From 0d0a465c057837684633e66364e98c7adb8437c6 Mon Sep 17 00:00:00 2001 From: MeiMei <30769358+mei23@users.noreply.github.com> Date: Tue, 30 Apr 2024 02:27:44 +0900 Subject: [PATCH] Compact LD Activity (#2534) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * a * FIXED_CONTEXT * LD 上に https://iceshrimp.dev/iceshrimp/iceshrimp/commit/febb499fcb5fe3d56ca79025e4b5851464660c38 --- package.json | 2 +- pnpm-lock.yaml | 121 +++++++++++--------- src/queue/processors/inbox.ts | 8 +- src/remote/activitypub/misc/contexts.ts | 33 ++++++ src/remote/activitypub/misc/ld-signature.ts | 7 ++ src/remote/activitypub/renderer/index.ts | 34 +----- 6 files changed, 119 insertions(+), 86 deletions(-) diff --git a/package.json b/package.json index d75cbb6643..2006509391 100644 --- a/package.json +++ b/package.json @@ -97,7 +97,7 @@ "jsdom": "19.0.0", "json5": "2.2.3", "json5-loader": "4.0.1", - "jsonld": "5.2.0", + "jsonld": "8.3.2", "jsrsasign": "11.0.0", "katex": "0.16.10", "koa": "2.13.4", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 468125027d..e1af3ab574 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -202,8 +202,8 @@ dependencies: specifier: 4.0.1 version: 4.0.1(webpack@5.76.0) jsonld: - specifier: 5.2.0 - version: 5.2.0 + specifier: 8.3.2 + version: 8.3.2 jsrsasign: specifier: 11.0.0 version: 11.0.0 @@ -977,15 +977,14 @@ packages: '@jridgewell/trace-mapping': 0.3.9 dev: false - /@digitalbazaar/http-client@1.2.0: - resolution: {integrity: sha512-W9KQQ5pUJcaR0I4c2HPJC0a7kRbZApIorZgPnEDwMBgj16iQzutGLrCXYaZOmxqVLVNqqlQ4aUJh+HBQZy4W6Q==} - engines: {node: '>=10.0.0'} + /@digitalbazaar/http-client@3.4.1: + resolution: {integrity: sha512-Ahk1N+s7urkgj7WvvUND5f8GiWEPfUw0D41hdElaqLgu8wZScI8gdI0q+qWw5N1d35x7GCRH2uk9mi+Uzo9M3g==} + engines: {node: '>=14.0'} dependencies: - esm: 3.2.25 - ky: 0.25.1 - ky-universal: 0.8.2(ky@0.25.1) + ky: 0.33.3 + ky-universal: 0.11.0(ky@0.33.3) + undici: 5.28.4 transitivePeerDependencies: - - domexception - web-streams-polyfill dev: false @@ -1043,6 +1042,11 @@ packages: engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} dev: true + /@fastify/busboy@2.1.1: + resolution: {integrity: sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==} + engines: {node: '>=14'} + dev: false + /@fortawesome/fontawesome-common-types@0.2.36: resolution: {integrity: sha512-a/7BiSgobHAgBWeN7N0w+lAhInrGxksn13uK7231n2m8EDPE3BMCl9NZLTGrj9ZXfCmC6LM0QLqXidIizVQ6yg==} engines: {node: '>=6'} @@ -4220,9 +4224,9 @@ packages: assert-plus: 1.0.0 dev: false - /data-uri-to-buffer@3.0.1: - resolution: {integrity: sha512-WboRycPNsVw3B3TL559F7kuBUM4d8CgMEvk6xEJlOp7OBPjt6G7z8WMWlD2rOFZLk6OYfFIUGsCOWzcQH9K2og==} - engines: {node: '>= 6'} + /data-uri-to-buffer@4.0.1: + resolution: {integrity: sha512-0R9ikRb668HB7QDxT1vkpuUBtqc53YyAwMwGeUFKRojY/NWKvdZ+9UYtRfGmhqNbRkTSVpMbmyhXipFFv2cb/A==} + engines: {node: '>= 12'} dev: false /data-urls@3.0.2: @@ -4910,11 +4914,6 @@ packages: - supports-color dev: true - /esm@3.2.25: - resolution: {integrity: sha512-U1suiZ2oDVWv4zPO56S0NcR5QriEahGtdN2OR6FiOG4WJvcjBVFB0qI4+eKoWFH483PKGuLuu6V8Z4T5g63UVA==} - engines: {node: '>=6'} - dev: false - /espree@9.5.0: resolution: {integrity: sha512-JPbJGhKc47++oo4JkEoTe2wjy4fmMwvFpgJT9cQzmfXKp22Dr6Hf1tdCteLz1h0P3t+mGvWZ+4Uankvh8+c6zw==} engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} @@ -5113,14 +5112,12 @@ packages: xml-js: 1.6.11 dev: false - /fetch-blob@2.1.2: - resolution: {integrity: sha512-YKqtUDwqLyfyMnmbw8XD6Q8j9i/HggKtPEI+pZ1+8bvheBu78biSmNaXWusx1TauGqtUUGx/cBb1mKdq2rLYow==} - engines: {node: ^10.17.0 || >=12.3.0} - peerDependencies: - domexception: '*' - peerDependenciesMeta: - domexception: - optional: true + /fetch-blob@3.2.0: + resolution: {integrity: sha512-7yAQpD2UMJzLi1Dqv7qFYnPbaPx7ZfFK6PiIxQ4PfkGPyNyl2Ugx+a/umUonmKqjhM4DnfbMvdX6otXq83soQQ==} + engines: {node: ^12.20 || >= 14.13} + dependencies: + node-domexception: 1.0.0 + web-streams-polyfill: 3.3.3 dev: false /figlet@1.5.2: @@ -5307,6 +5304,13 @@ packages: mime-types: 2.1.35 dev: false + /formdata-polyfill@4.0.10: + resolution: {integrity: sha512-buewHzMvYL29jdeQTVILecSaZKnt/RJWjoZCF5OW60Z67/GmSLBkOFM7qh1PI3zFNtJbaZL5eQu1vLfazOwj4g==} + engines: {node: '>=12.20.0'} + dependencies: + fetch-blob: 3.2.0 + dev: false + /fragment-cache@0.2.1: resolution: {integrity: sha512-GMBAbW9antB8iZRHLoGw0b3HANt57diZYFO/HL1JGIC1MjKrdmhxvrJbupnVvpys0zsz7yBApXdQyfepKly2kA==} engines: {node: '>=0.10.0'} @@ -6727,16 +6731,15 @@ packages: hasBin: true dev: false - /jsonld@5.2.0: - resolution: {integrity: sha512-JymgT6Xzk5CHEmHuEyvoTNviEPxv6ihLWSPu1gFdtjSAyM6cFqNrv02yS/SIur3BBIkCf0HjizRc24d8/FfQKw==} - engines: {node: '>=12'} + /jsonld@8.3.2: + resolution: {integrity: sha512-MwBbq95szLwt8eVQ1Bcfwmgju/Y5P2GdtlHE2ncyfuYjIdEhluUVyj1eudacf1mOkWIoS9GpDBTECqhmq7EOaA==} + engines: {node: '>=14'} dependencies: - '@digitalbazaar/http-client': 1.2.0 + '@digitalbazaar/http-client': 3.4.1 canonicalize: 1.0.8 lru-cache: 6.0.0 - rdf-canonize: 3.3.0 + rdf-canonize: 3.4.0 transitivePeerDependencies: - - domexception - web-streams-polyfill dev: false @@ -7002,26 +7005,24 @@ packages: - supports-color dev: false - /ky-universal@0.8.2(ky@0.25.1): - resolution: {integrity: sha512-xe0JaOH9QeYxdyGLnzUOVGK4Z6FGvDVzcXFTdrYA1f33MZdEa45sUDaMBy98xQMcsd2XIBrTXRrRYnegcSdgVQ==} - engines: {node: '>=10.17'} + /ky-universal@0.11.0(ky@0.33.3): + resolution: {integrity: sha512-65KyweaWvk+uKKkCrfAf+xqN2/epw1IJDtlyCPxYffFCMR8u1sp2U65NtWpnozYfZxQ6IUzIlvUcw+hQ82U2Xw==} + engines: {node: '>=14.16'} peerDependencies: - ky: '>=0.17.0' - web-streams-polyfill: '>=2.0.0' + ky: '>=0.31.4' + web-streams-polyfill: '>=3.2.1' peerDependenciesMeta: web-streams-polyfill: optional: true dependencies: abort-controller: 3.0.0 - ky: 0.25.1 - node-fetch: 3.0.0-beta.9 - transitivePeerDependencies: - - domexception + ky: 0.33.3 + node-fetch: 3.3.2 dev: false - /ky@0.25.1: - resolution: {integrity: sha512-PjpCEWlIU7VpiMVrTwssahkYXX1by6NCT0fhTUX34F3DTinARlgMpriuroolugFPcMgpPWrOW4mTb984Qm1RXA==} - engines: {node: '>=10'} + /ky@0.33.3: + resolution: {integrity: sha512-CasD9OCEQSFIam2U8efFK81Yeg8vNMTBUqtMOHlrcWQHqUX3HeCl9Dr31u4toV7emlH8Mymk5+9p0lL6mKb/Xw==} + engines: {node: '>=14.16'} dev: false /langmap@0.0.16: @@ -7686,6 +7687,11 @@ packages: resolution: {integrity: sha512-+eawOlIgy680F0kBzPUNFhMZGtJ1YmqM6l4+Crf4IkImjYrO/mqPwRMh352g23uIaQKFItcQ64I7KMaJxHgAVA==} dev: false + /node-domexception@1.0.0: + resolution: {integrity: sha512-/jKZoMpw0F8GRwl4/eLROPA3cfcXtLApP0QzLmUT/HuPCZWyB7IY9ZrMeKw2O/nFIqPQB3PVM9aYm0F312AXDQ==} + engines: {node: '>=10.5.0'} + dev: false + /node-ensure@0.0.0: resolution: {integrity: sha512-DRI60hzo2oKN1ma0ckc6nQWlHU69RH6xN0sjQTjMpChPfTYvKZdcQFfdYK2RWbJcKyUizSIy/l8OTGxMAM1QDw==} dev: false @@ -7705,14 +7711,13 @@ packages: dependencies: whatwg-url: 