ActivityPub: Add basic, read-only support for Outboxes, Notes, and Create/Announce Activities (#2197)

* Clean up collapsible components

* Expose user Outboxes and AS2 representations of statuses

* Save work thus far.

* Fix bad merge.

* Save my work

* Clean up pagination.

* First test working.

* Add tests.

* Add Forbidden error template.

* Revert yarn.lock changes.

* Fix code style deviations and use localized instead of hardcoded English text.
shrike
Evan Minto 2017-04-22 20:21:10 -07:00 committed by Eugen
parent 83e3538181
commit 66fd8e7821
25 changed files with 459 additions and 1 deletions

View File

@ -15,7 +15,9 @@ class AccountsController < ApplicationController
render xml: AtomSerializer.render(AtomSerializer.new.feed(@account, @entries.to_a))
end
format.activitystreams2
format.activitystreams2 do
headers['Access-Control-Allow-Origin'] = '*'
end
end
end

View File

@ -0,0 +1,27 @@
# frozen_string_literal: true
class Api::Activitypub::ActivitiesController < ApiController
# before_action :set_follow, only: [:show_follow]
before_action :set_status, only: [:show_status]
respond_to :activitystreams2
# Show a status in AS2 format, as either an Announce (reblog) or a Create (post) activity.
def show_status
headers['Access-Control-Allow-Origin'] = '*'
return forbidden unless @status.permitted?
if @status.reblog?
render :show_status_announce
else
render :show_status_create
end
end
private
def set_status
@status = Status.find(params[:id])
end
end

View File

@ -0,0 +1,19 @@
# frozen_string_literal: true
class Api::Activitypub::NotesController < ApiController
before_action :set_status
respond_to :activitystreams2
def show
headers['Access-Control-Allow-Origin'] = '*'
forbidden unless @status.permitted?
end
private
def set_status
@status = Status.find(params[:id])
end
end

View File

@ -0,0 +1,41 @@
# frozen_string_literal: true
class Api::Activitypub::OutboxController < ApiController
before_action :set_account
respond_to :activitystreams2
def show
headers['Access-Control-Allow-Origin'] = '*'
@statuses = Status.as_outbox_timeline(@account).paginate_by_max_id(limit_param(DEFAULT_STATUSES_LIMIT), params[:max_id], params[:since_id])
@statuses = cache_collection(@statuses)
set_maps(@statuses)
# Since the statuses are in reverse chronological order, last is the lowest ID.
@next_path = api_activitypub_outbox_url(max_id: @statuses.last.id) if @statuses.size == limit_param(DEFAULT_STATUSES_LIMIT)
unless @statuses.empty?
if @statuses.first.id == 1
@prev_path = api_activitypub_outbox_url
elsif params[:max_id]
@prev_path = api_activitypub_outbox_url(since_id: @statuses.first.id)
end
end
@paginated = @next_path || @prev_path
set_pagination_headers(@next_path, @prev_path)
end
private
def cache_collection(raw)
super(raw, Status)
end
def set_account
@account = Account.find(params[:id])
end
end

View File

@ -62,6 +62,13 @@ class ApplicationController < ActionController::Base
end
end
def forbidden
respond_to do |format|
format.any { head 403 }
format.html { render 'errors/403', layout: 'error', status: 403 }
end
end
def unprocessable_entity
respond_to do |format|
format.any { head 422 }

View File

@ -0,0 +1,8 @@
# frozen_string_literal: true
module Activitystreams2BuilderHelper
# Gets a usable name for an account, using display name or username.
def account_name(account)
account.display_name.empty? ? account.username : account.display_name
end
end

View File

@ -140,6 +140,10 @@ class Status < ApplicationRecord
account.nil? ? filter_timeline_default(query) : filter_timeline_default(filter_timeline(query, account))
end
def as_outbox_timeline(account)
where(account: account, visibility: :public)
end
def favourites_map(status_ids, account_id)
Favourite.select('status_id').where(status_id: status_ids).where(account_id: account_id).map { |f| [f.status_id, true] }.to_h
end

View File

@ -6,3 +6,4 @@ attributes display_name: :name, username: :preferredUsername, note: :summary
node(:icon) { |account| full_asset_url(account.avatar.url(:original)) }
node(:image) { |account| full_asset_url(account.header.url(:original)) }
node(:outbox) { |account| api_activitypub_outbox_url(account.id) }

