wordpress-activitypub/includes/rest/class-inbox.php

587 lines
17 KiB
PHP
Raw Normal View History

2018-09-27 22:28:49 +02:00
<?php
namespace Activitypub\Rest;
2018-09-27 22:28:49 +02:00
/**
2019-02-24 13:01:28 +01:00
* ActivityPub Inbox REST-Class
2018-09-27 22:28:49 +02:00
*
* @author Matthias Pfefferle
2019-02-24 13:01:28 +01:00
*
* @see https://www.w3.org/TR/activitypub/#inbox
2018-09-27 22:28:49 +02:00
*/
class Inbox {
2019-02-24 13:01:28 +01:00
/**
* Initialize the class, registering WordPress hooks
*/
public static function init() {
2019-09-27 10:12:59 +02:00
\add_action( 'rest_api_init', array( '\Activitypub\Rest\Inbox', 'register_routes' ) );
\add_filter( 'rest_pre_serve_request', array( '\Activitypub\Rest\Inbox', 'serve_request' ), 11, 4 );
2019-09-27 10:12:59 +02:00
\add_action( 'activitypub_inbox_follow', array( '\Activitypub\Rest\Inbox', 'handle_follow' ), 10, 2 );
2020-12-14 05:40:44 +01:00
\add_action( 'activitypub_inbox_undo', array( '\Activitypub\Rest\Inbox', 'handle_unfollow' ), 10, 2 );
2019-09-27 10:12:59 +02:00
//\add_action( 'activitypub_inbox_like', array( '\Activitypub\Rest\Inbox', 'handle_reaction' ), 10, 2 );
//\add_action( 'activitypub_inbox_announce', array( '\Activitypub\Rest\Inbox', 'handle_reaction' ), 10, 2 );
\add_action( 'activitypub_inbox_create', array( '\Activitypub\Rest\Inbox', 'handle_create' ), 10, 2 );
2022-04-15 03:04:43 +02:00
\add_action( 'activitypub_inbox_update', array( '\Activitypub\Rest\Inbox', 'handle_update' ), 10, 2 );
\add_action( 'activitypub_inbox_delete', array( '\Activitypub\Rest\Inbox', 'handle_delete' ), 10, 2 );
}
2019-02-28 19:31:55 +01:00
2018-09-27 22:28:49 +02:00
/**
* Register routes
*/
public static function register_routes() {
2019-09-27 10:12:59 +02:00
\register_rest_route(
2022-01-27 13:09:11 +01:00
'activitypub/1.0',
'/inbox',
array(
2018-09-27 22:28:49 +02:00
array(
2020-09-18 16:36:09 +02:00
'methods' => \WP_REST_Server::EDITABLE,
'callback' => array( '\Activitypub\Rest\Inbox', 'shared_inbox_post' ),
2020-09-18 16:36:09 +02:00
'args' => self::shared_inbox_request_parameters(),
'permission_callback' => '__return_true',
2018-09-27 22:28:49 +02:00
),
)
);
2019-09-27 10:12:59 +02:00
\register_rest_route(
2022-01-27 13:09:11 +01:00
'activitypub/1.0',
'/users/(?P<user_id>\d+)/inbox',
array(
2018-09-27 22:28:49 +02:00
array(
2020-09-18 16:36:09 +02:00
'methods' => \WP_REST_Server::EDITABLE,
'callback' => array( '\Activitypub\Rest\Inbox', 'user_inbox_post' ),
2020-09-18 16:36:09 +02:00
'args' => self::user_inbox_request_parameters(),
'permission_callback' => '__return_true',
2018-09-27 22:28:49 +02:00
),
array(
'methods' => \WP_REST_Server::READABLE,
'callback' => array( '\Activitypub\Rest\Inbox', 'user_inbox_get' ),
'permission_callback' => '__return_true',
),
2018-09-27 22:28:49 +02:00
)
);
}
/**
* Hooks into the REST API request to verify the signature.
*
* @param bool $served Whether the request has already been served.
* @param WP_HTTP_ResponseInterface $result Result to send to the client. Usually a WP_REST_Response.
* @param WP_REST_Request $request Request used to generate the response.
* @param WP_REST_Server $server Server instance.
