612 lines
16 KiB
PHP
612 lines
16 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
|
|
/**
|
|
* SPDX-FileCopyrightText: 2021 F7cloud GmbH and F7cloud contributors
|
|
* SPDX-License-Identifier: AGPL-3.0-or-later
|
|
*/
|
|
|
|
namespace OCA\Circles\Service;
|
|
|
|
use JsonSerializable;
|
|
use OCA\Circles\AppInfo\Application;
|
|
use OCA\Circles\Db\RemoteRequest;
|
|
use OCA\Circles\Exceptions\FederatedItemException;
|
|
use OCA\Circles\Exceptions\RemoteAlreadyExistsException;
|
|
use OCA\Circles\Exceptions\RemoteInstanceException;
|
|
use OCA\Circles\Exceptions\RemoteNotFoundException;
|
|
use OCA\Circles\Exceptions\RemoteResourceNotFoundException;
|
|
use OCA\Circles\Exceptions\RemoteUidException;
|
|
use OCA\Circles\Exceptions\UnknownInterfaceException;
|
|
use OCA\Circles\Exceptions\UnknownRemoteException;
|
|
use OCA\Circles\Model\Federated\RemoteInstance;
|
|
use OCA\Circles\Tools\ActivityPub\NCSignature;
|
|
use OCA\Circles\Tools\Exceptions\RequestNetworkException;
|
|
use OCA\Circles\Tools\Exceptions\SignatoryException;
|
|
use OCA\Circles\Tools\Exceptions\SignatureException;
|
|
use OCA\Circles\Tools\Exceptions\WellKnownLinkNotFoundException;
|
|
use OCA\Circles\Tools\Model\NCRequest;
|
|
use OCA\Circles\Tools\Model\NCRequestResult;
|
|
use OCA\Circles\Tools\Model\NCSignatory;
|
|
use OCA\Circles\Tools\Model\NCSignedRequest;
|
|
use OCA\Circles\Tools\Model\Request;
|
|
use OCA\Circles\Tools\Model\SimpleDataStore;
|
|
use OCA\Circles\Tools\Traits\TDeserialize;
|
|
use OCA\Circles\Tools\Traits\TNCLocalSignatory;
|
|
use OCA\Circles\Tools\Traits\TNCWellKnown;
|
|
use OCA\Circles\Tools\Traits\TStringTools;
|
|
use OCP\AppFramework\Http;
|
|
use OCP\IConfig;
|
|
use OCP\IURLGenerator;
|
|
use ReflectionClass;
|
|
use ReflectionException;
|
|
|
|
/**
|
|
* Class RemoteStreamService
|
|
*
|
|
* @package OCA\Circles\Service
|
|
*/
|
|
class RemoteStreamService extends NCSignature {
|
|
use TDeserialize;
|
|
use TNCLocalSignatory;
|
|
use TStringTools;
|
|
use TNCWellKnown;
|
|
|
|
|
|
public const UPDATE_DATA = 'data';
|
|
public const UPDATE_ITEM = 'item';
|
|
public const UPDATE_TYPE = 'type';
|
|
public const UPDATE_INSTANCE = 'instance';
|
|
public const UPDATE_HREF = 'href';
|
|
|
|
|
|
/** @var IURLGenerator */
|
|
private $urlGenerator;
|
|
|
|
/** @var RemoteRequest */
|
|
private $remoteRequest;
|
|
|
|
/** @var InterfaceService */
|
|
private $interfaceService;
|
|
|
|
/** @var ConfigService */
|
|
private $configService;
|
|
|
|
|
|
/**
|
|
* RemoteStreamService constructor.
|
|
*
|
|
* @param IURLGenerator $urlGenerator
|
|
* @param RemoteRequest $remoteRequest
|
|
* @param InterfaceService $interfaceService
|
|
* @param ConfigService $configService
|
|
*/
|
|
public function __construct(
|
|
private readonly IConfig $config,
|
|
IURLGenerator $urlGenerator,
|
|
RemoteRequest $remoteRequest,
|
|
InterfaceService $interfaceService,
|
|
ConfigService $configService,
|
|
) {
|
|
$this->setup('app', 'circles');
|
|
|
|
$this->urlGenerator = $urlGenerator;
|
|
$this->remoteRequest = $remoteRequest;
|
|
$this->interfaceService = $interfaceService;
|
|
$this->configService = $configService;
|
|
}
|
|
|
|
|
|
/**
|
|
* Returns the Signatory model for the Circles app.
|
|
* Can be signed with a confirmKey.
