306 lines
11 KiB
PHP
306 lines
11 KiB
PHP
<?php
|
|
/**
|
|
* ActivityPub Embed Handler.
|
|
*
|
|
* @package Activitypub
|
|
*/
|
|
|
|
namespace Activitypub;
|
|
|
|
/**
|
|
* Class to handle embedding ActivityPub content.
|
|
*/
|
|
class Embed {
|
|
|
|
/**
|
|
* Initialize the embed handler.
|
|
*/
|
|
public static function init() {
|
|
\add_filter( 'pre_oembed_result', array( self::class, 'maybe_use_activitypub_embed' ), 10, 3 );
|
|
\add_filter( 'oembed_dataparse', array( self::class, 'handle_filtered_oembed_result' ), 11, 3 );
|
|
\add_filter( 'oembed_request_post_id', array( self::class, 'register_fallback_hook' ) );
|
|
}
|
|
|
|
/**
|
|
* Get an ActivityPub embed HTML for a URL.
|
|
*
|
|
* @param string $url The URL to get the embed for.
|
|
* @param boolean $inline_css Whether to inline CSS. Default true.
|
|
*
|
|
* @return string|false The embed HTML or false if not found.
|
|
*/
|
|
public static function get_html( $url, $inline_css = true ) {
|
|
// Try to get ActivityPub representation.
|
|
$object = Http::get_remote_object( $url );
|
|
|
|
if ( \is_wp_error( $object ) || ! is_activity_object( $object ) ) {
|
|
return false;
|
|
}
|
|
|
|
return self::get_html_for_object( $object, $inline_css );
|
|
}
|
|
|
|
/**
|
|
* Get an ActivityPub embed HTML for an ActivityPub object.
|
|
*
|
|
* @param array $activity_object The ActivityPub object to build the embed for.
|
|
* @param boolean $inline_css Whether to inline CSS. Default true.
|
|
*
|
|
* @return string The embed HTML.
|
|
*/
|
|
public static function get_html_for_object( $activity_object, $inline_css = true ) {
|
|
$author_name = $activity_object['attributedTo'] ?? '';
|
|
$avatar_url = $activity_object['icon']['url'] ?? '';
|
|
$author_url = $author_name;
|
|
|
|
// If we don't have an avatar URL, but we have an author URL, try to fetch it.
|
|
if ( ! $avatar_url && $author_url ) {
|
|
$author = Http::get_remote_object( $author_url );
|
|
if ( is_wp_error( $author ) ) {
|
|
$author = array();
|
|
} else {
|
|
$avatar_url = $author['icon']['url'] ?? '';
|
|
$author_name = empty( $author['name'] ) ? $author_name : $author['name'];
|
|
}
|
|
}
|
|
|
|
// Create Webfinger where not found.
|
|
if ( empty( $author['webfinger'] ) ) {
|
|
if ( ! empty( $author['preferredUsername'] ) && ! empty( $author['url'] ) ) {
|
|
// Construct webfinger-style identifier from username and domain.
|
|
$domain = \wp_parse_url( object_to_uri( $author['url'] ), PHP_URL_HOST );
|
|
$author['webfinger'] = '@' . $author['preferredUsername'] . '@' . $domain;
|
|
} else {
|
|
// Fallback to URL.