*
* @return true
*/
public static function serve_request( $served, $result, $request, $server ) {
2019-09-27 10:12:59 +02:00
if ( '/activitypub' !== \substr( $request->get_route(), 0, 12 ) ) {
return $served;
}
$signature = $request->get_header( 'signature' );
if ( ! $signature ) {
return $served;
}
$headers = $request->get_headers();
// verify signature
//\Activitypub\Signature::verify_signature( $headers, $key );
return $served;
}
/**
* Renders the user-inbox
*
* @param WP_REST_Request $request
* @return WP_REST_Response
*/
public static function user_inbox_get( $request ) {
$user_id = $request->get_param( 'user_id' );
$page = $request->get_param( 'page', 0 );
/*
* Action triggerd prior to the ActivityPub profile being created and sent to the client
*/
\do_action( 'activitypub_inbox_pre' );
$json = new \stdClass();
$json->{'@context'} = \Activitypub\get_context();
$json->id = \home_url( \add_query_arg( null, null ) );
$json->generator = 'http://wordpress.org/?v=' . \get_bloginfo_rss( 'version' );
$json->type = 'OrderedCollectionPage';
$json->partOf = \get_rest_url( null, "/activitypub/1.0/users/$user_id/inbox" ); // phpcs:ignore
$json->totalItems = 0; // phpcs:ignore
$json->orderedItems = array(); // phpcs:ignore
$json->first = $json->partOf; // phpcs:ignore
// filter output
$json = \apply_filters( 'activitypub_inbox_array', $json );
/*
* Action triggerd after the ActivityPub profile has been created and sent to the client
*/
\do_action( 'activitypub_inbox_post' );
$response = new \WP_REST_Response( $json, 200 );
$response->header( 'Content-Type', 'application/activity+json' );
return $response;
}
/**
* Handles user-inbox requests
*
* @param WP_REST_Request $request
2019-02-28 19:31:55 +01:00
*
* @return WP_REST_Response
*/
public static function user_inbox_post( $request ) {
$user_id = $request->get_param( 'user_id' );
2019-11-27 08:25:04 +01:00
$data = $request->get_params();
$type = $request->get_param( 'type' );
2021-11-17 21:11:34 +01:00
$type = \strtolower( $type );
2018-10-02 22:16:47 +02:00
\do_action( 'activitypub_inbox', $data, $user_id, $type );
\do_action( "activitypub_inbox_{$type}", $data, $user_id );
return new \WP_REST_Response( array(), 202 );
2018-09-27 22:28:49 +02:00
}
2018-09-30 22:51:22 +02:00
/**
* The shared inbox
*
* @param WP_REST_Request $request
2018-09-30 22:51:22 +02:00
*
* @return WP_REST_Response
2018-09-30 22:51:22 +02:00
*/
public static function shared_inbox_post( $request ) {
$data = $request->get_params();
2021-01-09 01:26:26 +01:00
$type = $request->get_param( 'type' );
$users = self::extract_recipients( $data );
if ( ! $users ) {
2022-01-27 13:09:11 +01:00
return new \WP_Error(
'rest_invalid_param',
\__( 'No recipients found', 'activitypub' ),
array(
'status' => 404,
'params' => array(
'to' => \__( 'Please check/validate "to" field', 'activitypub' ),
'bto' => \__( 'Please check/validate "bto" field', 'activitypub' ),
'cc' => \__( 'Please check/validate "cc" field', 'activitypub' ),
'bcc' => \__( 'Please check/validate "bcc" field', 'activitypub' ),
'audience' => \__( 'Please check/validate "audience" field', 'activitypub' ),
),
)
);
2021-01-09 01:26:26 +01:00
}
foreach ( $users as $user ) {
2021-11-17 21:11:34 +01:00
$type = \strtolower( $type );
2021-01-09 01:26:26 +01:00
\do_action( 'activitypub_inbox', $data, $user->ID, $type );
\do_action( "activitypub_inbox_{$type}", $data, $user->ID );
}
2019-11-18 20:57:00 +01:00
return new \WP_REST_Response( array(), 202 );
2018-09-27 22:28:49 +02:00
}
2018-09-30 22:51:22 +02:00
/**
* The supported parameters
*
* @return array list of parameters
*/
public static function user_inbox_request_parameters() {
2018-09-27 22:28:49 +02:00
$params = array();
$params['page'] = array(
'type' => 'integer',
);
$params['user_id'] = array(
2018-09-27 22:28:49 +02:00
'required' => true,
'type' => 'integer',
);
$params['id'] = array(
'required' => true,
