https://example.com/yourusername or yourusername@example.com)","activitypub"),{code:(0,o.createElement)("code",null)})),(0,o.createElement)("div",{className:"apfmd__button-group"},(0,o.createElement)("input",{type:"text",value:g,onKeyDown:e=>{"Enter"===e?.code&&x()},onChange:e=>k(e.target.value)}),(0,o.createElement)(u.Button,{onClick:x},m))))}function z(e){let{selectedUser:t,style:n,backgroundColor:r,id:l,useId:a=!1}=e;const[c,i]=(0,o.useState)(C()),s="site"===t?0:t,u=function(e){return g(".apfmd__button-group .components-button",_(e?.elements?.link?.color?.text)||"#111","#fff",_(e?.elements?.link?.[":hover"]?.color?.text)||"#333")}(n),p=a?{id:l}:{};function m(e){i(C(e))}return(0,o.useEffect)((()=>{(function(e){const t={headers:{Accept:"application/activity+json"},path:`/${O}/users/${e}`};return d()(t)})(s).then(m)}),[s]),(0,o.createElement)("div",p,(0,o.createElement)(k,{selector:`#${l}`,style:n,backgroundColor:r}),(0,o.createElement)(S,{profile:c,userId:s,popupStyles:u}))}(0,r.registerBlockType)("activitypub/follow-me",{edit:function(e){let{attributes:t,setAttributes:n}=e;const r=(0,i.useBlockProps)(),l=function(){const e=m?.users?(0,p.useSelect)((e=>e("core").getUsers({who:"authors"}))):[];return(0,o.useMemo)((()=>{if(!e)return[];const t=m?.site?[{label:(0,s.__)("Whole Site","activitypub"),value:"site"}]:[];return e.reduce(((e,t)=>(e.push({label:t.name,value:`${t.id}`}),e)),t)}),[e])}(),{selectedUser:a}=t;return(0,o.useEffect)((()=>{l.length&&(l.find((e=>{let{value:t}=e;return t===a}))||n({selectedUser:l[0].value}))}),[a,l]),(0,o.createElement)("div",r,(0,o.createElement)(i.InspectorControls,{key:"setting"},(0,o.createElement)(u.PanelBody,{title:(0,s.__)("Followers Options","activitypub")},(0,o.createElement)(u.SelectControl,{label:(0,s.__)("Select User","activitypub"),value:t.selectedUser,options:l,onChange:e=>n({selectedUser:e})}))),(0,o.createElement)(z,c({},t,{id:r.id})))},save:()=>null,icon:a})}},n={};function r(e){var o=n[e];if(void 0!==o)return o.exports;var l=n[e]={exports:{}};return t[e](l,l.exports,r),l.exports}r.m=t,e=[],r.O=(t,n,o,l)=>{if(!n){var a=1/0;for(u=0;uhttps://example.com/yourusername or yourusername@example.com)","activitypub"),{code:(0,o.createElement)("code",null)})),(0,o.createElement)("div",{className:"apfmd__button-group"},(0,o.createElement)("input",{type:"text",value:k,onKeyDown:e=>{"Enter"===e?.code&&x()},onChange:e=>O(e.target.value)}),(0,o.createElement)(u.Button,{onClick:x},b))))}function S(e){let{selectedUser:t,style:r,backgroundColor:n,id:l,useId:a=!1}=e;const[c,u]=(0,o.useState)(k()),s="site"===t?0:t,p=function(e){return _(".apfmd__button-group .components-button",b(e?.elements?.link?.color?.text)||"#111","#fff",b(e?.elements?.link?.[":hover"]?.color?.text)||"#333")}(r),m=a?{id:l}:{};function d(e){u(k(e))}return(0,o.useEffect)((()=>{(function(e){const t={headers:{Accept:"application/activity+json"},path:`/${E}/users/${e}`};return i()(t)})(s).then(d)}),[s]),(0,o.createElement)("div",m,(0,o.createElement)(h,{selector:`#${l}`,style:r,backgroundColor:n}),(0,o.createElement)(O,{profile:c,userId:s,popupStyles:p}))}let $=1;a()((()=>{[].forEach.call(document.querySelectorAll(".activitypub-follow-me-block-wrapper"),(e=>{const t=JSON.parse(e.dataset.attrs);(0,o.render)((0,o.createElement)(S,n({},t,{id:"activitypub-follow-me-block-"+$++,useId:!0})),e)}))}))}},r={};function n(e){var o=r[e];if(void 0!==o)return o.exports;var l=r[e]={exports:{}};return t[e](l,l.exports,n),l.exports}n.m=t,e=[],n.O=(t,r,o,l)=>{if(!r){var a=1/0;for(s=0;s';
+ $html = '
';
if ( $title ) {
$html .= ']+>.*?#i',
- $protect,
- $the_content
- );
- $the_content = preg_replace_callback(
- '#]+>#i',
- $protect,
- $the_content
- );
+ if ( preg_match( '#^<(/)?([a-z-]+)\b[^>]*>$#i', $chunk, $m ) ) {
+ $tag = strtolower( $m[2] );
+ if ( '/' === $m[1] ) {
+ // Closing tag.
+ $i = array_search( $tag, $tag_stack );
+ // We can only remove the tag from the stack if it is in the stack.
+ if ( false !== $i ) {
+ $tag_stack = array_slice( $tag_stack, 0, $i );
+ }
+ } else {
+ // Opening tag, add it to the stack.
+ $tag_stack[] = $tag;
+ }
- $the_content = \preg_replace_callback( '/@' . ACTIVITYPUB_USERNAME_REGEXP . '/', array( self::class, 'replace_with_links' ), $the_content );
- $the_content = \str_replace( array_reverse( array_keys( $protected_tags ) ), array_reverse( array_values( $protected_tags ) ), $the_content );
+ // If we're in a protected tag, the tag_stack contains at least one protected tag string.
+ // The protected tag state can only change when we encounter a start or end tag.
+ $in_protected_tag = array_intersect( $tag_stack, $protected_tags );
- return $the_content;
+ // Never inspect tags.
+ $content_with_links .= $chunk;
+ continue;
+ }
+
+ if ( $in_protected_tag ) {
+ // Don't inspect a chunk inside an inspected tag.
+ $content_with_links .= $chunk;
+ continue;
+ }
+
+ // Only reachable when there is no protected tag in the stack.
+ $content_with_links .= \preg_replace_callback( '/@' . ACTIVITYPUB_USERNAME_REGEXP . '/', array( self::class, 'replace_with_links' ), $chunk );
+ }
+
+ return $content_with_links;
}
/**
@@ -74,7 +87,7 @@ class Mention {
public static function replace_with_links( $result ) {
$metadata = get_remote_metadata_by_actor( $result[0] );
- if ( ! is_wp_error( $metadata ) && ! empty( $metadata['url'] ) ) {
+ if ( ! empty( $metadata ) && ! is_wp_error( $metadata ) && ! empty( $metadata['url'] ) ) {
$username = ltrim( $result[0], '@' );
if ( ! empty( $metadata['name'] ) ) {
$username = $metadata['name'];
diff --git a/includes/class-scheduler.php b/includes/class-scheduler.php
index b3eca5d..63f9273 100644
--- a/includes/class-scheduler.php
+++ b/includes/class-scheduler.php
@@ -105,10 +105,16 @@ class Scheduler {
* @return void
*/
public static function update_followers() {
- $followers = Followers::get_outdated_followers();
+ $number = 5;
+
+ if ( defined( 'DISABLE_WP_CRON' ) && DISABLE_WP_CRON ) {
+ $number = 50;
+ }
+
+ $followers = Followers::get_outdated_followers( $number );
foreach ( $followers as $follower ) {
- $meta = get_remote_metadata_by_actor( $follower->get_url(), true );
+ $meta = get_remote_metadata_by_actor( $follower->get_url(), false );
if ( empty( $meta ) || ! is_array( $meta ) || is_wp_error( $meta ) ) {
Followers::add_error( $follower->get__id(), $meta );
@@ -125,10 +131,16 @@ class Scheduler {
* @return void
*/
public static function cleanup_followers() {
- $followers = Followers::get_faulty_followers();
+ $number = 5;
+
+ if ( defined( 'DISABLE_WP_CRON' ) && DISABLE_WP_CRON ) {
+ $number = 50;
+ }
+
+ $followers = Followers::get_faulty_followers( $number );
foreach ( $followers as $follower ) {
- $meta = get_remote_metadata_by_actor( $follower->get_url(), true );
+ $meta = get_remote_metadata_by_actor( $follower->get_url(), false );
if ( is_tombstone( $meta ) ) {
$follower->delete();
diff --git a/includes/class-shortcodes.php b/includes/class-shortcodes.php
index d1c71f5..43be17b 100644
--- a/includes/class-shortcodes.php
+++ b/includes/class-shortcodes.php
@@ -46,7 +46,7 @@ class Shortcodes {
foreach ( $tags as $tag ) {
$hash_tags[] = \sprintf(
- '%s',
+ '%s',
\esc_url( \get_tag_link( $tag ) ),
esc_hashtag( $tag->name )
);
@@ -114,7 +114,7 @@ class Shortcodes {
/** This filter is documented in wp-includes/post-template.php */
$excerpt = \apply_filters( 'the_content', $excerpt );
- $excerpt = \str_replace( ']]>', ']]>', $excerpt );
+ $excerpt = \str_replace( ']]>', ']]>', $excerpt );
}
}
@@ -359,7 +359,7 @@ class Shortcodes {
foreach ( $categories as $category ) {
$hash_tags[] = \sprintf(
- '%s',
+ '%s',
\esc_url( \get_category_link( $category ) ),
esc_hashtag( $category->name )
);
diff --git a/includes/class-signature.php b/includes/class-signature.php
index 5ae37a9..1789dd6 100644
--- a/includes/class-signature.php
+++ b/includes/class-signature.php
@@ -4,7 +4,6 @@ namespace Activitypub;
use WP_Error;
use DateTime;
use DateTimeZone;
-use Activitypub\Model\User;
use Activitypub\Collection\Users;
/**
@@ -23,22 +22,14 @@ class Signature {
*
* @return mixed The public key.
*/
- public static function get_public_key( $user_id, $force = false ) {
+ public static function get_public_key_for( $user_id, $force = false ) {
if ( $force ) {
- self::generate_key_pair( $user_id );
+ self::generate_key_pair_for( $user_id );
}
- if ( User::APPLICATION_USER_ID === $user_id ) {
- $key = \get_option( 'activitypub_magic_sig_public_key' );
- } else {
- $key = \get_user_meta( $user_id, 'magic_sig_public_key', true );
- }
+ $key_pair = self::get_keypair_for( $user_id );
- if ( ! $key ) {
- return self::get_public_key( $user_id, true );
- }
-
- return $key;
+ return $key_pair['public_key'];
}
/**
@@ -49,22 +40,32 @@ class Signature {
*
* @return mixed The private key.
*/
- public static function get_private_key( $user_id, $force = false ) {
+ public static function get_private_key_for( $user_id, $force = false ) {
if ( $force ) {
- self::generate_key_pair( $user_id );
+ self::generate_key_pair_for( $user_id );
}
- if ( User::APPLICATION_USER_ID === $user_id ) {
- $key = \get_option( 'activitypub_magic_sig_private_key' );
- } else {
- $key = \get_user_meta( $user_id, 'magic_sig_private_key', true );
+ $key_pair = self::get_keypair_for( $user_id );
+
+ return $key_pair['private_key'];
+ }
+
+ /**
+ * Return the key pair for a given user.
+ *
+ * @param int $user_id The WordPress User ID.
+ *
+ * @return array The key pair.
+ */
+ public static function get_keypair_for( $user_id ) {
+ $option_key = self::get_signature_options_key_for( $user_id );
+ $key_pair = \get_option( $option_key );
+
+ if ( ! $key_pair ) {
+ $key_pair = self::generate_key_pair_for( $user_id );
}
- if ( ! $key ) {
- return self::get_private_key( $user_id, true );
- }
-
- return $key;
+ return $key_pair;
}
/**
@@ -72,9 +73,18 @@ class Signature {
*
* @param int $user_id The WordPress User ID.
