NodeBB/src/api/activitypub.js

'use strict';

/**
 * DEVELOPMENT NOTE
 *
 * THIS FILE IS UNDER ACTIVE DEVELOPMENT AND IS EXPLICITLY EXCLUDED FROM IMMUTABILITY GUARANTEES
 *
 * If you use api methods in this file, be prepared that they may be removed or modified with no warning.
 */

const nconf = require('nconf');
const winston = require('winston');

const db = require('../database');
const meta = require('../meta');
const privileges = require('../privileges');
const activitypub = require('../activitypub');
const posts = require('../posts');

const activitypubApi = module.exports;

function noop() {}

function enabledCheck(next) {
	return async function (caller, params) {
		if (!meta.config.activitypubEnabled) {
			return noop;
		}

		next(caller, params);
	};
}

activitypubApi.follow = enabledCheck(async (caller, { uid } = {}) => {
	const result = await activitypub.helpers.query(uid);
	if (!result) {
		throw new Error('[[error:activitypub.invalid-id]]');
	}

	await activitypub.send('uid', caller.uid, [result.actorUri], {
		id: `${nconf.get('url')}/uid/${caller.uid}#activity/follow/${result.username}@${result.hostname}`,
		type: 'Follow',
		object: result.actorUri,
	});

	await db.sortedSetAdd(`followRequests:${caller.uid}`, Date.now(), result.actorUri);
});

// should be .undo.follow
activitypubApi.unfollow = enabledCheck(async (caller, { uid }) => {
	const result = await activitypub.helpers.query(uid);
	if (!result) {
		throw new Error('[[error:activitypub.invalid-id]]');
	}

	await activitypub.send('uid', caller.uid, [result.actorUri], {
		id: `${nconf.get('url')}/uid/${caller.uid}#activity/undo:follow/${result.username}@${result.hostname}`,
		type: 'Undo',
		object: {
			id: `${nconf.get('url')}/uid/${caller.uid}#activity/follow/${result.username}@${result.hostname}`,
			type: 'Follow',
			actor: `${nconf.get('url')}/uid/${caller.uid}`,
			object: result.actorUri,
		},
	});

	await Promise.all([
		db.sortedSetRemove(`followingRemote:${caller.uid}`, result.actorUri),
		db.decrObjectField(`user:${caller.uid}`, 'followingRemoteCount'),
	]);
});

activitypubApi.create = {};

// this might be better genericised... tbd. some of to/cc is built in mocks.
async function buildRecipients(object, uid) {
	const followers = await db.getSortedSetMembers(`followersRemote:${uid}`);
	let { to, cc } = object;
	to = new Set(to);
	cc = new Set(cc);


	// Directly address user if inReplyTo
	const parentId = await posts.getPostField(object.inReplyTo, 'uid');
	if (activitypub.helpers.isUri(parentId) && to.has(parentId)) {
		to.add(parentId);
	}

	const targets = new Set([...followers, ...to, ...cc]);
	targets.delete(`${nconf.get('url')}/uid/${uid}/followers`); // followers URL not targeted
	targets.delete(activitypub._constants.publicAddress); // public address not targeted

	object.to = Array.from(to);
	object.cc = Array.from(cc);
	return { targets };
}

activitypubApi.create.post = enabledCheck(async (caller, { pid }) => {
	const post = (await posts.getPostSummaryByPids([pid], caller.uid, { stripTags: false })).pop();
	if (!post) {
		return;
	}

	const allowed = await privileges.posts.can('topics:read', pid, activitypub._constants.uid);
	if (!allowed) {
		winston.verbose(`[activitypub/api] Not federating creation of pid ${pid} to the fediverse due to privileges.`);
		return;
	}

	const object = await activitypub.mocks.note(post);
	const { targets } = await buildRecipients(object, post.user.uid);
	const { cid } = post.category;
	const followers = await activitypub.notes.getCategoryFollowers(cid);

	const payloads = {
		create: {
			id: `${object.id}#activity/create`,
			type: 'Create',
			to: object.to,
			cc: object.cc,
			object,
		},
		announce: {
			id: `${object.id}#activity/announce`,
			type: 'Announce',
			to: [`${nconf.get('url')}/category/${cid}/followers`],
			cc: [activitypub._constants.publicAddress],
			object,
		},
	};

	await activitypub.send('uid', caller.uid, Array.from(targets), payloads.create);
	if (followers.length) {
		await activitypub.send('cid', cid, followers, payloads.announce);
	}
});

