mirror of
https://github.com/NodeBB/NodeBB.git
synced 2025-10-26 08:36:12 +01:00
refactor: move activitypub-related middlewares to their own file
This commit is contained in:
Julian Lam
@@ -14,7 +14,7 @@ const helpers = require('../helpers');
|
||||
|
||||
const controller = module.exports;
|
||||
|
||||
controller.list = async function (req, res, next) {
|
||||
controller.list = async function (req, res) {
|
||||
const { topicsPerPage } = await user.getSettings(req.uid);
|
||||
const page = parseInt(req.query.page, 10) || 1;
|
||||
const start = Math.max(0, (page - 1) * topicsPerPage);
|
||||
|
||||
48
src/middleware/activitypub.js
Normal file
48
src/middleware/activitypub.js
Normal file
@@ -0,0 +1,48 @@
|
||||
'use strict';
|
||||
|
||||
const meta = require('../meta');
|
||||
const activitypub = require('../activitypub');
|
||||
|
||||
const middleware = module.exports;
|
||||
|
||||
middleware.enabled = async (req, res, next) => next(!meta.config.activitypubEnabled ? 'route' : undefined);
|
||||
|
||||
middleware.assertS2S = async function (req, res, next) {
|
||||
// For whatever reason, express accepts does not recognize "profile" as a valid differentiator
|
||||
// Therefore, manual header parsing is used here.
|
||||
const { accept, 'content-type': contentType } = req.headers;
|
||||
if (!(accept || contentType)) {
|
||||
return next('route');
|
||||
}
|
||||
|
||||
const acceptable = [
|
||||
'application/activity+json',
|
||||
'application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
|
||||
];
|
||||
const pass = (accept && accept.split(',').some((value) => {
|
||||
const parts = value.split(';').map(v => v.trim());
|
||||
return acceptable.includes(value || parts[0]);
|
||||
})) || (contentType && acceptable.includes(contentType));
|
||||
|
||||
if (!pass) {
|
||||
return next('route');
|
||||
}
|
||||
|
||||
next();
|
||||
};
|
||||
|
||||
middleware.validate = async function (req, res, next) {
|
||||
// Checks the validity of the incoming payload against the sender and rejects on failure
|
||||
const verified = await activitypub.verify(req);
|
||||
if (!verified) {
|
||||
return res.sendStatus(400);
|
||||
}
|
||||
|
||||
// Sanity-check payload schema
|
||||
const required = ['type'];
|
||||
if (!required.every(prop => req.body.hasOwnProperty(prop))) {
|
||||
return res.sendStatus(400);
|
||||
}
|
||||
|
||||
next();
|
||||
};
|
||||
@@ -69,6 +69,7 @@ middleware.uploads = require('./uploads');
|
||||
require('./headers')(middleware);
|
||||
require('./expose')(middleware);
|
||||
middleware.assert = require('./assert');
|
||||
middleware.activitypub = require('./activitypub');
|
||||
|
||||
middleware.stripLeadingSlashes = function stripLeadingSlashes(req, res, next) {
|
||||
const target = req.originalUrl.replace(relative_path, '');
|
||||
@@ -306,43 +307,3 @@ middleware.handleMultipart = (req, res, next) => {
|
||||
|
||||
multipartMiddleware(req, res, next);
|
||||
};
|
||||
|
||||
middleware.proceedOnActivityPub = (req, res, next) => {
|
||||
// For whatever reason, express accepts does not recognize "profile" as a valid differentiator
|
||||
// Therefore, manual header parsing is used here.
|
||||
const { accept, 'content-type': contentType } = req.headers;
|
||||
if (!meta.config.activitypubEnabled || !(accept || contentType)) {
|
||||
return next('route');
|
||||
}
|
||||
|
||||
const acceptable = [
|
||||
'application/activity+json',
|
||||
'application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
|
||||
];
|
||||
const pass = (accept && accept.split(',').some((value) => {
|
||||
const parts = value.split(';').map(v => v.trim());
|
||||
return acceptable.includes(value || parts[0]);
|
||||
})) || (contentType && acceptable.includes(contentType));
|
||||
|
||||
if (!pass) {
|
||||
return next('route');
|
||||
}
|
||||
|
||||
next();
|
||||
};
|
||||
|
||||
middleware.validateActivity = helpers.try(async (req, res, next) => {
|
||||
// Checks the validity of the incoming payload against the sender and rejects on failure
|
||||
const verified = await activitypub.verify(req);
|
||||
if (!verified) {
|
||||
return res.sendStatus(400);
|
||||
}
|
||||
|
||||
// Sanity-check payload schema
|
||||
const required = ['type'];
|
||||
if (!required.every(prop => req.body.hasOwnProperty(prop))) {
|
||||
return res.sendStatus(400);
|
||||
}
|
||||
|
||||
next();
|
||||
});
|
||||
|
||||
@@ -3,18 +3,20 @@
|
||||
const helpers = require('./helpers');
|
||||
|
||||
module.exports = function (app, middleware, controllers) {
|
||||
helpers.setupPageRoute(app, '/world/:view?', controllers.activitypub.topics.list);
|
||||
helpers.setupPageRoute(app, '/world/:view?', [middleware.activitypub.enabled], controllers.activitypub.topics.list);
|
||||
|
||||
/**
|
||||
* These controllers only respond if the sender is making an json+activitypub style call (i.e. S2S-only)
|
||||
*
|
||||
* - See middleware.activitypub.assertS2S
|
||||
*/
|
||||
|
||||
const middlewares = [middleware.proceedOnActivityPub, middleware.exposeUid];
|
||||
const middlewares = [middleware.activitypub.enabled, middleware.activitypub.assertS2S, middleware.exposeUid];
|
||||
|
||||
app.get('/user/:userslug', middlewares, controllers.activitypub.getActor);
|
||||
|
||||
app.get('/user/:userslug/inbox', middlewares, controllers.activitypub.getInbox);
|
||||
app.post('/user/:userslug/inbox', [...middlewares, middleware.validateActivity], controllers.activitypub.postInbox);
|
||||
app.post('/user/:userslug/inbox', [...middlewares, middleware.activitypub.validate], controllers.activitypub.postInbox);
|
||||
|
||||
app.get('/user/:userslug/outbox', middlewares, controllers.activitypub.getOutbox);
|
||||
app.post('/user/:userslug/outbox', middlewares, controllers.activitypub.postOutbox);
|
||||
|
||||
Reference in New Issue
Block a user