Refactor all ActivityPub deliveries to be serialized and signed throu…

…gh one concern (mastodon#10966)
vulpineclub · Nov 19, 2019 · fbf0892 · fbf0892
1 parent 82bd234
commit fbf0892
Show file tree

Hide file tree

Showing 24 changed files with 84 additions and 152 deletions.
diff --git a/app/lib/activitypub/activity/follow.rb b/app/lib/activitypub/activity/follow.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class ActivityPub::Activity::Follow < ActivityPub::Activity
+  include Payloadable
+
   def perform
     return if autoreject?
     target_account = account_from_uri(object_uri)
@@ -29,7 +31,7 @@ def perform
   end
 
   def reject_follow_request!(target_account)
-    json = ActiveModelSerializers::SerializableResource.new(FollowRequest.new(account: @account, target_account: target_account, uri: @json['id']), serializer: ActivityPub::RejectFollowSerializer, adapter: ActivityPub::Adapter).to_json
+    json = Oj.dump(serialize_payload(FollowRequest.new(account: @account, target_account: target_account, uri: @json['id']), ActivityPub::RejectFollowSerializer))
     ActivityPub::DeliveryWorker.perform_async(json, target_account.id, @account.inbox_url)
   end
 end
diff --git a/app/models/account.rb b/app/models/account.rb
@@ -307,6 +307,10 @@ def memorialize!
     end
   end
 
+  def sign?
+    true
+  end
+
   def keypair
     @keypair ||= OpenSSL::PKey::RSA.new(private_key || public_key)
   end

diff --git a/app/models/form/account_batch.rb b/app/models/form/account_batch.rb
@@ -3,6 +3,7 @@
 class Form::AccountBatch
   include ActiveModel::Model
   include Authorization
+  include Payloadable
 
   attr_accessor :account_ids, :action, :current_account
 
@@ -52,13 +53,9 @@ def accounts
   def reject_follow!(follow)
     follow.destroy
 
-    json = ActiveModelSerializers::SerializableResource.new(
-      follow,
-      serializer: ActivityPub::RejectFollowSerializer,
-      adapter: ActivityPub::Adapter
-    ).to_json
+    return unless follow.account.activitypub?
 
-    ActivityPub::DeliveryWorker.perform_async(json, current_account.id, follow.account.inbox_url)
+    ActivityPub::DeliveryWorker.perform_async(Oj.dump(serialize_payload(follow, ActivityPub::RejectFollowSerializer)), current_account.id, follow.account.inbox_url)
   end
 
   def approve!

diff --git a/app/models/status.rb b/app/models/status.rb
@@ -254,6 +254,8 @@ def distributable?
     public_visibility? || unlisted_visibility? || local_visibility?
   end
 
+  alias sign? distributable?
+
   def with_media?
     media_attachments.any?
   end

diff --git a/app/services/after_block_domain_from_account_service.rb b/app/services/after_block_domain_from_account_service.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class AfterBlockDomainFromAccountService < BaseService
+  include Payloadable
+
   # This service does not create an AccountDomainBlock record,
   # it's meant to be called after such a record has been created
   # synchronously, to "clean up"
@@ -29,12 +31,8 @@ def reject_pending_follow_requests!
   def reject_follow!(follow)
     follow.destroy
 
-    json = ActiveModelSerializers::SerializableResource.new(
-      follow,
-      serializer: ActivityPub::RejectFollowSerializer,
-      adapter: ActivityPub::Adapter
-    ).to_json
+    return unless follow.account.activitypub?
 
-    ActivityPub::DeliveryWorker.perform_async(json, @account.id, follow.account.inbox_url)
+    ActivityPub::DeliveryWorker.perform_async(Oj.dump(serialize_payload(follow, ActivityPub::RejectFollowSerializer)), @account.id, follow.account.inbox_url)
   end
 end
diff --git a/app/services/authorize_follow_service.rb b/app/services/authorize_follow_service.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class AuthorizeFollowService < BaseService
+  include Payloadable
+
   def call(source_account, target_account, **options)
     if options[:skip_follow_request]
       follow_request = FollowRequest.new(account: source_account, target_account: target_account, uri: options[:follow_request_uri])
@@ -20,10 +22,6 @@ def create_notification(follow_request)
   end
 
   def build_json(follow_request)
-    ActiveModelSerializers::SerializableResource.new(
-      follow_request,
-      serializer: ActivityPub::AcceptFollowSerializer,
-      adapter: ActivityPub::Adapter
-    ).to_json
+    Oj.dump(serialize_payload(follow_request, ActivityPub::AcceptFollowSerializer))
   end
 end
diff --git a/app/services/block_service.rb b/app/services/block_service.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class BlockService < BaseService
+  include Payloadable
+
   def call(account, target_account)
     return if account.id == target_account.id
 
