NodeBB/src/api/activitypub.js

'use strict';

/**
 * DEVELOPMENT NOTE
 *
 * THIS FILE IS UNDER ACTIVE DEVELOPMENT AND IS EXPLICITLY EXCLUDED FROM IMMUTABILITY GUARANTEES
 *
 * If you use api methods in this file, be prepared that they may be removed or modified with no warning.
 */

const nconf = require('nconf');
const winston = require('winston');

const db = require('../database');
const meta = require('../meta');
const privileges = require('../privileges');
const activitypub = require('../activitypub');
const posts = require('../posts');

const activitypubApi = module.exports;

function noop() {}

function enabledCheck(next) {
	return async function (caller, params) {
		if (!meta.config.activitypubEnabled) {
			return noop;
		}

		next(caller, params);
	};
}

activitypubApi.follow = enabledCheck(async (caller, { uid } = {}) => {
	const result = await activitypub.helpers.query(uid);
	if (!result) {
		throw new Error('[[error:activitypub.invalid-id]]');
	}

	await activitypub.send('uid', caller.uid, [result.actorUri], {
		type: 'Follow',
		object: result.actorUri,
	});
});

// should be .undo.follow
activitypubApi.unfollow = enabledCheck(async (caller, { uid }) => {
	const result = await activitypub.helpers.query(uid);
	if (!result) {
		throw new Error('[[error:activitypub.invalid-id]]');
	}

	await activitypub.send('uid', caller.uid, [result.actorUri], {
		type: 'Undo',
		object: {
			type: 'Follow',
			actor: `${nconf.get('url')}/uid/${caller.uid}`,
			object: result.actorUri,
		},
	});

	await Promise.all([
		db.sortedSetRemove(`followingRemote:${caller.uid}`, result.actorUri),
		db.decrObjectField(`user:${caller.uid}`, 'followingRemoteCount'),
	]);
});

activitypubApi.create = {};

// this might be better genericised... tbd. some of to/cc is built in mocks.
async function buildRecipients(object, uid) {
	const followers = await db.getSortedSetMembers(`followersRemote:${uid}`);
	const { to } = object;
	const targets = new Set(followers);
	const parentId = await posts.getPostField(object.inReplyTo, 'uid');
	if (activitypub.helpers.isUri(parentId)) {
		to.unshift(parentId);
	}

	return { targets };
}

activitypubApi.create.post = enabledCheck(async (caller, { pid }) => {
	const post = (await posts.getPostSummaryByPids([pid], caller.uid, { stripTags: false })).pop();
	if (!post) {
		return;
	}

	const allowed = await privileges.posts.can('topics:read', pid, activitypub._constants.uid);
	if (!allowed) {
		winston.verbose(`[activitypub/api] Not federating creation of pid ${pid} to the fediverse due to privileges.`);
		return;
	}

	const object = await activitypub.mocks.note(post);
	const { targets } = await buildRecipients(object, post.user.uid);

	const payload = {
		type: 'Create',
		to: object.to,
		cc: object.cc,
		object,
	};

	await activitypub.send('uid', caller.uid, Array.from(targets), payload);
});

activitypubApi.update = {};

activitypubApi.update.profile = enabledCheck(async (caller, { uid }) => {
	const [object, followers] = await Promise.all([
		activitypub.mocks.actors.user(uid),
		db.getSortedSetMembers(`followersRemote:${caller.uid}`),
	]);

	await activitypub.send('uid', caller.uid, followers, {
		type: 'Update',
		to: [activitypub._constants.publicAddress],
		cc: [],
		object,
	});
});

activitypubApi.update.note = enabledCheck(async (caller, { post }) => {
	const object = await activitypub.mocks.note(post);
	const { targets } = await buildRecipients(object, post.user.uid);

	const allowed = await privileges.posts.can('topics:read', post.pid, activitypub._constants.uid);
	if (!allowed) {
		winston.verbose(`[activitypub/api] Not federating update of pid ${post.pid} to the fediverse due to privileges.`);
		return;
	}

