Eventually-decentralized project hosting and management platform

[[ 🗃 ^WvWbo vervis ]] :: [📥 Inbox] [📤 Outbox] [🐤 Followers] [🤝 Collaborators] [🛠 Changes]

Clone

HTTPS: darcs clone https://vervis.peers.community/repos/WvWbo

SSH: darcs clone USERNAME@vervis.peers.community:WvWbo

Tags

TODO

src / Vervis / Handler /

Person.hs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305

{- This file is part of Vervis.
 -
 - Written in 2016, 2018, 2019, 2022, 2023
 - by fr33domlover <fr33domlover@riseup.net>.
 -
 - ♡ Copying is an act of love. Please copy, reuse and share.
 -
 - The author(s) have dedicated all copyright and related and neighboring
 - rights to this software to the public domain worldwide. This software is
 - distributed without any warranty.
 -
 - You should have received a copy of the CC0 Public Domain Dedication along
 - with this software. If not, see
 - <http://creativecommons.org/publicdomain/zero/1.0/>.
 -}

module Vervis.Handler.Person
    ( getPersonR
    , getPersonInboxR
    , postPersonInboxR
    , getPersonOutboxR
    , postPersonOutboxR
    , getPersonOutboxItemR
    , getPersonFollowersR
    , getPersonFollowingR
    , getSshKeyR
    , getPersonMessageR

    , postPersonFollowR
    , postPersonUnfollowR

    , getPersonStampR
    )
where

import Control.Monad
import Control.Monad.Trans.Except
import Control.Monad.Trans.Reader
import Data.List.NonEmpty (NonEmpty)
import Data.Maybe
import Data.Text (Text)
import Data.Time.Clock
import Data.Traversable
import Database.Persist
import Database.Persist.Sql
import Dvara
import Text.Blaze.Html (toHtml)
import Yesod.Core
import Yesod.Auth.Account (newAccountR, resendVerifyEmailWidget, username)
import Yesod.Auth.Account.Message (AccountMsg (MsgEmailUnverified))
import Yesod.Persist.Core

import qualified Data.Text as T (unpack)

import Yesod.Auth.Unverified (requireUnverifiedAuth)

import Text.Email.Local

import Network.FedURI
import Yesod.ActivityPub
import Yesod.Actor
import Yesod.FedURI
import Yesod.Hashids
import Yesod.MonadSite

import qualified Web.ActivityPub as AP

import Control.Monad.Trans.Except.Local
import Data.Either.Local
import Database.Persist.Local

import Vervis.ActivityPub
import Vervis.API
import Vervis.Data.Actor
import Vervis.Federation.Auth
import Vervis.Federation.Collab
import Vervis.Federation.Discussion
import Vervis.Federation.Offer
import Vervis.FedURI
import Vervis.Foundation
import Vervis.Model
import Vervis.Model.Ident
import Vervis.Persist.Actor
import Vervis.Recipient
import Vervis.Secure
import Vervis.Settings
import Vervis.Ticket
import Vervis.Web.Actor
import Vervis.Web.Discussion
import Vervis.Widget
import Vervis.Widget.Person

getPersonR :: KeyHashid Person -> Handler TypedContent
getPersonR personHash = do
    personID <- decodeKeyHashid404 personHash
    (person, actor, sigKeyIDs, sshKeyIDs) <- runDB $ do
        p <- get404 personID
        let aid = personActor p
        a <- getJust aid
        sigKeys <- selectKeysList [SigKeyActor ==. aid] [Asc SigKeyId]
        sshKeys <- selectKeysList [SshKeyPerson ==. personID] [Asc SshKeyId]
        return (p, a, sigKeys, sshKeys)
    encodeRouteLocal <- getEncodeRouteLocal
    hashSigKey <- getEncodeKeyHashid
    hashSshKey <- getEncodeKeyHashid
    perActor <- asksSite $ appPerActorKeys . appSettings