*
- * @return void
+ * @return array The key pair.
*/
- public static function generate_key_pair() {
+ protected static function generate_key_pair_for( $user_id ) {
+ $option_key = self::get_signature_options_key_for( $user_id );
+ $key_pair = self::check_legacy_key_pair_for( $user_id );
+
+ if ( $key_pair ) {
+ \add_option( $option_key, $key_pair );
+
+ return $key_pair;
+ }
+
$config = array(
'digest_alg' => 'sha512',
'private_key_bits' => 2048,
@@ -88,10 +98,78 @@ class Signature {
$detail = \openssl_pkey_get_details( $key );
- return array(
+ // check if keys are valid
+ if (
+ empty( $priv_key ) || ! is_string( $priv_key ) ||
+ ! isset( $detail['key'] ) || ! is_string( $detail['key'] )
+ ) {
+ return array(
+ 'private_key' => null,
+ 'public_key' => null,
+ );
+ }
+
+ $key_pair = array(
'private_key' => $priv_key,
'public_key' => $detail['key'],
);
+
+ // persist keys
+ \add_option( $option_key, $key_pair );
+
+ return $key_pair;
+ }
+
+ /**
+ * Return the option key for a given user.
+ *
+ * @param int $user_id The WordPress User ID.
+ *
+ * @return string The option key.
+ */
+ protected static function get_signature_options_key_for( $user_id ) {
+ $id = $user_id;
+
+ if ( $user_id > 0 ) {
+ $user = \get_userdata( $user_id );
+ // sanatize username because it could include spaces and special chars
+ $id = sanitize_title( $user->user_login );
+ }
+
+ return 'activitypub_keypair_for_' . $id;
+ }
+
+ /**
+ * Check if there is a legacy key pair
+ *
+ * @param int $user_id The WordPress User ID.
+ *
+ * @return array|bool The key pair or false.
+ */
+ protected static function check_legacy_key_pair_for( $user_id ) {
+ switch ( $user_id ) {
+ case 0:
+ $public_key = \get_option( 'activitypub_blog_user_public_key' );
+ $private_key = \get_option( 'activitypub_blog_user_private_key' );
+ break;
+ case -1:
+ $public_key = \get_option( 'activitypub_application_user_public_key' );
+ $private_key = \get_option( 'activitypub_application_user_private_key' );
+ break;
+ default:
+ $public_key = \get_user_meta( $user_id, 'magic_sig_public_key', true );
+ $private_key = \get_user_meta( $user_id, 'magic_sig_private_key', true );
+ break;
+ }
+
+ if ( ! empty( $public_key ) && is_string( $public_key ) && ! empty( $private_key ) && is_string( $private_key ) ) {
+ return array(
+ 'private_key' => $private_key,
+ 'public_key' => $public_key,
+ );
+ }
+
+ return false;
}
/**
@@ -107,7 +185,7 @@ class Signature {
*/
public static function generate_signature( $user_id, $http_method, $url, $date, $digest = null ) {
$user = Users::get_by_id( $user_id );
- $key = $user->get__private_key();
+ $key = self::get_private_key_for( $user->get__id() );
$url_parts = \wp_parse_url( $url );
@@ -136,7 +214,6 @@ class Signature {
\openssl_sign( $signed_string, $signature, $key, \OPENSSL_ALGO_SHA256 );
$signature = \base64_encode( $signature ); // phpcs:ignore
- $user = Users::get_by_id( $user_id );
$key_id = $user->get_url() . '#main-key';
if ( ! empty( $digest ) ) {
@@ -161,28 +238,38 @@ class Signature {
} else {
$route = '/' . rest_get_url_prefix() . '/' . ltrim( $request->get_route(), '/' );
}
+
+ // fix route for subdirectory installs
+ $path = \wp_parse_url( \get_home_url(), PHP_URL_PATH );
+
+ if ( \is_string( $path ) ) {
+ $path = trim( $path, '/' );
+ }
+
+ if ( $path ) {
+ $route = '/' . $path . $route;
+ }
+
$headers = $request->get_headers();
- $actor = isset( json_decode( $request->get_body() )->actor ) ? json_decode( $request->get_body() )->actor : '';
$headers['(request-target)'][0] = strtolower( $request->get_method() ) . ' ' . $route;
} else {
$request = self::format_server_request( $request );
$headers = $request['headers']; // $_SERVER array
- $actor = null;
$headers['(request-target)'][0] = strtolower( $headers['request_method'][0] ) . ' ' . $headers['request_uri'][0];
}
if ( ! isset( $headers['signature'] ) ) {
- return new WP_Error( 'activitypub_signature', 'Request not signed', array( 'status' => 403 ) );
+ return new WP_Error( 'activitypub_signature', __( 'Request not signed', 'activitypub' ), array( 'status' => 403 ) );
}
if ( array_key_exists( 'signature', $headers ) ) {
- $signature_block = self::parse_signature_header( $headers['signature'] );
+ $signature_block = self::parse_signature_header( $headers['signature'][0] );
} elseif ( array_key_exists( 'authorization', $headers ) ) {
- $signature_block = self::parse_signature_header( $headers['authorization'] );
+ $signature_block = self::parse_signature_header( $headers['authorization'][0] );
}
if ( ! isset( $signature_block ) || ! $signature_block ) {
- return new WP_Error( 'activitypub_signature', 'Incompatible request signature. keyId and signature are required', array( 'status' => 403 ) );
+ return new WP_Error( 'activitypub_signature', __( 'Incompatible request signature. keyId and signature are required', 'activitypub' ), array( 'status' => 403 ) );
}
$signed_headers = $signature_block['headers'];
@@ -192,12 +279,12 @@ class Signature {
$signed_data = self::get_signed_data( $signed_headers, $signature_block, $headers );
if ( ! $signed_data ) {
- return new WP_Error( 'activitypub_signature', 'Signed request date outside acceptable time window', array( 'status' => 403 ) );
+ return new WP_Error( 'activitypub_signature', __( 'Signed request date outside acceptable time window', 'activitypub' ), array( 'status' => 403 ) );
}
$algorithm = self::get_signature_algorithm( $signature_block );
if ( ! $algorithm ) {
- return new WP_Error( 'activitypub_signature', 'Unsupported signature algorithm (only rsa-sha256 and hs2019 are supported)', array( 'status' => 403 ) );
+ return new WP_Error( 'activitypub_signature', __( 'Unsupported signature algorithm (only rsa-sha256 and hs2019 are supported)', 'activitypub' ), array( 'status' => 403 ) );
}
if ( \in_array( 'digest', $signed_headers, true ) && isset( $body ) ) {
@@ -213,15 +300,12 @@ class Signature {
}
if ( \base64_encode( \hash( $hashalg, $body, true ) ) !== $digest[1] ) { // phpcs:ignore
- return new WP_Error( 'activitypub_signature', 'Invalid Digest header', array( 'status' => 403 ) );
+ return new WP_Error( 'activitypub_signature', __( 'Invalid Digest header', 'activitypub' ), array( 'status' => 403 ) );
}
}
- if ( $actor ) {
- $public_key = self::get_remote_key( $actor );
- } else {
- $public_key = self::get_remote_key( $signature_block['keyId'] );
- }
+ $public_key = self::get_remote_key( $signature_block['keyId'] );
+
if ( \is_wp_error( $public_key ) ) {
return $public_key;
}
@@ -229,7 +313,7 @@ class Signature {
$verified = \openssl_verify( $signed_data, $signature_block['signature'], $public_key, $algorithm ) > 0;
if ( ! $verified ) {
- return new WP_Error( 'activitypub_signature', 'Invalid signature', array( 'status' => 403 ) );
+ return new WP_Error( 'activitypub_signature', __( 'Invalid signature', 'activitypub' ), array( 'status' => 403 ) );
}
return $verified;
}
@@ -239,17 +323,17 @@ class Signature {
*
* @param string $key_id The URL to the public key.
*
- * @return string The public key.
+ * @return WP_Error|string The public key.
*/
public static function get_remote_key( $key_id ) { // phpcs:ignore
- $actor = get_remote_metadata_by_actor( strtok( strip_fragment_from_url( $key_id ), '?' ) ); // phpcs:ignore
+ $actor = get_remote_metadata_by_actor( strip_fragment_from_url( $key_id ) ); // phpcs:ignore
if ( \is_wp_error( $actor ) ) {
return $actor;
}
if ( isset( $actor['publicKey']['publicKeyPem'] ) ) {
return \rtrim( $actor['publicKey']['publicKeyPem'] ); // phpcs:ignore
}
- return null;
+ return new WP_Error( 'activitypub_no_remote_key_found', __( 'No Public-Key found', 'activitypub' ), array( 'status' => 403 ) );
}
/**
@@ -274,32 +358,31 @@ class Signature {
/**
* Parses the Signature header
*
- * @param array $header The signature header.
+ * @param string $signature The signature header.
*
* @return array signature parts
*/
- public static function parse_signature_header( $header ) {
- $parsed_header = array();
- $matches = array();
- $h_string = \implode( ',', (array) $header[0] );
+ public static function parse_signature_header( $signature ) {
+ $parsed_header = array();
+ $matches = array();
- if ( \preg_match( '/keyId="(.*?)"/ism', $h_string, $matches ) ) {
- $parsed_header['keyId'] = $matches[1];
+ if ( \preg_match( '/keyId="(.*?)"/ism', $signature, $matches ) ) {
+ $parsed_header['keyId'] = trim( $matches[1] );
}
- if ( \preg_match( '/created=([0-9]*)/ism', $h_string, $matches ) ) {
- $parsed_header['(created)'] = $matches[1];
+ if ( \preg_match( '/created=([0-9]*)/ism', $signature, $matches ) ) {
+ $parsed_header['(created)'] = trim( $matches[1] );
}
- if ( \preg_match( '/expires=([0-9]*)/ism', $h_string, $matches ) ) {
- $parsed_header['(expires)'] = $matches[1];
+ if ( \preg_match( '/expires=([0-9]*)/ism', $signature, $matches ) ) {
+ $parsed_header['(expires)'] = trim( $matches[1] );
}
- if ( \preg_match( '/algorithm="(.*?)"/ism', $h_string, $matches ) ) {
- $parsed_header['algorithm'] = $matches[1];
+ if ( \preg_match( '/algorithm="(.*?)"/ism', $signature, $matches ) ) {
+ $parsed_header['algorithm'] = trim( $matches[1] );
}
- if ( \preg_match( '/headers="(.*?)"/ism', $h_string, $matches ) ) {
- $parsed_header['headers'] = \explode( ' ', $matches[1] );
+ if ( \preg_match( '/headers="(.*?)"/ism', $signature, $matches ) ) {
+ $parsed_header['headers'] = \explode( ' ', trim( $matches[1] ) );
}
- if ( \preg_match( '/signature="(.*?)"/ism', $h_string, $matches ) ) {
- $parsed_header['signature'] = \base64_decode( preg_replace( '/\s+/', '', $matches[1] ) ); // phpcs:ignore
+ if ( \preg_match( '/signature="(.*?)"/ism', $signature, $matches ) ) {
+ $parsed_header['signature'] = \base64_decode( preg_replace( '/\s+/', '', trim( $matches[1] ) ) ); // phpcs:ignore
}
if ( ( $parsed_header['signature'] ) && ( $parsed_header['algorithm'] ) && ( ! $parsed_header['headers'] ) ) {
@@ -312,7 +395,7 @@ class Signature {
/**
* Gets the header data from the included pseudo headers
*
- * @param array $signed_headers
+ * @param array $signed_headers The signed headers.
