mastodon-glitch/app/services/resolve_url_service.rb

# frozen_string_literal: true

class ResolveURLService < BaseService
  include JsonLdHelper
  include Authorization

  USERNAME_STATUS_RE = %r{/@(?<username>#{Account::USERNAME_RE})/(?<status_id>[0-9]+)\Z}

  def call(url, on_behalf_of: nil)
    @url          = url
    @on_behalf_of = on_behalf_of

    if local_url?
      process_local_url
    elsif !fetched_resource.nil?
      process_url
    else
      process_url_from_db
    end
  end

  private

  def process_url
    if equals_or_includes_any?(type, ActivityPub::FetchRemoteActorService::SUPPORTED_TYPES)
      ActivityPub::FetchRemoteActorService.new.call(resource_url, prefetched_body: body)
    elsif equals_or_includes_any?(type, ActivityPub::Activity::Create::SUPPORTED_TYPES + ActivityPub::Activity::Create::CONVERTED_TYPES)
      status = FetchRemoteStatusService.new.call(resource_url, prefetched_body: body)
      authorize_with @on_behalf_of, status, :show? unless status.nil?
      status
    end
  end

  def process_url_from_db
    if [500, 502, 503, 504, nil].include?(fetch_resource_service.response_code)
      account = Account.find_by(uri: @url)
      return account unless account.nil?
    end

    return unless @on_behalf_of.present? && [401, 403, 404].include?(fetch_resource_service.response_code)

    # It may happen that the resource is a private toot, and thus not fetchable,
    # but we can return the toot if we already know about it.
    scope = Status.where(uri: @url)

    # We don't have an index on `url`, so try guessing the `uri` from `url`
    parsed_url = Addressable::URI.parse(@url)
    parsed_url.path.match(USERNAME_STATUS_RE) do |matched|
      parsed_url.path = "/users/#{matched[:username]}/statuses/#{matched[:status_id]}"
      scope = scope.or(Status.where(uri: parsed_url.to_s, url: @url))
    end

    status = scope.first

    authorize_with @on_behalf_of, status, :show? unless status.nil?
    status
  rescue Mastodon::NotPermittedError
    nil
  end

  def fetched_resource
    @fetched_resource ||= fetch_resource_service.call(@url)
  end

  def fetch_resource_service
    @fetch_resource_service ||= FetchResourceService.new
  end

  def resource_url
    fetched_resource.first
  end

  def body
    fetched_resource.second[:prefetched_body]
  end

  def type
    json_data['type']
  end

  def json_data
    @json_data ||= body_to_json(body)
  end

  def local_url?
    TagManager.instance.local_url?(@url)
  end

  def process_local_url
    recognized_params = Rails.application.routes.recognize_path(@url)

    case recognized_params[:controller]
    when 'statuses'
      return unless recognized_params[:action] == 'show'

      status = Status.find_by(id: recognized_params[:id])
      check_local_status(status)
    when 'accounts'
      return unless recognized_params[:action] == 'show'

      Account.find_local(recognized_params[:username])
    when 'home'
      return unless recognized_params[:action] == 'index' && recognized_params[:username_with_domain].present?

      if recognized_params[:any]&.match?(/\A[0-9]+\Z/)
        status = Status.find_by(id: recognized_params[:any])
        check_local_status(status)
      elsif recognized_params[:any].blank?
        username, domain = recognized_params[:username_with_domain].gsub(/\A@/, '').split('@')
        return unless username.present? && domain.present?

        Account.find_remote(username, domain)
      end
    end
  end

  def check_local_status(status)
    return if status.nil?

    authorize_with @on_behalf_of, status, :show?
    status
  rescue Mastodon::NotPermittedError
    nil
  end
end
New API method: /api/v1/search Returns accounts, statuses, hashtags arrays 2017-03-22 01:32:27 +00:00			`# frozen_string_literal: true`

Rename FetchRemoteResourceService to ResolveURLService (#6328) The service used to be named FetchRemoteResourceService resolves local URL as well. 2018-01-22 13:24:22 +00:00			`class ResolveURLService < BaseService`
Add support for searching AP users (#4599) * Add support for searching AP users * use JsonLdHelper 2017-08-14 12:08:34 +00:00			`include JsonLdHelper`
Allow accessing local private/DM messages by URL (#8196) * Allow accessing local private/DM messages by URL (Provided the user pasting the URL is authorized to see the toot, obviously) * Fix SearchServiceSpec tests 2018-08-15 17:33:36 +00:00			`include Authorization`
Add support for searching AP users (#4599) * Add support for searching AP users * use JsonLdHelper 2017-08-14 12:08:34 +00:00
Improve performance by avoiding regex construction (#20215) ```ruby 10.times { p /#{FOO}/.object_id } 10.times { p FOO_RE.object_id } ``` 2022-11-10 04:49:30 +00:00			`USERNAME_STATUS_RE = %r{/@(?<username>#{Account::USERNAME_RE})/(?<status_id>[0-9]+)\Z}`

