asonix/apub
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
apub/examples/actix-web-example/src/main.rs

425 lines
11 KiB
Rust
Raw Blame History

use actix_web::{middleware::Logger, web, App, FromRequest, HttpServer, ResponseError};
use apub::{
activitypub::keys::{
publickey::{PublicKeyError, PublicKeyRepoFactory},
KeyId, PrivateKeyRepo, PrivateKeyRepoFactory, PublicKeyRepo, SimplePublicKey,
},
clients::{
awc::{AwcError, SignatureConfig as AwcSignatureConfig},
AwcClient,
},
cryptography::{
rustcrypto::{RsaVerifier, RustcryptoError, Sha256Digest},
DigestFactory, Rustcrypto, VerifyFactory,
},
ingest::{
validate_authority, validate_hosts, validate_inbox,
validators::{
AuthorityError, HostError, InboxError, InboxType, ValidateAuthority, ValidateHosts,
ValidateInbox,
},
Authority,
},
servers::actix_web::{
inbox, serve_objects, Config, SignatureConfig as ActixWebSignatureConfig, VerifyError,
},
session::{BreakerSession, RequestCountSession, SessionFactory},
Dereference, FullRepo, Ingest, Repo, RepoFactory, Session,
};
use dashmap::DashMap;
use example_types::{AcceptedActivity, ActivityType, ObjectId};
use rsa::{pkcs8::ToPrivateKey, RsaPrivateKey};
use std::{
future::{ready, Ready},
sync::Arc,
time::Duration,
};
use url::{Host, Url};
#[derive(Clone, Default)]
struct MemoryRepo {
inner: Arc<DashMap<Url, serde_json::Value>>,
}
#[derive(Clone, Default)]
struct PrivateKeyStore {
inner: Arc<DashMap<Url, (KeyId, String)>>,
}
#[derive(Clone)]
struct RequestVerifier {
repo: MemoryRepo,
private_key_store: PrivateKeyStore,
session: BreakerSession,
client: awc::Client,
signature_config: AwcSignatureConfig,
}
#[derive(Clone)]
struct ActivityIngester {
repo: MemoryRepo,
ingest: ValidateAuthority<ValidateInbox<ValidateHosts<MemoryRepo>>>,
private_key_store: PrivateKeyStore,
session: BreakerSession,
client: awc::Client,
signature_config: AwcSignatureConfig,
config: Config,
}
#[derive(Debug, thiserror::Error)]
enum ServerError {
#[error(transparent)]
Json(#[from] serde_json::Error),
#[error(transparent)]
Verify(#[from] VerifyError),
#[error(transparent)]
Rustcrypto(#[from] RustcryptoError),
#[error("Public key owner doesn't match actor ID")]
OwnerMismatch,
#[error(transparent)]
Awc(#[from] AwcError<RustcryptoError>),
#[error(transparent)]
Key(#[from] KeyError),
#[error(transparent)]
Host(#[from] HostError),
#[error(transparent)]
Inbox(#[from] InboxError),
#[error(transparent)]
Authority(#[from] AuthorityError),
}
impl From<PublicKeyError<serde_json::Error, AwcError<RustcryptoError>>> for ServerError {
fn from(e: PublicKeyError<serde_json::Error, AwcError<RustcryptoError>>) -> Self {
match e {
PublicKeyError::RemoteRepo(awc_error) => awc_error.into(),
PublicKeyError::PublicKeyRepo(json_error) => json_error.into(),
PublicKeyError::OwnerMismatch => Self::OwnerMismatch,
}
}
}
impl MemoryRepo {
fn insert<D>(&self, id: D, item: &D::Output) -> Result<(), serde_json::Error>
where
D: Dereference,
D::Output: serde::ser::Serialize,
{
let value = serde_json::to_value(item)?;
self.inner.insert(id.url().clone(), value);
Ok(())
}
}
impl ResponseError for ServerError {}
#[async_trait::async_trait(?Send)]
impl Repo for MemoryRepo {
type Error = serde_json::Error;
async fn fetch<D: Dereference, S: Session>(
&self,
id: D,
_session: S,
) -> Result<Option<D::Output>, Self::Error> {
if let Some(obj_ref) = self.inner.get(id.url()) {
