kawaiipunk/laipower
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated plugin ActivityPub version 8.3.0

Browse Source
This commit is contained in:
KawaiiPunk
2026-06-03 21:28:46 +00:00
committed by Gitium
parent a4b78ec277
commit 6fe182458a
340 changed files with 43232 additions and 7568 deletions
Download Patch File Download Diff File Expand all files Collapse all files

279
wp-content/plugins/activitypub/includes/rest/class-actors-inbox-controller.php
View File

@ -8,12 +8,15 @@
namespace Activitypub\Rest;
use Activitypub\Activity\Activity;
use Activitypub\Activity\Base_Object;
use Activitypub\Collection\Actors;
use Activitypub\Debug;
use Activitypub\Collection\Inbox;
use Activitypub\Moderation;
use function Activitypub\get_context;
use function Activitypub\get_rest_url_by_path;
use function Activitypub\camel_to_snake_case;
use function Activitypub\get_masked_wp_version;
use function Activitypub\get_rest_url_by_path;
use function Activitypub\object_to_uri;
/**
* Actors_Inbox_Controller class.
@ -24,6 +27,8 @@ use function Activitypub\get_masked_wp_version;
*/
class Actors_Inbox_Controller extends Actors_Controller {
use Collection;
use Event_Stream;
use Language_Map;
/**
* Register routes.
@ -35,16 +40,16 @@ class Actors_Inbox_Controller extends Actors_Controller {
array(
'args' => array(
'user_id' => array(
'description' => 'The ID or username of the actor.',
'type' => 'string',
'required' => true,
'pattern' => '[\w\-\.]+',
'description' => 'The ID of the actor.',
'type' => 'integer',
'required' => true,
'validate_callback' => array( $this, 'validate_user_id' ),
),
),
array(
'methods' => \WP_REST_Server::READABLE,
'callback' => array( $this, 'get_items' ),
'permission_callback' => '__return_true',
'permission_callback' => array( $this, 'verify_authentication' ),
'args' => array(
'page' => array(
'description' => 'Current page of the collection.',
@ -57,6 +62,7 @@ class Actors_Inbox_Controller extends Actors_Controller {
'type' => 'integer',
'default' => 20,
'minimum' => 1,
'maximum' => 100,
),
),
'schema' => array( $this, 'get_collection_schema' ),
@ -64,7 +70,7 @@ class Actors_Inbox_Controller extends Actors_Controller {
array(
'methods' => \WP_REST_Server::CREATABLE,
'callback' => array( $this, 'create_item' ),
'permission_callback' => array( 'Activitypub\Rest\Server', 'verify_signature' ),
'permission_callback' => array( $this, 'verify_signature' ),
'args' => array(
'id' => array(
'description' => 'The unique identifier for the activity.',
@ -79,21 +85,27 @@ class Actors_Inbox_Controller extends Actors_Controller {
'sanitize_callback' => '\Activitypub\object_to_uri',
),
'type' => array(
'description' => 'The type of the activity.',
'type' => 'string',
'required' => true,
'description' => 'The type of the activity.',
'type' => 'string',
'required' => true,
'sanitize_callback' => 'sanitize_html_class',
'validate_callback' => static function ( $param ) {
// Reject values that sanitize to empty so dynamic hook names always have a suffix.
return '' !== \sanitize_html_class( (string) $param );
},
),
'object' => array(
'description' => 'The object of the activity.',
'required' => true,
'validate_callback' => function ( $param, $request, $key ) {
'sanitize_callback' => array( $this, 'localize_language_maps' ),
'validate_callback' => static function ( $param, $request, $key ) {
/**
* Filter the ActivityPub object validation.
*
* @param bool $validate The validation result.
* @param array $param The object data.
* @param object $request The request object.
* @param string $key The key.
* @param bool $validate The validation result.
* @param array $param The object data.
* @param \WP_REST_Request $request The request object.
* @param string $key The key.
*/
return \apply_filters( 'activitypub_validate_object', true, $param, $request, $key );
},
@ -103,42 +115,100 @@ class Actors_Inbox_Controller extends Actors_Controller {
'schema' => array( $this, 'get_item_schema' ),
)
);
\register_rest_route(
$this->namespace,
'/' . $this->rest_base . '/inbox/stream',
array(
'args' => array(
'user_id' => array(
'description' => 'The ID of the actor.',
'type' => 'integer',
'required' => true,
'validate_callback' => array( $this, 'validate_user_id' ),
),
),
array(
'methods' => \WP_REST_Server::READABLE,
'callback' => function ( $request ) {
$this->stream_collection( $request->get_param( 'user_id' ), 'inbox' );
},
'permission_callback' => array( $this, 'get_stream_permissions_check' ),
),
)
);
\add_action( 'activitypub_inbox_create_item', array( self::class, 'process_create_item' ) );
}
/**
* Renders the user-inbox.
* Retrieves a collection of inbox items.
*
* @param \WP_REST_Request $request The request object.