Allow accessing local private/DM messages by URL (#8196) * Allow accessing local private/DM messages by URL (Provided the user pasting the URL is authorized to see the toot, obviously) * Fix SearchServiceSpec tests 2018-08-15 17:33:36 +00:00			`def call(url, on_behalf_of: nil)`
Refactor fetching of remote resources (#11251) 2019-07-10 16:59:28 +00:00			`@url = url`
Allow accessing local private/DM messages by URL (#8196) * Allow accessing local private/DM messages by URL (Provided the user pasting the URL is authorized to see the toot, obviously) * Fix SearchServiceSpec tests 2018-08-15 17:33:36 +00:00			`@on_behalf_of = on_behalf_of`
Fix #4067 - Do not make HTTP round-trip when resolving local URL (#4160) 2017-07-11 22:39:15 +00:00
Refactor fetching of remote resources (#11251) 2019-07-10 16:59:28 +00:00			`if local_url?`
			`process_local_url`
			`elsif !fetched_resource.nil?`
			`process_url`
Fix some timeouts when searching URLs by limiting some database queries (#13253) Only look up private toots from database if the request failed because of 401, 403 or 404 errors, as those may indicate a private toot, rather than something that isn't a toot or cannot be processed. 2020-03-12 22:06:43 +00:00			`else`
Fix URL search not returning private toots user has access to (#12742) 2020-01-03 04:01:45 +00:00			`process_url_from_db`
Refactor fetching of remote resources (#11251) 2019-07-10 16:59:28 +00:00			`end`
Add specs (and refactor) of FetchRemoteResourceService and SearchService (#2812) * Coverage for fetch remote resource service * Refactor fetch remote resource service * Coverage for search service * Refactor search service 2017-05-05 15:26:04 +00:00			`end`
New API method: /api/v1/search Returns accounts, statuses, hashtags arrays 2017-03-22 01:32:27 +00:00
Add specs (and refactor) of FetchRemoteResourceService and SearchService (#2812) * Coverage for fetch remote resource service * Refactor fetch remote resource service * Coverage for search service * Refactor search service 2017-05-05 15:26:04 +00:00			`private`
New API method: /api/v1/search Returns accounts, statuses, hashtags arrays 2017-03-22 01:32:27 +00:00
Add specs (and refactor) of FetchRemoteResourceService and SearchService (#2812) * Coverage for fetch remote resource service * Refactor fetch remote resource service * Coverage for search service * Refactor search service 2017-05-05 15:26:04 +00:00			`def process_url`
Refactor ActivityPub handling to prepare for non-Account actors (#19212) * Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService ActivityPub::FetchRemoteAccountService is kept as a wrapper for when the actor is specifically required to be an Account * Refactor SignatureVerification to allow non-Account actors * fixup! Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService * Refactor ActivityPub::FetchRemoteKeyService to potentially return non-Account actors * Refactor inbound ActivityPub payload processing to accept non-Account actors * Refactor inbound ActivityPub processing to accept activities relayed through non-Account * Refactor how Account key URIs are built * Refactor Request and drop unused key_id_format parameter * Rename ActivityPub::Dereferencer `signature_account` to `signature_actor` 2022-09-21 20:45:57 +00:00			`if equals_or_includes_any?(type, ActivityPub::FetchRemoteActorService::SUPPORTED_TYPES)`
			`ActivityPub::FetchRemoteActorService.new.call(resource_url, prefetched_body: body)`
Add support for Audio activities (#11189) Fixes #11127 2019-06-26 17:32:36 +00:00			`elsif equals_or_includes_any?(type, ActivityPub::Activity::Create::SUPPORTED_TYPES + ActivityPub::Activity::Create::CONVERTED_TYPES)`
Fix unbounded recursion in post discovery (#23506) * Add a limit to how many posts can get fetched as a result of a single request * Add tests * Always pass `request_id` when processing `Announce` activities --------- Co-authored-by: nametoolong <nametoolong@users.noreply.github.com> 2023-02-10 21:16:37 +00:00			`status = FetchRemoteStatusService.new.call(resource_url, prefetched_body: body)`
Fix leaking private statuses the admin account follows (#11300) Now that the request is signed, it can return private toots. Do not leak them. 2019-07-15 00:29:04 +00:00			`authorize_with @on_behalf_of, status, :show? unless status.nil?`
			`status`
New API method: /api/v1/search Returns accounts, statuses, hashtags arrays 2017-03-22 01:32:27 +00:00			`end`
			`end`
Add specs (and refactor) of FetchRemoteResourceService and SearchService (#2812) * Coverage for fetch remote resource service * Refactor fetch remote resource service * Coverage for search service * Refactor search service 2017-05-05 15:26:04 +00:00
Fix URL search not returning private toots user has access to (#12742) 2020-01-03 04:01:45 +00:00			`def process_url_from_db`
Fix temporary network/remote server error prevent from interactions with remote accounts (#18161) * Fix temporary network/remote server error prevent from interactions with remote accounts * Fix and add tests 2022-04-28 18:19:10 +00:00			`if [500, 502, 503, 504, nil].include?(fetch_resource_service.response_code)`
			`account = Account.find_by(uri: @url)`
			`return account unless account.nil?`
			`end`