|
|
$author['webfinger'] = $author_url;
|
|
}
|
|
}
|
|
|
|
$title = $activity_object['name'] ?? '';
|
|
$content = $activity_object['content'] ?? '';
|
|
$published = isset( $activity_object['published'] ) ? gmdate( get_option( 'date_format' ) . ', ' . get_option( 'time_format' ), strtotime( $activity_object['published'] ) ) : '';
|
|
$boosts = isset( $activity_object['shares']['totalItems'] ) ? (int) $activity_object['shares']['totalItems'] : null;
|
|
$favorites = isset( $activity_object['likes']['totalItems'] ) ? (int) $activity_object['likes']['totalItems'] : null;
|
|
|
|
$audio = null;
|
|
$images = array();
|
|
$video = null;
|
|
if ( isset( $activity_object['image']['url'] ) ) {
|
|
$images = array(
|
|
array(
|
|
'type' => 'Image',
|
|
'url' => $activity_object['image']['url'],
|
|
'name' => $activity_object['image']['name'] ?? '',
|
|
),
|
|
);
|
|
} elseif ( isset( $activity_object['attachment'] ) ) {
|
|
foreach ( $activity_object['attachment'] as $attachment ) {
|
|
$type = isset( $attachment['mediaType'] ) ? strtok( $attachment['mediaType'], '/' ) : strtolower( $attachment['type'] );
|
|
|
|
switch ( $type ) {
|
|
case 'image':
|
|
$images[] = $attachment;
|
|
break;
|
|
case 'video':
|
|
$video = $attachment;
|
|
break 2;
|
|
case 'audio':
|
|
$audio = $attachment;
|
|
break 2;
|
|
}
|
|
}
|
|
$images = \array_slice( $images, 0, 4 );
|
|
}
|
|
|
|
ob_start();
|
|
load_template(
|
|
ACTIVITYPUB_PLUGIN_DIR . 'templates/embed.php',
|
|
false,
|
|
array(
|
|
'audio' => $audio,
|
|
'author_name' => $author_name,
|
|
'author_url' => $author_url,
|
|
'avatar_url' => $avatar_url,
|
|
'boosts' => $boosts,
|
|
'content' => $content,
|
|
'favorites' => $favorites,
|
|
'images' => $images,
|
|
'published' => $published,
|
|
'title' => $title,
|
|
'url' => $activity_object['id'],
|
|
'video' => $video,
|
|
'webfinger' => $author['webfinger'],
|
|
)
|
|
);
|
|
|
|
if ( $inline_css ) {
|
|
// Grab the CSS.
|
|
$css = \file_get_contents( ACTIVITYPUB_PLUGIN_DIR . 'assets/css/activitypub-embed.css' ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents
|
|
// We embed CSS directly because this may be in an iframe.
|
|
printf( '<style>%s</style>', $css ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
|
|
}
|
|
|
|
// A little light whitespace cleanup.
|
|
return preg_replace( '/\s+/', ' ', ob_get_clean() );
|
|
}
|
|
|
|
/**
|
|
* Check if a real oEmbed result exists for the given URL.
|
|
*
|
|
* @param string $url The URL to check.
|
|
* @param array $args Additional arguments passed to wp_oembed_get().
|
|
* @return bool True if a real oEmbed result exists, false otherwise.
|
|
*/
|
|
public static function has_real_oembed( $url, $args = array() ) {
|
|
// Temporarily remove our filter to avoid infinite loops.
|
|
\remove_filter( 'pre_oembed_result', array( self::class, 'maybe_use_activitypub_embed' ) );
|
|
|
|
// Try to get a "real" oEmbed result. If found, it'll be cached to avoid unnecessary HTTP requests in `wp_oembed_get`.
|
|
$oembed_result = \wp_oembed_get( $url, $args );
|
|
|
|
// Add our filter back.
|
|
\add_filter( 'pre_oembed_result', array( self::class, 'maybe_use_activitypub_embed' ), 10, 3 );
|
|
|
|
return false !== $oembed_result;
|
|
}
|
|
|
|
/**
|
|
* Filter the oembed result to handle ActivityPub content when no oEmbed is found.
|
|
* Implementation is a bit weird because there's no way to filter on a false result, we have to use `pre_oembed_result`.
|
|
*
|
|
* @param null|string $result The UNSANITIZED (and potentially unsafe) HTML that should be used to embed.
|
|
* @param string $url The URL to the content that should be attempted to be embedded.
|
|
* @param array $args Additional arguments passed to wp_oembed_get().
|
|
* @return null|string Return null to allow normal oEmbed processing, or string for ActivityPub embed.
|
|
*/
|
|
public static function maybe_use_activitypub_embed( $result, $url, $args ) {
|
|
// If we already have a result, return it.
|
|
if ( null !== $result ) {
|
|
return $result;
|
|
}
|
|
|
|
// If we found a real oEmbed, return null to allow normal processing.
|
|
if ( self::has_real_oembed( $url, $args ) ) {
|
|
return null;
|
|
}
|
|
|
|
// No oEmbed found, try to get ActivityPub representation.
|
|
$html = get_embed_html( $url );
|
|
|
|
// If we couldn't get an ActivityPub embed either, return null to allow normal processing.
|
|
if ( ! $html ) {
|
|
return null;
|
|
}
|
|
|
|
// Return the ActivityPub embed HTML.
|
|
return $html;
|
|
}
|
|
|
|
/**
|
|
* Handle cases where WordPress has filtered out the oEmbed result for security reasons,
|
|
* but we can provide a safe ActivityPub-specific markup.
|
|
*
|
|
* This runs after wp_filter_oembed_result has potentially nullified the result.