    let personAP = AP.Actor
            { AP.actorLocal = AP.ActorLocal
                { AP.actorId         = encodeRouteLocal $ PersonR personHash
                , AP.actorInbox      = encodeRouteLocal $ PersonInboxR personHash
                , AP.actorOutbox     = Just $ encodeRouteLocal $ PersonOutboxR personHash
                , AP.actorFollowers  = Just $ encodeRouteLocal $ PersonFollowersR personHash
                , AP.actorFollowing  = Just $ encodeRouteLocal $ PersonFollowingR personHash
                , AP.actorPublicKeys =
                    map (Left . encodeRouteLocal) $
                    if perActor
                        then map (PersonStampR personHash . hashSigKey) sigKeyIDs
                        else [ActorKey1R, ActorKey2R]
                , AP.actorSshKeys    =
                    map (encodeRouteLocal . SshKeyR personHash . hashSshKey) sshKeyIDs
                }
            , AP.actorDetail = AP.ActorDetail
                { AP.actorType       = AP.ActorTypePerson
                , AP.actorUsername   = Just $ username2text $ personUsername person
                , AP.actorName       = Just $ actorName actor
                , AP.actorSummary    = Just $ actorDesc actor
                }
            }
        followButton =
            followW
                (PersonFollowR personHash)
                (PersonUnfollowR personHash)
                (actorFollowers actor)

    let ep = Entity personID person
    secure <- getSecure
    provideHtmlAndAP personAP $(widgetFile "person")

getPersonInboxR :: KeyHashid Person -> Handler TypedContent
getPersonInboxR = getInbox PersonInboxR personActor

postPersonInboxR :: KeyHashid Person -> Handler ()
postPersonInboxR personHash = do
    personID <- decodeKeyHashid404 personHash
    postInbox $ LocalActorPerson personID

getPersonOutboxR :: KeyHashid Person -> Handler TypedContent
getPersonOutboxR = getOutbox PersonOutboxR PersonOutboxItemR personActor

postPersonOutboxR :: KeyHashid Person -> Handler TypedContent
postPersonOutboxR personHash = do
    federation <- getsYesod $ appFederation . appSettings
    unless federation badMethod

    personID <- decodeKeyHashid404 personHash
    (person, actor) <- runDB $ do
        p <- get404 personID
        (p,) <$> getJust (personActor p)

    verifyPermission personID
    verifyContentTypeAP

    AP.Doc h activity <- requireInsecureJsonBody
    hl <- hostIsLocalOld h
    unless hl $ invalidArgs ["Activity host isn't the instance host"]

    result <- runExceptT $ do
        verifyAttribution $ AP.activityActor activity
        unless (null $ AP.activityFulfills activity) $
            throwE "Specifying 'fulfills' manually isn't allowed currently"
        handle (Entity personID person) actor activity
    case result of
        Left err -> invalidArgs [err]
        Right outboxItemID -> do
            outboxItemHash <- encodeKeyHashid outboxItemID
            sendResponseCreated $ PersonOutboxItemR personHash outboxItemHash
    where
    verifyPermission recipientID = do
        (_app, mpid, _scopes) <- maybe notAuthenticated return =<< getDvaraAuth
        senderID <-
            maybe (permissionDenied "Not authorized to post as a user") return mpid
        unless (recipientID == senderID) $
            permissionDenied "Can't post as other users"

    verifyAttribution actor =
        case decodeRouteLocal actor of
            Just (PersonR actorHash) | actorHash == personHash -> return ()
            _ -> throwE "Can't post activity attributed to someone else"

    checkFederation remoteRecips = do
        federation <- asksSite $ appFederation . appSettings
        unless (federation || null remoteRecips) $
            throwE "Federation disabled, but remote recipients found"