* @param array $signature_block (pseudo-headers)
* @param array $headers (http headers)
*
diff --git a/includes/class-webfinger.php b/includes/class-webfinger.php
index c077f12..b6b0a64 100644
--- a/includes/class-webfinger.php
+++ b/includes/class-webfinger.php
@@ -26,7 +26,7 @@ class Webfinger {
}
$user = Users::get_by_id( $user_id );
- if ( ! $user ) {
+ if ( ! $user || is_wp_error( $user ) ) {
return '';
}
@@ -63,7 +63,7 @@ class Webfinger {
$url,
array(
'headers' => array( 'Accept' => 'application/jrd+json' ),
- 'redirection' => 0,
+ 'redirection' => 2,
'timeout' => 2,
)
);
@@ -198,6 +198,6 @@ class Webfinger {
}
}
- return new WP_Error( 'webfinger_remote_follow_endpoint_invalid', null, $data );
+ return new WP_Error( 'webfinger_remote_follow_endpoint_invalid', $data, array( 'status' => 417 ) );
}
}
diff --git a/includes/collection/class-followers.php b/includes/collection/class-followers.php
index baadf09..a9fe298 100644
--- a/includes/collection/class-followers.php
+++ b/includes/collection/class-followers.php
@@ -160,7 +160,7 @@ class Followers {
* @param int $user_id The ID of the WordPress User
* @param string $actor The Actor URL
*
- * @return array|WP_Error The Follower (WP_Term array) or an WP_Error
+ * @return array|WP_Error The Follower (WP_Post array) or an WP_Error
*/
public static function add_follower( $user_id, $actor ) {
$meta = get_remote_metadata_by_actor( $actor );
@@ -169,29 +169,30 @@ class Followers {
return $meta;
}
+ if ( empty( $meta ) || ! is_array( $meta ) || is_wp_error( $meta ) ) {
+ return new WP_Error( 'activitypub_invalid_follower', __( 'Invalid Follower', 'activitypub' ), array( 'status' => 400 ) );
+ }
+
$error = null;
$follower = new Follower();
+ $follower->from_array( $meta );
- if ( empty( $meta ) || ! is_array( $meta ) || is_wp_error( $meta ) ) {
- $follower->set_id( $actor );
- $follower->set_url( $actor );
- $error = $meta;
- } else {
- $follower->from_array( $meta );
+ $id = $follower->upsert();
+
+ if ( is_wp_error( $id ) ) {
+ return $id;
}
- $follower->upsert();
-
- $meta = get_post_meta( $follower->get__id(), 'activitypub_user_id' );
+ $meta = get_post_meta( $id, 'activitypub_user_id' );
if ( $error ) {
- self::add_error( $follower->get__id(), $error );
+ self::add_error( $id, $error );
}
// phpcs:ignore WordPress.PHP.StrictInArray.MissingTrueStrict
if ( is_array( $meta ) && ! in_array( $user_id, $meta ) ) {
- add_post_meta( $follower->get__id(), 'activitypub_user_id', $user_id );
+ add_post_meta( $id, 'activitypub_user_id', $user_id );
wp_cache_delete( sprintf( self::CACHE_KEY_INBOXES, $user_id ), 'activitypub' );
}
@@ -360,7 +361,17 @@ class Followers {
public static function get_all_followers() {
$args = array(
// phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query
- 'meta_query' => array(),
+ 'meta_query' => array(
+ 'relation' => 'AND',
+ array(
+ 'key' => 'activitypub_inbox',
+ 'compare' => 'EXISTS',
+ ),
+ array(
+ 'key' => 'activitypub_actor_json',
+ 'compare' => 'EXISTS',
+ ),
+ ),
);
return self::get_followers( null, null, null, $args );
}
@@ -379,10 +390,19 @@ class Followers {
'fields' => 'ids',
// phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query
'meta_query' => array(
+ 'relation' => 'AND',
array(
'key' => 'activitypub_user_id',
'value' => $user_id,
),
+ array(
+ 'key' => 'activitypub_inbox',
+ 'compare' => 'EXISTS',
+ ),
+ array(
+ 'key' => 'activitypub_actor_json',
+ 'compare' => 'EXISTS',
+ ),
),
)
);
@@ -412,6 +432,7 @@ class Followers {
'fields' => 'ids',
// phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query
'meta_query' => array(
+ 'relation' => 'AND',
array(
'key' => 'activitypub_inbox',
'compare' => 'EXISTS',
@@ -420,6 +441,11 @@ class Followers {
'key' => 'activitypub_user_id',
'value' => $user_id,
),
+ array(
+ 'key' => 'activitypub_inbox',
+ 'value' => '',
+ 'compare' => '!=',
+ ),
),
)
);
@@ -462,7 +488,7 @@ class Followers {
'post_type' => self::POST_TYPE,
'posts_per_page' => $number,
'orderby' => 'modified',
- 'order' => 'DESC',
+ 'order' => 'ASC',
'post_status' => 'any', // 'any' includes 'trash
'date_query' => array(
array(
@@ -490,16 +516,35 @@ class Followers {
*
* @return mixed The Term list of Followers, the format depends on $output.
*/
- public static function get_faulty_followers( $number = 10 ) {
+ public static function get_faulty_followers( $number = 20 ) {
$args = array(
'post_type' => self::POST_TYPE,
'posts_per_page' => $number,
// phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query
'meta_query' => array(
+ 'relation' => 'OR',
array(
'key' => 'activitypub_errors',
'compare' => 'EXISTS',
),
+ array(
+ 'key' => 'activitypub_inbox',
+ 'compare' => 'NOT EXISTS',
+ ),
+ array(
+ 'key' => 'activitypub_actor_json',
+ 'compare' => 'NOT EXISTS',
+ ),
+ array(
+ 'key' => 'activitypub_inbox',
+ 'value' => '',
+ 'compare' => '=',
+ ),
+ array(
+ 'key' => 'activitypub_actor_json',
+ 'value' => '',
+ 'compare' => '=',
+ ),
),
);
diff --git a/includes/functions.php b/includes/functions.php
index ddf20ec..2edc31c 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -54,7 +54,7 @@ function get_remote_metadata_by_actor( $actor, $cached = true ) {
}
if ( ! $actor ) {
- return null;
+ return new WP_Error( 'activitypub_no_valid_actor_identifier', \__( 'The "actor" identifier is not valid', 'activitypub' ), array( 'status' => 404, 'actor' => $actor ) );
}
if ( is_wp_error( $actor ) ) {
@@ -73,7 +73,7 @@ function get_remote_metadata_by_actor( $actor, $cached = true ) {
}
if ( ! \wp_http_validate_url( $actor ) ) {
- $metadata = new \WP_Error( 'activitypub_no_valid_actor_url', \__( 'The "actor" is no valid URL', 'activitypub' ), $actor );
+ $metadata = new WP_Error( 'activitypub_no_valid_actor_url', \__( 'The "actor" is no valid URL', 'activitypub' ), array( 'status' => 400, 'actor' => $actor ) );
\set_transient( $transient_key, $metadata, HOUR_IN_SECONDS ); // Cache the error for a shorter period.
return $metadata;
}
@@ -95,7 +95,7 @@ function get_remote_metadata_by_actor( $actor, $cached = true ) {
\set_transient( $transient_key, $metadata, WEEK_IN_SECONDS );
if ( ! $metadata ) {
- $metadata = new \WP_Error( 'activitypub_invalid_json', \__( 'No valid JSON data', 'activitypub' ), $actor );
+ $metadata = new WP_Error( 'activitypub_invalid_json', \__( 'No valid JSON data', 'activitypub' ), array( 'status' => 400, 'actor' => $actor ) );
\set_transient( $transient_key, $metadata, HOUR_IN_SECONDS ); // Cache the error for a shorter period.
return $metadata;
}
@@ -680,7 +680,7 @@ function is_user_type_disabled( $type ) {
$return = false;
break;
default:
- $return = new WP_Error( 'activitypub_wrong_user_type', __( 'Wrong user type', 'activitypub' ) );
+ $return = new WP_Error( 'activitypub_wrong_user_type', __( 'Wrong user type', 'activitypub' ), array( 'status' => 400 ) );
break;
}
@@ -693,20 +693,14 @@ function is_user_type_disabled( $type ) {
* @return boolean True if the blog is in single-user mode, false otherwise.
*/
function is_single_user() {
- $return = false;
-
- if ( \defined( 'ACTIVITYPUB_SINGLE_USER_MODE' ) ) {
- if ( ACTIVITYPUB_SINGLE_USER_MODE ) {
- $return = true;
- }
- } elseif (
+ if (
false === is_user_type_disabled( 'blog' ) &&
true === is_user_type_disabled( 'user' )
) {
- $return = true;
+ return true;
}
- return $return;
+ return false;
}
if ( ! function_exists( 'get_self_link' ) ) {
@@ -721,3 +715,33 @@ if ( ! function_exists( 'get_self_link' ) ) {
return esc_url( apply_filters( 'self_link', set_url_scheme( 'http://' . $host['host'] . $path ) ) );
}
}
+
+/**
+ * Check if a site supports the block editor.
+ *
+ * @return boolean True if the site supports the block editor, false otherwise.
+ */
+function site_supports_blocks() {
+ if ( ! \function_exists( 'register_block_type_from_metadata' ) ) {
+ return false;
+ }
+
+ /**
+ * Allow plugins to disable block editor support,
+ * thus disabling blocks registered by the ActivityPub plugin.
+ *
+ * @param boolean $supports_blocks True if the site supports the block editor, false otherwise.
+ */
+ return apply_filters( 'activitypub_site_supports_blocks', true );
+}
+
+/**
+ * Check if data is valid JSON.
+ *
+ * @param string $data The data to check.
+ *
+ * @return boolean True if the data is JSON, false otherwise.
+ */
+function is_json( $data ) {
+ return \is_array( \json_decode( $data, true ) ) ? true : false;
+}
diff --git a/includes/model/class-application-user.php b/includes/model/class-application-user.php
index 2affde5..1cfcec0 100644
--- a/includes/model/class-application-user.php
+++ b/includes/model/class-application-user.php
@@ -22,6 +22,13 @@ class Application_User extends Blog_User {
*/
protected $type = 'Application';
+ /**
+ * If the User is discoverable.
+ *
+ * @var boolean
+ */
+ protected $discoverable = false;
+
/**
* Get the User-Url.
*
@@ -35,58 +42,10 @@ class Application_User extends Blog_User {
return 'application';
}
- public function get_username() {
+ public function get_preferred_username() {
return $this::get_name();
}
- public function get__public_key() {
- $key = \get_option( 'activitypub_application_user_public_key' );
-
- if ( $key ) {
- return $key;
- }
-
- $this->generate_key_pair();
-
- $key = \get_option( 'activitypub_application_user_public_key' );
-
- return $key;
- }
-
- /**
- * @param int $user_id
- *
- * @return mixed
- */
- public function get__private_key() {
- $key = \get_option( 'activitypub_application_user_private_key' );
-
- if ( $key ) {
- return $key;
- }
-
- $this->generate_key_pair();
-
- return \get_option( 'activitypub_application_user_private_key' );
- }
-
- private function generate_key_pair() {
- $key_pair = Signature::generate_key_pair();
-
- if ( ! is_wp_error( $key_pair ) ) {
- \update_option( 'activitypub_application_user_public_key', $key_pair['public_key'] );
- \update_option( 'activitypub_application_user_private_key', $key_pair['private_key'] );
- }
- }
-
- public function get_inbox() {
- return null;
- }
-
- public function get_outbox() {
- return null;
- }
-
public function get_followers() {
return null;
}
@@ -96,14 +55,18 @@ class Application_User extends Blog_User {
}
public function get_attachment() {
- return array();
+ return null;
}
public function get_featured_tags() {
- return array();
+ return null;
}
public function get_featured() {
- return array();
+ return null;
+ }
+
+ public function get_moderators() {
+ return null;
}
}
diff --git a/includes/model/class-blog-user.php b/includes/model/class-blog-user.php
index 8de46df..062b616 100644
--- a/includes/model/class-blog-user.php
+++ b/includes/model/class-blog-user.php
@@ -7,6 +7,7 @@ use Activitypub\Collection\Users;
use function Activitypub\is_single_user;
use function Activitypub\is_user_disabled;
+use function Activitypub\get_rest_url_by_path;
class Blog_User extends User {
/**
@@ -21,7 +22,7 @@ class Blog_User extends User {
*
* @var string
*/
- protected $type = 'Group';
+ protected $type = null;
/**
* Is Account discoverable?
