From 6e467390901f6f7709333e558e156ab1ef79613c Mon Sep 17 00:00:00 2001 From: Michael Jerger Date: Thu, 4 Jan 2024 18:04:46 +0100 Subject: [PATCH] validate person --- docs/unsure-where-to-put/dev-notes.md | 5 +- models/forgefed/actor.go | 28 ++++++++++ models/forgefed/actor_test.go | 65 ++++++++++++++++++++++++ routers/api/v1/activitypub/repository.go | 9 ++-- 4 files changed, 101 insertions(+), 6 deletions(-) diff --git a/docs/unsure-where-to-put/dev-notes.md b/docs/unsure-where-to-put/dev-notes.md index bdb1d4b843..aab5f48b02 100644 --- a/docs/unsure-where-to-put/dev-notes.md +++ b/docs/unsure-where-to-put/dev-notes.md @@ -89,9 +89,10 @@ curl -X 'POST' \ ```json { "id": "http://localhost:3000/api/v1/activitypub/user-id/1/outbox/12345", - "type": "Star", + "type": "Like", "actor": "https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/13", - "object": "http://localhost:3000/api/v1/activitypub/repository-id/1" + "object": "http://localhost:3000/api/v1/activitypub/repository-id/2", + "startTime": "2014-12-31T23:00:00-08:00" } ``` diff --git a/models/forgefed/actor.go b/models/forgefed/actor.go index b03767f363..cbc9648c63 100644 --- a/models/forgefed/actor.go +++ b/models/forgefed/actor.go @@ -8,6 +8,8 @@ import ( "net/url" "strings" + ap "github.com/go-ap/activitypub" + "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/validation" ) @@ -196,3 +198,29 @@ func newActorID(uri string) (ActorID, error) { result.UnvalidatedInput = validatedURI.String() return result, nil } + +// ----------------------------- ForgePerson ------------------------------------- + +// ForgePerson activity data type +// swagger:model +type ForgePerson struct { + // swagger:ignore + ap.Actor +} + +func (s ForgePerson) MarshalJSON() ([]byte, error) { + return s.Actor.MarshalJSON() +} + +func (s *ForgePerson) UnmarshalJSON(data []byte) error { + return s.Actor.UnmarshalJSON(data) +} + +func (s ForgePerson) Validate() []string { + var result []string + result = append(result, validation.ValidateNotEmpty(string(s.Type), "type")...) + result = append(result, validation.ValidateOneOf(string(s.Type), []any{string(ap.PersonType)})...) + result = append(result, validation.ValidateNotEmpty(s.PreferredUsername.String(), "preferredUsername")...) + + return result +} diff --git a/models/forgefed/actor_test.go b/models/forgefed/actor_test.go index 2c5ae8183e..6b3cffd710 100644 --- a/models/forgefed/actor_test.go +++ b/models/forgefed/actor_test.go @@ -4,8 +4,12 @@ package forgefed import ( + "reflect" + "strings" "testing" + ap "github.com/go-ap/activitypub" + "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/validation" ) @@ -155,3 +159,64 @@ func TestShouldThrowErrorOnInvalidInput(t *testing.T) { t.Errorf("this uri should be valid but was: %v", err) } } + +func Test_PersonMarshalJSON(t *testing.T) { + sut := ForgePerson{} + sut.Type = "Person" + sut.PreferredUsername = ap.NaturalLanguageValuesNew() + sut.PreferredUsername.Set("en", ap.Content("MaxMuster")) + result, _ := sut.MarshalJSON() + if "{\"type\":\"Person\",\"preferredUsername\":\"MaxMuster\"}" != string(result) { + t.Errorf("MarshalJSON() was = %q", result) + } +} + +func Test_PersonUnmarshalJSON(t *testing.T) { + expected := &ForgePerson{ + Actor: ap.Actor{ + Type: "Person", + PreferredUsername: ap.NaturalLanguageValues{ + ap.LangRefValue{Ref: "en", Value: []byte("MaxMuster")}, + }, + }} + sut := new(ForgePerson) + err := sut.UnmarshalJSON([]byte(`{"type":"Person","preferredUsername":"MaxMuster"}`)) + if err != nil { + t.Errorf("UnmarshalJSON() unexpected error: %v", err) + } + x, _ := expected.MarshalJSON() + y, _ := sut.MarshalJSON() + if !reflect.DeepEqual(x, y) { + t.Errorf("UnmarshalJSON() expected: %q got: %q", x, y) + } + + expectedStr := strings.ReplaceAll(strings.ReplaceAll(`{ + "id":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10", + "type":"Person", + "icon":{"type":"Image","mediaType":"image/png","url":"https://federated-repo.prod.meissa.de/avatar/fa7f9c4af2a64f41b1bef292bf872614"}, + "url":"https://federated-repo.prod.meissa.de/stargoose9", + "inbox":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10/inbox", + "outbox":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10/outbox", + "preferredUsername":"stargoose9", + "publicKey":{"id":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10#main-key", + "owner":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10", + "publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBoj...XAgMBAAE=\n-----END PUBLIC KEY-----\n"}}`, + "\n", ""), + "\t", "") + err = sut.UnmarshalJSON([]byte(expectedStr)) + if err != nil { + t.Errorf("UnmarshalJSON() unexpected error: %v", err) + } + result, _ := sut.MarshalJSON() + if expectedStr != string(result) { + t.Errorf("UnmarshalJSON() expected: %q got: %q", expectedStr, result) + } +} + +func TestForgePersonValidation(t *testing.T) { + sut := new(ForgePerson) + sut.UnmarshalJSON([]byte(`{"type":"Person","preferredUsername":"MaxMuster"}`)) + if res, _ := validation.IsValid(sut); !res { + t.Errorf("sut expected to be valid: %v\n", sut.Validate()) + } +} diff --git a/routers/api/v1/activitypub/repository.go b/routers/api/v1/activitypub/repository.go index 765ab01fcc..7271ac4096 100644 --- a/routers/api/v1/activitypub/repository.go +++ b/routers/api/v1/activitypub/repository.go @@ -223,14 +223,15 @@ func createUserFromAP(ctx *context.APIContext, personID forgefed.PersonID) (*use return &user_model.User{}, err } - person := ap.Person{} + person := forgefed.ForgePerson{} err = person.UnmarshalJSON(body) if err != nil { return &user_model.User{}, err } - log.Info("RepositoryInbox: got person by ap: %v", person) - - // TODO: we should validate the person object here! + if res, err := validation.IsValid(person); !res { + return &user_model.User{}, err + } + log.Info("RepositoryInbox: validated person: %q", person) email := fmt.Sprintf("%v@%v", uuid.New().String(), personID.Host) loginName := personID.AsLoginName()