* @return \WP_REST_Response|\WP_Error Response object or WP_Error.
* @param \WP_REST_Request $request Full details about the request.
* @return \WP_REST_Response|\WP_Error Response object on success, or WP_Error object on failure.
*/
public function get_items( $request ) {
$page = $request->get_param( 'page' ) ?? 1;
$user_id = $request->get_param( 'user_id' );
$user = Actors::get_by_various( $user_id );
$user = Actors::get_by_id( $user_id );
if ( \is_wp_error( $user ) ) {
return $user;
}
/**
* Fires before the ActivityPub inbox is created and sent to the client.
* Action triggered prior to the ActivityPub inbox being created and sent to the client.
*
* @param \WP_REST_Request $request The request object.
*/
\do_action( 'activitypub_rest_inbox_pre' );
\do_action( 'activitypub_rest_inbox_pre', $request );
$response = array(
'@context' => get_context(),
'id' => get_rest_url_by_path( \sprintf( 'actors/%d/inbox', $user->get__id() ) ),
'generator' => 'https://wordpress.org/?v=' . get_masked_wp_version(),
'type' => 'OrderedCollection',
'totalItems' => 0,
'orderedItems' => array(),
$args = array(
'posts_per_page' => $request->get_param( 'per_page' ),
'paged' => $page,
'post_type' => Inbox::POST_TYPE,
'post_status' => 'publish',
// phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query
'meta_query' => array(
array(
'key' => '_activitypub_user_id',
'value' => $user_id,
),
),
);
/**
* Filters the ActivityPub inbox data before it is sent to the client.
* Filters WP_Query arguments when querying Inbox items via the REST API.
*
* @param array $response The ActivityPub inbox array.
* Enables adding extra arguments or setting defaults for an inbox collection request.
*
* @param array $args Array of arguments for WP_Query.
* @param \WP_REST_Request $request The REST API request.
*/
$response = \apply_filters( 'activitypub_rest_inbox_array', $response );
$args = \apply_filters( 'activitypub_rest_inbox_query', $args, $request );
$inbox_query = new \WP_Query();
$query_result = $inbox_query->query( $args );
$response = array(
'@context' => Base_Object::JSON_LD_CONTEXT,
'id' => get_rest_url_by_path( sprintf( 'actors/%d/inbox', $user_id ) ),
'generator' => 'https://wordpress.org/?v=' . get_masked_wp_version(),
'actor' => $user->get_id(),
'type' => 'OrderedCollection',
'totalItems' => (int) $inbox_query->found_posts,
'eventStream' => $this->get_stream_url( $user_id, 'inbox' ),
'orderedItems' => array(),
);
\update_postmeta_cache( \wp_list_pluck( $query_result, 'ID' ) );
foreach ( $query_result as $inbox_item ) {
if ( ! $inbox_item instanceof \WP_Post ) {
continue;
}
$response['orderedItems'][] = $this->prepare_item_for_response( $inbox_item, $request );
}
$response = $this->prepare_collection_response( $response, $request );
if ( \is_wp_error( $response ) ) {
@ -146,9 +216,27 @@ class Actors_Inbox_Controller extends Actors_Controller {
}
/**
* Fires after the ActivityPub inbox has been created and sent to the client.
* Filter the ActivityPub inbox array.
*
* @param array $response The ActivityPub inbox array.
* @param \WP_REST_Request $request The request object.
*/
\do_action( 'activitypub_inbox_post' );
$response = \apply_filters( 'activitypub_rest_inbox_array', $response, $request );
/**
* Action triggered after the ActivityPub inbox has been created and sent to the client.
*
* @param \WP_REST_Request $request The request object.
*/
\do_action( 'activitypub_rest_inbox_post', $request );
// Fire deprecated hook for backward compatibility.
\do_action_deprecated(
'activitypub_inbox_post',
array( $request ),
'8.1.0',
'activitypub_rest_inbox_post'
);
$response = \rest_ensure_response( $response );
$response->header( 'Content-Type', 'application/activity+json; charset=' . \get_option( 'blog_charset' ) );
@ -156,6 +244,19 @@ class Actors_Inbox_Controller extends Actors_Controller {
return $response;
}
/**
* Prepares the item for the REST response.
*
* @param mixed $item WordPress representation of the item.
* @param \WP_REST_Request $request Request object.
* @return array Response object on success.
*/
public function prepare_item_for_response( $item, $request ) { // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable
$activity = \json_decode( $item->post_content, true );
return $activity;
}
/**
* Handles user-inbox requests.
*
@ -165,20 +266,23 @@ class Actors_Inbox_Controller extends Actors_Controller {
*/
public function create_item( $request ) {
$user_id = $request->get_param( 'user_id' );
$user = Actors::get_by_various( $user_id );
$data = $request->get_json_params();
$type = camel_to_snake_case( $request->get_param( 'type' ) );
if ( \is_wp_error( $user ) ) {
return $user;
}
$data = $request->get_json_params();
/* @var Activity $activity Activity object.*/
$activity = Activity::init_from_array( $data );
$type = $request->get_param( 'type' );
$type = \strtolower( $type );
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput
if ( \wp_check_comment_disallowed_list( $activity->to_json( false ), '', '', '', $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'] ?? '' ) ) {
Debug::write_log( 'Blocked activity from: ' . $activity->get_actor() );
if ( Moderation::activity_is_blocked( $activity, $user_id ) ) {
/**
* ActivityPub inbox disallowed activity.