@@ -45,6 +46,21 @@ class Blog_User extends User {
return $object;
}
+ /**
+ * Get the type of the object.
+ *
+ * If the Blog is in "single user" mode, return "Person" insted of "Group".
+ *
+ * @return string The type of the object.
+ */
+ public function get_type() {
+ if ( is_single_user() ) {
+ return 'Person';
+ } else {
+ return 'Group';
+ }
+ }
+
/**
* Get the User-Name.
*
@@ -122,23 +138,34 @@ class Blog_User extends User {
/**
* Get the User-Icon.
*
- * @return array|null The User-Icon.
+ * @return array The User-Icon.
*/
public function get_icon() {
// try site icon first
$icon_id = get_option( 'site_icon' );
+
// try custom logo second
if ( ! $icon_id ) {
$icon_id = get_theme_mod( 'custom_logo' );
}
- if ( ! $icon_id ) {
- return null;
+
+ $icon_url = false;
+
+ if ( $icon_id ) {
+ $icon = wp_get_attachment_image_src( $icon_id, 'full' );
+ if ( $icon ) {
+ $icon_url = $icon[0];
+ }
+ }
+
+ if ( ! $icon_url ) {
+ // fallback to default icon
+ $icon_url = plugins_url( '/assets/img/wp-logo.png', ACTIVITYPUB_PLUGIN_FILE );
}
- $image = wp_get_attachment_image_src( $icon_id, 'full' );
return array(
'type' => 'Image',
- 'url' => esc_url( $image[0] ),
+ 'url' => esc_url( $icon_url ),
);
}
@@ -176,48 +203,6 @@ class Blog_User extends User {
return \gmdate( 'Y-m-d\TH:i:s\Z', $time );
}
- public function get__public_key() {
- $key = \get_option( 'activitypub_blog_user_public_key' );
-
- if ( $key ) {
- return $key;
- }
-
- $this->generate_key_pair();
-
- $key = \get_option( 'activitypub_blog_user_public_key' );
-
- return $key;
- }
-
- /**
- * Get the User-Private-Key.
- *
- * @param int $user_id
- *
- * @return mixed
- */
- public function get__private_key() {
- $key = \get_option( 'activitypub_blog_user_private_key' );
-
- if ( $key ) {
- return $key;
- }
-
- $this->generate_key_pair();
-
- return \get_option( 'activitypub_blog_user_private_key' );
- }
-
- private function generate_key_pair() {
- $key_pair = Signature::generate_key_pair();
-
- if ( ! is_wp_error( $key_pair ) ) {
- \update_option( 'activitypub_blog_user_public_key', $key_pair['public_key'] );
- \update_option( 'activitypub_blog_user_private_key', $key_pair['private_key'] );
- }
- }
-
public function get_attachment() {
return array();
}
@@ -226,18 +211,27 @@ class Blog_User extends User {
return \home_url();
}
- /**
- * Get the type of the object.
- *
- * If the Blog is in "single user" mode, return "Person" insted of "Group".
- *
- * @return string The type of the object.
- */
- public function get_type() {
- if ( is_single_user() ) {
- return 'Person';
- } else {
- return $this->type;
+ public function get_moderators() {
+ if ( is_single_user() || 'Group' !== $this->get_type() ) {
+ return null;
}
+
+ return get_rest_url_by_path( 'collections/moderators' );
+ }
+
+ public function get_attributed_to() {
+ if ( is_single_user() || 'Group' !== $this->get_type() ) {
+ return null;
+ }
+
+ return get_rest_url_by_path( 'collections/moderators' );
+ }
+
+ public function get_posting_restricted_to_mods() {
+ if ( 'Group' === $this->get_type() ) {
+ return true;
+ }
+
+ return null;
}
}
diff --git a/includes/model/class-follower.php b/includes/model/class-follower.php
index 0993170..7cf6dd4 100644
--- a/includes/model/class-follower.php
+++ b/includes/model/class-follower.php
@@ -1,6 +1,7 @@
save();
}
+ /**
+ * Validate the current Follower-Object.
+ *
+ * @return boolean True if the verification was successful.
+ */
+ public function is_valid() {
+ // the minimum required attributes
+ $required_attributes = array(
+ 'id',
+ 'preferredUsername',
+ 'inbox',
+ 'publicKey',
+ 'publicKeyPem',
+ );
+
+ foreach ( $required_attributes as $attribute ) {
+ if ( ! $this->get( $attribute ) ) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
/**
* Save the current Follower-Object.
*
- * @return void
+ * @return int|WP_Error The Post-ID or an WP_Error.
*/
public function save() {
+ if ( ! $this->is_valid() ) {
+ return new WP_Error( 'activitypub_invalid_follower', __( 'Invalid Follower', 'activitypub' ), array( 'status' => 400 ) );
+ }
+
if ( ! $this->get__id() ) {
global $wpdb;
@@ -147,15 +176,17 @@ class Follower extends Actor {
$post_id = wp_insert_post( $args );
$this->_id = $post_id;
+
+ return $post_id;
}
/**
* Upsert the current Follower-Object.
*
- * @return void
+ * @return int|WP_Error The Post-ID or an WP_Error.
*/
public function upsert() {
- $this->save();
+ return $this->save();
}
/**
diff --git a/includes/model/class-user.php b/includes/model/class-user.php
index 12fbb67..f62772d 100644
--- a/includes/model/class-user.php
+++ b/includes/model/class-user.php
@@ -36,6 +36,15 @@ class User extends Actor {
*/
protected $featured;
+ /**
+ * Moderators endpoint.
+ *
+ * @see https://join-lemmy.org/docs/contributors/05-federation.html
+ *
+ * @var string
+ */
+ protected $moderators;
+
/**
* The User-Type
*
@@ -43,6 +52,38 @@ class User extends Actor {
*/
protected $type = 'Person';
+ /**
+ * If the User is discoverable.
+ *
+ * @see https://docs.joinmastodon.org/spec/activitypub/#discoverable
+ *
+ * @var boolean
+ */
+ protected $discoverable = true;
+
+ /**
+ * If the User is indexable.
+ *
+ * @var boolean
+ */
+ protected $indexable;
+
+ /**
+ * The WebFinger Resource.
+ *
+ * @var string
+ */
+ protected $resource;
+
+ /**
+ * Restrict posting to mods
+ *
+ * @see https://join-lemmy.org/docs/contributors/05-federation.html
+ *
+ * @var boolean
+ */
+ protected $posting_restricted_to_mods = null;
+
public static function from_wp_user( $user_id ) {
if ( is_user_disabled( $user_id ) ) {
return new WP_Error(
@@ -145,53 +186,10 @@ class User extends Actor {
return array(
'id' => $this->get_id() . '#main-key',
'owner' => $this->get_id(),
- 'publicKeyPem' => $this->get__public_key(),
+ 'publicKeyPem' => Signature::get_public_key_for( $this->get__id() ),
);
}
- /**
- * @param int $this->get__id()
- *
- * @return mixed
- */
- public function get__public_key() {
- $key = \get_user_meta( $this->get__id(), 'magic_sig_public_key', true );
-
- if ( $key ) {
- return $key;
- }
-
- $this->generate_key_pair();
-
- return \get_user_meta( $this->get__id(), 'magic_sig_public_key', true );
- }
-
- /**
- * @param int $this->get__id()
- *
- * @return mixed
- */
- public function get__private_key() {
- $key = \get_user_meta( $this->get__id(), 'magic_sig_private_key', true );
-
- if ( $key ) {
- return $key;
- }
-
- $this->generate_key_pair();
-
- return \get_user_meta( $this->get__id(), 'magic_sig_private_key', true );
- }
-
- private function generate_key_pair() {
- $key_pair = Signature::generate_key_pair();
-
- if ( ! is_wp_error( $key_pair ) ) {
- \update_user_meta( $this->get__id(), 'magic_sig_public_key', $key_pair['public_key'], true );
- \update_user_meta( $this->get__id(), 'magic_sig_private_key', $key_pair['private_key'], true );
- }
- }
-
/**
* Returns the Inbox-API-Endpoint.
*
@@ -301,4 +299,20 @@ class User extends Actor {
public function get_canonical_url() {
return $this->get_url();
}
+
+ public function get_streams() {
+ return null;
+ }
+
+ public function get_tag() {
+ return array();
+ }
+
+ public function get_indexable() {
+ if ( \get_option( 'blog_public', 1 ) ) {
+ return true;
+ } else {
+ return false;
+ }
+ }
}
diff --git a/includes/rest/class-collection.php b/includes/rest/class-collection.php
index b29a090..9e50835 100644
--- a/includes/rest/class-collection.php
+++ b/includes/rest/class-collection.php
@@ -1,6 +1,7 @@
WP_REST_Server::READABLE,
+ 'callback' => array( self::class, 'moderators_get' ),
+ 'permission_callback' => '__return_true',
+ ),
+ )
+ );
}
/**
@@ -158,6 +171,30 @@ class Collection {
return new WP_REST_Response( $response, 200 );
}
+ /**
+ * Moderators endpoint
+ *
+ * @param WP_REST_Request $request The request object.
+ *
+ * @return WP_REST_Response The response object.
+ */
+ public static function moderators_get( $request ) {
+ $response = array(
+ '@context' => Activity::CONTEXT,
+ 'id' => get_rest_url_by_path( 'collections/moderators' ),
+ 'type' => 'OrderedCollection',
+ 'orderedItems' => array(),
+ );
+
+ $users = User_Collection::get_collection();
+
+ foreach ( $users as $user ) {
+ $response['orderedItems'][] = $user->get_url();
+ }
+
+ return new WP_REST_Response( $response, 200 );
+ }
+
/**
* The supported parameters
*
diff --git a/includes/rest/class-inbox.php b/includes/rest/class-inbox.php
index b5f012b..477cef7 100644
--- a/includes/rest/class-inbox.php
+++ b/includes/rest/class-inbox.php
@@ -131,7 +131,7 @@ class Inbox {
return $user;
}
- $data = $request->get_params();
+ $data = $request->get_json_params();
$type = $request->get_param( 'type' );
$type = \strtolower( $type );
@@ -149,7 +149,7 @@ class Inbox {
* @return WP_REST_Response
*/
public static function shared_inbox_post( $request ) {
- $data = $request->get_params();
+ $data = $request->get_json_params();
$type = $request->get_param( 'type' );
$users = self::extract_recipients( $data );
@@ -171,6 +171,12 @@ class Inbox {
}
foreach ( $users as $user ) {
+ $user = User_Collection::get_by_various( $user );
+
+ if ( is_wp_error( $user ) ) {
+ continue;
+ }
+
$type = \strtolower( $type );
\do_action( 'activitypub_inbox', $data, $user->ID, $type );
@@ -325,61 +331,6 @@ class Inbox {
return $params;
}
- /**
- * Handles "Reaction" requests
- *
- * @param array $object The activity-object
- * @param int $user_id The id of the local blog-user
- */
- public static function handle_reaction( $object, $user_id ) {
- $meta = get_remote_metadata_by_actor( $object['actor'] );
-
- $comment_post_id = \url_to_postid( $object['object'] );
-
- // save only replys and reactions
- if ( ! $comment_post_id ) {
- return false;
- }
-
- $commentdata = array(
- 'comment_post_ID' => $comment_post_id,
- 'comment_author' => \esc_attr( $meta['name'] ),
- 'comment_author_email' => '',
- 'comment_author_url' => \esc_url_raw( $object['actor'] ),
- 'comment_content' => \esc_url_raw( $object['actor'] ),
- 'comment_type' => \esc_attr( \strtolower( $object['type'] ) ),
- 'comment_parent' => 0,
- 'comment_meta' => array(
- 'source_url' => \esc_url_raw( $object['id'] ),
- 'avatar_url' => \esc_url_raw( $meta['icon']['url'] ),
- 'protocol' => 'activitypub',
- ),
- );
-
- // disable flood control
- \remove_action( 'check_comment_flood', 'check_comment_flood_db', 10 );
-
- // do not require email for AP entries
- \add_filter( 'pre_option_require_name_email', '__return_false' );
-
- // No nonce possible for this submission route
- \add_filter(
- 'akismet_comment_nonce',
- function() {
- return 'inactive';
- }
- );
-
- $state = \wp_new_comment( $commentdata, true );
-
- \remove_filter( 'pre_option_require_name_email', '__return_false' );
-
- // re-add flood control
- \add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 );
-
- do_action( 'activitypub_handled_reaction', $object, $user_id, $state, $commentdata );
- }
-
/**
* Converts a new ActivityPub object to comment data suitable for creating a comment
*
@@ -387,9 +338,10 @@ class Inbox {
*
* @return array Comment data suitable for creating a comment.