|
|
*
|
|
* @param string|false $html The returned oEmbed HTML.
|
|
* @param object $data A data object result from an oEmbed provider.
|
|
* @param string $url The URL of the content to be embedded.
|
|
* @return string|false The filtered oEmbed HTML or our ActivityPub embed.
|
|
*/
|
|
public static function handle_filtered_oembed_result( $html, $data, $url ) {
|
|
// If we already have valid HTML, return it.
|
|
if ( $html ) {
|
|
return $html;
|
|
}
|
|
|
|
// If this isn't a rich or video type, we can't help.
|
|
if ( ! isset( $data->type ) || ! \in_array( $data->type, array( 'rich', 'video' ), true ) ) {
|
|
return $html;
|
|
}
|
|
|
|
// If there's no HTML in the data, we can't help.
|
|
if ( empty( $data->html ) || ! \is_string( $data->html ) ) {
|
|
return $html;
|
|
}
|
|
|
|
// Try to get ActivityPub representation.
|
|
$activitypub_html = self::get_html( $url );
|
|
if ( ! $activitypub_html ) {
|
|
return $html;
|
|
}
|
|
|
|
// Return our safer ActivityPub embed HTML.
|
|
return $activitypub_html;
|
|
}
|
|
|
|
/**
|
|
* Register the fallback hook for oEmbed requests.
|
|
*
|
|
* Avoids filtering every single API request.
|
|
*
|
|
* @param int $post_id The post ID.
|
|
* @return int The post ID.
|
|
*/
|
|
public static function register_fallback_hook( $post_id ) {
|
|
\add_filter( 'rest_request_after_callbacks', array( self::class, 'oembed_fediverse_fallback' ), 10, 3 );
|
|
|
|
return $post_id;
|
|
}
|
|
|
|
/**
|
|
* Fallback for oEmbed requests to the Fediverse.
|
|
*
|
|
* @param \WP_REST_Response|\WP_Error $response Result to send to the client.
|
|
* @param array $handler Route handler used for the request.
|
|
* @param \WP_REST_Request $request Request used to generate the response.
|
|
*
|
|
* @return \WP_REST_Response|\WP_Error The response to send to the client.
|
|
*/
|
|
public static function oembed_fediverse_fallback( $response, $handler, $request ) {
|
|
if ( '/oembed/1.0/proxy' !== $request->get_route() ) {
|
|
return $response;
|
|
}
|
|
|
|
if ( ( is_wp_error( $response ) && 'oembed_invalid_url' === $response->get_error_code() ) || empty( $response->html ) ) {
|
|
$url = $request->get_param( 'url' );
|
|
$html = self::get_html( $url );
|
|
|
|
if ( $html ) {
|
|
$args = $request->get_params();
|
|
$data = (object) array(
|
|
'provider_name' => 'ActivityPub oEmbed',
|
|
'html' => $html,
|
|
'scripts' => array(),
|
|
);
|
|
|
|
/** This filter is documented in wp-includes/class-wp-oembed.php */
|
|
$data->html = apply_filters( 'oembed_result', $data->html, $url, $args );
|
|
|
|
/** This filter is documented in wp-includes/class-wp-oembed-controller.php */
|
|
$ttl = apply_filters( 'rest_oembed_ttl', DAY_IN_SECONDS, $url, $args );
|
|
|
|
set_transient( 'oembed_' . md5( serialize( $args ) ), $data, $ttl ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.serialize_serialize
|
|
|
|
$response = new \WP_REST_Response( $data );
|
|
}
|
|
} elseif ( ! empty( $request->get_param( 'activitypub' ) ) ) {
|
|
/*
|
|
* If the 'activitypub' parameter is present, perform an additional validation step:
|
|
* Ensure the provided URL resolves to a valid ActivityPub object.
|
|
*
|
|
* This differs from the standard oEmbed flow, which does not explicitly validate
|
|
* the URL as an ActivityPub object unless the initial oEmbed lookup fails.
|
|
* This block is triggered for requests from the Federated Reply block, where we
|
|
* want to inform users whether post authors will be notified of the reply.
|
|
*/
|
|
$object = Http::get_remote_object( $request->get_param( 'url' ) );
|
|
|
|
if ( \is_wp_error( $object ) || ! is_activity_object( $object ) ) {
|
|
$response = new \WP_Error( 'oembed_invalid_url', \get_status_header_desc( 404 ), array( 'status' => 404 ) );
|
|
}
|
|
}
|
|
|
|
return $response;
|
|
}
|
|
}
|