|
|
*
|
|
* @param bool $generate
|
|
* @param string $confirmKey
|
|
*
|
|
* @return RemoteInstance
|
|
* @throws SignatoryException
|
|
* @throws UnknownInterfaceException
|
|
*/
|
|
public function getAppSignatory(bool $generate = true, string $confirmKey = ''): RemoteInstance {
|
|
$app = new RemoteInstance($this->interfaceService->getCloudPath('circles.Remote.appService'));
|
|
$this->fillSimpleSignatory($app, $generate);
|
|
$app->setUidFromKey();
|
|
|
|
if ($this->isUuid($confirmKey)) {
|
|
$app->setAuthSigned($this->signString($confirmKey, $app));
|
|
}
|
|
|
|
$app->setRoot($this->interfaceService->getCloudPath());
|
|
$app->setEvent($this->interfaceService->getCloudPath('circles.Remote.event'));
|
|
$app->setIncoming($this->interfaceService->getCloudPath('circles.Remote.incoming'));
|
|
$app->setTest($this->interfaceService->getCloudPath('circles.Remote.test'));
|
|
$app->setCircles($this->interfaceService->getCloudPath('circles.Remote.circles'));
|
|
$app->setCircle(
|
|
urldecode(
|
|
$this->interfaceService->getCloudPath('circles.Remote.circle', ['circleId' => '{circleId}'])
|
|
)
|
|
);
|
|
$app->setMembers(
|
|
urldecode(
|
|
$this->interfaceService->getCloudPath('circles.Remote.members', ['circleId' => '{circleId}'])
|
|
)
|
|
);
|
|
$app->setMember(
|
|
urldecode(
|
|
$this->interfaceService->getCloudPath(
|
|
'circles.Remote.member',
|
|
['type' => '{type}', 'userId' => '{userId}']
|
|
)
|
|
)
|
|
);
|
|
$app->setInherited(
|
|
urldecode(
|
|
$this->interfaceService->getCloudPath(
|
|
'circles.Remote.inherited',
|
|
['circleId' => '{circleId}']
|
|
)
|
|
)
|
|
);
|
|
$app->setMemberships(
|
|
urldecode(
|
|
$this->interfaceService->getCloudPath(
|
|
'circles.Remote.memberships',
|
|
['circleId' => '{circleId}']
|
|
)
|
|
)
|
|
);
|
|
|
|
if ($this->interfaceService->isCurrentInterfaceInternal()) {
|
|
$app->setAliases(array_values(array_filter($this->interfaceService->getInterfaces(false))));
|
|
}
|
|
|
|
$app->setOrigData($this->serialize($app));
|
|
|
|
return $app;
|
|
}
|
|
|
|
|
|
/**
|
|
* Reset the Signatory (and the Identity) for the Circles app.
|
|
*/
|
|
public function resetAppSignatory(): void {
|
|
try {
|
|
$app = $this->getAppSignatory();
|
|
|
|
$this->removeSimpleSignatory($app);
|
|
} catch (SignatoryException $e) {
|
|
}
|
|
}
|
|
|
|
|
|
/**
|
|
* shortcut to requestRemoteInstance that return result if available, or exception.
|
|
*
|
|
* @param string $instance
|
|
* @param string $item
|
|
* @param int $type
|
|
* @param JsonSerializable|null $object
|
|
* @param array $params
|
|
*
|
|
* @return array
|
|
* @throws RemoteInstanceException
|
|
* @throws RemoteNotFoundException
|
|
* @throws RemoteResourceNotFoundException
|
|
* @throws UnknownRemoteException
|
|
* @throws FederatedItemException
|
|
*/
|
|
public function resultRequestRemoteInstance(
|
|
string $instance,
|
|
string $item,
|
|
int $type = Request::TYPE_GET,
|
|
?JsonSerializable $object = null,
|
|
array $params = [],
|
|
): array {
|
|
$this->interfaceService->setCurrentInterfaceFromInstance($instance);
|
|
|
|
$signedRequest = $this->requestRemoteInstance($instance, $item, $type, $object, $params);
|
|
if (!$signedRequest->getOutgoingRequest()->hasResult()) {
|
|
throw new RemoteInstanceException();
|
|
}
|
|
|
|
$result = $signedRequest->getOutgoingRequest()->getResult();
|
|
|
|
if ($result->getStatusCode() === Http::STATUS_OK) {
|
|
return $result->getAsArray();
|
|
}
|
|
|
|
throw $this->getFederatedItemExceptionFromResult($result);
|
|
}
|
|
|
|
|
|
/**
|
|
* Send a request to a remote instance, based on:
|
|
* - instance: address as saved in database,
|
|
* - item: the item to request (incoming, event, ...)