activitypubApi.update = {};

activitypubApi.update.profile = enabledCheck(async (caller, { uid }) => {
	const [object, followers] = await Promise.all([
		activitypub.mocks.actors.user(uid),
		db.getSortedSetMembers(`followersRemote:${caller.uid}`),
	]);

	await activitypub.send('uid', caller.uid, followers, {
		id: `${object.id}#activity/update/${Date.now()}`,
		type: 'Update',
		to: [activitypub._constants.publicAddress],
		cc: [],
		object,
	});
});

activitypubApi.update.note = enabledCheck(async (caller, { post }) => {
	const object = await activitypub.mocks.note(post);
	const { targets } = await buildRecipients(object, post.user.uid);

	const allowed = await privileges.posts.can('topics:read', post.pid, activitypub._constants.uid);
	if (!allowed) {
		winston.verbose(`[activitypub/api] Not federating update of pid ${post.pid} to the fediverse due to privileges.`);
		return;
	}

	const payload = {
		id: `${object.id}#activity/update/${post.edited}`,
		type: 'Update',
		to: object.to,
		cc: object.cc,
		object,
	};

	await activitypub.send('uid', caller.uid, Array.from(targets), payload);
});

activitypubApi.like = {};

activitypubApi.like.note = enabledCheck(async (caller, { pid }) => {
	if (!activitypub.helpers.isUri(pid)) { // remote only
		return;
	}

	const uid = await posts.getPostField(pid, 'uid');
	if (!activitypub.helpers.isUri(uid)) {
		return;
	}

	await activitypub.send('uid', caller.uid, [uid], {
		type: 'Like',
		object: pid,
	});
});

activitypubApi.undo = {};

// activitypubApi.undo.follow =

activitypubApi.undo.like = enabledCheck(async (caller, { pid }) => {
	if (!activitypub.helpers.isUri(pid)) {
		return;
	}

	const uid = await posts.getPostField(pid, 'uid');
	if (!activitypub.helpers.isUri(uid)) {
		return;
	}

	await activitypub.send('uid', caller.uid, [uid], {
		type: 'Undo',
		object: {
			actor: `${nconf.get('url')}/uid/${caller.uid}`,
			type: 'Like',
			object: pid,
		},
	});
});

activitypubApi.flag = enabledCheck(async (caller, flag) => {
	if (!activitypub.helpers.isUri(flag.targetId)) {
		return;
	}
	const reportedIds = [flag.targetId];
	if (flag.type === 'post' && activitypub.helpers.isUri(flag.targetUid)) {
		reportedIds.push(flag.targetUid);
	}
	const reason = flag.reports.filter(report => report.reporter.uid === caller.uid).at(-1);
	await activitypub.send('uid', caller.uid, reportedIds, {
		type: 'Flag',
		object: reportedIds,
		content: reason ? reason.value : undefined,
	});
});
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00			`'use strict';`

			`/**`
			`* DEVELOPMENT NOTE`
			`*`
			`* THIS FILE IS UNDER ACTIVE DEVELOPMENT AND IS EXPLICITLY EXCLUDED FROM IMMUTABILITY GUARANTEES`
			`*`
			`* If you use api methods in this file, be prepared that they may be removed or modified with no warning.`
			`*/`

fix: additional refactors and updates to follow/unfollow logic 2023-12-22 15:53:04 -05:00			`const nconf = require('nconf');`
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`const winston = require('winston');`
fix: additional refactors and updates to follow/unfollow logic 2023-12-22 15:53:04 -05:00
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00			`const db = require('../database');`
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`const meta = require('../meta');`
			`const privileges = require('../privileges');`
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00			`const activitypub = require('../activitypub');`
feat: Create(Note) on new topic or reply This is a naive WIP implementation that federates everything out publicly. It does not take category privileges into account! 2024-01-24 11:44:10 -05:00			`const posts = require('../posts');`
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00
			`const activitypubApi = module.exports;`

fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`function noop() {}`

			`function enabledCheck(next) {`
			`return async function (caller, params) {`
			`if (!meta.config.activitypubEnabled) {`
			`return noop;`
			`}`