'sanitize_callback' => 'esc_url_raw',
);
$params['actor'] = array(
'required' => true,
'sanitize_callback' => function( $param, $request, $key ) {
2020-02-22 13:02:58 +01:00
if ( ! \is_string( $param ) ) {
$param = $param['id'];
}
return \esc_url_raw( $param );
},
);
$params['type'] = array(
'required' => true,
2020-05-04 00:06:48 +02:00
//'type' => 'enum',
//'enum' => array( 'Create' ),
2021-11-17 21:11:34 +01:00
//'sanitize_callback' => function( $param, $request, $key ) {
// return \strtolower( $param );
//},
);
$params['object'] = array(
'required' => true,
);
return $params;
}
/**
* The supported parameters
*
* @return array list of parameters
*/
public static function shared_inbox_request_parameters() {
$params = array();
$params['page'] = array(
'type' => 'integer',
);
$params['id'] = array(
'required' => true,
'type' => 'string',
'sanitize_callback' => 'esc_url_raw',
);
$params['actor'] = array(
'required' => true,
//'type' => array( 'object', 'string' ),
'sanitize_callback' => function( $param, $request, $key ) {
if ( ! \is_string( $param ) ) {
$param = $param['id'];
}
return \esc_url_raw( $param );
},
);
$params['type'] = array(
'required' => true,
//'type' => 'enum',
//'enum' => array( 'Create' ),
2021-11-17 21:11:34 +01:00
//'sanitize_callback' => function( $param, $request, $key ) {
// return \strtolower( $param );
//},
);
$params['object'] = array(
'required' => true,
2020-05-04 00:06:48 +02:00
//'type' => 'object',
);
$params['to'] = array(
2021-01-09 01:26:26 +01:00
'required' => false,
'sanitize_callback' => function( $param, $request, $key ) {
if ( \is_string( $param ) ) {
$param = array( $param );
}
return $param;
},
);
$params['cc'] = array(
'sanitize_callback' => function( $param, $request, $key ) {
if ( \is_string( $param ) ) {
$param = array( $param );
}
return $param;
},
);
$params['bcc'] = array(
'sanitize_callback' => function( $param, $request, $key ) {
if ( \is_string( $param ) ) {
$param = array( $param );
}
return $param;
},
);
2018-09-27 22:28:49 +02:00
return $params;
}
/**
* Handles "Follow" requests
*
* @param array $object The activity-object
* @param int $user_id The id of the local blog-user
*/
public static function handle_follow( $object, $user_id ) {
// save follower
2019-11-18 20:57:00 +01:00
\Activitypub\Peer\Followers::add_follower( $object['actor'], $user_id );
// get inbox
$inbox = \Activitypub\get_inbox_by_actor( $object['actor'] );
// send "Accept" activity
2019-11-18 20:57:00 +01:00
$activity = new \Activitypub\Model\Activity( 'Accept', \Activitypub\Model\Activity::TYPE_SIMPLE );
$activity->set_object( $object );
2019-09-27 10:12:59 +02:00
$activity->set_actor( \get_author_posts_url( $user_id ) );
$activity->set_to( $object['actor'] );
$activity->set_id( \get_author_posts_url( $user_id ) . '#follow-' . \preg_replace( '~^https?://~', '', $object['actor'] ) );
$activity = $activity->to_simple_json();
$response = \Activitypub\safe_remote_post( $inbox, $activity, $user_id );
}
/**
* Handles "Unfollow" requests
*
* @param array $object The activity-object
* @param int $user_id The id of the local blog-user
*/
public static function handle_unfollow( $object, $user_id ) {
if ( isset( $object['object'] ) && isset( $object['object']['type'] ) && 'Follow' === $object['object']['type'] ) {
\Activitypub\Peer\Followers::remove_follower( $object['actor'], $user_id );
}
}
/**
2019-09-08 04:32:58 +02:00
* Handles "Reaction" requests
*
* @param array $object The activity-object
* @param int $user_id The id of the local blog-user
*/
public static function handle_reaction( $object, $user_id ) {
$meta = \Activitypub\get_remote_metadata_by_actor( $object['actor'] );
$comment_post_id = \url_to_postid( $object['object'] );
// save only replys and reactions
if ( ! $comment_post_id ) {
return false;
}
$commentdata = array(
'comment_post_ID' => $comment_post_id,
2019-09-27 10:12:59 +02:00
'comment_author' => \esc_attr( $meta['name'] ),
