kawaiipunk/laipower
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
766faf9ed9a7d40f9d165a72bed4933c706979e6
laipower/wp-content/plugins/activitypub/includes/class-router.php

384 lines
10 KiB
PHP
Raw Blame History

<?php
/**
* Router class.
*
* @package Activitypub
*/
namespace Activitypub;
use Activitypub\Collection\Actors;
use Activitypub\Collection\Outbox;
/**
* Router class.
*/
class Router {
/**
* Initialize the class, registering WordPress hooks.
*/
public static function init() {
\add_action( 'init', array( self::class, 'add_rewrite_rules' ), 11 );
\add_action( 'send_headers', array( self::class, 'add_headers' ) );
\add_filter( 'template_include', array( self::class, 'render_activitypub_template' ), 99 );
\add_action( 'template_redirect', array( self::class, 'template_redirect' ) );
\add_filter( 'redirect_canonical', array( self::class, 'redirect_canonical' ), 10, 2 );
\add_filter( 'redirect_canonical', array( self::class, 'no_trailing_redirect' ), 10, 2 );
\add_filter( 'query_vars', array( self::class, 'add_query_vars' ) );
\add_action( 'parse_query', array( self::class, 'fix_is_home_check' ) );
}
/**
* Add rewrite rules.
*/
public static function add_rewrite_rules() {
/*
* If another system needs to take precedence over the ActivityPub rewrite rules,
* they can define their own and will manually call the appropriate functions as required.
*/
if ( ACTIVITYPUB_DISABLE_REWRITES ) {
return;
}
\add_rewrite_rule(
'^authorize_interaction/?$',
'index.php?rest_route=/' . ACTIVITYPUB_REST_NAMESPACE . '/interactions',
'top'
);
if ( ! \class_exists( 'Webfinger' ) ) {
\add_rewrite_rule(
'^.well-known/webfinger',
'index.php?rest_route=/' . ACTIVITYPUB_REST_NAMESPACE . '/webfinger',
'top'
);
}
if ( ! \class_exists( 'Nodeinfo_Endpoint' ) && true === (bool) \get_option( 'blog_public', 1 ) ) {
\add_rewrite_rule(
'^.well-known/nodeinfo',
'index.php?rest_route=/' . ACTIVITYPUB_REST_NAMESPACE . '/nodeinfo',
'top'
);
}
// Authorization Server Metadata (RFC 8414).
\add_rewrite_rule(
'^.well-known/oauth-authorization-server',
'index.php?rest_route=/' . ACTIVITYPUB_REST_NAMESPACE . '/oauth/authorization-server-metadata',
'top'
);
\add_rewrite_rule( '^@([\w\-\.]+)\/?$', 'index.php?actor=$matches[1]', 'top' );
\add_rewrite_endpoint( 'activitypub', EP_AUTHORS | EP_PERMALINK | EP_PAGES );
}
/**
* Return a AS2 JSON version of an author, post or page.
*
* @param string $template The path to the template object.
*
* @return string The new path to the JSON template.
*/
public static function render_activitypub_template( $template ) {
if ( \wp_is_serving_rest_request() || \wp_doing_ajax() ) {
return $template;
}
if ( ! is_activitypub_request() || ! should_negotiate_content() ) {
$is_outbox_item = \get_query_var( 'p' ) && Outbox::POST_TYPE === \get_post_type( \get_query_var( 'p' ) );
$is_preflight = isset( $_SERVER['REQUEST_METHOD'] ) && 'OPTIONS' === $_SERVER['REQUEST_METHOD'];
if ( $is_outbox_item && $is_preflight ) {
/*
* CORS preflight: override WordPress 404 so the browser
* accepts the preflight response (must be 2xx).
*/
\status_header( 200 );
} elseif ( $is_outbox_item ) {
// Return 406 for non-ActivityPub requests to outbox items since they only support ActivityPub requests.
\set_query_var( 'is_404', true );
\status_header( 406 );
}
return $template;
}
$activitypub_object = Query::get_instance()->get_activitypub_object();
if ( Tombstone::exists_local( Query::get_instance()->get_request_url() ) ) {
// Set 410 Gone for permanently deleted posts, 200 OK for soft-deleted.
if ( ! $activitypub_object ) {
\status_header( 410 );
}
return ACTIVITYPUB_PLUGIN_DIR . 'templates/tombstone-json.php';
}
$activitypub_template = false;
if ( $activitypub_object ) {
if ( \get_query_var( 'preview' ) ) {
\define( 'ACTIVITYPUB_PREVIEW', true );
/**
* Filter the template used for the ActivityPub preview.
*
* @param string $activitypub_template Absolute path to the template file.
*/
$activitypub_template = apply_filters( 'activitypub_preview_template', ACTIVITYPUB_PLUGIN_DIR . '/templates/post-preview.php' );
} else {
$activitypub_template = ACTIVITYPUB_PLUGIN_DIR . 'templates/activitypub-json.php';
}
}
/*
* Check if the request is authorized.
*
* @see https://www.w3.org/wiki/SocialCG/ActivityPub/Primer/Authentication_Authorization#Authorized_fetch
* @see https://swicg.github.io/activitypub-http-signature/#authorized-fetch
*/
if ( $activitypub_template && use_authorized_fetch() ) {
$verification = Signature::verify_http_signature( $_SERVER );
if ( \is_wp_error( $verification ) ) {
\status_header( 401 );
// Fallback as template_loader can't return http headers.
return $template;
}
}
if ( $activitypub_template ) {
\set_query_var( 'is_404', false );
// Check if header already sent.
if ( ! \headers_sent() ) {
// Send 200 status header.