serde_json::from_value(obj_ref.clone()).map(Some)
} else {
Ok(None)
}
}
}
#[async_trait::async_trait(?Send)]
impl PublicKeyRepo for MemoryRepo {
type Error = serde_json::Error;
async fn fetch(&self, key_id: &KeyId) -> Result<Option<SimplePublicKey>, Self::Error> {
if let Some(obj_ref) = self.inner.get(key_id) {
return serde_json::from_value(obj_ref.clone()).map(Some);
}
Ok(None)
}
async fn store(&self, public_key: &SimplePublicKey) -> Result<(), Self::Error> {
let value = serde_json::to_value(public_key)?;
self.inner.insert(public_key.id.as_ref().clone(), value);
Ok(())
}
}
#[derive(Clone, Debug)]
struct KeyError;
impl std::fmt::Display for KeyError {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
write!(f, "Key is missing")
}
}
impl std::error::Error for KeyError {}
#[async_trait::async_trait(?Send)]
impl PrivateKeyRepo for PrivateKeyStore {
type Error = KeyError;
async fn fetch(&self, actor_id: &Url) -> Result<(KeyId, String), Self::Error> {
if let Some(tup_ref) = self.inner.get(actor_id) {
return Ok(tup_ref.clone());
}
Err(KeyError)
}
async fn store(
&self,
actor_id: Url,
key_id: KeyId,
private_key_pem: String,
) -> Result<(), Self::Error> {
self.inner.insert(actor_id, (key_id, private_key_pem));
Ok(())
}
}
impl PrivateKeyRepoFactory for RequestVerifier {
type PrivateKeyRepo = PrivateKeyStore;
fn build_private_key_repo(&self) -> Self::PrivateKeyRepo {
self.private_key_store.clone()
}
}
impl PrivateKeyRepoFactory for ActivityIngester {
type PrivateKeyRepo = PrivateKeyStore;
fn build_private_key_repo(&self) -> Self::PrivateKeyRepo {
self.private_key_store.clone()
}
}
impl RepoFactory for MemoryRepo {
type Crypto = ();
type Repo = MemoryRepo;
fn build_repo(&self, _: Self::Crypto) -> Self::Repo {
self.clone()
}
}
impl VerifyFactory for RequestVerifier {
type Verify = RsaVerifier;
}
impl RepoFactory for RequestVerifier {
type Crypto = Rustcrypto;
type Repo = AwcClient<Rustcrypto>;
fn build_repo(&self, crypto: Self::Crypto) -> Self::Repo {
AwcClient::new(self.client.clone(), self.signature_config.clone(), crypto)
}
}
impl PublicKeyRepoFactory for RequestVerifier {
type PublicKeyRepo = MemoryRepo;
fn public_key_repo(&self) -> Self::PublicKeyRepo {
self.repo.clone()
}
}
impl SessionFactory for RequestVerifier {
type Session = (RequestCountSession, BreakerSession);
fn build_session(&self) -> Self::Session {
(RequestCountSession::max(25), self.session.clone())
}
}
impl DigestFactory for RequestVerifier {
type Digest = Sha256Digest;
}
struct InboxActor(Url);
impl FromRequest for InboxActor {
type Error = actix_web::Error;
type Future = Ready<Result<Self, Self::Error>>;
fn from_request(_: &actix_web::HttpRequest, _: &mut actix_web::dev::Payload) -> Self::Future {
ready(Ok(InboxActor(
Url::parse("http://localhost:8008/actor").unwrap(),
)))
}
}
impl InboxType for InboxActor {
fn is_shared(&self) -> bool {
true
}
}
impl AsRef<Url> for InboxActor {
fn as_ref(&self) -> &Url {
&self.0
}
}
#[async_trait::async_trait(?Send)]
impl Ingest<AcceptedActivity> for MemoryRepo {
type Error = ServerError;
type ActorId = InboxActor;
async fn ingest<R: FullRepo, S: Session>(
&self,
_authority: Authority,
_actor_id: Self::ActorId,
activity: AcceptedActivity,
_repo: R,
_remote_repo: &R::Remote,
_session: S,
) -> Result<(), R::Error>
where
R::Error: From<Self::Error>,
{
Ok(self
.insert(activity.id().clone(), &activity)
.map_err(Self::Error::from)?)