	const payload = {
		type: 'Update',
		to: object.to,
		cc: object.cc,
		object,
	};

	await activitypub.send('uid', caller.uid, Array.from(targets), payload);
});

activitypubApi.like = {};

activitypubApi.like.note = enabledCheck(async (caller, { pid }) => {
	if (!activitypub.helpers.isUri(pid)) { // remote only
		return;
	}

	const uid = await posts.getPostField(pid, 'uid');
	if (!activitypub.helpers.isUri(uid)) {
		return;
	}

	await activitypub.send('uid', caller.uid, [uid], {
		type: 'Like',
		object: pid,
	});
});

activitypubApi.undo = {};

// activitypubApi.undo.follow =

activitypubApi.undo.like = enabledCheck(async (caller, { pid }) => {
	if (!activitypub.helpers.isUri(pid)) {
		return;
	}

	const uid = await posts.getPostField(pid, 'uid');
	if (!activitypub.helpers.isUri(uid)) {
		return;
	}

	await activitypub.send('uid', caller.uid, [uid], {
		type: 'Undo',
		object: {
			actor: `${nconf.get('url')}/uid/${caller.uid}`,
			type: 'Like',
			object: pid,
		},
	});
});
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00			`'use strict';`

			`/**`
			`* DEVELOPMENT NOTE`
			`*`
			`* THIS FILE IS UNDER ACTIVE DEVELOPMENT AND IS EXPLICITLY EXCLUDED FROM IMMUTABILITY GUARANTEES`
			`*`
			`* If you use api methods in this file, be prepared that they may be removed or modified with no warning.`
			`*/`

fix: additional refactors and updates to follow/unfollow logic 2023-12-22 15:53:04 -05:00			`const nconf = require('nconf');`
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`const winston = require('winston');`
fix: additional refactors and updates to follow/unfollow logic 2023-12-22 15:53:04 -05:00
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00			`const db = require('../database');`
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`const meta = require('../meta');`
			`const privileges = require('../privileges');`
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00			`const activitypub = require('../activitypub');`
feat: Create(Note) on new topic or reply This is a naive WIP implementation that federates everything out publicly. It does not take category privileges into account! 2024-01-24 11:44:10 -05:00			`const posts = require('../posts');`
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00
			`const activitypubApi = module.exports;`

fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`function noop() {}`

			`function enabledCheck(next) {`
			`return async function (caller, params) {`
			`if (!meta.config.activitypubEnabled) {`
			`return noop;`
			`}`

			`next(caller, params);`
			`};`
			`}`

			`activitypubApi.follow = enabledCheck(async (caller, { uid } = {}) => {`
refactor: replace JIT actor retrieval with actor assertion and storage logic 2024-01-26 15:10:35 -05:00			`const result = await activitypub.helpers.query(uid);`
			`if (!result) {`
fix: ActivityPub.get now throws on failure, handle in getActor 2024-01-08 14:30:09 -05:00			`throw new Error('[[error:activitypub.invalid-id]]');`
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00			`}`

refactor: activitypub sending to handle signed requests from categories 2024-02-05 16:57:17 -05:00			`await activitypub.send('uid', caller.uid, [result.actorUri], {`
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00			`type: 'Follow',`
refactor: replace JIT actor retrieval with actor assertion and storage logic 2024-01-26 15:10:35 -05:00			`object: result.actorUri,`
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00			`});`
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`});`
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00
feat: Like(Note) and Undo(Like); federating likes 2024-02-01 15:59:29 -05:00			`// should be .undo.follow`
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`activitypubApi.unfollow = enabledCheck(async (caller, { uid }) => {`
refactor: replace JIT actor retrieval with actor assertion and storage logic 2024-01-26 15:10:35 -05:00			`const result = await activitypub.helpers.query(uid);`
			`if (!result) {`
fix: ActivityPub.get now throws on failure, handle in getActor 2024-01-08 14:30:09 -05:00			`throw new Error('[[error:activitypub.invalid-id]]');`
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00			`}`