\status_header( 200 );
}
return $activitypub_template;
}
return $template;
}
/**
* Add the 'self' link to the header.
*/
public static function add_headers() {
$id = Query::get_instance()->get_activitypub_object_id();
/*
* Send CORS headers for resolved ActivityPub objects and outbox
* items. Outbox items need CORS even when the object ID doesn't
* resolve, because browser preflight requests don't carry the
* Authorization header needed to authenticate private items.
*/
$post_id = \get_query_var( 'p' );
$is_outbox_url = $post_id && Outbox::POST_TYPE === \get_post_type( $post_id );
if ( ! \headers_sent() && ( $id || $is_outbox_url ) ) {
\header( 'Access-Control-Allow-Origin: *' );
\header( 'Access-Control-Allow-Methods: GET, OPTIONS' );
\header( 'Access-Control-Allow-Headers: Accept, Authorization, Content-Type' );
}
if ( ! $id ) {
return;
}
if ( ! \headers_sent() ) {
\header( 'Link: <' . esc_url( $id ) . '>; title="ActivityPub (JSON)"; rel="alternate"; type="application/activity+json"', false );
if ( \get_option( 'activitypub_vary_header', '1' ) ) {
// Send Vary header for Accept header.
\header( 'Vary: Accept', false );
}
}
\add_action(
'wp_head',
static function () use ( $id ) {
echo PHP_EOL . '<link rel="alternate" title="ActivityPub (JSON)" type="application/activity+json" href="' . esc_url( $id ) . '" />' . PHP_EOL;
}
);
}
/**
* Remove trailing slash from ActivityPub @username requests.
*
* @param string $redirect_url The URL to redirect to.
* @param string $requested_url The requested URL.
*
* @return string $redirect_url The possibly-unslashed redirect URL.
*/
public static function no_trailing_redirect( $redirect_url, $requested_url ) {
if ( get_query_var( 'actor' ) ) {
return $requested_url;
}
return $redirect_url;
}
/**
* Add support for `p` and `author` query vars.
*
* @param string $redirect_url The URL to redirect to.
* @param string $requested_url The requested URL.
*
* @return string $redirect_url
*/
public static function redirect_canonical( $redirect_url, $requested_url ) {
if ( ! is_activitypub_request() ) {
return $redirect_url;
}
$query = \wp_parse_url( $requested_url, PHP_URL_QUERY );
if ( ! $query ) {
return $redirect_url;
}
$query_params = \wp_parse_args( $query );
unset( $query_params['activitypub'] );
unset( $query_params['stamp'] );
if ( 1 !== count( $query_params ) ) {
return $redirect_url;
}
if ( isset( $query_params['p'] ) ) {
return null;
}
if ( isset( $query_params['author'] ) ) {
return null;
}
return $requested_url;
}
/**
* Custom redirects for ActivityPub requests.
*
* @return void
*/
public static function template_redirect() {
global $wp_query;
$comment_id = \get_query_var( 'c', null );
// Check if it seems to be a comment.
if ( $comment_id ) {
$comment = \get_comment( $comment_id );
// Load a 404-page if `c` is set but not valid.
if ( ! $comment ) {
$wp_query->set_404();
return;
}
// Stop if it's not an ActivityPub comment.
if ( is_activitypub_request() && ! is_local_comment( $comment ) ) {
return;
}
\wp_safe_redirect( get_comment_link( $comment ) );
exit;
}
$actor = \get_query_var( 'actor', null );
if ( $actor ) {
$actor = Actors::get_by_username( $actor );
if ( ! $actor || \is_wp_error( $actor ) ) {
$wp_query->set_404();
return;
}
if ( is_activitypub_request() ) {
return;
}
\wp_safe_redirect( $actor->get_url(), 301 );
exit;
}
$term_id = \get_query_var( 'term_id', null );
if ( $term_id ) {
$term = \get_term( $term_id );
// Load a 404-page if `term_id` is set but not valid.
if ( ! $term || \is_wp_error( $term ) ) {
$wp_query->set_404();
return;
}
/**
* Filters the taxonomies supported for term redirects.
*
* @since 7.8.3
*
* @param array $supported_taxonomies Array of taxonomy names. Default array( 'category', 'post_tag' ).
*/
$supported_taxonomies = \apply_filters( 'activitypub_supported_taxonomies', array( 'category', 'post_tag' ) );
if ( ! in_array( $term->taxonomy, $supported_taxonomies, true ) ) {
return;
}
// Don't redirect for ActivityPub requests.
if ( is_activitypub_request() ) {
return;
}
$term_link = \get_term_link( $term );
if ( ! \is_wp_error( $term_link ) ) {
\wp_safe_redirect( $term_link, 301 );
exit;
}
}
}
/**
* Add the 'activitypub' query variable so WordPress won't mangle it.
*
* @param array $vars The query variables.
*
* @return array The query variables.
*/
public static function add_query_vars( $vars ) {
$vars[] = 'activitypub';
$vars[] = 'preview';
$vars[] = 'author';
$vars[] = 'actor';
$vars[] = 'stamp';
$vars[] = 'type';
$vars[] = 'c';
$vars[] = 'p';
$vars[] = 'term_id';
return $vars;
}
/**
* Optimize home page query for ActivityPub requests.
*
* Skip the database query entirely for ActivityPub requests on the home page
* since we only need to return the blog actor, not posts.
*
* @param \WP_Query $wp_query The WP_Query instance.
*/
public static function fix_is_home_check( $wp_query ) {
if (
$wp_query->get( 'actor' ) ||
$wp_query->get( 'stamp' ) ||
$wp_query->get( 'c' )
) {
$wp_query->is_home = false;
}
}
}
Reference in New Issue View Git Blame Copy Permalink