*/
- public static function convert_object_to_comment_data( $object ) {
- if ( ! isset( $object['object'] ) ) {
- return false;
+ public static function convert_object_to_comment_data( $object, $user_id ) {
+
+ if ( ! isset( $object['object']['inReplyTo'] ) ) {
+ return;
}
// check if Activity is public or not
diff --git a/includes/rest/class-server.php b/includes/rest/class-server.php
index 325b9ad..01d9a9a 100644
--- a/includes/rest/class-server.php
+++ b/includes/rest/class-server.php
@@ -46,6 +46,11 @@ class Server {
*/
public static function application_actor() {
$user = new Application_User();
+
+ $user->set_context(
+ \Activitypub\Activity\Activity::CONTEXT
+ );
+
$json = $user->to_array();
$response = new WP_REST_Response( $json, 200 );
@@ -80,12 +85,12 @@ class Server {
}
// POST-Requets are always signed
- if ( 'POST' === $request->get_method() ) {
+ if ( 'post' === \strtolower( $request->get_method() ) ) {
$verified_request = Signature::verify_http_signature( $request );
if ( \is_wp_error( $verified_request ) ) {
return $verified_request;
}
- } elseif ( 'GET' === $request->get_method() ) { // GET-Requests are only signed in secure mode
+ } elseif ( 'get' === \strtolower( $request->get_method() ) ) { // GET-Requests are only signed in secure mode
if ( ACTIVITYPUB_AUTHORIZED_FETCH ) {
$verified_request = Signature::verify_http_signature( $request );
if ( \is_wp_error( $verified_request ) ) {
diff --git a/includes/transformer/class-post.php b/includes/transformer/class-post.php
index cc8a1c6..286b91f 100644
--- a/includes/transformer/class-post.php
+++ b/includes/transformer/class-post.php
@@ -9,6 +9,7 @@ use Activitypub\Activity\Base_Object;
use function Activitypub\esc_hashtag;
use function Activitypub\is_single_user;
use function Activitypub\get_rest_url_by_path;
+use function Activitypub\site_supports_blocks;
/**
* WordPress Post Transformer
@@ -114,8 +115,8 @@ class Post {
$wp_post = $this->wp_post;
$object = new Base_Object();
- $object->set_id( \esc_url( \get_permalink( $wp_post->ID ) ) );
- $object->set_url( \esc_url( \get_permalink( $wp_post->ID ) ) );
+ $object->set_id( $this->get_id() );
+ $object->set_url( $this->get_url() );
$object->set_type( $this->get_object_type() );
$published = \strtotime( $wp_post->post_date_gmt );
@@ -150,6 +151,32 @@ class Post {
return $object;
}
+ /**
+ * Returns the ID of the Post.
+ *
+ * @return string The Posts ID.
+ */
+ public function get_id() {
+ return $this->get_url();
+ }
+
+ /**
+ * Returns the URL of the Post.
+ *
+ * @return string The Posts URL.
+ */
+ public function get_url() {
+ $post = $this->wp_post;
+
+ if ( 'trash' === get_post_status( $post ) ) {
+ $permalink = \get_post_meta( $post->ID, 'activitypub_canonical_url', true );
+ } else {
+ $permalink = \get_permalink( $post );
+ }
+
+ return \esc_url( $permalink );
+ }
+
/**
* Returns the User-URL of the Author of the Post.
*
@@ -166,6 +193,66 @@ class Post {
return Users::get_by_id( $this->wp_post->post_author )->get_url();
}
+ /**
+ * Returns the Image Attachments for this Post, parsed from blocks.
+ * @param int $max_images The maximum number of images to return.
+ * @param array $image_ids The image IDs to append new IDs to.
+ *
+ * @return array The image IDs.
+ */
+ protected function get_block_image_ids( $max_images, $image_ids = [] ) {
+ $blocks = \parse_blocks( $this->wp_post->post_content );
+ return self::get_image_ids_from_blocks( $blocks, $image_ids, $max_images );
+ }
+
+ /**
+ * Recursively get image IDs from blocks.
+ * @param array $blocks The blocks to search for image IDs
+ * @param array $image_ids The image IDs to append new IDs to
+ * @param int $max_images The maximum number of images to return.
+ *
+ * @return array The image IDs.
+ */
+ protected static function get_image_ids_from_blocks( $blocks, $image_ids, $max_images ) {
+ foreach ( $blocks as $block ) {
+ // recurse into inner blocks
+ if ( ! empty( $block['innerBlocks'] ) ) {
+ $image_ids = self::get_image_ids_from_blocks( $block['innerBlocks'], $image_ids, $max_images );
+ }
+
+ switch ( $block['blockName'] ) {
+ case 'core/image':
+ case 'core/cover':
+ if ( ! empty( $block['attrs']['id'] ) ) {
+ $image_ids[] = $block['attrs']['id'];
+ }
+ break;
+ case 'jetpack/slideshow':
+ case 'jetpack/tiled-gallery':
+ if ( ! empty( $block['attrs']['ids'] ) ) {
+ $image_ids = array_merge( $image_ids, $block['attrs']['ids'] );
+ }
+ break;
+ case 'jetpack/image-compare':
+ if ( ! empty( $block['attrs']['beforeImageId'] ) ) {
+ $image_ids[] = $block['attrs']['beforeImageId'];
+ }
+ if ( ! empty( $block['attrs']['afterImageId'] ) ) {
+ $image_ids[] = $block['attrs']['afterImageId'];
+ }
+ break;
+ }
+
+ // we could be at or over max, stop unneeded work
+ if ( count( $image_ids ) >= $max_images ) {
+ break;
+ }
+ }
+
+ // still need to slice it because one gallery could knock us over the limit
+ return \array_slice( $image_ids, 0, $max_images );
+ }
+
/**
* Generates all Image Attachments for a Post.
*
@@ -192,21 +279,26 @@ class Post {
}
if ( $max_images > 0 ) {
- // then list any image attachments
- $query = new \WP_Query(
- array(
- 'post_parent' => $id,
- 'post_status' => 'inherit',
- 'post_type' => 'attachment',
- 'post_mime_type' => 'image',
- 'order' => 'ASC',
- 'orderby' => 'menu_order ID',
- 'posts_per_page' => $max_images,
- )
- );
- foreach ( $query->get_posts() as $attachment ) {
- if ( ! \in_array( $attachment->ID, $image_ids, true ) ) {
- $image_ids[] = $attachment->ID;
+ // first try to get images that are actually in the post content
+ if ( site_supports_blocks() && \has_blocks( $this->wp_post->post_content ) ) {
+ $image_ids = $this->get_block_image_ids( $max_images, $image_ids );
+ } else {
+ // fallback to images attached to the post
+ $query = new \WP_Query(
+ array(
+ 'post_parent' => $id,
+ 'post_status' => 'inherit',
+ 'post_type' => 'attachment',
+ 'post_mime_type' => 'image',
+ 'order' => 'ASC',
+ 'orderby' => 'menu_order ID',
+ 'posts_per_page' => $max_images,
+ )
+ );
+ foreach ( $query->get_posts() as $attachment ) {
+ if ( ! \in_array( $attachment->ID, $image_ids, true ) ) {
+ $image_ids[] = $attachment->ID;
+ }
}
}
}
@@ -275,7 +367,7 @@ class Post {
* @param int $id The attachment ID.
* @param string $image_size The image size to retrieve. Set to 'full' by default.
*/
- do_action( 'activitypub_get_image_pre', $id, $image_size );
+ do_action( 'activitypub_get_image_post', $id, $image_size );
return $thumbnail;
}
@@ -357,7 +449,7 @@ class Post {
$mentions = $this->get_mentions();
if ( $mentions ) {
- foreach ( $mentions as $mention => $url ) {
+ foreach ( $mentions as $url ) {
$cc[] = $url;
}
}
@@ -447,7 +539,7 @@ class Post {
}
if ( 'content' === \get_option( 'activitypub_post_content_type', 'content' ) ) {
- return "[ap_content]\n\n[ap_hashtags]\n\n[ap_permalink type=\"html\"]";
+ return "[ap_content]\n\n[ap_permalink type=\"html\"]\n\n[ap_hashtags]";
}
return \get_option( 'activitypub_custom_post_content', ACTIVITYPUB_CUSTOM_POST_CONTENT );
diff --git a/package.json b/package.json
index 17006ea..d216407 100644
--- a/package.json
+++ b/package.json
@@ -11,7 +11,8 @@
},
"scripts": {
"dev": "wp-scripts start",
- "build": "wp-scripts build"
+ "build": "wp-scripts build",
+ "readme": "grunt wp_readme_to_markdown"
},
"license": "MIT",
"bugs": {
diff --git a/phpcs.xml b/phpcs.xml
index ad12dbd..fabb43e 100644
--- a/phpcs.xml
+++ b/phpcs.xml
@@ -13,6 +13,7 @@
diff --git a/readme.txt b/readme.txt
index a09b750..90e0011 100644
--- a/readme.txt
+++ b/readme.txt
@@ -1,9 +1,9 @@
=== ActivityPub ===
-Contributors: automattic, pfefferle, mediaformat, mattwiebe, akirk, jeherve, nuriapena
+Contributors: automattic, pfefferle, mediaformat, mattwiebe, akirk, jeherve, nuriapena, cavalierlife
Tags: OStatus, fediverse, activitypub, activitystream
Requires at least: 4.7
Tested up to: 6.3
-Stable tag: 1.0.0
+Stable tag: 1.0.1
Requires PHP: 5.6
License: MIT
License URI: http://opensource.org/licenses/MIT
@@ -12,39 +12,39 @@ The ActivityPub protocol is a decentralized social networking protocol based upo
== Description ==
-This is BETA software, see the FAQ to see the current feature set or rather what is still planned.
+Enter the fediverse with **ActivityPub**, broadcasting your blog to a wider audience! Attract followers, deliver updates, and receive comments from a diverse user base of **ActivityPub**\-compliant platforms.
-The plugin implements the ActivityPub protocol for your blog, which means that your readers will be able to follow your blog posts on Mastodon and other federated platforms that support ActivityPub. In addition, replies to your posts on Mastodon and related platforms will automatically become comments on your blog post.
+With the ActivityPub plugin installed, your WordPress blog itself function as a federated profile, along with profiles for each author. For instance, if your website is `example.com`, then the blog-wide profile can be found at `@example.com@example.com`, and authors like Jane and Bob would have their individual profiles at `@jane@example.com` and `@bobz@example.com`, respectively.
+
+An example: I give you my Mastodon profile name: `@pfefferle@mastodon.social`. You search, see my profile, and hit follow. Now, any post I make appears in your Home feed. Similarly, with the ActivityPub plugin, you can find and follow Jane's profile at `@jane@example.com`.
+
+Once you follow Jane's `@jane@example.com` profile, any blog post she crafts on `example.com` will land in your Home feed. Simultaneously, by following the blog-wide profile `@example.com@example.com`, you'll receive updates from all authors.
+
+**Note**: if no one follows your author or blog instance, your posts remain unseen. The simplest method to verify the plugin's operation is by following your profile. If you possess a Mastodon profile, initiate by following your new one.