refactor: activitypub sending to handle signed requests from categories 2024-02-05 16:57:17 -05:00			`await activitypub.send('uid', caller.uid, [result.actorUri], {`
fix: additional refactors and updates to follow/unfollow logic 2023-12-22 15:53:04 -05:00			`type: 'Undo',`
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00			`object: {`
fix: additional refactors and updates to follow/unfollow logic 2023-12-22 15:53:04 -05:00			`type: 'Follow',`
fix: remote follows, yet again 2024-01-26 22:35:02 -05:00			actor: `${nconf.get('url')}/uid/${caller.uid}`,
refactor: replace JIT actor retrieval with actor assertion and storage logic 2024-01-26 15:10:35 -05:00			`object: result.actorUri,`
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00			`},`
			`});`

			`await Promise.all([`
refactor: replace JIT actor retrieval with actor assertion and storage logic 2024-01-26 15:10:35 -05:00			db.sortedSetRemove(`followingRemote:${caller.uid}`, result.actorUri),
refactor: minor restructure to move logic out of main controller file to src/api 2023-12-08 10:55:16 -05:00			db.decrObjectField(`user:${caller.uid}`, 'followingRemoteCount'),
			`]);`
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`});`
feat: Create(Note) on new topic or reply This is a naive WIP implementation that federates everything out publicly. It does not take category privileges into account! 2024-01-24 11:44:10 -05:00
			`activitypubApi.create = {};`

feat: Update(Note) 2024-01-30 11:25:45 -05:00			`// this might be better genericised... tbd. some of to/cc is built in mocks.`
			`async function buildRecipients(object, uid) {`
			const followers = await db.getSortedSetMembers(`followersRemote:${uid}`);
			`const { to } = object;`
			`const targets = new Set(followers);`
			`const parentId = await posts.getPostField(object.inReplyTo, 'uid');`
			`if (activitypub.helpers.isUri(parentId)) {`
			`to.unshift(parentId);`
			`}`

			`return { targets };`
			`}`

fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`activitypubApi.create.post = enabledCheck(async (caller, { pid }) => {`
refactor: added mocks.note in preparation for AP note retrieval logic, inReplyTo is always populated now, unless new topic 2024-01-25 15:35:45 -05:00			`const post = (await posts.getPostSummaryByPids([pid], caller.uid, { stripTags: false })).pop();`
			`if (!post) {`
			`return;`
			`}`

Revert "fix: pass proper uid to privilege check in AP note federation" This reverts commit 95427c4af71ec20712940e6e71a72315b58258c0. 2024-03-08 20:45:54 -05:00			`const allowed = await privileges.posts.can('topics:read', pid, activitypub._constants.uid);`
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`if (!allowed) {`
			winston.verbose(`[activitypub/api] Not federating creation of pid ${pid} to the fediverse due to privileges.`);
			`return;`
			`}`

feat: Update(Note) 2024-01-30 11:25:45 -05:00			`const object = await activitypub.mocks.note(post);`
			`const { targets } = await buildRecipients(object, post.user.uid);`
feat: Create(Note) on new topic or reply This is a naive WIP implementation that federates everything out publicly. It does not take category privileges into account! 2024-01-24 11:44:10 -05:00
			`const payload = {`
			`type: 'Create',`
feat: Update(Note) 2024-01-30 11:25:45 -05:00			`to: object.to,`
			`cc: object.cc,`
feat: Create(Note) on new topic or reply This is a naive WIP implementation that federates everything out publicly. It does not take category privileges into account! 2024-01-24 11:44:10 -05:00			`object,`
			`};`

refactor: activitypub sending to handle signed requests from categories 2024-02-05 16:57:17 -05:00			`await activitypub.send('uid', caller.uid, Array.from(targets), payload);`
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`});`
feat: added mocks.actor and Update(Person) activity on profile update 2024-01-24 20:10:22 -05:00
			`activitypubApi.update = {};`

fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`activitypubApi.update.profile = enabledCheck(async (caller, { uid }) => {`
feat: added mocks.actor and Update(Person) activity on profile update 2024-01-24 20:10:22 -05:00			`const [object, followers] = await Promise.all([`
feat: category actors, stub outbox 2024-02-02 17:19:59 -05:00			`activitypub.mocks.actors.user(uid),`
feat: added mocks.actor and Update(Person) activity on profile update 2024-01-24 20:10:22 -05:00			db.getSortedSetMembers(`followersRemote:${caller.uid}`),
			`]);`

refactor: activitypub sending to handle signed requests from categories 2024-02-05 16:57:17 -05:00			`await activitypub.send('uid', caller.uid, followers, {`
feat: added mocks.actor and Update(Person) activity on profile update 2024-01-24 20:10:22 -05:00			`type: 'Update',`
			`to: [activitypub._constants.publicAddress],`
			`cc: [],`
			`object,`
			`});`
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`});`
feat: Update(Note) 2024-01-30 11:25:45 -05:00
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`activitypubApi.update.note = enabledCheck(async (caller, { post }) => {`
feat: Update(Note) 2024-01-30 11:25:45 -05:00			`const object = await activitypub.mocks.note(post);`
			`const { targets } = await buildRecipients(object, post.user.uid);`

fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`const allowed = await privileges.posts.can('topics:read', post.pid, activitypub._constants.uid);`
			`if (!allowed) {`
			winston.verbose(`[activitypub/api] Not federating update of pid ${post.pid} to the fediverse due to privileges.`);
			`return;`
			`}`

feat: Update(Note) 2024-01-30 11:25:45 -05:00			`const payload = {`
			`type: 'Update',`
			`to: object.to,`
			`cc: object.cc,`
			`object,`
			`};`

refactor: activitypub sending to handle signed requests from categories 2024-02-05 16:57:17 -05:00			`await activitypub.send('uid', caller.uid, Array.from(targets), payload);`
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`});`
feat: Like(Note) and Undo(Like); federating likes 2024-02-01 15:59:29 -05:00
			`activitypubApi.like = {};`

fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`activitypubApi.like.note = enabledCheck(async (caller, { pid }) => {`
			`if (!activitypub.helpers.isUri(pid)) { // remote only`
feat: Like(Note) and Undo(Like); federating likes 2024-02-01 15:59:29 -05:00			`return;`
			`}`

			`const uid = await posts.getPostField(pid, 'uid');`
			`if (!activitypub.helpers.isUri(uid)) {`
			`return;`
			`}`

refactor: activitypub sending to handle signed requests from categories 2024-02-05 16:57:17 -05:00			`await activitypub.send('uid', caller.uid, [uid], {`
feat: Like(Note) and Undo(Like); federating likes 2024-02-01 15:59:29 -05:00			`type: 'Like',`
			`object: pid,`
			`});`
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`});`
feat: Like(Note) and Undo(Like); federating likes 2024-02-01 15:59:29 -05:00
			`activitypubApi.undo = {};`

			`// activitypubApi.undo.follow =`

fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`activitypubApi.undo.like = enabledCheck(async (caller, { pid }) => {`
feat: Like(Note) and Undo(Like); federating likes 2024-02-01 15:59:29 -05:00			`if (!activitypub.helpers.isUri(pid)) {`
			`return;`
			`}`

			`const uid = await posts.getPostField(pid, 'uid');`
			`if (!activitypub.helpers.isUri(uid)) {`
			`return;`
			`}`

refactor: activitypub sending to handle signed requests from categories 2024-02-05 16:57:17 -05:00			`await activitypub.send('uid', caller.uid, [uid], {`
feat: Like(Note) and Undo(Like); federating likes 2024-02-01 15:59:29 -05:00			`type: 'Undo',`
			`object: {`
			actor: `${nconf.get('url')}/uid/${caller.uid}`,
			`type: 'Like',`
			`object: pid,`
			`},`
			`});`
fix: defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle 2024-02-26 15:39:09 -05:00			`});`