@@ -22,10 +24,6 @@ def create_notification(block)
   end
 
   def build_json(block)
-    ActiveModelSerializers::SerializableResource.new(
-      block,
-      serializer: ActivityPub::BlockSerializer,
-      adapter: ActivityPub::Adapter
-    ).to_json
+    Oj.dump(serialize_payload(block, ActivityPub::BlockSerializer))
   end
 end
diff --git a/app/services/concerns/payloadable.rb b/app/services/concerns/payloadable.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Payloadable
+  def serialize_payload(record, serializer, options = {})
+    signer    = options.delete(:signer)
+    sign_with = options.delete(:sign_with)
+    payload   = ActiveModelSerializers::SerializableResource.new(record, options.merge(serializer: serializer, adapter: ActivityPub::Adapter)).as_json
+
+    if (record.respond_to?(:sign?) && record.sign?) && signer && signing_enabled?
+      ActivityPub::LinkedDataSignature.new(payload).sign!(signer, sign_with: sign_with)
+    else
+      payload
+    end
+  end
+
+  def signing_enabled?
+    true
+  end
+end
diff --git a/app/services/favourite_service.rb b/app/services/favourite_service.rb
@@ -2,6 +2,7 @@
 
 class FavouriteService < BaseService
   include Authorization
+  include Payloadable
 
   # Favourite a status and notify remote user
   # @param [Account] account
@@ -44,11 +45,7 @@ def bump_potential_friendship(account, status)
   end
 
   def build_json(favourite)
-    Oj.dump(ActivityPub::LinkedDataSignature.new(ActiveModelSerializers::SerializableResource.new(
-      favourite,
-      serializer: ActivityPub::LikeSerializer,
-      adapter: ActivityPub::Adapter
-    ).as_json).sign!(favourite.account))
+    Oj.dump(serialize_payload(favourite, ActivityPub::LikeSerializer))
   end
 
   def curate_status(status)

diff --git a/app/services/follow_service.rb b/app/services/follow_service.rb
@@ -2,6 +2,7 @@
 
 class FollowService < BaseService
   include Redisable
+  include Payloadable
 
   # Follow a remote user, notify remote user about the follow
   # @param [Account] source_account From which to follow
@@ -55,10 +56,6 @@ def request_follow(source_account, target_account, reblogs: true)
   end
 
   def build_json(follow_request)
-    ActiveModelSerializers::SerializableResource.new(
-      follow_request,
-      serializer: ActivityPub::FollowSerializer,
-      adapter: ActivityPub::Adapter
-    ).to_json
+    Oj.dump(serialize_payload(follow_request, ActivityPub::FollowSerializer))
   end
 end
diff --git a/app/services/process_mentions_service.rb b/app/services/process_mentions_service.rb
@@ -1,8 +1,11 @@
 # frozen_string_literal: true
 
 class ProcessMentionsService < BaseService
+  include Payloadable
+
   # Scan status for mentions and fetch remote mentioned users, create
-  # local mention pointers
+  # local mention pointers, send Salmon notifications to mentioned
+  # remote users
   # @param [Status] status
   def call(status, skip_notify: false)
     return unless status.local? && !status.draft?
@@ -55,12 +58,7 @@ def create_notification(mention)
 
   def activitypub_json
     return @activitypub_json if defined?(@activitypub_json)
-    payload = ActiveModelSerializers::SerializableResource.new(
-      @status,
-      serializer: ActivityPub::ActivitySerializer,
-      adapter: ActivityPub::Adapter
-    ).as_json
-    @activitypub_json = Oj.dump(@status.distributable? ? ActivityPub::LinkedDataSignature.new(payload).sign!(@status.account) : payload)
+    @activitypub_json = Oj.dump(serialize_payload(@status, ActivityPub::ActivitySerializer, signer: @status.account))
   end
 
   def resolve_account_service

diff --git a/app/services/reblog_service.rb b/app/services/reblog_service.rb
@@ -2,6 +2,7 @@
 
 class ReblogService < BaseService
   include Authorization
+  include Payloadable
 
   # Reblog a status and notify its remote author
   # @param [Account] account Account to reblog from
@@ -63,11 +64,7 @@ def bump_potential_friendship(account, reblog)
   end
 
   def build_json(reblog)
-    Oj.dump(ActivityPub::LinkedDataSignature.new(ActiveModelSerializers::SerializableResource.new(
-      reblog,
-      serializer: ActivityPub::ActivitySerializer,
-      adapter: ActivityPub::Adapter
-    ).as_json).sign!(reblog.account))
+    Oj.dump(serialize_payload(reblog, ActivityPub::ActivitySerializer, signer: reblog.account))
   end
 
   def curate_status(status)

diff --git a/app/services/reject_follow_service.rb b/app/services/reject_follow_service.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class RejectFollowService < BaseService
+  include Payloadable
+
   def call(source_account, target_account)
     follow_request = FollowRequest.find_by!(account: source_account, target_account: target_account)
     follow_request.reject!
@@ -15,10 +17,6 @@ def create_notification(follow_request)
   end
 
   def build_json(follow_request)
-    ActiveModelSerializers::SerializableResource.new(
-      follow_request,
-      serializer: ActivityPub::RejectFollowSerializer,
-      adapter: ActivityPub::Adapter
-    ).to_json
+    Oj.dump(serialize_payload(follow_request, ActivityPub::RejectFollowSerializer))
   end
 end
diff --git a/app/services/remove_status_service.rb b/app/services/remove_status_service.rb
@@ -2,6 +2,7 @@
 
 class RemoveStatusService < BaseService
   include Redisable
+  include Payloadable
 