'comment_author_email' => '',
2019-09-27 10:12:59 +02:00
'comment_author_url' => \esc_url_raw( $object['actor'] ),
'comment_content' => \esc_url_raw( $object['actor'] ),
'comment_type' => \esc_attr( \strtolower( $object['type'] ) ),
'comment_parent' => 0,
'comment_meta' => array(
2019-09-27 10:12:59 +02:00
'source_url' => \esc_url_raw( $object['id'] ),
'avatar_url' => \esc_url_raw( $meta['icon']['url'] ),
'protocol' => 'activitypub',
),
);
2020-12-28 23:33:26 +01:00
// disable flood control
\remove_action( 'check_comment_flood', 'check_comment_flood_db', 10 );
2020-10-09 13:19:17 +02:00
// do not require email for AP entries
\add_filter( 'pre_option_require_name_email', '__return_false' );
2019-09-27 10:12:59 +02:00
$state = \wp_new_comment( $commentdata, true );
2020-10-09 13:19:17 +02:00
\remove_filter( 'pre_option_require_name_email', '__return_false' );
2020-12-28 23:33:26 +01:00
// re-add flood control
\add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 );
}
/**
2019-09-08 04:32:58 +02:00
* Handles "Create" requests
*
* @param array $object The activity-object
* @param int $user_id The id of the local blog-user
*/
public static function handle_create( $object, $user_id ) {
$meta = \Activitypub\get_remote_metadata_by_actor( $object['actor'] );
2021-02-18 07:12:32 +01:00
$avatar_url = null;
$audience = \Activitypub\get_audience( $object );
2022-04-15 03:04:43 +02:00
//Determine comment_post_ID and/or comment_parent
$comment_post_ID = $comment_parent = $comment_parent_ID = 0;
2021-02-18 07:12:32 +01:00
if ( isset( $object['object']['inReplyTo'] ) ) {
2022-04-15 09:17:00 +02:00
2022-04-15 03:04:43 +02:00
$comment_parent_ID = \Activitypub\url_to_commentid( \esc_url_raw( $object['object']['inReplyTo'] ) );
2022-04-15 09:17:00 +02:00
if ( ! is_null( $comment_parent_ID ) ) {
2022-04-15 03:04:43 +02:00
//inReplyTo a known local comment
$comment_parent = \get_comment( $comment_parent_ID );
$comment_post_ID = $comment_parent->comment_post_ID;
} else {
//inReplyTo a known post
$comment_post_ID = \url_to_postid( $object['object']['inReplyTo'] );
2021-02-18 07:12:32 +01:00
}
2022-04-15 09:17:00 +02:00
}
2021-02-18 07:12:32 +01:00
// if no name is set use peer username
2022-04-15 09:17:00 +02:00
if ( ! empty( $meta['name'] ) ) {
2021-02-18 07:12:32 +01:00
$name = \esc_attr( $meta['name'] );
} else {
$name = \esc_attr( $meta['preferredUsername'] );
}
2022-04-15 09:17:00 +02:00
// if avatar is set
if ( ! empty( $meta['icon']['url'] ) ) {
2021-02-18 07:12:32 +01:00
$avatar_url = \esc_attr( $meta['icon']['url'] );
}
2021-02-18 07:12:32 +01:00
//Only create WP_Comment for public replies to local posts
if ( ( 'public' === $audience )
|| ( 'unlisted' === $audience )
2022-04-15 09:17:00 +02:00
&& ( ! empty( $comment_post_ID )
|| ! empty( $comment_parent_ID )
2021-02-18 07:12:32 +01:00
) ) {
$commentdata = array(
'comment_post_ID' => $comment_post_ID,
'comment_author' => $name,
'comment_author_url' => \esc_url_raw( $object['actor'] ),
'comment_content' => \wp_filter_kses( $object['object']['content'] ),
'comment_type' => 'activitypub',
'comment_author_email' => '',
2022-04-15 03:04:43 +02:00
'comment_parent' => $comment_parent_ID,
2021-02-18 07:12:32 +01:00
'comment_meta' => array(
'ap_object' => \serialize( $object ),
'source_url' => \esc_url_raw( $object['object']['id'] ),
2022-04-15 09:17:00 +02:00
'avatar_url' => $avatar_url,
2021-02-18 07:12:32 +01:00
'protocol' => 'activitypub',
),
);
2021-02-18 07:12:32 +01:00
// disable flood control
2022-04-15 03:04:43 +02:00
//\remove_action( 'check_comment_flood', 'check_comment_flood_db', 10 );
2020-12-28 23:33:26 +01:00
2021-02-18 07:12:32 +01:00
// do not require email for AP entries
\add_filter( 'pre_option_require_name_email', '__return_false' );
2021-02-18 07:12:32 +01:00
$state = \wp_new_comment( $commentdata, true );
2020-10-09 13:19:17 +02:00
2021-02-18 07:12:32 +01:00