|
|
* - type: GET, POST
|
|
* - data: Serializable to be send if needed
|
|
*
|
|
* @param string $instance
|
|
* @param string $item
|
|
* @param int $type
|
|
* @param JsonSerializable|null $object
|
|
* @param array $params
|
|
*
|
|
* @return NCSignedRequest
|
|
* @throws RemoteNotFoundException
|
|
* @throws RemoteResourceNotFoundException
|
|
* @throws UnknownRemoteException
|
|
* @throws RemoteInstanceException
|
|
* @throws UnknownInterfaceException
|
|
*/
|
|
private function requestRemoteInstance(
|
|
string $instance,
|
|
string $item,
|
|
int $type = Request::TYPE_GET,
|
|
?JsonSerializable $object = null,
|
|
array $params = [],
|
|
): NCSignedRequest {
|
|
$request = new NCRequest('', $type);
|
|
$this->configService->configureRequest($request);
|
|
$link = $this->getRemoteInstanceEntry($instance, $item, $params);
|
|
$request->basedOnUrl($link);
|
|
|
|
// TODO: Work Around: on local, if object is empty, request takes 10s. check on other configuration
|
|
if (is_null($object) || empty($object->jsonSerialize())) {
|
|
$object = new SimpleDataStore(['empty' => 1]);
|
|
}
|
|
|
|
if (!is_null($object)) {
|
|
$request->setDataSerialize($object);
|
|
}
|
|
|
|
try {
|
|
$app = $this->getAppSignatory();
|
|
// $app->setAlgorithm(NCSignatory::SHA512);
|
|
$signedRequest = $this->signOutgoingRequest($request, $app);
|
|
$this->doRequest($signedRequest->getOutgoingRequest(), false);
|
|
} catch (RequestNetworkException|SignatoryException $e) {
|
|
throw new RemoteInstanceException($e->getMessage());
|
|
}
|
|
|
|
return $signedRequest;
|
|
}
|
|
|
|
|
|
/**
|
|
* get the value of an entry from the Signatory of the RemoteInstance.
|
|
*
|
|
* @param string $instance
|
|
* @param string $item
|
|
* @param array $params
|
|
*
|
|
* @return string
|
|
* @throws RemoteNotFoundException
|
|
* @throws RemoteResourceNotFoundException
|
|
* @throws UnknownRemoteException
|
|
*/
|
|
private function getRemoteInstanceEntry(string $instance, string $item, array $params = []): string {
|
|
$remote = $this->getCachedRemoteInstance($instance);
|
|
|
|
$value = $this->get($item, $remote->getOrigData());
|
|
if ($value === '') {
|
|
throw new RemoteResourceNotFoundException();
|
|
}
|
|
|
|
return $this->feedStringWithParams($value, $params);
|
|
}
|
|
|
|
|
|
/**
|
|
* get RemoteInstance with confirmed and known identity from database.
|
|
*
|
|
* @param string $instance
|
|
*
|
|
* @return RemoteInstance
|
|
* @throws RemoteNotFoundException
|
|
* @throws UnknownRemoteException
|
|
*/
|
|
public function getCachedRemoteInstance(string $instance): RemoteInstance {
|
|
$remoteInstance = $this->remoteRequest->getFromInstance($instance);
|
|
if ($remoteInstance->getType() === RemoteInstance::TYPE_UNKNOWN) {
|
|
throw new UnknownRemoteException($instance . ' is set as \'unknown\' in database');
|
|
}
|
|
|
|
return $remoteInstance;
|
|
}
|
|
|
|
|
|
/**
|
|
* Add a remote instance, based on the address
|
|
*
|
|
* @param string $instance
|
|
*
|
|
* @return RemoteInstance
|
|
* @throws RequestNetworkException
|
|
* @throws SignatoryException
|
|
* @throws SignatureException
|
|
* @throws WellKnownLinkNotFoundException
|
|
*/
|
|
public function retrieveRemoteInstance(string $instance): RemoteInstance {
|
|
$resource = $this->getResourceData($instance, Application::APP_SUBJECT, Application::APP_REL);
|
|
|
|
/** @var RemoteInstance $remoteInstance */
|
|
$remoteInstance = $this->retrieveSignatory($resource->g('id'), true);
|
|
$remoteInstance->setInstance($instance);
|
|
|
|
return $remoteInstance;
|
|
}
|
|
|
|
|
|
/**
|
|
* retrieve Signatory.