The plugin works with the following tested federated platforms, but there may be more that it works with as well:
* [Mastodon](https://joinmastodon.org/)
-* [Pleroma](https://pleroma.social/)
+* [Pleroma](https://pleroma.social/)/[Akkoma](https://akkoma.social/)
* [friendica](https://friendi.ca/)
* [Hubzilla](https://hubzilla.org/)
* [Pixelfed](https://pixelfed.org/)
* [Socialhome](https://socialhome.network/)
* [Misskey](https://join.misskey.page/)
-* [Calckey](https://calckey.org/)
-
-Here’s what that means and what you can expect.
-
-Once the ActivityPub plugin is installed, each author’s page on your WordPress blog will become its own federated instance. In other words, if you have two authors, Jane and Bob, on your website, `example.com`, then your authors would have their own author pages at `example.com/author/jane` and `example.com/author/bob`. Each of those author pages would now be available to Mastodon users (and all other federated platform users) as a profile that can be followed. Let’s break that down further. Let’s say you have a friend on Mastodon who tells you to follow them and they give you their profile name `@janelivesheresomeofthetime@mastodon.social`. You search for her name, see her profile, and click the follow button, right? From then on, everything Jane posts on her profile shows up in your Home feed. Okay, similarly, now that Jane has installed the ActivityPub plugin on her `example.com` site, her friends can also follow her on Mastodon by searching for `@jane@example.com` and clicking the Follow button on that profile.
-
-From now on, every blog post Jane publishes on example.com will show up on your Home feed because you follow her `@jane@example.com` profile.
-Of course, if no one follows your author instance, then no one will ever see the posts - including you! So the easiest way to even know if the plugin is working is to follow your new profile yourself. If you already have a Mastodon profile, just follow your new one from there.
+* [Firefish](https://joinfirefish.org/) (rebrand of Calckey)
Some things to note:
-1. Many single-author blogs have chosen to turn off or redirect their author profile pages, usually via an SEO plugin like Yoast or Rank Math. This is usually done to avoid duplicate content with your blog’s home page. If your author page has been deactivated in this way, then ActivityPub won’t work for you. Instead, you can turn your author profile page back on, and then use the option in your SEO plugin to noindex the author page. This will enable the page to be live and ActivityPub will now work, but the live page won’t cause any duplicate content issues with search engines.
-1. Once ActivityPub is installed, only new posts going forward will be available in the fediverse. Likewise, even if you’ve been using ActivityPub for a while, anyone who follows your site, will only see new posts you publish from that moment on. They will never see previously-published posts in their Home feed. This process is very similar to subscribing to a newsletter. If you subscribe to a newsletter, you will only receive future emails, but not the old archived ones. With ActivityPub, if someone follows your site, they will only receive new blog posts you publish from then on.
+1. The blog-wide profile is only compatible with sites with rewrite rules enabled. If your site does not have rewrite rules enabled, the author-specific profiles may still work.
+1. Many single-author blogs have chosen to turn off or redirect their author profile pages, usually via an SEO plugin like Yoast or Rank Math. This is usually done to avoid duplicate content with your blog’s home page. If your author page has been deactivated in this way, then ActivityPub author profiles won’t work for you. Instead, you can turn your author profile page back on, and then use the option in your SEO plugin to noindex the author page. This will duplicate content issues with search engines and will enable ActivityPub author profiles to work.
+1. Once ActivityPub is installed, *only new posts going forward* will be available in the fediverse. Likewise, even if you’ve been using ActivityPub for a while, anyone who follows your site, will only see new posts you publish from that moment on. They will never see previously-published posts in their Home feed. This process is very similar to subscribing to a newsletter. If you subscribe to a newsletter, you will only receive future emails, but not the old archived ones. With ActivityPub, if someone follows your site, they will only receive new blog posts you publish from then on.
So what’s the process?
1. Install the ActivityPub plugin.
1. Go to the plugin’s settings page and adjust the settings to your liking. Click the Save button when ready.
-1. Make sure your blog’s author profile page is active.
-1. Go to Mastodon or any other federated platform, search for your author’s new federated profile, and follow it. Your new profile will be in the form of @yourauthorname@yourwebsite.com, so that is what you’ll search for.
+1. Make sure your blog’s author profile page is active if you are using author profiles.
+1. Go to Mastodon or any other federated platform, and search for your profile, and follow it. Your new profile will be in the form of either `@your_username@example.com` or `@example.com@example.com`, so that is what you’ll search for.
1. On your blog, publish a new post.
1. From Mastodon, check to see if the new post appears in your Home feed.
@@ -54,22 +54,14 @@ Please note that it may take up to 15 minutes or so for the new post to show up
= tl;dr =
-This plugin connects your WordPress blog to popular social platforms like Mastodon, making your posts more accessible to a wider audience. Once installed, your blog's author pages can be followed by users on these platforms, allowing them to receive your new posts in their feeds.
-
-Here's how it works:
-
-1. Install the plugin and adjust settings as needed.
-1. Ensure your blog's author profile page is active.
-1. On Mastodon or other supported platforms, search for and follow your author's new profile (e.g., `@yourauthorname@yourwebsite.com`).
-1. Publish a new post on your blog and check if it appears in your Mastodon feed.
-
-Please note that it may take up to 15 minutes for a new post to appear in your feed, as messages are sent on a delay to avoid overwhelming your followers. Be patient and give it some time.
+This plugin connects your WordPress blog to popular social platforms like Mastodon, making your posts more accessible to a wider audience. Once installed, your blog can be followed by users on these platforms, allowing them to receive your new posts in their feeds.
= What is the status of this plugin? =
Implemented:
-* profile pages (JSON representation)
+* blog profile pages (JSON representation)
+* author profile pages (JSON representation)
* custom links
* functional inbox/outbox
* follow (accept follows)
@@ -79,8 +71,8 @@ Implemented:
To implement:
-* better configuration possibilities
* threaded comments support
+* replace shortcodes with blocks for layout
= What is "ActivityPub for WordPress" =
@@ -94,7 +86,7 @@ In order for webfinger to work, it must be mapped to the root directory of the U
Add the following to the .htaccess file in the root directory:
- RedirectMatch "^\/\.well-known/(webfinger|nodeinfo|x-nodeinfo2)(.*)$" "\/blog\/\.well-known$1$2"
+ RedirectMatch "^\/\.well-known/(webfinger|nodeinfo|x-nodeinfo2)(.*)$" /blog/.well-known/$1$2
Where 'blog' is the path to the subdirectory at which your blog resides.
@@ -113,20 +105,36 @@ Where 'blog' is the path to the subdirectory at which your blog resides.
Project maintained on GitHub at [automattic/wordpress-activitypub](https://github.com/automattic/wordpress-activitypub).
+= 1.0.1 =
+
+* Update: improve image attachment detection using the block editor
+* Update: better error code handling for API responses
+* Update: use a tag stack instead of regex for protecting tags for Hashtags and @-Mentions
+* Compatibility: better signature support for subpath-installations
+* Compatibility: allow deactivating blocks registered by the plugin
+* Compatibility: avoid Fatal Errors when using ClassicPress
+* Compatibility: improve the Group-Actor to play nicely with existing implementations
+* Fixed: truncate long blog titles and handles for the "Follow me" block
+* Fixed: ensure that only a valid user can be selected for the "Follow me" block
+* Fixed: fix a typo in a hook name
+* Fixed: a problem with signatures when running WordPress in a sub-path
+
= 1.0.0 =
-* Add: blog-wide Account (catchall, like `mydomain.com@mydomain.com`)
-* Add: Signature Verification: https://docs.joinmastodon.org/spec/security/ .
-* Add: a Followers Block.
+* Add: blog-wide Account (catchall, like `example.com@example.com`)
+* Add: a Follow Me block (help visitors to follow your Profile)
+* Add: Signature Verification: https://docs.joinmastodon.org/spec/security/
+* Add: a Followers Block (show off your Followers)
* Add: Simple caching
* Add: Collection endpoints for Featured Tags and Featured Posts
-* Update: Complete rewrite of the Follower-System based on Custom Post Types.
+* Add: Better handling of Hashtags in mobile apps
+* Update: Complete rewrite of the Follower-System based on Custom Post Types
* Update: Improved linter (PHPCS)
-* Compatibility: Add a new conditional, `\Activitypub\is_activitypub_request()`, to allow third-party plugins to detect ActivityPub requests.
-* Compatibility: Add hooks to allow modifying images returned in ActivityPub requests.
-* Compatibility: Indicate that the plugin is compatible and has been tested with the latest version of WordPress, 6.3.
-* Compatibility: Avoid PHP notice on sites using PHP 8.2.
-* Fixed: Load the plugin later in the WordPress code lifecycle to avoid errors in some requests.
+* Compatibility: Add a new conditional, `\Activitypub\is_activitypub_request()`, to allow third-party plugins to detect ActivityPub requests
+* Compatibility: Add hooks to allow modifying images returned in ActivityPub requests
+* Compatibility: Indicate that the plugin is compatible and has been tested with the latest version of WordPress, 6.3
+* Compatibility: Avoid PHP notice on sites using PHP 8.2
+* Fixed: Load the plugin later in the WordPress code lifecycle to avoid errors in some requests
* Fixed: Updating posts
* Fixed: Hashtag now support CamelCase and UTF-8
diff --git a/src/follow-me/block.json b/src/follow-me/block.json
new file mode 100644
index 0000000..fba3a2f
--- /dev/null
+++ b/src/follow-me/block.json
@@ -0,0 +1,44 @@
+{
+ "$schema": "https://schemas.wp.org/trunk/block.json",
+ "name": "activitypub/follow-me",
+ "apiVersion": 3,
+ "version": "1.0.0",
+ "title": "Follow me on the Fediverse",
+ "category": "widgets",
+ "description": "Display your Fediverse profile so that visitors can follow you.",
+ "textdomain": "activitypub",
+ "icon": "groups",
+ "supports": {
+ "html": false,
+ "color": {
+ "gradients": true,
+ "link": true,
+ "__experimentalDefaultControls": {
+ "background": true,
+ "text": true,
+ "link": true
+ }
+ },
+ "__experimentalBorder": {
+ "radius": true,
+ "width": true,
+ "color": true,
+ "style": true
+ },
+ "typography": {
+ "fontSize": true,
+ "__experimentalDefaultControls": {
+ "fontSize": true
+ }
+ }
+ },
+ "attributes": {
+ "selectedUser": {
+ "type": "string",
+ "default": "site"
+ }
+ },
+ "editorScript": "file:./index.js",
+ "viewScript": "file:./view.js",
+ "style": ["file:./style-index.css", "wp-components"]
+}
\ No newline at end of file
diff --git a/src/follow-me/button-style.js b/src/follow-me/button-style.js
new file mode 100644
index 0000000..0c33ca2
--- /dev/null
+++ b/src/follow-me/button-style.js
@@ -0,0 +1,75 @@
+function presetVarColorCss( color ) {
+ return `var(--wp--preset--color--${ color })`;
+}
+
+function getBackgroundColor( color ) {
+ // if color is a string, it's a var like this.
+ if ( typeof color === 'string' ) {
+ return presetVarColorCss( color );
+ }
+
+ return color?.color?.background || null;
+}
+
+function getLinkColor( text ) {
+ if ( typeof text !== 'string' ) {
+ return null;
+ }
+ // if it starts with a hash, leave it be
+ if ( text.match( /^#/ ) ) {
+ // we don't handle the alpha channel if present.
+ return text.substring( 0, 7 );
+ }
+ // var:preset|color|luminous-vivid-amber
+ // var(--wp--preset--color--luminous-vivid-amber)
+ // we will receive the top format, we need to output the bottom format
+ const [ , , color ] = text.split( '|' );
+ return presetVarColorCss( color );
+}
+
+function generateSelector( selector, prop, value = null, pseudo = '' ) {
+ if ( ! value ) {
+ return '';
+ }
+ return `${ selector }${ pseudo } { ${ prop }: ${ value }; }\n`;
+}
+
+function getStyles( selector, button, text, hover ) {
+ return generateSelector( selector, 'background-color', button )
+ + generateSelector( selector, 'color', text )
+ + generateSelector( selector, 'background-color', hover, ':hover' )
+ + generateSelector( selector, 'background-color', hover, ':focus' );
+}
+
+function getBlockStyles( base, style, backgroundColor ) {
+ const selector = `${ base } .components-button`;
+ // we grab the background color if set as a good color for our button text
+ const buttonTextColor = getBackgroundColor( backgroundColor )
+ // bg might be in this form.
