mastodon/app/services/follow_service.rb
Eugen Rochko 00840f4f2e Add handling of Linked Data Signatures in payloads (#4687)
* Add handling of Linked Data Signatures in payloads

* Add a way to sign JSON, fix canonicalization of signature options

* Fix signatureValue encoding, send out signed JSON when distributing

* Add missing security context
2017-08-26 13:47:38 +02:00

76 lines
2.7 KiB
Ruby

# frozen_string_literal: true
class FollowService < BaseService
include StreamEntryRenderer
# Follow a remote user, notify remote user about the follow
# @param [Account] source_account From which to follow
# @param [String] uri User URI to follow in the form of username@domain
def call(source_account, uri)
target_account = ResolveRemoteAccountService.new.call(uri)
raise ActiveRecord::RecordNotFound if target_account.nil? || target_account.id == source_account.id || target_account.suspended?
raise Mastodon::NotPermittedError if target_account.blocking?(source_account) || source_account.blocking?(target_account)
return if source_account.following?(target_account)
if target_account.locked? || target_account.activitypub?
request_follow(source_account, target_account)
else
direct_follow(source_account, target_account)
end
end
private
def request_follow(source_account, target_account)
follow_request = FollowRequest.create!(account: source_account, target_account: target_account)
if target_account.local?
NotifyService.new.call(target_account, follow_request)
elsif target_account.ostatus?
NotificationWorker.perform_async(build_follow_request_xml(follow_request), source_account.id, target_account.id)
AfterRemoteFollowRequestWorker.perform_async(follow_request.id)
elsif target_account.activitypub?
ActivityPub::DeliveryWorker.perform_async(build_json(follow_request), source_account.id, target_account.inbox_url)
end
follow_request
end
def direct_follow(source_account, target_account)
follow = source_account.follow!(target_account)
if target_account.local?
NotifyService.new.call(target_account, follow)
else
Pubsubhubbub::SubscribeWorker.perform_async(target_account.id) unless target_account.subscribed?
NotificationWorker.perform_async(build_follow_xml(follow), source_account.id, target_account.id)
AfterRemoteFollowWorker.perform_async(follow.id)
end
MergeWorker.perform_async(target_account.id, source_account.id)
follow
end
def redis
Redis.current
end
def build_follow_request_xml(follow_request)
OStatus::AtomSerializer.render(OStatus::AtomSerializer.new.follow_request_salmon(follow_request))
end
def build_follow_xml(follow)
OStatus::AtomSerializer.render(OStatus::AtomSerializer.new.follow_salmon(follow))
end
def build_json(follow_request)
Oj.dump(ActivityPub::LinkedDataSignature.new(ActiveModelSerializers::SerializableResource.new(
follow_request,
serializer: ActivityPub::FollowSerializer,
adapter: ActivityPub::Adapter
).as_json).sign!(follow_request.account))
end
end