Fix some timeouts when searching URLs by limiting some database queries (#13253) Only look up private toots from database if the request failed because of 401, 403 or 404 errors, as those may indicate a private toot, rather than something that isn't a toot or cannot be processed. 2020-03-12 22:06:43 +00:00			`return unless @on_behalf_of.present? && [401, 403, 404].include?(fetch_resource_service.response_code)`

Fix URL search not returning private toots user has access to (#12742) 2020-01-03 04:01:45 +00:00			`# It may happen that the resource is a private toot, and thus not fetchable,`
			`# but we can return the toot if we already know about it.`
Improve searching for private toots from URL (#14856) * Improve searching for private toots from URL Most of the time, when sharing toots, people use the toot URL rather than the toot URI, which makes sense since it is the user-facing URL. In Mastodon's case, the URL and URI are different, and Mastodon does not have an index on URL, which means searching a private toot by URL is done with a slow query that will only succeed for very recent toots. This change gets rid of the slow query, and attempts to guess the URI from URL instead, as Mastodon's are predictable. * Add tests * Only return status with guessed uri if url matches Co-authored-by: Claire <claire.github-309c@sitedethib.com> 2020-12-17 05:51:49 +00:00			`scope = Status.where(uri: @url)`

			# We don't have an index on `url`, so try guessing the `uri` from `url`
			`parsed_url = Addressable::URI.parse(@url)`
Improve performance by avoiding regex construction (#20215) ```ruby 10.times { p /#{FOO}/.object_id } 10.times { p FOO_RE.object_id } ``` 2022-11-10 04:49:30 +00:00			`parsed_url.path.match(USERNAME_STATUS_RE) do \|matched\|`
Improve searching for private toots from URL (#14856) * Improve searching for private toots from URL Most of the time, when sharing toots, people use the toot URL rather than the toot URI, which makes sense since it is the user-facing URL. In Mastodon's case, the URL and URI are different, and Mastodon does not have an index on URL, which means searching a private toot by URL is done with a slow query that will only succeed for very recent toots. This change gets rid of the slow query, and attempts to guess the URI from URL instead, as Mastodon's are predictable. * Add tests * Only return status with guessed uri if url matches Co-authored-by: Claire <claire.github-309c@sitedethib.com> 2020-12-17 05:51:49 +00:00			`parsed_url.path = "/users/#{matched[:username]}/statuses/#{matched[:status_id]}"`
			`scope = scope.or(Status.where(uri: parsed_url.to_s, url: @url))`
			`end`

			`status = scope.first`

Fix URL search not returning private toots user has access to (#12742) 2020-01-03 04:01:45 +00:00			`authorize_with @on_behalf_of, status, :show? unless status.nil?`
			`status`
			`rescue Mastodon::NotPermittedError`
			`nil`
			`end`

Refactor fetching of remote resources (#11251) 2019-07-10 16:59:28 +00:00			`def fetched_resource`
Fix some timeouts when searching URLs by limiting some database queries (#13253) Only look up private toots from database if the request failed because of 401, 403 or 404 errors, as those may indicate a private toot, rather than something that isn't a toot or cannot be processed. 2020-03-12 22:06:43 +00:00			`@fetched_resource \|\|= fetch_resource_service.call(@url)`
			`end`

			`def fetch_resource_service`
Fix `Naming/MemoizedInstanceVariableName` cop (#25928) 2023-07-12 08:08:51 +00:00			`@fetch_resource_service \|\|= FetchResourceService.new`
Add specs (and refactor) of FetchRemoteResourceService and SearchService (#2812) * Coverage for fetch remote resource service * Refactor fetch remote resource service * Coverage for search service * Refactor search service 2017-05-05 15:26:04 +00:00			`end`