+ || style?.color?.background;
+ // we misuse the link color for the button background
+ const buttonColor = getLinkColor( style?.elements?.link?.color?.text );
+ // hover!
+ const buttonHoverColor = getLinkColor( style?.elements?.link?.[':hover']?.color?.text );
+
+ return getStyles( selector, buttonColor, buttonTextColor, buttonHoverColor );
+}
+
+export function getPopupStyles( style ) {
+ // we don't acept backgroundColor because the popup is always white (right?)
+ const buttonColor = getLinkColor( style?.elements?.link?.color?.text )
+ || '#111';
+ const buttonTextColor = '#fff';
+ const buttonHoverColor = getLinkColor( style?.elements?.link?.[':hover']?.color?.text )
+ || '#333';
+ const selector = '.apfmd__button-group .components-button';
+
+ return getStyles( selector, buttonColor, buttonTextColor, buttonHoverColor );
+}
+
+export function ButtonStyle( { selector, style, backgroundColor } ) {
+ const css = getBlockStyles( selector, style, backgroundColor );
+ return (
+
+ );
+}
\ No newline at end of file
diff --git a/src/follow-me/edit.js b/src/follow-me/edit.js
new file mode 100644
index 0000000..f40c7a2
--- /dev/null
+++ b/src/follow-me/edit.js
@@ -0,0 +1,39 @@
+import { InspectorControls, useBlockProps } from '@wordpress/block-editor';
+import { __ } from '@wordpress/i18n';
+import { SelectControl, PanelBody } from '@wordpress/components';
+import { useUserOptions } from '../shared/use-user-options';
+import FollowMe from './follow-me';
+import { useEffect } from '@wordpress/element';
+
+export default function Edit( { attributes, setAttributes } ) {
+ const blockProps = useBlockProps();
+ const usersOptions = useUserOptions();
+ const { selectedUser } = attributes;
+
+ useEffect( () => {
+ // if there are no users yet, do nothing
+ if ( ! usersOptions.length ) {
+ return;
+ }
+ // ensure that the selected user is in the list of options, if not, select the first available user
+ if ( ! usersOptions.find( ( { value } ) => value === selectedUser ) ) {
+ setAttributes( { selectedUser: usersOptions[ 0 ].value } );
+ }
+ }, [ selectedUser, usersOptions ] );
+
+ return (
+ setIsOpen( false ) }
+ title={ title }
+ >
+
+
+
+ ) }
+
+ );
+}
+
+function isUrl( string ) {
+ try {
+ new URL( string );
+ return true;
+ } catch ( _ ) {
+ return false;
+ }
+}
+
+function isHandle( string ) {
+ // remove leading @, there should still be an @ in there
+ const parts = string.replace( /^@/, '' ).split( '@' );
+ return parts.length === 2 && isUrl( `https://${ parts[ 1 ] }` );
+}
+
+function Dialog( { profile, userId } ) {
+ const { resource } = profile;
+ const followText = __( 'Follow', 'activitypub' );
+ const loadingText = __( 'Loading...', 'activitypub' );
+ const openingText = __( 'Opening...', 'activitypub' );
+ const errorText = __( 'Error', 'activitypub' );
+ const invalidText = __( 'Invalid', 'activitypub' );
+ const [ buttonText, setButtonText ] = useState( followText );
+ const [ buttonIcon, setButtonIcon ] = useState( copy );
+ const ref = useCopyToClipboard( resource, () => {
+ setButtonIcon( check );
+ setTimeout( () => setButtonIcon( copy ), 1000 );
+ } );
+ const [ remoteProfile, setRemoteProfile ] = useState( '' );
+ const retrieveAndFollow = useCallback( () => {
+ let timeout;
+ if ( ! ( isUrl( remoteProfile ) || isHandle( remoteProfile ) ) ) {
+ setButtonText( invalidText );
+ timeout = setTimeout( () => setButtonText( followText ), 2000 );
+ return () => clearTimeout( timeout );
+ }
+ const path = `/${ namespace }/users/${userId}/remote-follow?resource=${ remoteProfile }`;
+ setButtonText( loadingText );
+ apiFetch( { path } ).then( ( { url } ) => {
+ setButtonText( openingText );
+ setTimeout( () => {
+ window.open( url, '_blank' );
+ setButtonText( followText );
+ }, 200 );
+ } ).catch( () => {
+ setButtonText( errorText );
+ setTimeout( () => setButtonText( followText ), 2000 );
+ } );
+ }, [ remoteProfile ] );
+
+ return (
+
diff --git a/src/followers/followers.js b/src/followers/followers.js
index 445537b..bc555b8 100644
--- a/src/followers/followers.js
+++ b/src/followers/followers.js
@@ -64,7 +64,7 @@ export function Followers( {
setTotal( data.totalItems );
setFollowers( data.orderedItems );
} )
- .catch( ( error ) => console.error( error ) );
+ .catch( () => {} );
}, [ userId, per_page, order, page ] );
return (
' . $title . '
'; } diff --git a/includes/class-hashtag.php b/includes/class-hashtag.php index 1a76577..2d03ac4 100644 --- a/includes/class-hashtag.php +++ b/includes/class-hashtag.php @@ -43,38 +43,56 @@ class Hashtag { * @return string the filtered post-content */ public static function the_content( $the_content ) { - $protected_tags = array(); - $protect = function( $m ) use ( &$protected_tags ) { - $c = \wp_rand( 100000, 999999 ); - $protect = '!#!#PROTECT' . $c . '#!#!'; - while ( isset( $protected_tags[ $protect ] ) ) { - $c = \wp_rand( 100000, 999999 ); - $protect = '!#!#PROTECT' . $c . '#!#!'; + $tag_stack = array(); + $protected_tags = array( + 'pre', + 'code', + 'textarea', + 'style', + 'a', + ); + $content_with_links = ''; + $in_protected_tag = false; + foreach ( wp_html_split( $the_content ) as $chunk ) { + if ( preg_match( '#^$#i', $chunk, $m ) ) { + $content_with_links .= $chunk; + continue; } - $protected_tags[ $protect ] = $m[0]; - return $protect; - }; - $the_content = preg_replace_callback( - '##is', - $protect, - $the_content - ); - $the_content = preg_replace_callback( - '#<(pre|code|textarea|style)\b[^>]*>.*?]*>#is', - $protect, - $the_content - ); - $the_content = preg_replace_callback( - '#<[^>]+>#i', - $protect, - $the_content - ); - $the_content = \preg_replace_callback( '/' . ACTIVITYPUB_HASHTAGS_REGEXP . '/i', array( '\Activitypub\Hashtag', 'replace_with_links' ), $the_content ); + if ( preg_match( '#^<(/)?([a-z-]+)\b[^>]*>$#i', $chunk, $m ) ) { + $tag = strtolower( $m[2] ); + if ( '/' === $m[1] ) { + // Closing tag. + $i = array_search( $tag, $tag_stack ); + // We can only remove the tag from the stack if it is in the stack. + if ( false !== $i ) { + $tag_stack = array_slice( $tag_stack, 0, $i ); + } + } else { + // Opening tag, add it to the stack. + $tag_stack[] = $tag; + } - $the_content = str_replace( array_reverse( array_keys( $protected_tags ) ), array_reverse( array_values( $protected_tags ) ), $the_content ); + // If we're in a protected tag, the tag_stack contains at least one protected tag string. + // The protected tag state can only change when we encounter a start or end tag. + $in_protected_tag = array_intersect( $tag_stack, $protected_tags ); - return $the_content; + // Never inspect tags. + $content_with_links .= $chunk; + continue; + } + + if ( $in_protected_tag ) { + // Don't inspect a chunk inside an inspected tag. + $content_with_links .= $chunk; + continue; + } + + // Only reachable when there is no protected tag in the stack. + $content_with_links .= \preg_replace_callback( '/' . ACTIVITYPUB_HASHTAGS_REGEXP . '/i', array( '\Activitypub\Hashtag', 'replace_with_links' ), $chunk ); + } + + return $content_with_links; } /** @@ -89,7 +107,7 @@ class Hashtag { if ( $tag_object ) { $link = \get_term_link( $tag_object, 'post_tag' ); - return \sprintf( '#%s', $link, $tag ); + return \sprintf( '#%s', $link, $tag ); } return '#' . $tag; diff --git a/includes/class-health-check.php b/includes/class-health-check.php index 18cd48e..a802e6f 100644 --- a/includes/class-health-check.php +++ b/includes/class-health-check.php @@ -1,6 +1,12 @@ array( self::class, 'test_webfinger' ), ); + $tests['direct']['activitypub_test_system_cron'] = array( + 'label' => __( 'System Cron Test', 'activitypub' ), + 'test' => array( self::class, 'test_system_cron' ), + ); + return $tests; } @@ -70,6 +81,49 @@ class Health_Check { return $result; } + /** + * System Cron tests + * + * @return array + */ + public static function test_system_cron() { + $result = array( + 'label' => \__( 'System Task Scheduler configured', 'activitypub' ), + 'status' => 'good', + 'badge' => array( + 'label' => \__( 'ActivityPub', 'activitypub' ), + 'color' => 'green', + ), + 'description' => \sprintf( + '%s
', + \esc_html__( 'You seem to use the System Task Scheduler to process WP_Cron tasks.', 'activitypub' ) + ), + 'actions' => '', + 'test' => 'test_system_cron', + ); + + if ( defined( 'DISABLE_WP_CRON' ) && DISABLE_WP_CRON ) { + return $result; + } + + $result['status'] = 'recommended'; + $result['label'] = \__( 'System Task Scheduler not configured', 'activitypub' ); + $result['badge']['color'] = 'orange'; + $result['description'] = \sprintf( + '%s
', + \__( 'Enhance your WordPress site’s performance and mitigate potential heavy loads caused by plugins like ActivityPub by setting up a system cron job to run WP Cron. This ensures scheduled tasks are executed consistently and reduces the reliance on website traffic for trigger events.', 'activitypub' ) + ); + $result['actions'] .= sprintf( + '', + __( 'https://developer.wordpress.org/plugins/cron/hooking-wp-cron-into-the-system-task-scheduler/', 'activitypub' ), + __( 'Learn how to hook the WP-Cron into the System Task Scheduler.', 'activitypub' ), + /* translators: Hidden accessibility text. */ + __( '(opens in a new tab)', 'activitypub' ) + ); + + return $result; + } + /** * WebFinger tests * @@ -111,7 +165,7 @@ class Health_Check { /** * Check if `author_posts_url` is accessible and that request returns correct JSON * - * @return boolean|\WP_Error + * @return boolean|WP_Error */ public static function is_author_url_accessible() { $user = \wp_get_current_user(); @@ -120,7 +174,7 @@ class Health_Check { // check for "author" in URL if ( $author_url !