5.0.0 - /node-fetch@3.0.0-beta.9: - resolution: {integrity: sha512-RdbZCEynH2tH46+tj0ua9caUHVWrd/RHnRfvly2EVdqGmI3ndS1Vn/xjm5KuGejDt2RNDQsVRLPNd2QPwcewVg==} - engines: {node: ^10.17 || >=12.3} + /node-fetch@3.3.2: + resolution: {integrity: sha512-dRB78srN/l6gqWulah9SrxeYnxeddIG30+GOqK/9OlLVyLg3HPnr6SqOWTWOXKRwC2eGYCkZ59NNuSgvSrpgOA==} + engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0} dependencies: - data-uri-to-buffer: 3.0.1 - fetch-blob: 2.1.2 - transitivePeerDependencies: - - domexception + data-uri-to-buffer: 4.0.1 + fetch-blob: 3.2.0 + formdata-polyfill: 4.0.10 dev: false /node-gyp-build-optional-packages@5.0.3: @@ -9112,8 +9117,8 @@ packages: strip-json-comments: 2.0.1 dev: false - /rdf-canonize@3.3.0: - resolution: {integrity: sha512-gfSNkMua/VWC1eYbSkVaL/9LQhFeOh0QULwv7Or0f+po8pMgQ1blYQFe1r9Mv2GJZXw88Cz/drnAnB9UlNnHfQ==} + /rdf-canonize@3.4.0: + resolution: {integrity: sha512-fUeWjrkOO0t1rg7B2fdyDTvngj+9RlUyL92vOdiB7c0FPguWVsniIMjEtHH+meLBO9rzkUlUzBVXgWrjI8P9LA==} engines: {node: '>=12'} dependencies: setimmediate: 1.0.5 @@ -10736,6 +10741,13 @@ packages: undertaker-registry: 1.0.1 dev: false + /undici@5.28.4: + resolution: {integrity: sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==} + engines: {node: '>=14.0'} + dependencies: + '@fastify/busboy': 2.1.1 + dev: false + /unenv@1.9.0: resolution: {integrity: sha512-QKnFNznRxmbOF1hDgzpqrlIf6NC5sbZ2OJ+5Wl3OX8uM+LUJXbj4TXvLJCtwbPTmbMHCLIz6JLKNinNsMShK9g==} dependencies: @@ -11263,6 +11275,11 @@ packages: - supports-color dev: false + /web-streams-polyfill@3.3.3: + resolution: {integrity: sha512-d2JWLCivmZYTSIoge9MsgFCZrt571BikcWGYkjC1khllbTeDlGqZ2D8vD8E/lJa8WGWbb7Plm8/XJYV7IJHZZw==} + engines: {node: '>= 8'} + dev: false + /webidl-conversions@3.0.1: resolution: {integrity: sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==} diff --git a/src/queue/processors/inbox.ts b/src/queue/processors/inbox.ts index 359ebbb862..1a282b002c 100644 --- a/src/queue/processors/inbox.ts +++ b/src/queue/processors/inbox.ts @@ -14,13 +14,14 @@ import DbResolver from '../../remote/activitypub/db-resolver'; import { resolvePerson } from '../../remote/activitypub/models/person'; import { LdSignature } from '../../remote/activitypub/misc/ld-signature'; import { StatusError } from '../../misc/fetch'; +import { FIXED_CONTEXT } from '../../remote/activitypub/misc/contexts'; const logger = new Logger('inbox'); // ユーザーのinboxにアクティビティが届いた時の処理 export default async (job: Bull.Job): Promise => { const signature = job.data.signature; // HTTP-signature - const activity = job.data.activity; + let activity = job.data.activity; //#region Log const info = Object.assign({}, activity) as any; @@ -104,6 +105,11 @@ export default async (job: Bull.Job): Promise => { return `skip: LD-Signatureの検証に失敗しました`; } + const activity2 = JSON.parse(JSON.stringify(activity)); + delete activity2.signature; + const compacted = await ldSignature.compact(activity2, FIXED_CONTEXT); + activity = compacted as any; + // もう一度actorチェック if (authUser.user.uri !== activity.actor) { return `skip: LD-Signature user(${authUser.user.uri}) !