    handle eperson actorDB (AP.Activity _mid _actorAP muCap summary audience _fulfills specific) = do
        maybeCap <- traverse (nameExceptT "Capability" . parseActivityURI) muCap
        ParsedAudience localRecips remoteRecips blinded fwdHosts <- do
            mrecips <- parseAudience audience
            fromMaybeE mrecips "No recipients"
        checkFederation remoteRecips
        let action = AP.Action
                { AP.actionCapability = muCap
                , AP.actionSummary    = summary
                , AP.actionAudience   = blinded
                , AP.actionFulfills   = []
                , AP.actionSpecific   = specific
                }
            run :: (   Entity Person
                    -> Actor
                    -> Maybe
                        ( Either
                            (LocalActorBy Key, LocalActorBy KeyHashid, OutboxItemId)
                            FedURI
                        )
                    -> RecipientRoutes
                    -> [(Host, NonEmpty LocalURI)]
                    -> [Host]
                    -> AP.Action URIMode
                    -> t
                   )
                -> t
            run f = f eperson actorDB maybeCap localRecips remoteRecips fwdHosts action
        case specific of
            AP.AcceptActivity accept -> run acceptC accept
            AP.ApplyActivity apply -> run applyC apply
            AP.CreateActivity (AP.Create obj mtarget) ->
                case obj of
                    AP.CreateNote _ note ->
                        run createNoteC note mtarget
                    AP.CreateTicketTracker detail mlocal ->
                        run createTicketTrackerC detail mlocal mtarget
                    AP.CreateRepository detail vcs mlocal ->
                        run createRepositoryC detail vcs mlocal mtarget
                    AP.CreatePatchTracker detail repos mlocal ->
                        run createPatchTrackerC detail repos mlocal mtarget
                    _ -> throwE "Unsupported Create 'object' type"
            AP.InviteActivity invite -> run inviteC invite
            {-
            AddActivity (AP.Add obj target) ->
                case obj of
                    Right (AddBundle patches) ->
                        addBundleC eperson sharer summary audience patches target
                    _ -> throwE "Unsupported Add 'object' type"
            -}
            AP.FollowActivity follow -> run followC follow
            AP.OfferActivity (AP.Offer obj target) ->
                case obj of
                    AP.OfferTicket ticket -> run offerTicketC ticket target
                    {-
                    OfferDep dep ->
                        offerDepC eperson sharer summary audience dep target
                    -}
                    _ -> throwE "Unsupported Offer 'object' type"
            AP.ResolveActivity resolve -> run resolveC resolve
            AP.UndoActivity undo -> run undoC undo
            _ -> throwE "Unsupported activity type"

getPersonOutboxItemR
    :: KeyHashid Person -> KeyHashid OutboxItem -> Handler TypedContent
getPersonOutboxItemR = getOutboxItem PersonOutboxItemR personActor

getPersonFollowersR :: KeyHashid Person -> Handler TypedContent
getPersonFollowersR = getActorFollowersCollection PersonFollowersR personActor

getPersonFollowingR :: KeyHashid Person -> Handler TypedContent
getPersonFollowingR = getFollowingCollection PersonFollowingR personActor

getSshKeyR :: KeyHashid Person -> KeyHashid SshKey -> Handler TypedContent
getSshKeyR personHash keyHash = do
    personID <- decodeKeyHashid404 personHash
    keyID <- decodeKeyHashid404 keyHash
    key <- runDB $ do
        _ <- get404 personID
        k <- get404 keyID
        unless (sshKeyPerson k == personID) notFound
        return k

    encodeRouteLocal <- getEncodeRouteLocal
    let here = SshKeyR personHash keyHash
        keyAP = AP.SshPublicKey
            { AP.sshPublicKeyId        = encodeRouteLocal here
            , AP.sshPublicKeyExpires   = Nothing
            , AP.sshPublicKeyOwner     = encodeRouteLocal $ PersonR personHash
            , AP.sshPublicKeyAlgorithm =
                case sshKeyAlgo key of
                    "ssh-rsa" -> AP.SshKeyAlgorithmRSA
                    _         -> error "Unexpected sshKeyAlgo in DB"
            , AP.sshPublicKeyMaterial  = sshKeyContent key
            }
    provideHtmlAndAP keyAP $ redirectToPrettyJSON here

getPersonMessageR
    :: KeyHashid Person -> KeyHashid LocalMessage -> Handler TypedContent
getPersonMessageR personHash localMessageHash =
    serveMessage personHash localMessageHash

postPersonFollowR :: KeyHashid Person -> Handler ()
postPersonFollowR _ = error "Temporarily disabled"

postPersonUnfollowR :: KeyHashid Person -> Handler ()
postPersonUnfollowR _ = error "Temporarily disabled"

getPersonStampR :: KeyHashid Person -> KeyHashid SigKey -> Handler TypedContent
getPersonStampR = servePerActorKey personActor LocalActorPerson
[See repo JSON]