}
}
impl RepoFactory for ActivityIngester {
type Crypto = ();
type Repo = MemoryRepo;
fn build_repo(&self, _: Self::Crypto) -> Self::Repo {
self.repo.clone()
}
}
impl SessionFactory for ActivityIngester {
type Session = (RequestCountSession, BreakerSession);
fn build_session(&self) -> Self::Session {
(RequestCountSession::max(25), self.session.clone())
}
}
impl FullRepo for ActivityIngester {
type Error = ServerError;
type Local = MemoryRepo;
type Crypto = Rustcrypto;
type Remote = AwcClient<Rustcrypto>;
type Ingest = ValidateAuthority<ValidateInbox<ValidateHosts<MemoryRepo>>>;
fn local(&self) -> &Self::Local {
&self.repo
}
fn remote(&self, crypto: Self::Crypto) -> Self::Remote {
AwcClient::new(self.client.clone(), self.signature_config.clone(), crypto)
}
fn ingest(&self) -> &Self::Ingest {
&self.ingest
}
fn local_port(&self) -> Option<u16> {
self.config.local_port
}
fn local_domain(&self) -> &Host<String> {
&self.config.local_host
}
}
#[actix_web::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
if std::env::var("RUST_LOG").is_ok() {
env_logger::builder().init()
} else {
env_logger::Builder::new()
.filter_level(log::LevelFilter::Info)
.init();
};
let repo = MemoryRepo::default();
let private_key_store = PrivateKeyStore::default();
let session = BreakerSession::limit(10, Duration::from_secs(60 * 60));
let signature_config = ActixWebSignatureConfig::default();
let config = Config {
local_host: Host::Domain("localhost".to_string()),
local_port: Some(8008),
scheme: "http://".to_string(),
server_actor_id: "http://localhost:8008/actor".parse()?,
};
let awc_signature_config = AwcSignatureConfig::default();
let private_key = RsaPrivateKey::new(&mut rand::thread_rng(), 1024)?;
let private_key_pem = private_key.to_pkcs8_pem()?;
let actor_id: Url = "http://localhost:8008/actor".parse()?;
let key_id: KeyId = "http://localhost:8008/actor#main-key".parse()?;
private_key_store
.store(actor_id, key_id, private_key_pem.to_string())
.await?;
HttpServer::new(move || {
let client = awc::Client::new();
let verifier = RequestVerifier {
repo: repo.clone(),
private_key_store: private_key_store.clone(),
session: session.clone(),
client: client.clone(),
signature_config: awc_signature_config.clone(),
};
let ingester = ActivityIngester {
repo: repo.clone(),
ingest: validate_authority(validate_inbox(validate_hosts(repo.clone()))),
private_key_store: private_key_store.clone(),
session: session.clone(),
client,
signature_config: awc_signature_config.clone(),
config: config.clone(),
};
App::new()
.wrap(Logger::default())
.service(
web::scope("/shared_inbox").configure(inbox::<_, _, _, ServerError>(
config.clone(),
ingester,
verifier.clone(),
signature_config.clone(),
false,
)),
)
.service(web::scope("/activities").configure(serve_objects::<
ObjectId<ActivityType>,
_,
_,
ServerError,
>(
config.clone(),
repo.clone(),
verifier,
signature_config.clone(),
false,
)))
})
.bind("127.0.0.1:8008")?
.run()
.await?;
Ok(())
}
Reference in a new issue View git blame Copy permalink