			`next(caller, params);`
			`};`
			`}`

			`activitypubApi.follow = enabledCheck(async (caller, { uid } = {}) => {`
refactor: replace JIT actor retrieval with actor assertion and storage logic 2024-01-26 15:10:35 -05:00			`const result = await activitypub.helpers.query(uid);`
			`if (!result) {`
fix: ActivityPub.get now throws on failure, handle in getActor 2024-01-08 14:30:09 -05:00			`throw new Error('[[error:activitypub.invalid-id]]');`
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00			`}`

refactor: activitypub sending to handle signed requests from categories 2024-02-05 16:57:17 -05:00			`await activitypub.send('uid', caller.uid, [result.actorUri], {`
feat: add id to follows and verify accepts 2024-04-09 23:58:52 +02:00			id: `${nconf.get('url')}/uid/${caller.uid}#activity/follow/${result.username}@${result.hostname}`,
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00			`type: 'Follow',`
refactor: replace JIT actor retrieval with actor assertion and storage logic 2024-01-26 15:10:35 -05:00			`object: result.actorUri,`
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00			`});`
feat: add id to follows and verify accepts 2024-04-09 23:58:52 +02:00
			await db.sortedSetAdd(`followRequests:${caller.uid}`, Date.now(), result.actorUri);
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`});`
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00
feat: Like(Note) and Undo(Like); federating likes 2024-02-01 15:59:29 -05:00			`// should be .undo.follow`
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`activitypubApi.unfollow = enabledCheck(async (caller, { uid }) => {`
refactor: replace JIT actor retrieval with actor assertion and storage logic 2024-01-26 15:10:35 -05:00			`const result = await activitypub.helpers.query(uid);`
			`if (!result) {`
fix: ActivityPub.get now throws on failure, handle in getActor 2024-01-08 14:30:09 -05:00			`throw new Error('[[error:activitypub.invalid-id]]');`
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00			`}`

refactor: activitypub sending to handle signed requests from categories 2024-02-05 16:57:17 -05:00			`await activitypub.send('uid', caller.uid, [result.actorUri], {`
feat: add ids for undoing follows 2024-04-10 01:11:49 +02:00			id: `${nconf.get('url')}/uid/${caller.uid}#activity/undo:follow/${result.username}@${result.hostname}`,
fix: additional refactors and updates to follow/unfollow logic 2023-12-22 15:53:04 -05:00			`type: 'Undo',`
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00			`object: {`
feat: add ids for undoing follows 2024-04-10 01:11:49 +02:00			id: `${nconf.get('url')}/uid/${caller.uid}#activity/follow/${result.username}@${result.hostname}`,
fix: additional refactors and updates to follow/unfollow logic 2023-12-22 15:53:04 -05:00			`type: 'Follow',`
fix: remote follows, yet again 2024-01-26 22:35:02 -05:00			actor: `${nconf.get('url')}/uid/${caller.uid}`,
refactor: replace JIT actor retrieval with actor assertion and storage logic 2024-01-26 15:10:35 -05:00			`object: result.actorUri,`
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00			`},`
			`});`

			`await Promise.all([`
refactor: replace JIT actor retrieval with actor assertion and storage logic 2024-01-26 15:10:35 -05:00			db.sortedSetRemove(`followingRemote:${caller.uid}`, result.actorUri),
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00			db.decrObjectField(`user:${caller.uid}`, 'followingRemoteCount'),
			`]);`
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`});`
feat: Create(Note) on new topic or reply This is a naive WIP implementation that federates everything out publicly. It does not take category privileges into account! 2024-01-24 11:44:10 -05:00
			`activitypubApi.create = {};`

feat: Update(Note) 2024-01-30 11:25:45 -05:00			`// this might be better genericised... tbd. some of to/cc is built in mocks.`
			`async function buildRecipients(object, uid) {`
			const followers = await db.getSortedSetMembers(`followersRemote:${uid}`);
fix: properly build recipients... old logic was just plain wrong :shipit: 2024-03-09 21:09:50 -05:00			`let { to, cc } = object;`
			`to = new Set(to);`
			`cc = new Set(cc);`


			`// Directly address user if inReplyTo`
feat: Update(Note) 2024-01-30 11:25:45 -05:00			`const parentId = await posts.getPostField(object.inReplyTo, 'uid');`
fix: properly build recipients... old logic was just plain wrong :shipit: 2024-03-09 21:09:50 -05:00			`if (activitypub.helpers.isUri(parentId) && to.has(parentId)) {`
			`to.add(parentId);`
feat: Update(Note) 2024-01-30 11:25:45 -05:00			`}`

fix: properly build recipients... old logic was just plain wrong :shipit: 2024-03-09 21:09:50 -05:00			`const targets = new Set([...followers, ...to, ...cc]);`
			targets.delete(`${nconf.get('url')}/uid/${uid}/followers`); // followers URL not targeted
			`targets.delete(activitypub._constants.publicAddress); // public address not targeted`