\remove_filter( 'pre_option_require_name_email', '__return_false' );
2020-12-28 23:33:26 +01:00
2021-02-18 07:12:32 +01:00
// re-add flood control
2022-04-15 03:04:43 +02:00
//\add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 );
2021-02-18 07:12:32 +01:00
2022-04-15 09:17:00 +02:00
}
}
2021-01-09 01:26:26 +01:00
2022-04-15 03:04:43 +02:00
/**
* Handles "Update" requests
*
* @param array $object The activity-object
* @param int $user_id The id of the local blog-user
*/
public static function handle_update( $object, $user_id ) {
$meta = \Activitypub\get_remote_metadata_by_actor( $object['actor'] );
$avatar_url = null;
$audience = \Activitypub\get_audience( $object );
//Determine comment_ID
$object_comment_ID = \Activitypub\url_to_commentid( \esc_url_raw( $object['object']['id'] ) );
2022-04-15 09:17:00 +02:00
if ( ! is_null( $object_comment_ID ) ) {
2022-04-15 03:04:43 +02:00
//found a local comment id
$commentdata = \get_comment( $object_comment_ID, ARRAY_A );
//$commentdata['comment_ID'] = \esc_url_raw( $object_comment_ID );
$commentdata['comment_content'] = \wp_filter_kses( $object['object']['content'] );
$commentdata['comment_meta']['ap_published'] = \wp_date( 'Y-m-d H:i:s', strtotime( $object['object']['published'] ) );
$commentdata['comment_meta']['ap_last_modified'] = $object['object']['updated'];
$commentdata['comment_meta']['ap_object'] = \serialize( $object );
//apply_filters( 'wp_update_comment_data', $data, $comment, $commentarr );
2022-04-15 09:17:00 +02:00
// disable flood control
2022-04-15 03:04:43 +02:00
\remove_action( 'check_comment_flood', 'check_comment_flood_db', 10 );
// do not require email for AP entries
\add_filter( 'pre_option_require_name_email', '__return_false' );
$state = \wp_update_comment( $commentdata, true );
\remove_filter( 'pre_option_require_name_email', '__return_false' );
// re-add flood control
2022-04-15 09:17:00 +02:00
\add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 );
}
2022-04-15 03:04:43 +02:00
}
/**
* Handles "Delete" requests
*
* @param array $object The activity-object
* @param int $user_id The id of the local blog-user
*/
public static function handle_delete( $object, $user_id ) {
$meta = \Activitypub\get_remote_metadata_by_actor( $object['actor'] );
$avatar_url = null;
$audience = \Activitypub\get_audience( $object );
if ( ! isset( $object['object']['id'] ) ) {
return;
}
//Determine comment_ID
$object_comment_ID = \Activitypub\url_to_commentid( \esc_url_raw( $object['object']['id'] ) );
2022-04-15 09:17:00 +02:00
if ( ! is_null( $object_comment_ID ) ) {
2022-04-15 03:04:43 +02:00
//found a local comment id
$commentdata = \get_comment( $object_comment_ID, ARRAY_A );
2022-04-15 09:17:00 +02:00
// disable flood control
2022-04-15 03:04:43 +02:00
\remove_action( 'check_comment_flood', 'check_comment_flood_db', 10 );
// do not require email for AP entries
\add_filter( 'pre_option_require_name_email', '__return_false' );
// Should we trash or send back to moderation
$state = \wp_trash_comment( $commentdata['comment_ID'], true );
//\remove_filter( 'pre_option_require_name_email', '__return_false' );
// re-add flood control
2022-04-15 09:17:00 +02:00
\add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 );
}
2022-04-15 03:04:43 +02:00
}
2021-01-09 01:26:26 +01:00
public static function extract_recipients( $data ) {
$recipients = array();
$users = array();
foreach ( array( 'to', 'bto', 'cc', 'bcc', 'audience' ) as $i ) {
if ( array_key_exists( $i, $data ) ) {
$recipients = array_merge( $recipients, $data[ $i ] );
}
if ( array_key_exists( $i, $data['object'] ) ) {
$recipients = array_merge( $recipients, $data[ $i ] );
}
}
$recipients = array_unique( $recipients );
foreach ( $recipients as $recipient ) {
$user_id = \Activitypub\url_to_authorid( $recipient );
$user = get_user_by( 'id', $user_id );
if ( $user ) {
$users[] = $user;
}
}
return $users;
}
2018-09-27 22:28:49 +02:00
}