== activity.actor(${activity.actor})`; diff --git a/src/remote/activitypub/misc/contexts.ts b/src/remote/activitypub/misc/contexts.ts index 1426ba15f5..0234c78481 100644 --- a/src/remote/activitypub/misc/contexts.ts +++ b/src/remote/activitypub/misc/contexts.ts @@ -524,3 +524,36 @@ export const CONTEXTS: Record = { "https://w3id.org/security/v1": security_v1, "https://www.w3.org/ns/activitystreams": activitystreams, }; + +export const FIXED_CONTEXT = [ + 'https://www.w3.org/ns/activitystreams', + 'https://w3id.org/security/v1', + { + Key: 'sec:Key', + // as non-standards + manuallyApprovesFollowers: 'as:manuallyApprovesFollowers', + sensitive: 'as:sensitive', + Hashtag: 'as:Hashtag', + quoteUrl: 'as:quoteUrl', + // Mastodon + toot: 'http://joinmastodon.org/ns#', + Emoji: 'toot:Emoji', + featured: 'toot:featured', + discoverable: 'toot:discoverable', + indexable: 'toot:indexable', + // schema + schema: 'http://schema.org#', + PropertyValue: 'schema:PropertyValue', + value: 'schema:value', + // Misskey + misskey: 'https://misskey-hub.net/ns#', + '_misskey_content': 'misskey:_misskey_content', + '_misskey_quote': 'misskey:_misskey_quote', + '_misskey_reaction': 'misskey:_misskey_reaction', + '_misskey_votes': 'misskey:_misskey_votes', + '_misskey_talk': 'misskey:_misskey_talk', + 'isCat': 'misskey:isCat', + // vcard + vcard: 'http://www.w3.org/2006/vcard/ns#', + } +]; diff --git a/src/remote/activitypub/misc/ld-signature.ts b/src/remote/activitypub/misc/ld-signature.ts index c86f198c5d..f59d699e6d 100644 --- a/src/remote/activitypub/misc/ld-signature.ts +++ b/src/remote/activitypub/misc/ld-signature.ts @@ -82,6 +82,13 @@ export class LdSignature { }); } + public async compact(data: any, context: any) { + const customLoader = this.getLoader(); + return await jsonld.compact(data, context, { + documentLoader: customLoader + }); + } + private getLoader() { return async (url: string): Promise => { if (!url.match('^https?\:\/\/')) throw `Invalid URL ${url}`; diff --git a/src/remote/activitypub/renderer/index.ts b/src/remote/activitypub/renderer/index.ts index f36736d013..ded62a014a 100644 --- a/src/remote/activitypub/renderer/index.ts +++ b/src/remote/activitypub/renderer/index.ts @@ -5,6 +5,7 @@ import { LdSignature } from '../misc/ld-signature'; import { ILocalUser } from '../../../models/entities/user'; import { UserKeypairs } from '../../../models'; import { ensure } from '../../../prelude/ensure'; +import { FIXED_CONTEXT } from '../misc/contexts'; export const renderActivity = (x: any): IActivity | null => { if (x == null) return null; @@ -14,38 +15,7 @@ export const renderActivity = (x: any): IActivity | null => { } return Object.assign({ - '@context': [ - 'https://www.w3.org/ns/activitystreams', - 'https://w3id.org/security/v1', - { - Key: 'sec:Key', - // as non-standards - manuallyApprovesFollowers: 'as:manuallyApprovesFollowers', - sensitive: 'as:sensitive', - Hashtag: 'as:Hashtag', - quoteUrl: 'as:quoteUrl', - // Mastodon - toot: 'http://joinmastodon.org/ns#', - Emoji: 'toot:Emoji', - featured: 'toot:featured', - discoverable: 'toot:discoverable', - indexable: 'toot:indexable', - // schema - schema: 'http://schema.org#', - PropertyValue: 'schema:PropertyValue', - value: 'schema:value', - // Misskey - misskey: `${config.url}/ns#`, - '_misskey_content': 'misskey:_misskey_content', - '_misskey_quote': 'misskey:_misskey_quote', - '_misskey_reaction': 'misskey:_misskey_reaction', - '_misskey_votes': 'misskey:_misskey_votes', - '_misskey_talk': 'misskey:_misskey_talk', - 'isCat': 'misskey:isCat', - // vcard - vcard: 'http://www.w3.org/2006/vcard/ns#', - } - ] + '@context': FIXED_CONTEXT }, x); };