			`object.to = Array.from(to);`
			`object.cc = Array.from(cc);`
feat: Update(Note) 2024-01-30 11:25:45 -05:00			`return { targets };`
			`}`

fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`activitypubApi.create.post = enabledCheck(async (caller, { pid }) => {`
refactor: added mocks.note in preparation for AP note retrieval logic, inReplyTo is always populated now, unless new topic 2024-01-25 15:35:45 -05:00			`const post = (await posts.getPostSummaryByPids([pid], caller.uid, { stripTags: false })).pop();`
			`if (!post) {`
			`return;`
			`}`

Revert "fix: pass proper uid to privilege check in AP note federation" This reverts commit 95427c4af71ec20712940e6e71a72315b58258c0. 2024-03-08 20:45:54 -05:00			`const allowed = await privileges.posts.can('topics:read', pid, activitypub._constants.uid);`
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`if (!allowed) {`
			winston.verbose(`[activitypub/api] Not federating creation of pid ${pid} to the fediverse due to privileges.`);
			`return;`
			`}`

feat: Update(Note) 2024-01-30 11:25:45 -05:00			`const object = await activitypub.mocks.note(post);`
			`const { targets } = await buildRecipients(object, post.user.uid);`
feat: have category actor send Announce(Note) activity on posts from that cid re: #12434 2024-03-22 14:39:18 -04:00			`const { cid } = post.category;`
			`const followers = await activitypub.notes.getCategoryFollowers(cid);`

			`const payloads = {`
			`create: {`
feat: add id to follows and verify accepts 2024-04-09 23:58:52 +02:00			id: `${object.id}#activity/create`,
feat: have category actor send Announce(Note) activity on posts from that cid re: #12434 2024-03-22 14:39:18 -04:00			`type: 'Create',`
			`to: object.to,`
			`cc: object.cc,`
			`object,`
			`},`
			`announce: {`
feat: add id to follows and verify accepts 2024-04-09 23:58:52 +02:00			id: `${object.id}#activity/announce`,
feat: have category actor send Announce(Note) activity on posts from that cid re: #12434 2024-03-22 14:39:18 -04:00			`type: 'Announce',`
			to: [`${nconf.get('url')}/category/${cid}/followers`],
			`cc: [activitypub._constants.publicAddress],`
			`object,`
			`},`
feat: Create(Note) on new topic or reply This is a naive WIP implementation that federates everything out publicly. It does not take category privileges into account! 2024-01-24 11:44:10 -05:00			`};`

feat: have category actor send Announce(Note) activity on posts from that cid re: #12434 2024-03-22 14:39:18 -04:00			`await activitypub.send('uid', caller.uid, Array.from(targets), payloads.create);`
feat: have category actor send Announce(Note) on remote replies to topics in a cid #12434 2024-03-22 15:28:01 -04:00			`if (followers.length) {`
			`await activitypub.send('cid', cid, followers, payloads.announce);`
			`}`
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`});`
feat: added mocks.actor and Update(Person) activity on profile update 2024-01-24 20:10:22 -05:00
			`activitypubApi.update = {};`

fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`activitypubApi.update.profile = enabledCheck(async (caller, { uid }) => {`
feat: added mocks.actor and Update(Person) activity on profile update 2024-01-24 20:10:22 -05:00			`const [object, followers] = await Promise.all([`
feat: category actors, stub outbox 2024-02-02 17:19:59 -05:00			`activitypub.mocks.actors.user(uid),`
feat: added mocks.actor and Update(Person) activity on profile update 2024-01-24 20:10:22 -05:00			db.getSortedSetMembers(`followersRemote:${caller.uid}`),
			`]);`