Refactor fetching of remote resources (#11251) 2019-07-10 16:59:28 +00:00			`def resource_url`
			`fetched_resource.first`
Add specs (and refactor) of FetchRemoteResourceService and SearchService (#2812) * Coverage for fetch remote resource service * Refactor fetch remote resource service * Coverage for search service * Refactor search service 2017-05-05 15:26:04 +00:00			`end`

			`def body`
Refactor fetching of remote resources (#11251) 2019-07-10 16:59:28 +00:00			`fetched_resource.second[:prefetched_body]`
Add specs (and refactor) of FetchRemoteResourceService and SearchService (#2812) * Coverage for fetch remote resource service * Refactor fetch remote resource service * Coverage for search service * Refactor search service 2017-05-05 15:26:04 +00:00			`end`

Add support for searching AP users (#4599) * Add support for searching AP users * use JsonLdHelper 2017-08-14 12:08:34 +00:00			`def type`
Clean up OStatus-related codepaths (#12173) * Remove “protocol” argument and return value, as only ActivityPub is supported * Remove FetchRemoteAccountService, only use ActivityPub::FetchRemoteAccountService * Fix tests 2019-12-17 12:32:57 +00:00			`json_data['type']`
Add support for searching AP users (#4599) * Add support for searching AP users * use JsonLdHelper 2017-08-14 12:08:34 +00:00			`end`

			`def json_data`
Refactor fetching of remote resources (#11251) 2019-07-10 16:59:28 +00:00			`@json_data \|\|= body_to_json(body)`
Add specs (and refactor) of FetchRemoteResourceService and SearchService (#2812) * Coverage for fetch remote resource service * Refactor fetch remote resource service * Coverage for search service * Refactor search service 2017-05-05 15:26:04 +00:00			`end`
Fix #4067 - Do not make HTTP round-trip when resolving local URL (#4160) 2017-07-11 22:39:15 +00:00
			`def local_url?`
			`TagManager.instance.local_url?(@url)`
			`end`

			`def process_local_url`
			`recognized_params = Rails.application.routes.recognize_path(@url)`

Fix ResolveURLService not resolving local URLs for remote content (#25637) 2023-06-29 12:48:54 +00:00			`case recognized_params[:controller]`
			`when 'statuses'`
			`return unless recognized_params[:action] == 'show'`
Fix #4067 - Do not make HTTP round-trip when resolving local URL (#4160) 2017-07-11 22:39:15 +00:00
			`status = Status.find_by(id: recognized_params[:id])`
			`check_local_status(status)`
Fix ResolveURLService not resolving local URLs for remote content (#25637) 2023-06-29 12:48:54 +00:00			`when 'accounts'`
			`return unless recognized_params[:action] == 'show'`

Fix #4067 - Do not make HTTP round-trip when resolving local URL (#4160) 2017-07-11 22:39:15 +00:00			`Account.find_local(recognized_params[:username])`
Fix ResolveURLService not resolving local URLs for remote content (#25637) 2023-06-29 12:48:54 +00:00			`when 'home'`
			`return unless recognized_params[:action] == 'index' && recognized_params[:username_with_domain].present?`

			`if recognized_params[:any]&.match?(/\A[0-9]+\Z/)`
			`status = Status.find_by(id: recognized_params[:any])`
			`check_local_status(status)`
			`elsif recognized_params[:any].blank?`
			`username, domain = recognized_params[:username_with_domain].gsub(/\A@/, '').split('@')`
			`return unless username.present? && domain.present?`

			`Account.find_remote(username, domain)`
			`end`
Fix #4067 - Do not make HTTP round-trip when resolving local URL (#4160) 2017-07-11 22:39:15 +00:00			`end`
			`end`

			`def check_local_status(status)`
			`return if status.nil?`
Refactor fetching of remote resources (#11251) 2019-07-10 16:59:28 +00:00
Allow accessing local private/DM messages by URL (#8196) * Allow accessing local private/DM messages by URL (Provided the user pasting the URL is authorized to see the toot, obviously) * Fix SearchServiceSpec tests 2018-08-15 17:33:36 +00:00			`authorize_with @on_behalf_of, status, :show?`
			`status`
			`rescue Mastodon::NotPermittedError`
			`nil`
Fix #4067 - Do not make HTTP round-trip when resolving local URL (#4160) 2017-07-11 22:39:15 +00:00			`end`
New API method: /api/v1/search Returns accounts, statuses, hashtags arrays 2017-03-22 01:32:27 +00:00			`end`