   MIN_SCHEDULE_OFFSET = 60.seconds.freeze
 
@@ -109,15 +110,7 @@ def relay!
   end
 
   def signed_activity_json
-    @signed_activity_json ||= Oj.dump(ActivityPub::LinkedDataSignature.new(activity_json).sign!(@account))
-  end
-
-  def activity_json
-    @activity_json ||= ActiveModelSerializers::SerializableResource.new(
-      @status,
-      serializer: @status.reblog? ? ActivityPub::UndoAnnounceSerializer : ActivityPub::DeleteSerializer,
-      adapter: ActivityPub::Adapter
-    ).as_json
+    @signed_activity_json ||= Oj.dump(serialize_payload(@status, @status.reblog? ? ActivityPub::UndoAnnounceSerializer : ActivityPub::DeleteSerializer, signer: @account))
   end
 
   def remove_reblogs

diff --git a/app/services/report_service.rb b/app/services/report_service.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class ReportService < BaseService
+  include Payloadable
+
   def call(source_account, target_account, options = {})
     @source_account = source_account
     @target_account = target_account
@@ -44,12 +46,7 @@ def forward_to_origin!
   end
 
   def payload
-    Oj.dump(ActiveModelSerializers::SerializableResource.new(
-      @report,
-      serializer: ActivityPub::FlagSerializer,
-      adapter: ActivityPub::Adapter,
-      account: some_local_account
-    ).as_json)
+    Oj.dump(serialize_payload(@report, ActivityPub::FlagSerializer, account: some_local_account))
   end
 
   def some_local_account

diff --git a/app/services/suspend_account_service.rb b/app/services/suspend_account_service.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class SuspendAccountService < BaseService
+  include Payloadable
+
   ASSOCIATIONS_ON_SUSPEND = %w(
     account_pins
     active_relationships
@@ -117,23 +119,11 @@ def distribute_delete_actor!
   end
 
   def delete_actor_json
-    return @delete_actor_json if defined?(@delete_actor_json)
-
-    payload = ActiveModelSerializers::SerializableResource.new(
-      @account,
-      serializer: ActivityPub::DeleteActorSerializer,
-      adapter: ActivityPub::Adapter
-    ).as_json
-
-    @delete_actor_json = Oj.dump(ActivityPub::LinkedDataSignature.new(payload).sign!(@account))
+    @delete_actor_json ||= Oj.dump(serialize_payload(@account, ActivityPub::DeleteActorSerializer, signer: @account))
   end
 
   def build_reject_json(follow)
-    ActiveModelSerializers::SerializableResource.new(
-      follow,
-      serializer: ActivityPub::RejectFollowSerializer,
-      adapter: ActivityPub::Adapter
-    ).to_json
+    Oj.dump(serialize_payload(follow, ActivityPub::RejectFollowSerializer))
   end
 
   def delivery_inboxes

diff --git a/app/services/unblock_service.rb b/app/services/unblock_service.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class UnblockService < BaseService
+  include Payloadable
+
   def call(account, target_account)
     return unless account.blocking?(target_account)
 
@@ -16,10 +18,6 @@ def create_notification(unblock)
   end
 
   def build_json(unblock)
-    ActiveModelSerializers::SerializableResource.new(
-      unblock,
-      serializer: ActivityPub::UndoBlockSerializer,
-      adapter: ActivityPub::Adapter
-    ).to_json
+    Oj.dump(serialize_payload(unblock, ActivityPub::UndoBlockSerializer))
   end
 end
diff --git a/app/services/unfavourite_service.rb b/app/services/unfavourite_service.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class UnfavouriteService < BaseService
+  include Payloadable
+
   def call(account, status)
     favourite = Favourite.find_by!(account: account, status: status)
     favourite.destroy!
@@ -16,10 +18,6 @@ def create_notification(favourite)
   end
 
   def build_json(favourite)
-    Oj.dump(ActivityPub::LinkedDataSignature.new(ActiveModelSerializers::SerializableResource.new(
-      favourite,
-      serializer: ActivityPub::UndoLikeSerializer,
-      adapter: ActivityPub::Adapter
-    ).as_json).sign!(favourite.account))
+    Oj.dump(serialize_payload(favourite, ActivityPub::UndoLikeSerializer))
   end
 end