== $reference_author_url ) { - return new \WP_Error( + return new WP_Error( 'author_url_not_accessible', \sprintf( // translators: %s: Author URL @@ -143,7 +197,7 @@ class Health_Check { ); if ( \is_wp_error( $response ) ) { - return new \WP_Error( + return new WP_Error( 'author_url_not_accessible', \sprintf( // translators: %s: Author URL @@ -160,7 +214,7 @@ class Health_Check { // check for redirects if ( \in_array( $response_code, array( 301, 302, 307, 308 ), true ) ) { - return new \WP_Error( + return new WP_Error( 'author_url_not_accessible', \sprintf( // translators: %s: Author URL @@ -177,7 +231,7 @@ class Health_Check { $body = \wp_remote_retrieve_body( $response ); if ( ! \is_string( $body ) || ! \is_array( \json_decode( $body, true ) ) ) { - return new \WP_Error( + return new WP_Error( 'author_url_not_accessible', \sprintf( // translators: %s: Author URL @@ -196,13 +250,13 @@ class Health_Check { /** * Check if WebFinger endpoint is accessible and profile request returns correct JSON * - * @return boolean|\WP_Error + * @return boolean|WP_Error */ public static function is_webfinger_endpoint_accessible() { $user = \wp_get_current_user(); - $account = \Activitypub\get_webfinger_resource( $user->ID ); + $account = get_webfinger_resource( $user->ID ); - $url = \Activitypub\Webfinger::resolve( $account ); + $url = Webfinger::resolve( $account ); if ( \is_wp_error( $url ) ) { $allowed = array( 'code' => array() ); $not_accessible = wp_kses( @@ -237,7 +291,7 @@ class Health_Check { if ( isset( $health_messages[ $url->get_error_code() ] ) ) { $message = $health_messages[ $url->get_error_code() ]; } - return new \WP_Error( + return new WP_Error( $url->get_error_code(), $message, $url->get_error_data() @@ -291,7 +345,7 @@ class Health_Check { 'fields' => array( 'webfinger' => array( 'label' => __( 'WebFinger Resource', 'activitypub' ), - 'value' => \Activitypub\Webfinger::get_user_resource( wp_get_current_user()->ID ), + 'value' => Webfinger::get_user_resource( wp_get_current_user()->ID ), 'private' => true, ), 'author_url' => array( @@ -299,6 +353,11 @@ class Health_Check { 'value' => get_author_posts_url( wp_get_current_user()->ID ), 'private' => true, ), + 'plugin_version' => array( + 'label' => __( 'Plugin Version', 'activitypub' ), + 'value' => get_plugin_version(), + 'private' => true, + ), ), ); diff --git a/includes/class-http.php b/includes/class-http.php index 5b741f4..f9140be 100644 --- a/includes/class-http.php +++ b/includes/class-http.php @@ -53,7 +53,7 @@ class Http { $code = \wp_remote_retrieve_response_code( $response ); if ( $code >= 400 ) { - $response = new WP_Error( $code, __( 'Failed HTTP Request', 'activitypub' ) ); + $response = new WP_Error( $code, __( 'Failed HTTP Request', 'activitypub' ), array( 'status' => $code ) ); } \do_action( 'activitypub_safe_remote_post_response', $response, $url, $body, $user_id ); @@ -101,7 +101,7 @@ class Http { $code = \wp_remote_retrieve_response_code( $response ); if ( $code >= 400 ) { - $response = new WP_Error( $code, __( 'Failed HTTP Request', 'activitypub' ) ); + $response = new WP_Error( $code, __( 'Failed HTTP Request', 'activitypub' ), array( 'status' => $code ) ); } \do_action( 'activitypub_safe_remote_get_response', $response, $url ); diff --git a/includes/class-mention.php b/includes/class-mention.php index d6c4bbb..4aedfb0 100644 --- a/includes/class-mention.php +++ b/includes/class-mention.php @@ -25,43 +25,56 @@ class Mention { * @return string the filtered post-content */ public static function the_content( $the_content ) { - $protected_tags = array(); - $protect = function( $m ) use ( &$protected_tags ) { - $c = \wp_rand( 100000, 999999 ); - $protect = '!#!#PROTECT' . $c . '#!#!'; - while ( isset( $protected_tags[ $protect ] ) ) { - $c = \wp_rand( 100000, 999999 ); - $protect = '!#!#PROTECT' . $c . '#!#!'; + $tag_stack = array(); + $protected_tags = array( + 'pre', + 'code', + 'textarea', + 'style', + 'a', + ); + $content_with_links = ''; + $in_protected_tag = false; + foreach ( wp_html_split( $the_content ) as $chunk ) { + if ( preg_match( '#^$#i', $chunk, $m ) ) { + $content_with_links .= $chunk; + continue; } - $protected_tags[ $protect ] = $m[0]; - return $protect; - }; - $the_content = preg_replace_callback( - '##is', - $protect, - $the_content - ); - $the_content = preg_replace_callback( - '#<(pre|code|textarea|style)\b[^>]*>.*?]*>#is', - $protect, - $the_content - ); - $the_content = preg_replace_callback( - '#
+
+
+ setAttributes( { selectedUser: value } ) }
+ />
+
+
+
+ );
+}
diff --git a/src/follow-me/follow-me.js b/src/follow-me/follow-me.js
new file mode 100644
index 0000000..8b7a505
--- /dev/null
+++ b/src/follow-me/follow-me.js
@@ -0,0 +1,178 @@
+
+import apiFetch from '@wordpress/api-fetch';
+import { useCallback, useEffect, useState, createInterpolateElement } from '@wordpress/element';
+import { Button, Modal } from '@wordpress/components';
+import { __, sprintf } from '@wordpress/i18n';
+import { copy, check, Icon } from '@wordpress/icons';
+import { useCopyToClipboard } from '@wordpress/compose';
+import { ButtonStyle, getPopupStyles } from './button-style';
+import './style.scss';
+const { namespace } = window._activityPubOptions;
+
+const DEFAULT_PROFILE_DATA = {
+ avatar: '',
+ resource: '@well@hello.dolly',
+ name: __( 'Hello Dolly Fan Account', 'activitypub' ),
+ url: '#',
+};
+
+function getNormalizedProfile( profile ) {
+ if ( ! profile ) {
+ return DEFAULT_PROFILE_DATA;
+ }
+ const data = { ...DEFAULT_PROFILE_DATA, ...profile };
+ data.avatar = data?.icon?.url;
+ return data;
+}
+
+function fetchProfile( userId ) {
+ const fetchOptions = {
+ headers: { Accept: 'application/activity+json' },
+ path: `/${ namespace }/users/${ userId }`,
+ };
+ return apiFetch( fetchOptions );
+}
+
+function Profile( { profile, popupStyles, userId } ) {
+ const { avatar, name, resource } = profile;
+ return (
+
+ 
+
+ );
+}
+
+function Follow( { profile, popupStyles, userId } ) {
+ const [ isOpen, setIsOpen ] = useState( false );
+ const title = sprintf( __( 'Follow %s', 'activitypub' ), profile?.name );
+
+ return (
+ <>
+
+ { isOpen && (
+
+
+ { name }
+ { resource }
+
+
+ );
+}
+
+export default function FollowMe( { selectedUser, style, backgroundColor, id, useId = false } ) {
+ const [ profile, setProfile ] = useState( getNormalizedProfile() );
+ const userId = selectedUser === 'site' ? 0 : selectedUser;
+ const popupStyles = getPopupStyles( style );
+ const wrapperProps = useId ? { id } : {};
+ function setProfileData( profile ) {
+ setProfile( getNormalizedProfile( profile ) );
+ }
+ useEffect( () => {
+ fetchProfile( userId ).then( setProfileData );
+ }, [ userId ] );
+
+ return(
+
+
+ { __( 'My Profile', 'activitypub' ) }
+
+ { __( 'Copy and paste my profile into the search field of your favorite fediverse app or server.', 'activitypub' ) }
+
+
+
+
+
+
+
+ { __( 'Your Profile', 'activitypub' ) }
+
+ { createInterpolateElement(
+ __( 'Or, if you know your own profile, we can start things that way! (eg
+ https://example.com/yourusername or yourusername@example.com)', 'activitypub' ),
+ { code:
+ { event?.code === 'Enter' && retrieveAndFollow() } }
+ onChange={ e => setRemoteProfile( e.target.value ) }
+ />
+
+
+
+
+ )
+}
\ No newline at end of file
diff --git a/src/follow-me/index.js b/src/follow-me/index.js
new file mode 100644
index 0000000..550af60
--- /dev/null
+++ b/src/follow-me/index.js
@@ -0,0 +1,5 @@
+import { registerBlockType } from '@wordpress/blocks';
+import { people } from '@wordpress/icons';
+import edit from './edit';
+const save = () => null;
+registerBlockType( 'activitypub/follow-me', { edit, save, icon: people } );
\ No newline at end of file
diff --git a/src/follow-me/style.scss b/src/follow-me/style.scss
new file mode 100644
index 0000000..fe20cb1
--- /dev/null
+++ b/src/follow-me/style.scss
@@ -0,0 +1,67 @@
+.editor-styles-wrapper, .activitypub-follow-me-block-wrapper {
+ .activitypub-profile {
+ display: flex;
+ align-items: self-start;
+ padding: 1rem;
+
+ .activitypub-profile__avatar {
+ height: 75px;
+ width: 75px;
+ margin-right: 1rem;
+ border-radius: 50%;
+ }
+ .activitypub-profile__content {
+ flex: 1;
+ min-width: 0;
+ }
+ .activitypub-profile__name, .activitypub-profile__handle {
+ margin: 0;
+ line-height: 1.2;
+ white-space: nowrap;
+ overflow: hidden;
+ text-overflow: ellipsis;
+ }
+ .activitypub-profile__name {
+ font-size: 1.25em;
+ }
+ .activitypub-profile__follow {
+ margin-left: 1rem;
+ align-self: center;
+ background-color: var(--wp--preset--color--black);
+ color: var(--wp--preset--color--white);
+ }
+ }
+}
+
+.activitypub-follow-me__dialog {
+ max-width: 30em;
+ h4 {
+ line-height: 1;
+ margin: 0;
+ }
+ .apmfd__section {
+ margin-bottom: 2em;
+ }
+ .apfmd-description {
+ font-size: var( --wp--preset--font-size--normal, .75rem );
+ margin: 0.33em 0 1em;
+ }
+ .apfmd__button-group {
+ display: flex;
+ justify-content: flex-end;
+
+ svg {
+ margin-right: .5em;
+ height: 21px;
+ width: 21px;
+ }
+
+ input {
+ flex: 1;
+ padding: {
+ left: 1em;
+ right: 1em;
+ }
+ }
+ }
+}
diff --git a/src/follow-me/view.js b/src/follow-me/view.js
new file mode 100644
index 0000000..418e45c
--- /dev/null
+++ b/src/follow-me/view.js
@@ -0,0 +1,16 @@
+import { render } from '@wordpress/element';
+import domReady from '@wordpress/dom-ready';
+import FollowMe from './follow-me';
+
+let id = 1;
+function getUniqueId() {
+ return `activitypub-follow-me-block-${ id++ }`;
+}
+
+domReady( () => {
+ // iterate over a nodelist
+ [].forEach.call( document.querySelectorAll( '.activitypub-follow-me-block-wrapper' ), ( element ) => {
+ const attrs = JSON.parse( element.dataset.attrs );
+ render(
diff --git a/src/shared/use-user-options.js b/src/shared/use-user-options.js
new file mode 100644
index 0000000..ac6d1c1
--- /dev/null
+++ b/src/shared/use-user-options.js
@@ -0,0 +1,24 @@
+import { __ } from '@wordpress/i18n';
+import { useSelect } from '@wordpress/data';
+import { useMemo } from '@wordpress/element';
+const enabled = window._activityPubOptions?.enabled;
+
+export function useUserOptions() {
+ const users = enabled?.users ? useSelect( ( select ) => select( 'core' ).getUsers( { who: 'authors' } ) ) : [];
+ return useMemo( () => {
+ if ( ! users ) {
+ return [];
+ }
+ const withBlogUser = enabled?.site ? [ {
+ label: __( 'Whole Site', 'activitypub' ),
+ value: 'site'
+ } ] : [];
+ return users.reduce( ( acc, user ) => {
+ acc.push({
+ label: user.name,
+ value: `${ user.id }` // casting to string because that's how the attribute is stored by Gutenberg
+ } );
+ return acc;
+ }, withBlogUser );
+ }, [ users ] );
+}
\ No newline at end of file
diff --git a/templates/admin-header.php b/templates/admin-header.php
index 23fb421..67b91ba 100644
--- a/templates/admin-header.php
+++ b/templates/admin-header.php
@@ -6,7 +6,7 @@
-