View File

@ -0,0 +1,3 @@
extends 'activitypub/intransient.activitystreams2.rabl'
node(:type) { 'Announce' }

View File

@ -0,0 +1,5 @@
extends 'activitypub/intransient.activitystreams2.rabl'
node(:type) { 'Collection' }
node(:items) { [] }
node(:totalItems) { 0 }

View File

@ -0,0 +1,3 @@
extends 'activitypub/intransient.activitystreams2.rabl'
node(:type) { 'Create' }

View File

@ -0,0 +1,3 @@
extends 'activitypub/intransient.activitystreams2.rabl'
node(:type) { 'Note' }

View File

@ -0,0 +1,3 @@
extends 'activitypub/types/collection.activitystreams2.rabl'
node(:type) { 'OrderedCollection' }

View File

@ -0,0 +1,4 @@
extends 'activitypub/types/ordered_collection.activitystreams2.rabl'
node(:type) { 'OrderedCollectionPage' }
node(:current) { request.original_url }

View File

@ -0,0 +1,4 @@
object @status
node(:actor) { |status| TagManager.instance.url_for(status.account) }
node(:published) { |status| status.created_at.to_time.xmlschema }

View File

@ -0,0 +1,8 @@
extends 'activitypub/types/announce.activitystreams2.rabl'
extends 'api/activitypub/activities/_show_status.activitystreams2.rabl'
object @status
node(:name) { |status| t('activitypub.activity.announce.name', account_name: account_name(status.account)) }
node(:url) { |status| TagManager.instance.url_for(status) }
node(:object) { |status| api_activitypub_status_url(status.reblog_of_id) }

View File

@ -0,0 +1,8 @@
extends 'activitypub/types/create.activitystreams2.rabl'
extends 'api/activitypub/activities/_show_status.activitystreams2.rabl'
object @status
node(:name) { |status| t('activitypub.activity.create.name', account_name: account_name(status.account)) }
node(:url) { |status| TagManager.instance.url_for(status) }
node(:object) { |status| api_activitypub_note_url(status) }

View File

@ -0,0 +1,11 @@
extends 'activitypub/types/note.activitystreams2.rabl'
object @status
attributes :content
node(:name) { |status| status.content }
node(:url) { |status| TagManager.instance.url_for(status) }
node(:attributedTo) { |status| TagManager.instance.url_for(status.account) }
node(:inReplyTo) { |status| api_activitypub_note_url(status.thread) } if @status.thread
node(:published) { |status| status.created_at.to_time.xmlschema }

View File

@ -0,0 +1,23 @@
if @paginated
extends 'activitypub/types/ordered_collection_page.activitystreams2.rabl'
else
extends 'activitypub/types/ordered_collection.activitystreams2.rabl'
end
object @account
node(:items) do
@statuses.map { |status| api_activitypub_status_url(status) }
end
node(:totalItems) { @statuses.count }
node(:next) { @next_path } if @next_path
node(:prev) { @prev_path } if @prev_path
node(:name) { |account| t('activitypub.outbox.name', account_name: account_name(account)) }
node(:summary) { |account| t('activitypub.outbox.summary', account_name: account_name(account)) }
node(:updated) do |account|
times = @statuses.map { |status| status.updated_at.to_time }
times << account.created_at.to_time
times.max.xmlschema
end

View File

@ -0,0 +1,5 @@
- content_for :page_title do
= t('errors.403')
- content_for :content do
= t('errors.403')

View File

@ -40,6 +40,15 @@ en:
posts: Posts
remote_follow: Remote follow
unfollow: Unfollow
activitypub:
outbox:
name: "%{account_name}'s Outbox"
summary: "A collection of activities from user %{account_name}."
activity:
create:
name: "%{account_name} created a note."
announce:
name: "%{account_name} announced an activity."
admin:
accounts:
are_you_sure: Are you sure?
@ -206,6 +215,7 @@ en:
x_months: "%{count}mo"
x_seconds: "%{count}s"
errors:
'403': You don't have permission to view this page.
'404': The page you were looking for doesn't exist.
'410': The page you were looking for doesn't exist anymore.
'422':