|
|
*
|
|
* @param string $keyId
|
|
* @param bool $refresh
|
|
*
|
|
* @return RemoteInstance
|
|
* @throws SignatoryException
|
|
* @throws SignatureException
|
|
*/
|
|
public function retrieveSignatory(string $keyId, bool $refresh = true): NCSignatory {
|
|
if (!$refresh) {
|
|
try {
|
|
return $this->remoteRequest->getFromHref(NCSignatory::removeFragment($keyId));
|
|
} catch (RemoteNotFoundException $e) {
|
|
throw new SignatoryException();
|
|
}
|
|
}
|
|
|
|
$remoteInstance = new RemoteInstance($keyId);
|
|
$confirm = $this->uuid();
|
|
|
|
$request = new NCRequest();
|
|
$this->configService->configureRequest($request);
|
|
|
|
$request->setLocalAddressAllowed($this->config->getSystemValueBool('allow_local_remote_servers'));
|
|
$this->downloadSignatory($remoteInstance, $keyId, ['auth' => $confirm], $request);
|
|
$remoteInstance->setUidFromKey();
|
|
|
|
$this->confirmAuth($remoteInstance, $confirm);
|
|
|
|
return $remoteInstance;
|
|
}
|
|
|
|
|
|
/**
|
|
* Add a remote instance, based on the address
|
|
*
|
|
* @param string $instance
|
|
* @param string $type
|
|
* @param int $iface
|
|
* @param bool $overwrite
|
|
*
|
|
* @throws RemoteAlreadyExistsException
|
|
* @throws RemoteUidException
|
|
* @throws RequestNetworkException
|
|
* @throws SignatoryException
|
|
* @throws SignatureException
|
|
* @throws WellKnownLinkNotFoundException
|
|
*/
|
|
public function addRemoteInstance(
|
|
string $instance,
|
|
string $type = RemoteInstance::TYPE_EXTERNAL,
|
|
int $iface = InterfaceService::IFACE_FRONTAL,
|
|
bool $overwrite = false,
|
|
): void {
|
|
if ($this->configService->isLocalInstance($instance)) {
|
|
throw new RemoteAlreadyExistsException('instance is local');
|
|
}
|
|
|
|
$remoteInstance = $this->retrieveRemoteInstance($instance);
|
|
$remoteInstance->setType($type)
|
|
->setInterface($iface);
|
|
|
|
if (!$this->interfaceService->isInterfaceInternal($remoteInstance->getInterface())) {
|
|
$remoteInstance->setAliases([]);
|
|
}
|
|
|
|
try {
|
|
$known = $this->remoteRequest->searchDuplicate($remoteInstance);
|
|
if ($overwrite) {
|
|
$this->remoteRequest->deleteById($known);
|
|
} else {
|
|
throw new RemoteAlreadyExistsException('instance is already known');
|
|
}
|
|
} catch (RemoteNotFoundException $e) {
|
|
}
|
|
|
|
$this->remoteRequest->save($remoteInstance);
|
|
}
|
|
|
|
|
|
/**
|
|
* @param string $address
|
|
*
|
|
* @return RemoteInstance
|
|
* @throws RemoteNotFoundException
|
|
*/
|
|
public function getRemoteInstanceFromAddress(string $address): RemoteInstance {
|
|
$remotes = $this->remoteRequest->getAllInstances();
|
|
foreach ($remotes as $remote) {
|
|
if ($remote->getInstance() === $address || in_array($address, $remote->getAliases())) {
|
|
return $remote;
|
|
}
|
|
}
|
|
|
|
throw new RemoteNotFoundException();
|
|
}
|
|
|
|
|
|
/**
|
|
* @param string $instance
|
|
* @param string $check
|
|
*
|
|
* @return bool
|
|
* @throws RemoteNotFoundException
|
|
*/
|
|
public function isFromSameInstance(string $instance, string $check): bool {
|
|
$remote = $this->getRemoteInstanceFromAddress($instance);
|
|
if ($remote->getInstance() === $check || in_array($check, $remote->getAliases())) {
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
|
|
/**
|
|
* Confirm the Auth of a RemoteInstance, based on the result from a request
|
|
*
|
|
* @param RemoteInstance $remote
|
|
* @param string $auth
|
|
*
|
|
* @throws SignatureException
|
|
*/
|
|
private function confirmAuth(RemoteInstance $remote, string $auth): void {
|
|
[$algo, $signed] = explode(':', $this->get(RemoteInstance::AUTH_SIGNED, $remote->getOrigData()));
