+        hash = JSON::LD::API.compact payload, payload['@context']
+        validate_payload hash
+      end
+
+      def validate_payload(hash)
+        return unless hash['@context'] && hash['id'] && hash['type'] && hash['actor'] && hash['object']
+
+        hash
+      end
+    end
+  end
+end

data/app/controllers/federails/server/actors_controller.rb

@@ -0,0 +1,34 @@
+module Federails
+  module Server
+    class ActorsController < ServerController
+      before_action :set_actor, only: [:show, :followers, :following]
+
+      # GET /federation/actors/1
+      # GET /federation/actors/1.json
+      def show; end
+
+      def followers
+        @actors = @actor.followers.order(created_at: :desc)
+        followings_queries
+      end
+
+      def following
+        @actors = @actor.follows.order(created_at: :desc)
+        followings_queries
+      end
+
+      private
+
+      # Use callbacks to share common setup or constraints between actions.
+      def set_actor
+        @actor = Actor.find(params[:id])
+        authorize @actor, policy_class: Federails::Server::ActorPolicy
+      end
+
+      def followings_queries
+        @total_actors = @actors.count
+        @actors       = @actors.page(params[:page])
+      end
+    end
+  end
+end

data/app/controllers/federails/server/followings_controller.rb

@@ -0,0 +1,18 @@
+module Federails
+  module Server
+    class FollowingsController < ServerController
+      before_action :set_following, only: [:show]
+
+      # GET /federation/actors/1/followings/1.json
+      def show; end
+
+      private
+
+      # Use callbacks to share common setup or constraints between actions.
+      def set_following
+        @following = Following.find_by!(actor_id: params[:actor_id], id: params[:id])
+        authorize @following, policy_class: Federails::Server::FollowingPolicy
+      end
+    end
+  end
+end

data/app/controllers/federails/server/nodeinfo_controller.rb

@@ -0,0 +1,22 @@
+module Federails
+  module Server
+    class NodeinfoController < ServerController
+      def index
+        render formats: [:json]
+      end
+
+      def show # rubocop:todo Metrics/AbcSize
+        @total = @active_halfyear = @active_month = 0
+        Federails::Configuration.entity_types.each_value do |config|
+          next unless config[:include_in_user_count]
+
+          model = config[:class]
+          @total += model.count
+          @active_month += model.where(created_at: ((30.days.ago)...Time.current)).count
+          @active_halfyear += model.where(created_at: ((180.days.ago)...Time.current)).count
+        end
+        render formats: [:json]
+      end
+    end
+  end
+end

data/app/controllers/federails/server/server_controller.rb

@@ -0,0 +1,17 @@
+module Federails
+  module Server
+    class ServerController < Federails::ApplicationController
+      protect_from_forgery with: :null_session
+
+      # def policy_scope(scope, policy_scope_class: nil)
+      #   scope = [scope, :server] unless policy_scope_class
+      #   super(scope, policy_scope_class: policy_scope_class)
+      # end
+
+      # def authorize(record, query = nil, policy_class: nil)
+      #   record = [:server, record] unless policy_class
+      #   super(record, query, policy_class: policy_class)
+      # end
+    end
+  end
+end

data/app/controllers/federails/server/web_finger_controller.rb

@@ -0,0 +1,38 @@
+require 'fediverse/webfinger'
+
+module Federails
+  module Server
+    class WebFingerController < ServerController
+      def find
+        resource = params.require(:resource)
+        case resource
+        when %r{^https?://.+}
+          @user = Federails::Actor.find_by_federation_url(resource)&.entity
+        when /^acct:.+/
+          Federails::Configuration.entity_types.each_value do |entity|
+            @user ||= entity[:class].find_by(entity[:username_field] => username)
+          end
+        end
+        raise ActiveRecord::RecordNotFound if @user.nil?
+
+        render formats: [:json]
+      end
+
+      def host_meta
+        render content_type: 'application/xrd+xml', formats: [:xml]
+      end
+
+      # TODO: complete missing endpoints
+
+      private
+
+      def username
+        account = Fediverse::Webfinger.split_resource_account params.require(:resource)
+        # Fail early if user don't _seems_ local
+        raise ActiveRecord::RecordNotFound unless account && Fediverse::Webfinger.local_user?(account)
+
+        account[:username]
+      end
+    end
+  end
+end

data/app/jobs/federails/notify_inbox_job.rb

@@ -0,0 +1,12 @@
+require 'fediverse/notifier'
+
+module Federails
+  class NotifyInboxJob < ApplicationJob
+    queue_as :default
+
+    def perform(activity)
+      activity.reload
+      Fediverse::Notifier.post_to_inboxes(activity)
+    end
+  end
+end

data/app/mailers/federails/application_mailer.rb

@@ -1,6 +1,6 @@
 module Federails
   class ApplicationMailer < ActionMailer::Base
-    default from: "from@example.com"
-    layout "mailer"
+    default from: 'from@example.com'
+    layout 'mailer'
   end
 end

data/app/models/concerns/federails/entity.rb

@@ -0,0 +1,46 @@
+module Federails
+  module Entity
+    extend ActiveSupport::Concern
+
+    included do
+      has_one :actor, class_name: 'Federails::Actor', as: :entity, dependent: :destroy
+
+      after_create :create_actor
+
+      # Configures the mapping between entity and actor
+      # @param username_field [Symbol] The method or attribute name that returns the preferred username for ActivityPub
+      # @param name_field [Symbol] The method or attribute name that returns the preferred name for ActivityPub
+      # @param profile_url_method [Symbol] The route method name that will generate the profile URL for ActivityPub
+      # @param actor_type [String] The ActivityStreams Actor type for this entity; defaults to 'Person'
+      # @param include_in_user_count [boolean] Should this entity be included in the nodeinfo user count? Defaults to true
+      # @example
+      #   acts_as_federails_actor username_field: :username, name_field: :display_name, profile_url_method: :url_for, actor_type: 'Person'
+      def self.acts_as_federails_actor(
+        username_field: Federails::Configuration.user_username_field,
+        name_field: Federails::Configuration.user_name_field,
+        profile_url_method: Federails.configuration.user_profile_url_method,
+        actor_type: 'Person',
+        include_in_user_count: true
+      )
+        Federails::Configuration.register_entity(
+          self,
+          username_field:        username_field,
+          name_field:            name_field,
+          profile_url_method:    profile_url_method,
+          actor_type:            actor_type,
+          include_in_user_count: include_in_user_count
+        )
+      end
+
+      # Automatically run default acts_as_federails_actor
+      # this can be optionally called again with different configuration in the entity
+      acts_as_federails_actor
+
+      private
+
+      def create_actor
+        Federails::Actor.create! entity: self
+      end
+    end
+  end
+end