View File

@ -106,6 +106,15 @@ Rails.application.routes.draw do
# OEmbed
get '/oembed', to: 'oembed#show', as: :oembed
# ActivityPub
namespace :activitypub do
get '/users/:id/outbox', to: 'outbox#show', as: :outbox
get '/statuses/:id', to: 'activities#show_status', as: :status
resources :notes, only: [:show]
end
# JSON / REST API
namespace :v1 do
resources :statuses, only: [:create, :show, :destroy] do

View File

@ -0,0 +1,77 @@
require 'rails_helper'
RSpec.describe Api::Activitypub::ActivitiesController, type: :controller do
render_views
let(:user) { Fabricate(:user, account: Fabricate(:account, username: 'alice')) }
describe 'GET #show' do
describe 'normal status' do
public_status = nil
before do
public_status = Status.create!(account: user.account, text: 'Hello world', visibility: :public)
@request.env['HTTP_ACCEPT'] = 'application/activity+json'
get :show_status, id: public_status.id
end
it 'returns http success' do
expect(response).to have_http_status(:success)
end
it 'sets Content-Type header to AS2' do
expect(response.header['Content-Type']).to include 'application/activity+json'
end
it 'sets Access-Control-Allow-Origin header to *' do
expect(response.header['Access-Control-Allow-Origin']).to eq '*'
end
it 'returns http success' do
json_data = JSON.parse(response.body)
expect(json_data).to include('@context' => 'https://www.w3.org/ns/activitystreams')
expect(json_data).to include('type' => 'Create')
expect(json_data).to include('id' => @request.url)
expect(json_data).to include('type' => 'Create')
expect(json_data).to include('object' => api_activitypub_note_url(public_status))
expect(json_data).to include('url' => TagManager.instance.url_for(public_status))
end
end
describe 'reblog' do
original = nil
reblog = nil
before do
original = Status.create!(account: user.account, text: 'Hello world', visibility: :public)
reblog = Status.create!(account: user.account, reblog_of_id: original.id, visibility: :public)
@request.env['HTTP_ACCEPT'] = 'application/activity+json'
get :show_status, id: reblog.id
end
it 'returns http success' do
expect(response).to have_http_status(:success)
end
it 'sets Content-Type header to AS2' do
expect(response.header['Content-Type']).to include 'application/activity+json'
end
it 'sets Access-Control-Allow-Origin header to *' do
expect(response.header['Access-Control-Allow-Origin']).to eq '*'
end
it 'returns http success' do
json_data = JSON.parse(response.body)
expect(json_data).to include('@context' => 'https://www.w3.org/ns/activitystreams')
expect(json_data).to include('type' => 'Announce')
expect(json_data).to include('id' => @request.url)
expect(json_data).to include('type' => 'Announce')
expect(json_data).to include('object' => api_activitypub_status_url(original))
expect(json_data).to include('url' => TagManager.instance.url_for(reblog))
end
end
end
end

