resolve_account_service.rb 4.08 KB
Newer Older
1 2
# frozen_string_literal: true

3
class ResolveAccountService < BaseService
Eugen Rochko's avatar
Eugen Rochko committed
4
  include JsonLdHelper
5 6 7
  include DomainControlHelper

  class WebfingerRedirectError < StandardError; end
8

9 10 11
  # Find or create an account record for a remote user. When creating,
  # look up the user's webfinger and fetch ActivityPub data
  # @param [String, Account] uri URI in the username@domain format or account record
12
  # @param [Hash] options
13 14
  # @option options [Boolean] :redirected Do not follow further Webfinger redirects
  # @option options [Boolean] :skip_webfinger Do not attempt to refresh account data
Eugen Rochko's avatar
Eugen Rochko committed
15
  # @return [Account]
16
  def call(uri, options = {})
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
    return if uri.blank?

    process_options!(uri, options)

    # First of all we want to check if we've got the account
    # record with the URI already, and if so, we can exit early

    return if domain_not_allowed?(@domain)

    @account ||= Account.find_remote(@username, @domain)

    return @account if @account&.local? || !webfinger_update_due?

    # At this point we are in need of a Webfinger query, which may
    # yield us a different username/domain through a redirect

33
    process_webfinger!(@uri)
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56

    # Because the username/domain pair may be different than what
    # we already checked, we need to check if we've already got
    # the record with that URI, again

    return if domain_not_allowed?(@domain)

    @account ||= Account.find_remote(@username, @domain)

    return @account if @account&.local? || !webfinger_update_due?

    # Now it is certain, it is definitely a remote account, and it
    # either needs to be created, or updated from fresh data

    process_account!
  rescue Goldfinger::Error, WebfingerRedirectError, Oj::ParseError => e
    Rails.logger.debug "Webfinger query for #{@uri} failed: #{e}"
    nil
  end

  private

  def process_options!(uri, options)
57
    @options = options
58

59 60 61 62 63 64 65
    if uri.is_a?(Account)
      @account  = uri
      @username = @account.username
      @domain   = @account.domain
    else
      @username, @domain = uri.split('@')
    end
66

67 68 69 70 71 72 73 74 75
    @domain = begin
      if TagManager.instance.local_domain?(@domain)
        nil
      else
        TagManager.instance.normalize_domain(@domain)
      end
    end

    @uri = [@username, @domain].compact.join('@')
76
  end
Eugen Rochko's avatar
Eugen Rochko committed
77

78
  def process_webfinger!(uri, redirected = false)
79
    @webfinger                           = Goldfinger.finger("acct:#{uri}")
80
    confirmed_username, confirmed_domain = @webfinger.subject.gsub(/\Aacct:/, '').split('@')
81

82 83 84
    if confirmed_username.casecmp(@username).zero? && confirmed_domain.casecmp(@domain).zero?
      @username = confirmed_username
      @domain   = confirmed_domain
85 86 87
      @uri      = uri
    elsif !redirected
      return process_webfinger!("#{confirmed_username}@#{confirmed_domain}", true)
88
    else
89
      raise WebfingerRedirectError, "The URI #{uri} tries to hijack #{@username}@#{@domain}"
90 91
    end

92 93 94 95
    @domain = nil if TagManager.instance.local_domain?(@domain)
  end

  def process_account!
96
    return unless activitypub_ready?
97

98 99 100
    RedisLock.acquire(lock_options) do |lock|
      if lock.acquired?
        @account = Account.find_remote(@username, @domain)
101

102
        next if actor_json.nil?
103

104
        @account = ActivityPub::ProcessAccountService.new.call(@username, @domain, actor_json)
105 106
      else
        raise Mastodon::RaceConditionError
107
      end
ThibG's avatar
ThibG committed
108
    end
109

110 111
    @account
  end
112

113
  def webfinger_update_due?
114
    @account.nil? || ((!@options[:skip_webfinger] || @account.ostatus?) && @account.possibly_stale?)
115
  end
Eugen Rochko's avatar
Eugen Rochko committed
116

Eugen Rochko's avatar
Eugen Rochko committed
117
  def activitypub_ready?
118
    !@webfinger.link('self').nil? && ['application/activity+json', 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'].include?(@webfinger.link('self').type)
Eugen Rochko's avatar
Eugen Rochko committed
119 120 121 122 123 124
  end

  def actor_url
    @actor_url ||= @webfinger.link('self').href
  end

125 126 127
  def actor_json
    return @actor_json if defined?(@actor_json)

128
    json        = fetch_resource(actor_url, false)
129
    @actor_json = supported_context?(json) && equals_or_includes_any?(json['type'], ActivityPub::FetchRemoteAccountService::SUPPORTED_TYPES) ? json : nil
130 131
  end

132 133
  def lock_options
    { redis: Redis.current, key: "resolve:#{@username}@#{@domain}" }
134
  end
Eugen Rochko's avatar
Eugen Rochko committed
135
end