*
* @param array $data The data array.
* @param int|null $user_id The user ID.
* @param string $type The type of the activity.
* @param Activity|\WP_Error $activity The Activity object.
*/
do_action( 'activitypub_rest_inbox_disallowed', $data, $user_id, $type, $activity );
} else {
/**
* ActivityPub inbox action.
@ -187,8 +291,9 @@ class Actors_Inbox_Controller extends Actors_Controller {
* @param int|null $user_id The user ID.
* @param string $type The type of the activity.
* @param Activity|\WP_Error $activity The Activity object.
* @param string $context The context of the request.
*/
\do_action( 'activitypub_inbox', $data, $user->get__id(), $type, $activity );
\do_action( 'activitypub_inbox', $data, $user_id, $type, $activity, Inbox::CONTEXT_INBOX );
/**
* ActivityPub inbox action for specific activity types.
@ -196,11 +301,41 @@ class Actors_Inbox_Controller extends Actors_Controller {
* @param array $data The data array.
* @param int|null $user_id The user ID.
* @param Activity|\WP_Error $activity The Activity object.
* @param string $context The context of the request.
*/
\do_action( 'activitypub_inbox_' . $type, $data, $user->get__id(), $activity );
\do_action( 'activitypub_inbox_' . $type, $data, $user_id, $activity, Inbox::CONTEXT_INBOX );
/**
* Filter to skip inbox storage.
*
* Skip inbox storage for debugging purposes or to reduce load for
* certain Activity-Types, like "Delete".
*
* @param bool $skip Whether to skip inbox storage.
* @param array $data The activity data array.
*
* @return bool Whether to skip inbox storage.
*/
$skip = \apply_filters( 'activitypub_skip_inbox_storage', false, $data );
if ( ! $skip ) {
$activity_id = object_to_uri( $data );
Inbox::add( $activity, (array) $user_id );
\wp_clear_scheduled_hook( 'activitypub_inbox_create_item', array( $activity_id ) );
\wp_schedule_single_event( time() + 15, 'activitypub_inbox_create_item', array( $activity_id ) );
}
}
$response = \rest_ensure_response( array() );
$response = \rest_ensure_response(
array(
'type' => 'https://w3id.org/fep/c180#approval-required',
'title' => 'Approval Required',
'status' => '202',
'detail' => 'This activity requires approval before it can be processed.',
)
);
$response->set_status( 202 );
$response->header( 'Content-Type', 'application/activity+json; charset=' . \get_option( 'blog_charset' ) );
@ -235,4 +370,52 @@ class Actors_Inbox_Controller extends Actors_Controller {
return $this->add_additional_fields_schema( $this->schema );
}
/**
* Process cached inbox activity.
*
* Retrieves all collected user IDs for an activity and processes them together.
*
* @param string $activity_id The activity ID.
*/
public static function process_create_item( $activity_id ) {
// Deduplicate if multiple inbox items were created due to race condition.
$inbox_item = Inbox::deduplicate( $activity_id );
if ( ! $inbox_item ) {
return;
}
$data = \json_decode( $inbox_item->post_content, true );
// Reconstruct activity from inbox post.
$activity = Activity::init_from_array( $data );
// Sanitize again here: the type comes from stored activity JSON, which bypassed REST arg sanitization.
$type = camel_to_snake_case( \sanitize_html_class( (string) $activity->get_type() ) );
$context = Inbox::CONTEXT_INBOX;
$user_ids = Inbox::get_recipients( $inbox_item->ID );
/**
* Fires after any ActivityPub Inbox activity has been handled, regardless of activity type.
*
* This hook is triggered for all activity types processed by the inbox handler.
*
* @param array $data The data array.
* @param array $user_ids The user IDs.
* @param string $type The type of the activity.
* @param Activity $activity The Activity object.
* @param int $result The ID of the inbox item that was created, or WP_Error if failed.
* @param string $context The context of the request ('inbox' or 'shared_inbox').
*/
\do_action( 'activitypub_handled_inbox', $data, $user_ids, $type, $activity, $inbox_item->ID, $context );
/**
* Fires after an ActivityPub Inbox activity has been handled.
*
* @param array $data The data array.
* @param array $user_ids The user IDs.
* @param Activity $activity The Activity object.
* @param int $result The ID of the inbox item that was created, or WP_Error if failed.
* @param string $context The context of the request ('inbox' or 'shared_inbox').
*/
\do_action( 'activitypub_handled_inbox_' . $type, $data, $user_ids, $activity, $inbox_item->ID, $context );
}
}