mirror of
https://github.com/Automattic/wordpress-activitypub
synced 2024-10-18 22:23:32 +00:00
174262d22c
* remove redundant property definitions
* Add redused context for actors.
* Add classes to construct Moblizon compatible events
* Bind the context to the activitypub object
- change the propertyname which stores the json-ld context from context to _context, because context is already reserved in the ActivityStreams vocabulary.
- cleanup currently unused code
* fix phpcs
* Remove PostalAddress object: it's enough (at least atm) to directly write the array in transformers.
* Remove _context property from ActivityPub objects in favour of getter function get_json_ld_context()
* fix unit tests: ActivityPub Activity objects have a custom getter for the JsonLD context
* fix phpcs
* fix unit-tests to also support php5.6
* fix phpcs
* add param include_json_ld_context to to_array function
This allows to not set the @context in the resulting array.
* propagate the param include_json_ld_context to nested calls of to_array.
* fix phpcs
* Nested AcitivityPub objects: never build context in inner items in to_array function
* fix: param of set_address may also be an array
* fix typo in comment
* always prefix json-ld context with json-ld and move event class to sub-namespace
* fix usage of reserved object keyword
seems it should not be used as a namespace either
* Merge commit 'b2271cda6b857f879e0abd4f3c6683642d725267' into add/event-objects
* Fix calling non-static function as static
Co-authored-by: Matthias Pfefferle <pfefferle@users.noreply.github.com>
* Partly fix Json-LD contexts in collections
* Update includes/activity/class-base-object.php
* this is implicit
We already set the correct user with `$transformer->change_wp_user_id( $user_id );` so the Actor will be generated properly. We can change the behaviour, but we should not use both.
* this change prevents the Activity to re-use Object vars
this should stay as is, because it pre-fills the Activity with data (for example cc and to) and it will no longer be done with your change.
It is on purpose that it first sets the object and then replaces it with the URI.
See: https://github.com/Automattic/wordpress-activitypub/blob/master/includes/activity/class-activity.php#L195
* add `$include_json_ld_context` support to `to_json`
* disable some more contexts
* remove whitespace
* Add php-comment for 7ed17c042a
* Fix JSON-LD context for ActivityPub objects: child classes may override it.
* coding standards
* call folder/namespace `Extended_Object`
to be consistent with folder names in singular
* fix: unnessesary nesting of extended-objects
* remove license
I hope this is fine, to have the complete plugin under the MIT @Menrath ?!?
---------
Co-authored-by: Matthias Pfefferle <pfefferle@users.noreply.github.com>
128 lines
3.8 KiB
PHP
128 lines
3.8 KiB
PHP
<?php
|
|
namespace Activitypub\Rest;
|
|
|
|
use stdClass;
|
|
use WP_Error;
|
|
use WP_REST_Response;
|
|
use Activitypub\Signature;
|
|
use Activitypub\Model\Application_User;
|
|
|
|
/**
|
|
* ActivityPub Server REST-Class
|
|
*
|
|
* @author Django Doucet
|
|
*
|
|
* @see https://www.w3.org/TR/activitypub/#security-verification
|
|
*/
|
|
class Server {
|
|
/**
|
|
* Initialize the class, registering WordPress hooks
|
|
*/
|
|
public static function init() {
|
|
self::register_routes();
|
|
|
|
\add_filter( 'rest_request_before_callbacks', array( self::class, 'authorize_activitypub_requests' ), 10, 3 );
|
|
}
|
|
|
|
/**
|
|
* Register routes
|
|
*/
|
|
public static function register_routes() {
|
|
\register_rest_route(
|
|
ACTIVITYPUB_REST_NAMESPACE,
|
|
'/application',
|
|
array(
|
|
array(
|
|
'methods' => \WP_REST_Server::READABLE,
|
|
'callback' => array( self::class, 'application_actor' ),
|
|
'permission_callback' => '__return_true',
|
|
),
|
|
)
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Render Application actor profile
|
|
*
|
|
* @return WP_REST_Response The JSON profile of the Application Actor.
|
|
*/
|
|
public static function application_actor() {
|
|
$user = new Application_User();
|
|
|
|
$json = $user->to_array();
|
|
|
|
$rest_response = new WP_REST_Response( $json, 200 );
|
|
$rest_response->header( 'Content-Type', 'application/activity+json; charset=' . get_option( 'blog_charset' ) );
|
|
|
|
return $rest_response;
|
|
}
|
|
|
|
/**
|
|
* Callback function to authorize each api requests
|
|
*
|
|
* @see WP_REST_Request
|
|
*
|
|
* @param WP_REST_Response|WP_HTTP_Response|WP_Error|mixed $response Result to send to the client.
|
|
* Usually a WP_REST_Response or WP_Error.
|
|
* @param array $handler Route handler used for the request.
|
|
* @param WP_REST_Request $request Request used to generate the response.
|
|
*
|
|
* @return mixed|WP_Error The response, error, or modified response.
|
|
*/
|
|
public static function authorize_activitypub_requests( $response, $handler, $request ) {
|
|
if ( 'HEAD' === $request->get_method() ) {
|
|
return $response;
|
|
}
|
|
|
|
$route = $request->get_route();
|
|
|
|
// check if it is an activitypub request and exclude webfinger and nodeinfo endpoints
|
|
if (
|
|
! \str_starts_with( $route, '/' . ACTIVITYPUB_REST_NAMESPACE ) ||
|
|
\str_starts_with( $route, '/' . \trailingslashit( ACTIVITYPUB_REST_NAMESPACE ) . 'webfinger' ) ||
|
|
\str_starts_with( $route, '/' . \trailingslashit( ACTIVITYPUB_REST_NAMESPACE ) . 'nodeinfo' )
|
|
) {
|
|
return $response;
|
|
}
|
|
|
|
/**
|
|
* Filter to defer signature verification
|
|
*
|
|
* Skip signature verification for debugging purposes or to reduce load for
|
|
* certain Activity-Types, like "Delete".
|
|
*
|
|
* @param bool $defer Whether to defer signature verification.
|
|
* @param WP_REST_Request $request The request used to generate the response.
|
|
*
|
|
* @return bool Whether to defer signature verification.
|
|
*/
|
|
$defer = \apply_filters( 'activitypub_defer_signature_verification', false, $request );
|
|
|
|
if ( $defer ) {
|
|
return $response;
|
|
}
|
|
|
|
// POST-Requets are always signed
|
|
if ( 'GET' !== $request->get_method() ) {
|
|
$verified_request = Signature::verify_http_signature( $request );
|
|
if ( \is_wp_error( $verified_request ) ) {
|
|
return new WP_Error(
|
|
'activitypub_signature_verification',
|
|
$verified_request->get_error_message(),
|
|
array( 'status' => 401 )
|
|
);
|
|
}
|
|
} elseif ( 'GET' === $request->get_method() && ACTIVITYPUB_AUTHORIZED_FETCH ) { // GET-Requests are only signed in secure mode
|
|
$verified_request = Signature::verify_http_signature( $request );
|
|
if ( \is_wp_error( $verified_request ) ) {
|
|
return new WP_Error(
|
|
'activitypub_signature_verification',
|
|
$verified_request->get_error_message(),
|
|
array( 'status' => 401 )
|
|
);
|
|
}
|
|
}
|
|
|
|
return $response;
|
|
}
|
|
}
|