View File

@ -0,0 +1,81 @@
require 'rails_helper'
RSpec.describe Api::Activitypub::NotesController, type: :controller do
render_views
let(:user_alice) { Fabricate(:user, account: Fabricate(:account, username: 'alice')) }
let(:user_bob) { Fabricate(:user, account: Fabricate(:account, username: 'bob')) }
describe 'GET #show' do
describe 'normal status' do
public_status = nil
before do
public_status = Status.create!(account: user_alice.account, text: 'Hello world', visibility: :public)
@request.env['HTTP_ACCEPT'] = 'application/activity+json'
get :show, id: public_status.id
end
it 'returns http success' do
expect(response).to have_http_status(:success)
end
it 'sets Content-Type header to AS2' do
expect(response.header['Content-Type']).to include 'application/activity+json'
end
it 'sets Access-Control-Allow-Origin header to *' do
expect(response.header['Access-Control-Allow-Origin']).to eq '*'
end
it 'returns http success' do
json_data = JSON.parse(response.body)
expect(json_data).to include('@context' => 'https://www.w3.org/ns/activitystreams')
expect(json_data).to include('type' => 'Note')
expect(json_data).to include('id' => @request.url)
expect(json_data).to include('name' => 'Hello world')
expect(json_data).to include('content' => 'Hello world')
expect(json_data).to include('published')
expect(json_data).to include('url' => TagManager.instance.url_for(public_status))
end
end
describe 'reply' do
original = nil
reply = nil
before do
original = Status.create!(account: user_alice.account, text: 'Hello world', visibility: :public)
reply = Status.create!(account: user_bob.account, text: 'Hello world', in_reply_to_id: original.id, visibility: :public)
@request.env['HTTP_ACCEPT'] = 'application/activity+json'
get :show, id: reply.id
end
it 'returns http success' do
expect(response).to have_http_status(:success)
end
it 'sets Content-Type header to AS2' do
expect(response.header['Content-Type']).to include 'application/activity+json'
end
it 'sets Access-Control-Allow-Origin header to *' do
expect(response.header['Access-Control-Allow-Origin']).to eq '*'
end
it 'returns http success' do
json_data = JSON.parse(response.body)
expect(json_data).to include('@context' => 'https://www.w3.org/ns/activitystreams')
expect(json_data).to include('type' => 'Note')
expect(json_data).to include('id' => @request.url)
expect(json_data).to include('name' => 'Hello world')
expect(json_data).to include('content' => 'Hello world')
expect(json_data).to include('published')
expect(json_data).to include('url' => TagManager.instance.url_for(reply))
expect(json_data).to include('inReplyTo' => api_activitypub_note_url(original))
end
end
end
end

View File

@ -0,0 +1,92 @@
require 'rails_helper'
RSpec.describe Api::Activitypub::OutboxController, type: :controller do
render_views
let(:user) { Fabricate(:user, account: Fabricate(:account, username: 'alice')) }
describe 'GET #show' do
before do
@request.env['HTTP_ACCEPT'] = 'application/activity+json'
end
describe 'small number of statuses' do
public_status = nil
before do
public_status = Status.create!(account: user.account, text: 'Hello world', visibility: :public)
Status.create!(account: user.account, text: 'Hello world', visibility: :private)
Status.create!(account: user.account, text: 'Hello world', visibility: :unlisted)
Status.create!(account: user.account, text: 'Hello world', visibility: :direct)
get :show, id: user.account.id
end
it 'returns http success' do
expect(response).to have_http_status(:success)
end
it 'sets Content-Type header to AS2' do
expect(response.header['Content-Type']).to include 'application/activity+json'
end
it 'sets Access-Control-Allow-Origin header to *' do
expect(response.header['Access-Control-Allow-Origin']).to eq '*'
end
it 'returns AS2 JSON body' do
json_data = JSON.parse(response.body)
expect(json_data).to include('@context' => 'https://www.w3.org/ns/activitystreams')
expect(json_data).to include('id' => @request.url)
expect(json_data).to include('type' => 'OrderedCollection')
expect(json_data).to include('totalItems' => 1)
expect(json_data).to include('items')
expect(json_data['items'].count).to eq(1)
expect(json_data['items']).to include(api_activitypub_status_url(public_status))
end
end
describe 'large number of statuses' do
before do
30.times do
Status.create!(account: user.account, text: 'Hello world', visibility: :public)
end
Status.create!(account: user.account, text: 'Hello world', visibility: :private)
Status.create!(account: user.account, text: 'Hello world', visibility: :unlisted)
Status.create!(account: user.account, text: 'Hello world', visibility: :direct)
end
describe 'first page' do
before do
get :show, id: user.account.id
end
it 'returns http success' do
expect(response).to have_http_status(:success)
end
it 'sets Content-Type header to AS2' do
expect(response.header['Content-Type']).to include 'application/activity+json'
end
it 'sets Access-Control-Allow-Origin header to *' do
expect(response.header['Access-Control-Allow-Origin']).to eq '*'
end
it 'returns AS2 JSON body' do
json_data = JSON.parse(response.body)
expect(json_data).to include('@context' => 'https://www.w3.org/ns/activitystreams')
expect(json_data).to include('id' => @request.url)
expect(json_data).to include('type' => 'OrderedCollectionPage')
expect(json_data).to include('totalItems' => 20)
expect(json_data).to include('items')
expect(json_data['items'].count).to eq(20)
expect(json_data).to include('current' => @request.url)
expect(json_data).to include('next')
expect(json_data).to_not include('prev')
end
end
end
end
end