refactor: activitypub sending to handle signed requests from categories 2024-02-05 16:57:17 -05:00			`await activitypub.send('uid', caller.uid, followers, {`
feat: add id to profile updates 2024-04-12 16:43:33 +02:00			id: `${object.id}#activity/update/${Date.now()}`,
feat: added mocks.actor and Update(Person) activity on profile update 2024-01-24 20:10:22 -05:00			`type: 'Update',`
			`to: [activitypub._constants.publicAddress],`
			`cc: [],`
			`object,`
			`});`
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`});`
feat: Update(Note) 2024-01-30 11:25:45 -05:00
Revert "feat: log all post edits to the event log, return eid when logging events, plumb eid into Update(Note) to federate out as a unique id" This reverts commit 83392f3ca26760bbb75078002561c87e2017ec6d. 2024-04-06 01:18:46 +02:00			`activitypubApi.update.note = enabledCheck(async (caller, { post }) => {`
feat: Update(Note) 2024-01-30 11:25:45 -05:00			`const object = await activitypub.mocks.note(post);`
			`const { targets } = await buildRecipients(object, post.user.uid);`

fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`const allowed = await privileges.posts.can('topics:read', post.pid, activitypub._constants.uid);`
			`if (!allowed) {`
			winston.verbose(`[activitypub/api] Not federating update of pid ${post.pid} to the fediverse due to privileges.`);
			`return;`
			`}`

feat: Update(Note) 2024-01-30 11:25:45 -05:00			`const payload = {`
feat: add id to follows and verify accepts 2024-04-09 23:58:52 +02:00			id: `${object.id}#activity/update/${post.edited}`,
feat: Update(Note) 2024-01-30 11:25:45 -05:00			`type: 'Update',`
			`to: object.to,`
			`cc: object.cc,`
			`object,`
			`};`

refactor: activitypub sending to handle signed requests from categories 2024-02-05 16:57:17 -05:00			`await activitypub.send('uid', caller.uid, Array.from(targets), payload);`
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`});`
feat: Like(Note) and Undo(Like); federating likes 2024-02-01 15:59:29 -05:00
			`activitypubApi.like = {};`

fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`activitypubApi.like.note = enabledCheck(async (caller, { pid }) => {`
			`if (!activitypub.helpers.isUri(pid)) { // remote only`
feat: Like(Note) and Undo(Like); federating likes 2024-02-01 15:59:29 -05:00			`return;`
			`}`

			`const uid = await posts.getPostField(pid, 'uid');`
			`if (!activitypub.helpers.isUri(uid)) {`
			`return;`
			`}`

refactor: activitypub sending to handle signed requests from categories 2024-02-05 16:57:17 -05:00			`await activitypub.send('uid', caller.uid, [uid], {`
feat: Like(Note) and Undo(Like); federating likes 2024-02-01 15:59:29 -05:00			`type: 'Like',`
			`object: pid,`
			`});`
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`});`
feat: Like(Note) and Undo(Like); federating likes 2024-02-01 15:59:29 -05:00
			`activitypubApi.undo = {};`

			`// activitypubApi.undo.follow =`

fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`activitypubApi.undo.like = enabledCheck(async (caller, { pid }) => {`
feat: Like(Note) and Undo(Like); federating likes 2024-02-01 15:59:29 -05:00			`if (!activitypub.helpers.isUri(pid)) {`
			`return;`
			`}`

			`const uid = await posts.getPostField(pid, 'uid');`
			`if (!activitypub.helpers.isUri(uid)) {`
			`return;`
			`}`

refactor: activitypub sending to handle signed requests from categories 2024-02-05 16:57:17 -05:00			`await activitypub.send('uid', caller.uid, [uid], {`
feat: Like(Note) and Undo(Like); federating likes 2024-02-01 15:59:29 -05:00			`type: 'Undo',`
			`object: {`
			actor: `${nconf.get('url')}/uid/${caller.uid}`,
			`type: 'Like',`
			`object: pid,`
			`},`
			`});`
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`});`
feat: federate flag creation 2024-04-14 00:51:53 +02:00
			`activitypubApi.flag = enabledCheck(async (caller, flag) => {`
			`if (!activitypub.helpers.isUri(flag.targetId)) {`
			`return;`
			`}`
			`const reportedIds = [flag.targetId];`
			`if (flag.type === 'post' && activitypub.helpers.isUri(flag.targetUid)) {`
			`reportedIds.push(flag.targetUid);`
			`}`
			`const reason = flag.reports.filter(report => report.reporter.uid === caller.uid).at(-1);`
			`await activitypub.send('uid', caller.uid, reportedIds, {`
			`type: 'Flag',`
			`object: reportedIds,`
			`content: reason ? reason.value : undefined,`
			`});`
			`});`