2023-04-21 23:25:39 +02:00
|
|
|
<?php
|
|
|
|
namespace Activitypub\Rest;
|
|
|
|
|
2023-05-22 11:31:46 +02:00
|
|
|
use stdClass;
|
2023-05-05 20:02:12 +02:00
|
|
|
use WP_REST_Response;
|
2023-04-21 23:25:39 +02:00
|
|
|
use Activitypub\Signature;
|
2023-06-01 11:45:07 +02:00
|
|
|
use Activitypub\Model\Application_User;
|
2023-04-21 23:25:39 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* ActivityPub Server REST-Class
|
|
|
|
*
|
|
|
|
* @author Django Doucet
|
|
|
|
*
|
|
|
|
* @see https://www.w3.org/TR/activitypub/#security-verification
|
|
|
|
*/
|
|
|
|
class Server {
|
|
|
|
/**
|
|
|
|
* Initialize the class, registering WordPress hooks
|
|
|
|
*/
|
|
|
|
public static function init() {
|
2023-05-05 20:02:12 +02:00
|
|
|
\add_action( 'rest_api_init', array( self::class, 'register_routes' ) );
|
2023-05-18 08:03:11 +02:00
|
|
|
\add_filter( 'rest_request_before_callbacks', array( self::class, 'authorize_activitypub_requests' ), 10, 3 );
|
2023-05-05 20:02:12 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Register routes
|
|
|
|
*/
|
|
|
|
public static function register_routes() {
|
|
|
|
\register_rest_route(
|
2023-05-18 08:03:11 +02:00
|
|
|
ACTIVITYPUB_REST_NAMESPACE,
|
2023-05-05 20:09:12 +02:00
|
|
|
'/application',
|
2023-05-05 20:02:12 +02:00
|
|
|
array(
|
|
|
|
array(
|
|
|
|
'methods' => \WP_REST_Server::READABLE,
|
2023-05-05 20:09:12 +02:00
|
|
|
'callback' => array( self::class, 'application_actor' ),
|
2023-05-05 20:02:12 +02:00
|
|
|
'permission_callback' => '__return_true',
|
|
|
|
),
|
|
|
|
)
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2023-05-05 20:09:12 +02:00
|
|
|
* Render Application actor profile
|
2023-05-05 20:02:12 +02:00
|
|
|
*
|
2023-05-12 10:17:36 +02:00
|
|
|
* @return WP_REST_Response The JSON profile of the Application Actor.
|
2023-05-05 20:02:12 +02:00
|
|
|
*/
|
2023-05-05 20:09:12 +02:00
|
|
|
public static function application_actor() {
|
2023-06-01 11:45:07 +02:00
|
|
|
$user = new Application_User();
|
|
|
|
$json = $user->to_array();
|
2023-05-05 20:02:12 +02:00
|
|
|
|
|
|
|
$response = new WP_REST_Response( $json, 200 );
|
|
|
|
|
|
|
|
$response->header( 'Content-Type', 'application/activity+json' );
|
|
|
|
|
|
|
|
return $response;
|
2023-04-21 23:25:39 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Callback function to authorize each api requests
|
|
|
|
*
|
2023-05-22 11:31:46 +02:00
|
|
|
* @see WP_REST_Request
|
2023-04-21 23:25:39 +02:00
|
|
|
*
|
2023-05-12 10:17:36 +02:00
|
|
|
* @param WP_REST_Response|WP_HTTP_Response|WP_Error|mixed $response Result to send to the client.
|
|
|
|
* Usually a WP_REST_Response or WP_Error.
|
|
|
|
* @param array $handler Route handler used for the request.
|
|
|
|
* @param WP_REST_Request $request Request used to generate the response.
|
2023-04-21 23:25:39 +02:00
|
|
|
*
|
2023-05-12 10:17:36 +02:00
|
|
|
* @return mixed|WP_Error The response, error, or modified response.
|
2023-04-21 23:25:39 +02:00
|
|
|
*/
|
|
|
|
public static function authorize_activitypub_requests( $response, $handler, $request ) {
|
2023-05-06 07:44:15 +02:00
|
|
|
$route = $request->get_route();
|
2023-05-22 11:31:46 +02:00
|
|
|
|
2023-05-22 13:35:46 +02:00
|
|
|
// check if it is an activitypub request and exclude webfinger and nodeinfo endpoints
|
2023-05-22 13:34:14 +02:00
|
|
|
if (
|
2023-08-09 13:07:30 +02:00
|
|
|
! \str_starts_with( $route, '/' . ACTIVITYPUB_REST_NAMESPACE ) ||
|
|
|
|
\str_starts_with( $route, '/' . \trailingslashit( ACTIVITYPUB_REST_NAMESPACE ) . 'webfinger' ) ||
|
|
|
|
\str_starts_with( $route, '/' . \trailingslashit( ACTIVITYPUB_REST_NAMESPACE ) . 'nodeinfo' )
|
2023-05-22 13:34:14 +02:00
|
|
|
) {
|
2023-05-22 11:31:46 +02:00
|
|
|
return $response;
|
|
|
|
}
|
|
|
|
|
2023-05-22 13:35:46 +02:00
|
|
|
// POST-Requets are always signed
|
2023-05-09 11:57:43 +02:00
|
|
|
if ( 'POST' === $request->get_method() ) {
|
|
|
|
$verified_request = Signature::verify_http_signature( $request );
|
|
|
|
if ( \is_wp_error( $verified_request ) ) {
|
|
|
|
return $verified_request;
|
|
|
|
}
|
2023-05-22 13:35:46 +02:00
|
|
|
} elseif ( 'GET' === $request->get_method() ) { // GET-Requests are only signed in secure mode
|
2023-08-09 13:07:30 +02:00
|
|
|
if ( ACTIVITYPUB_AUTHORIZED_FETCH ) {
|
2023-05-22 11:31:46 +02:00
|
|
|
$verified_request = Signature::verify_http_signature( $request );
|
|
|
|
if ( \is_wp_error( $verified_request ) ) {
|
|
|
|
return $verified_request;
|
2023-05-05 22:39:33 +02:00
|
|
|
}
|
2023-04-21 23:25:39 +02:00
|
|
|
}
|
|
|
|
}
|
2023-05-09 11:57:43 +02:00
|
|
|
|
|
|
|
return $response;
|
2023-04-21 23:25:39 +02:00
|
|
|
}
|
|
|
|
}
|