|
|
try {
|
|
if ($signed === null) {
|
|
throw new SignatureException('invalid auth-signed');
|
|
}
|
|
$this->verifyString($auth, base64_decode($signed), $remote->getPublicKey(), $algo);
|
|
$remote->setIdentityAuthed(true);
|
|
} catch (SignatureException $e) {
|
|
$this->e($e, [
|
|
'auth' => $auth,
|
|
'signed' => $signed,
|
|
'msg' => 'auth not confirmed'
|
|
]
|
|
);
|
|
throw new SignatureException('auth not confirmed');
|
|
}
|
|
}
|
|
|
|
|
|
/**
|
|
* @param NCRequestResult $result
|
|
*
|
|
* @return FederatedItemException
|
|
*/
|
|
private function getFederatedItemExceptionFromResult(NCRequestResult $result): FederatedItemException {
|
|
$data = $result->getAsArray();
|
|
|
|
$message = $this->get('message', $data);
|
|
$code = $this->getInt('code', $data);
|
|
$class = $this->get('class', $data);
|
|
|
|
try {
|
|
$test = new ReflectionClass($class);
|
|
$this->confirmFederatedItemExceptionFromClass($test);
|
|
$e = $class;
|
|
} catch (ReflectionException|FederatedItemException $_e) {
|
|
$e = $this->getFederatedItemExceptionFromStatus($result->getStatusCode());
|
|
}
|
|
|
|
return new $e($message, $code);
|
|
}
|
|
|
|
|
|
/**
|
|
* @param ReflectionClass $class
|
|
*
|
|
* @return void
|
|
* @throws FederatedItemException
|
|
*/
|
|
private function confirmFederatedItemExceptionFromClass(ReflectionClass $class): void {
|
|
while (true) {
|
|
foreach (FederatedItemException::$CHILDREN as $e) {
|
|
if ($class->getName() === $e) {
|
|
return;
|
|
}
|
|
}
|
|
$class = $class->getParentClass();
|
|
if (!$class) {
|
|
throw new FederatedItemException();
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
/**
|
|
* @param int $statusCode
|
|
*
|
|
* @return string
|
|
*/
|
|
private function getFederatedItemExceptionFromStatus(int $statusCode): string {
|
|
foreach (FederatedItemException::$CHILDREN as $e) {
|
|
if ($e::STATUS === $statusCode) {
|
|
return $e;
|
|
}
|
|
}
|
|
|
|
return FederatedItemException::class;
|
|
}
|
|
|
|
|
|
/**
|
|
* TODO: confirm if method is really needed
|
|
*
|
|
* @param RemoteInstance $remote
|
|
* @param RemoteInstance|null $stored
|
|
*
|
|
* @throws RemoteNotFoundException
|
|
* @throws RemoteUidException
|
|
*/
|
|
public function confirmValidRemote(RemoteInstance $remote, ?RemoteInstance &$stored = null): void {
|
|
try {
|
|
$stored = $this->remoteRequest->getFromHref($remote->getId());
|
|
} catch (RemoteNotFoundException $e) {
|
|
if ($remote->getInstance() === '') {
|
|
throw new RemoteNotFoundException();
|
|
}
|
|
|
|
$stored = $this->remoteRequest->getFromInstance($remote->getInstance());
|
|
}
|
|
|
|
if ($stored->getUid() !== $remote->getUid(true)) {
|
|
throw new RemoteUidException();
|
|
}
|
|
}
|
|
|
|
|
|
/**
|
|
* TODO: check if this method is not useless
|
|
*
|
|
* @param RemoteInstance $remote
|
|
* @param string $update
|
|
*
|
|
* @throws RemoteUidException
|
|
*/
|
|
public function update(RemoteInstance $remote, string $update = self::UPDATE_DATA): void {
|
|
if (!$this->interfaceService->isInterfaceInternal($remote->getInterface())) {
|
|
$remote->setAliases([]);
|
|
}
|
|
|
|
switch ($update) {
|
|
case self::UPDATE_DATA:
|
|
$this->remoteRequest->update($remote);
|
|
break;
|
|
|
|
case self::UPDATE_ITEM:
|
|
$this->remoteRequest->updateItem($remote);
|
|
break;
|
|
|
|
case self::UPDATE_TYPE:
|
|
$this->remoteRequest->updateType($remote);
|
|
break;
|
|
|
|
case self::UPDATE_HREF:
|
|
$this->remoteRequest->updateHref($remote);
|
|
break;
|
|
|
|
case self::UPDATE_INSTANCE:
|
|
$this->remoteRequest->updateInstance($remote);
|
|
break;
|
|
}
|
|
}
|
|
}
|